Month: June 2003

Inside Laszlo

I spent a few hours last night playing with Laszlo and liked what I saw.  Laszlo address many Flash shortcomings, allowing programmers to use Flash as front-end for web-based enterprise software without dealing with all the mess that has piled on top of Flash all these years.  Having spent a lot of time on a similar idea, I know that what they have accomplished is an impressive feat.  Frankly, I don't think I could have designed it any better.

Laszlo pulls together many open source Java packages such as:

  • Axis – for web services
  • Batik – for SVG support
  • FOP – for XSL-FO support
  • JDOM – for simplified DOM manipulation
  • JGenerator – for SWF generation
  • Jing – for RELAX NG validation
  • JXPath – for XPath support used to select dataset nodes
  • Jython – don't know what for yet (it's Python on Java)
  • OpenOffice – probably for OpenOffice file format support
  • Xerces/Xalan – for XML parsing, DOM, and XSLT
  • XPP3 – an implementation of XmlPull API

Laszlo can be most readily integrated with J2EE applications because it is entirely Java-based and LZX, Laszlo's XML-based Flash UI description format, can be generated easily with JSP.  Following diagram shows how this works:

Hello.html is just a static page that embeds a movie returned by Hello.jsp.  Browser loads Hello.html which causes the Flash plugin to fetch a movie from Hello.jsp.  Hello.jsp emits LZX, instead of HTML, which is used by Laszlo to generate and return SWF.  With minimal efforts, other control flow can be used and processes can be added (i.e. XSLT) as long as LZX is fed into Laszlo in the end.  Neat.

There are, however, some issues with Laszlo that affect developerment and user experiences.

First, LZX to SWT conversion takes a while, much longer than JSP compilation.  Add up everything and you got enough delay to affect development experience.

Second, a Laszlo-based webpage is slower to load than DHTML-based webpages.  This is understandable because a Laszlo-based webpage can handles a lot more interactions with the user before having to reach out to the server than a DHTML-based webpage.  Still, the delay is noticeable enough to affect user experience.

Third, browser integration problems with full Flash-based webpages are still there.  For example, pressing the Browser's Back button will not work properly.  There are other similar issues that must be addressed soon.

There is much I like about Laszlo, particularly the power of LZX.  LZX's extensibility is impressive.  I need to spend a few more hours later to look deeper under the hood, but what I like about Laszlo are these:

  1. Harmonized with Java-based web applications – you write your backend in Java and drive Laszlo using LZX tags from JSP.  This allows you to leverage your existing investment in Java.
  2. Smart use of Flash – you still need Flash to generate graphics and animation resources used by LZX tags.  This means Flash developers in your team can focus on what they know best.
  3. Good People – I am impressed by the talents behind Laszlo.

[Sorry about the shitty diagram.  I could have used Visio, but I also needed more lazy learning time with GraphViz.  Since I still don't know enough about dot to generate good looking diagrams, result is what you see above.]

Java.net Weblogs

Weblogs are important part of Java.net although one needs to stroll around a bit to find them.  I usually go here to find new articles.  Here are two articles worthy of mention this week:

In Whats up with the JavaSound team?, Jonathan Simon discovers that entire JavaSound team split a while back and now there is just one hardworking guy wearing many hats.

This is ridiculous on a number of levels! How does Sun expect to put out a decent product with a single guy responsible for all of JavaSound? Also, the code was poorly designed to begin with, and Florian can't even really change it! So whats left is a really buggy, poorly designed library that is on every Java enabled PC!

Michael Champion, an old compadre from XML-DEV, answers the question "When does SOAP add value over simple HTTP+XML?" and concludes with:

It's just as "wrong" to blindly reject SOAP as to blindly accept. it.

<

p dir=”ltr”>Right on, Michael.

Axis 1.1

Axis 1.1 is here.  Although the news has spread widely, packages might be hard to locate, thanks to Apache XML subgroup's tendency to lazily update their webpages (same comment applies to Jakarta subgroup).  You can find the Axis 1.1 packages here.

Sunday Quotes

It is 26 minutes past Sunday.  I had no worthy insults for you, but I thought you might enjoy some quotes by yours truely:

Feeling secure is as important as being secure.

often an overlooked aspect of security business.  One can learn a lot from magicians and old ladies.

If you can't see the elephant, try taking your head out of its ass.  While it is warm and cozy inside, air is fresher outside.

thoughts on being blind to the obvious.  Thinking outside the box and what a box it is.

Ambient Security

Writing about ambient devices and reading about Gartner Group's recommendation against investing in intrusion detection systems (IDS), I thought this might be a good time to talk about ambient security: protection that weaves into your daily life without being obtrusive.

Most of today's authentication technologies works like locked doors and intrusion detection systems works like security guards laying traps, walking rounds, and examining logs.  To enter a door, you open it with a key.  Problem with this approach is that you have no idea who might have entered the door other than you.  Likewise, security guareds have to guess whether someone who entered is an intruder or not.  You and the security guards, one clueles and the other balancing between false alarms and security with guessworks, all because information is not shared between the two.

While I was working at Arcot Systems, I came up with novel ways (read patent-pending) to solve these problems in both the real world and online.  The core idea is to give users ambient information (aka full-court awareness) necessary to actively participate in intrusion detection.

One application is to ambiently display login time and duration over past seven days during entry or while inside the protected area.  The user can usually remember last seven days of activities so they can notice and flag suspicious activities.

Another application, this time in the real world, is to print recent creditcard purchase activities visually on creditcard receipts so I can ask my wife as I sign the restaurant bill, "Honeybunny, did you go somewhere far and buy something expensive yesterday?"

People talk about abundance of processing power at the edge, but very few realize that there are even greater processing powers beyond the edge: humans.  Tapping that potential is not easy, requiring skills beyond cryptography or user interface designs, but potential ROI is huge in all aspects including user confidence.

Update: In light of ideas I presented here, Gartner's recommendation against IDS in favor of better firewalls seems pretty silly.  I wonder how long Gartner will wait before advising against firewalls in favor of something else?  Firewalls are like the guard at the gate and IDS is like the sitting in a room full of monitors.  Both are working with limited information which leave a lot of room for infiltration.

For better security, everything and everyone involved must work together as a team.  If you expect to get better security simply by getting an expensive box and flipping a switch, you got a big problem no matter where you place the box.

Update on Googling WebCore source code

It has been over a week since my rant on Google's inability to rank objects over subjects using WebCore source code as an example.  Some folks suggested that I should have used "WebCore source code" instead of just "WebCore" to search.

As of 6:37pm Father's Day 2003, searching for "WebCore source code" on Google returns the target link as 8th result.  But here are the interesting parts:

  • Microdoc's response to my rant is the 2nd result.
  • My rant itself is the 9th result.

What is the chance of the target link being bumped off the first page after a couple more blog exchanges between me and Microdocs?  If a few more superlinked blog gets into the discussion, how long before the target link is bumped off the second page?  Was I searching for WebCore source code or discussions about Google PageRank problems?

UPDATE: After writing this post, I searched again.  This time, Microdocs's response to my rant is the 1st and target link was the 4th.  Interesting.

Update: Direct link to WebCore Source Code to make it first as Már Örlygsson suggested.

Ambient Devices

Via Alison Lewis and Howard Rheingold comes news of an intriguing device called Ambient Orb.

It is a wireless device that "slowly transitions between thousands of colors to show changes in the weather, the health of your stock portfolio, or if your boss or friend is on instant messenger."

Awesome.  It uses some unspecified nation-wide wireless network to receive information so all you need to do is plug it in and enjoy the ambient display.  Good idea.  I wonder how programmable it is.  I had ideas about ambient information appliances before but without the wireless part.

One problem is that when there are many of them or used in public areas, people will have difficulty figuring out what information the colors represent.  It should have a colored knob or base that shows which 'information channel' the orb is displaying.  To change the channel, just twist the knob/base.

Freaking out in Fatherly Ways

Sean, my 9 year old , asked me what I would like to have for breakfast tommorrow.  When I asked why, he informed me that tommorrow is Father's Day.  Oh.  So I thought about breakfast food that would least imperil our kitchen and my son: an egg, sunnyside up.  Now that is settled, I am going to be mildly concerned from now til breakfast tommorrow.

When he was five or so, he got up early one morning and decided to make himself breakfast using the microwave.  He mistakenly entered an extra zero into the microwave panel and his intended food was literally vaporized into toxic fumes that stunk up every corners of the house.  He said he wanted to warmup his food but the plate was empty when he opened the microwave.  Oy!

Never buy a kid toy microwave.  It will just give him enough false confidence to stink up the entire house for a month with a real one later.  I am just glad it happened in the Summer.  Anyway, now you know why I am concerned about tommorrow's breakfast.  I think I am going to go to sleep really late so my wife would be there to help him prepare breakfast.

Update: I just had my breakfast.  Although the breakfast was forced upon me after only four hours of sleep, my son and our kitchen came through just fine.  No comments on the breakfast itself.

Laszlo

On Marc Canter's recommendation, I am playing with Laszlo today.  It's basically a Flash-based application server/development tool using LZX, an XML-based language, to describe to the application.  It's somewhat like server-side XUL with ActionScript embedding.  A Java-based servlet eats LZX and spits out SWF.  Obviously, Laszlo has to do a lot of smart fine-grained caching for performance. 

Although I had a bit of trouble during installation (Radio was using port 8080 unnecessarily and one part of startup configuration was hardwired to default installation location), but it is running now and looks great (except for that UI feedback delay in Flash-based UIs reminiscent of videotext UIs).  Cool.  I like it so far.  I'll tinker with it over this weekend and report back.

Thanks, Marc.  BTW, you are absolutely right about that damned Timeline.  Macromedia executives need brain transplants IMHO if they think a thick coat of makeup and a new product positioning statement will work.  Nothing short of deep soul searching, bareassed understanding of developers' needs, and willingness to invest time and resources long overdue will work.

As to Macromedia stealing Laszlo's idea, I don't think there is anything wrong with recognizing a good thing and embracing the ideas behind it.  Besides, I had a similar idea a while back.  What I don't understand is why Macromedia didn't buy Laszlo.  Laszlo obviously has good people with good heads and the ability to execute.  Why bother mimicking when you can get the original and extend it?