Saturday, October 29, 2005

RIFE/Crud 1.0: CRUD scaffolding for RIFE released

Two promising technologies in two days and both do not seems to be going the way i think this development process should move. This process comes closer to my idea of how ultimately the request processing is a workflow which uses component to get the work done. This idea comes quite well in this technology. My issue is with reinventing the wheel. I would have really like the product to use a workflow definition language for achieving the request flow and data flow. On an initial review it looks like it borrowed the idea from the BEA/Apache Beehive (did i get it right?). But I would really have loved the idea of extracting database schema or from entity relationship diagram and generate objects or vice-versa automatically and drawing the request and data flow using GUI instead of editing xml and in a workflow language instead of developing your own.
The meta-data about data constraints is fine but that can not be extended to Web interface. Now what needs to be displayed as editable or non-editable and sorting decisions are not a business logic decision (as it can be an authorization decision) and thus should not live with the bean definition. It is a interface decision and should be part of that!! This is where even I am stuck w.r.t. to how to tie the workflow to interface. What is the answer? But that is a separate topic...
The technology does look promising and can work as inspiration for other technologies...

How Many Times Should We Pay For Our Software?

Article just tells me that the market is maturing w.r.t. vendors getting ready. I have thought that PC is most likely a temporary path to go tho next step where people will move from accessing content using personal medium through a shared medium (similar to the way cable system evolved). With regards to this at this point the market needs to figure out the model. I think the mediums would be hosting the software and people may be ready to pay monthly rent for the service. Now the medium could be cable, phone/optical fiber or utility provider (may be electricity or who knows the water utility).
Lets leave it at that and let the market figure it out!!

Google And IBM Team Up Search Technology

Interesting development!! I have always liked the idea of using google desktop search as a corporate knowledge management tool once some facility has been built to securely control and access the agents running on the individual desktop. I have had some thoughts on doing this for my own company but never got time around to do that.
Besides that I guess it is great way to capture the two ends of the information i.e. databases and desktops. I am not sure whether google search appliance could not look into these database and hence google has to depend on IBM for this type of data. Another thing which brings to life is the issues people had with desktop search at the start i.e. it brought out unwanted things from the system. Guess this goes to the idea of privacy and data access control i.e. what is searchable and what's not.

Friday, October 28, 2005

Paranoid Penguin - Single Sign-on and the Corporate Directory, Part I

Now that was the quickest way to build the infrastructure and the consultants are just sucking the money for doing nothing :)
Guys lets not build something, attach "identity management" to it and tell the world we have solved the issue in 1 section. This article may be good for a small university or a Small business. Anything more than that the SSO and "identity management" is very huge project which may run from 4 months to 3yrs and needs a lot of things.

Microsoft's Vigilante Investigation of Zombies

This brings back the whole idea of > if you leave door of your house unlocked and some body comes in, looks around and leaves is it punishable > if you leave door of your house unlocked and some body comes in and drinks water from your tap (is that a good analogy for wireless access point for basic web surfing) and leaves is it punishable > if you leave door of your house unlocked intentionally and some body comes and are caught is it punishable.

Attention podcasters

The idea of annotating pictures is not new but doing that with video and audio!! May be that is how the next generation search engines would be able to make sense out of these type of contents till we figure out a way to dicipher an arbitirary piece of audio and video.

Artificial Scarcity, Garbage Collection and the Long Tail

Great Article!!

the anatomy of a standard

Redirect This!! Hmm... a money making/analytics scheme! I do not think that is the way to get it done. It seems to be more of a browser feature which allows you to select content from a website and then blog that. This way the content website does not have to change but at the same time the user is able to "grab" the content that is important for him.
Now only way a third party can get involved in this process is by making sure that user is not violating the copyright by reprinting the information which means that it can provide the capability of generating "URLs" to address the content of interest instead of displaying the entire website by may be just selecting the stuff or running autogenerated greasemonkey scripts on website on the browser.

A Prescription for Novell's "Cold Realities"

This is where it becomes apparent that just having great product set, and great relationship with developer does not help unless, you do not get the message across well to your customers who are more likely to be the CIO et,al i.e. your sales and marketing!!

A me shaped hole in the web and other thoughts from Internet Identity Workshop 2005

hmm... identity noise (great concept!! though morally questionable)
and difference between enterprise and individual needs w.r.t. identitity seems to come from the basic idea that enterprise is an individual that is formed by collection of individual that have purposely chosen to relenquish some of their identity, culture,etc to come together. So, eventhough in private or outside the enterprise an individual can practice and implement his beliefs (obviously under law) , the enterprise has relinquished some of his beliefs and requirements for greater good of enterprise. I think l lost my chain of thought some where....

OpenToro Version 3.0 Released

First Thought -
Ahh!! finally a product that my father can use (if packaged properly) probably with Open Office database to develop an application for his office. And then reading through the tutorial I think he would lose interest some where around editing XML.
Damn!! will have to wait longer before Microsoft Access will be out of his machine!!

evolutionNext: "Inline XML in Java Code? WTF?"

Now the things are really going out of hand. The basic java language has been very stable and got the work done (may be not always). These additional "features" which cater to the latest fads is not going to help the language. It will just make the language more bloated and we will start running into the issues like those with operator overloading in C++.
I really miss the simplicity of C !!

Friday, October 14, 2005

Symantec to unleash 'Big Brother' on the world

Hmm.. I am not sure how this system is helpful without the identity flowing with the request. Most of the applications that connect to database using proxy users and auditing/monitoring based on it is not very useful since it can not be tied back the the users that is running the query. So, we need the next generation monitoring and auditing applications to be able to track the actual user identity. I would be expecting the Application server providers and database providers to develop such technologies to audit and monitor the user id end-to-end. I am not sure how well the network security by them selves or Host security by themselves will be able to crack this market.
Let's see

Thursday, October 13, 2005

SOA Maturity Mockery

As far as I remember, the CMM maturity model has nothing to do with how you can achieve the level. Another important point being that by default in CMM model, every body is on Level 1. So even though there are good points made by the author, I think he does not understand the concept of CMM and how it just assign the level to the company based on the audit. So a company does not have to go from Level 1 to Level 2 but if there is a long term strategy developed, the company can go to level 3 directly if they can prove what they are trying to achieve here is good for level 3.

Free the Data

Hmm.. and loose the thing that makes money and further more allow other to make money from that. Does not make a lot of sense, just like a lot of business models that did not make sense back in dotcom days. Even then the idea was to build the service and set it free. They will come, like my cute little service, and start paying for that once I ask for the money. Well we all know what happen to those services. We have to understand that this model does not work unless you are a very large company and the product/data you are selling out is not the core of your existance or does not bring any money to you. And that is why the products being opensourced by big company are products that have outlived their shelf life or are not making any money for the company.
That is why you need a syndication model in place. The content generators will sydicate the content and get paid for allowing other to get access to their data. The idea here is that, content/data can not be set free for a long time because creation of data takes time and money. Any model that sets the data "free" or uses free data to build services will be always in jeopardy. This is due to fact that such ideas look brilliant during the boom times or till you have not run out of VC's money and go down the drain as soon as the economy goes south.
This brings us to question why the almighty google and other service provides like msn and yahoo are providing data for free. Well we have to understand that, google is formost in the business of pattern recognition and not in content provider business. This pattern recognition business means that they need to lure the users using content to track and find general patterns which can help them build a system that can target ad and premium contents more precisely to the users. While other portals have to provide their premium content free since google is doing so or may be they are building the same structure behind the scene. So who knows when we will run out of free data!!

IBM Offers Best Practices to Open Source Foundation

Seems like nothing more than making the theory free so that the people are going to purchase tools to implement the theory. There are theories in Computer Science on software development which would help anybody but without appropriate tools for them, they are useless from development point of view. I am not saying that theory being given out is bad (since it has been "used" by 1/2 million developers) but just that theory without the tools is as good as concept of turing machine without the mordern computers.

Tuesday, October 11, 2005

Drools Project Joins JBoss

So finally the workflow engine, rules engine are coming together. I have been looking towards an integrated Workflow, rules engine and interface engine for easy product development for some time now. The SOA would need this interface engine for allowing users to interact with the SOA services. Where is this interface engine which is integrated with the workflow engine going to come from? Are XForms or any other web frameworks an answer to this?

Dan Farber on Web 2.0

The article, got me thinking on the way content creation works on TV. I am not a TV history buff and so I may be wrong. The TV medium started out with only the big networks having the know how and money to create the content. This content was broadcast to the viewers. But as the time passed and more people became adept in the content creation process, the idea of syndication was born which allowed content creation to be separate from broadcasting. I think it is this idea that is one of the reason keeping google off the content creation wagon
MSN and Yahoo may continue to be content providers of the future with content providers like people (like columnists) and company (like big studio) syndicating the content to them. The google will be a "public access channel" which would allow users to create contents and publish to the world that would like to see them along with target advertisement?

Experts give identity management advice

Points raised on
  1. Process and System Integration are challenges
  2. "Identity Management is viewed to be responsibility of employees in charge of physical security" This is totally against all my experience in financial industry where the identity management is typically part of the Risk Management group and that co-ordinates with physical and HR to develop and implement identity management solutions. But at the same time HR is the golden data source in most of the place.
  3. "Get the background check process right" which is typically performed by HR during on-boarding process.
  4. "One ID across the organization" mostly a dream every body wants but nobody has (but there are instances where organization have been able to achieve it atleast for employees though not for customers.
  5. "Biometric is the key to solve duplication" but biometric can not be converted into identifier. It is used as authentication data but not as identifier.

Deploying SSO and biometrics in the race to put ou…

Deploying SSO and biometrics in the race to put ou…
Problem Solved: SSO
Product Used: Imprivata OneSign (Reduced Sign On)
Plus points: Appliance, Profile builder, Integration with fingerprint authentication
Integration with Citrix in version 2.6 solved in 2.8
few minor issues
1) Missing finger (that was required by security policy) of one of the users.
2) Pressing finger too hard on device resulted in poor fingerprint profile making it useless for comparision.

Security: standards arent enough

Security: standards arent enough:
Basic point that Web service security is not going to solve the security problem. I think every body understands that, WSS will solve authentication and authorization. For rest of the things like
  1. Validate your input
  2. Set size limits on your incoming data
  3. Ensure the attachments do not have any "viruses", etc.
you will be on your own or purchase the XML firewalls. Another point being Security services must be centralized. Again a continuing trend which helps in consolidating the administration and security analysis.

You get what you pay for

I very much agree with the basic idea that just like in any other country the price to get a person to break law depends on the purchasing power parity and the salary of the person being bribed. In addition to that the strength of the law enforcement and tangible and non-tangible cost that the person may pay also helps in setting the price of the bribe.
If the price that a person has to pay is raised high enough, it is very much possible to increase the amount that would make a person amenable to breaking his/her contract. In order to ensure that the invoices keep coming, it is important for company and country (to which work is being outsourced) to develop perception that they have taken adequate measures to increase the price for breach of security.
Even though I am not a great supporter of the outsourcing business, I have worked with companies in India and some of the large financial institutions (which are supposed to be most secure)in US. I think I have more faith on the measures implemented by the Indian companies than their US counterparts. This could be because I may have worked with best companies in India and not so good companies outside that country. So, it would be lot better to evaluate the company that you are outsourcing to rather than go by FUD generated by some people.