According to Chris Fry, StAX JSR lead from BEA, reference implementation of StAX API previewed last November will be open sourced and made available at Codehaus shortly.

Quick update, I'm in the process of moving the RI to codehaus, should take a couple weeks to get all the wrinkles ironed out, then everyone can start fixing bugs 🙂 - from stax_builders mailing list

Good.  Thanks Chris.

Since today's theme turned out to be UI design, here is a general UI design tip that offers a nice bang for the buck: Think Inversely.  A good time to think inversely is when you have a question.  For example, instead of just asking what to show in the UI, ask what should not be shown.  Why?  Because each addition you make to the UI is a potention source of confusion and distraction for the user.

My response to Eric Raymond's rant on the poor quality of open source UI is: No Kidding, Sherlock.  It shouldn't surprise anyone that open source UI is crappy and I am surprised that it took Eric this long to notice the problem.  As to why, it's because:

• open source developers have little interest nor incentive to do it right.
• most software developers lack the knowledge and experience to design good UIs.
• UI design is hard and insanely tedious, even for the professionals.

Frankly, I don't think it is realistic to expect open source developers to build good UIs.  Instead, open source software should be designed to make it easier for others to change or replace the UI without understanding the code underneath.  Let a thousand UIs bloom and may the best one win.  In other words, leverage evolution in pursuit of good UIs.

Unrelated Post: Corporate Blogger's Dinner

Just got back from the BizTalk Server 2004 launch event at Microsoft's Mountain View campus.  From what I saw there, I think BizTalk product line has matured enough to be useful.  Tool-wise, BizTalk is at par with Collaxa now.  It's integration with Office and Visual Studio.NET was impressive.  Testimonial from the Virgin group should excite businesses enough to bite in substantial numbers.

BizTalk Server 2004 is more like a destroyer, moving ahead of the rest of Microsoft 2004 series of servers.  It will be interesting to see how BEA, IBM, Oracle, and Sun responds.  I think the value of Collaxa as a buyout candidate has just shot up.

I asked this question in response to proponents of HTTP PUT and DELETE verbs disputing the points made by Russell Beattie in his Hypocrisy: RDF and the Atom API post.

So exactly what do we get in return for doing all this? Using PUT/DELETE is designing for the future? All that does is replace four characters ('POST') at the head of a HTTP request with other characters ('PUT' or 'DELETE') which could have just as well been within the payload or headers.

What tangible rewards do we get for:

1. abandoning support for millions of J2ME cellphones already out there.

2. forcing us to wait until there are enough Atom-capable J2ME phones out there

3. require everyone to support both REST and SOAP?

What do we get in return?

A sensible question, I thought.  I was hoping that my question would help them see the issue more clearly.  No such luck.  Ken MacLeod answered on the atom-syntax mailing list:

Off the top of my head, we get:

* more software that uses standards-level features in ways they are
   supposed to be used

* bug reports against tools and libraries that aren't implementing
   standards

* network effect with other tools, libraries, applications and
   standards that already use these features in the same way

* raising people's awareness to the fact that an X/HTML editor
   "saving" its content via PUT, as _many_ do, is just as good as
   PUTting an Atom entry

* protocol compatibility (PUT/DELETE => FTP's STOR/DELE)

* an obvious pattern for application-specific extension

* API extensions with at least one less dimension of lock-in

As I suspected, I am fighting up-hill against gnomes on Mount Nevermind.  In case you are not a fan of Dragonlance, Mount Nevermind is:

A Great, Huge, Tall Mound Made of Several Different Strata of Rock of Which We Have Identified Granite, Obsidian, Quartz With Traces of Other Rock We Are Still Working On, That Has Its Own Internal Heating System Which We Are Studying In Order to Copy Some Day That Heats Up the Rock to Temperatures That Convert It Into Both Liquid and Gaseous States Which Occasionally Come to the Surface and Flow Down the Side of the Great, Huge Tall Mound…

Sorry, Ken.  I know you are a smart guy but I think you are being oblivious to common sense on this issue.

Wise fragger Tim Bray lobbed his wisdom into the fray:

In your list, I do not observe any entries that amount to "this will make it easier to implement" or "this will enable features that would not otherwise be possible." Thus you are missing the two most powerful engineering arguments are are facing an up-hill struggle. In fact, it is observable that insisting on PUT & DELETE in fact adds to the difficulty of implementation in some contexts; which seems fatal to me when the arguments in favor are so philosophical.

To which Sam Ruby replied:

Do the words of somebody who has actually implemented this count for anything?

http://www.imc.org/atom-syntax/mail-archive/msg01197.html

Ben Trott has implemented both too, would it help if he were to weigh in:

http://www.sixapart.com/log/2003/09/announcing_xmla.shtml"

Sam, words of implementors are good but Ben's experience is limited to the server-side.  Their words and words of others such as J2ME client developers should be used as weights on a balance and not as shields to protect wrong decisions with.  Besides, taking Ben's word of the issue is like using a yogi's word to design a bed.

BTW, I have just joined the atom-syntax mailing list.  It looks like a hot bed of activities.  Ken's post sparked off a long thread of discussion which you might want to follow.

Sorry about the goofy title.  I somehow got sidetracked this morning into tinkering with Java2D animation inside a SWT application and ended up reading the SMIL 2.0 spec.  Trail of thoughts from my Alternate News Reader UIs post stoked back into life along the way, this time focusing on scrolling.

Scrolling tend to interferes with reading because it is unnatural.  Scrolling amounts to keeping your eye focused on one spot of a book and moving the book around to read it.  As the book moves, your eyes defocus momentarily which is highly irritating.  If you haven't noticed it before, try it now.  Note that focus is maintained when eyes are moved instead.

What's really funny is that web browsers depend heavily on scrolling.  One way to remove or, at least, reduce amount of scrolling is to scroll in time instead of scrolling in space.  SMIL is, in effect, an XML standard for scrolling a document in time.  What does this mean for RSS?  How about playing RSS feeds on SMIL browsers by transforming RSS feeds into SMIL streams?

The traffic to my blog has doubled in the past two months.  While some of that is due to new readers and subscribers, good part of that traffic is due to blog crawlers.  With the smell of money in the air, I am afraid we'll be seeing an explosion of blog crawlers in the near future.

How long before only a tiny fraction of the traffic is actually read by a person?  How long before the blogosphere is swamped by convenience-driven waste and greed-driven abuse?

eBay just announced the addition of Account Guard feature to the eBay Toolbar. [via Payments News]  While the announcement doesn't go too much into detail, there are some interesting information in the Account Guard section of the Toolbar FAQ.

These are its features:

1. Site Indicator – Verified Site and Potential Spoof Site: Located prominently on the toolbar, this feature displays a distinct visual indication when you are on a verified eBay or PayPal Web site, and alerts you when you are on a potential spoof Web site. The Site Indicator turns GREEN if you are on a verified eBay or PayPal Web site; RED if you are on a potential spoof site; and GREY if you are visiting an unidentified Web site. Note: this will be the most frequent indication when you are not on eBay or PayPal.
2. eBay Password Protection: This feature warns you when you are entering your eBay password into a an unverified site even if it looks like eBay or PayPal site. The eBay Password Protection function will block the password from being submitted to the Web site – displaying an educational message about password protection – unless you affirm that you want to proceed in entering the password into the site.
3. Report a Spoof Site. If you suspect that you are on a fake eBay or PayPal site, eBay Toolbar enables you to report the site to eBay so that eBay can take action. As soon as the report has been verified – and we confirm that the site is fraudulent – all eBay Toolbar users will benefit from having the most current information automatically uploaded to their toolbar.

Site Indicator is an example of visual security which I like.  It's not safe from Visual Spoofing though since green light is just a bunch of green pixels.  Presence of eBay Toolbar is doesn't even have to be detectable from the server-side because all hackers care about are decent yields for their efforts.  More popular the toolbar is, more easily fooled.  Having both real and fake toolbar appearing at the same time won't be a problem because the hacker can easily distract sufficient number of users away from the real one.

eBay Password Protection is more interesting because it interrupts and warns the user with an alert dialog.  Following FAQ items provide more info:

How does eBay Toolbar detect spoof sites?

eBay Toolbar detects and verifies spoof sites through a combination of technology and reports from the eBay Community. With the tremendous volume of spoof reports, eBay Toolbar leverages the vigilance of our community to enable all eBay Toolbar users to protect themselves.

How does eBay Toolbar block my password from spoof sites?

Before a user submits a password into a Web site, Account Guard reviews the submission and scans for the user's eBay password. This is done instantly and locally (on the user's computer) and does not involve sending any information to eBay. If the Toolbar detects a password match, it displays a pop up indicating that the user is about to send an eBay password to a non-eBay verified site.

eBay Toolbar alerts me every time I enter my eBay password into a non-eBay site. Why is this happening?

eBay, like most other companies, strongly encourages its users to choose unique passwords for all of the accounts (both on and offline) that they hold. The pop-up message warns you when you are about to enter your eBay password into a non-eBay site. You can disable this warning either in the eBay Toolbar preferences page, or on a site-by-site basis.

So the eBay Toolbar knows what the user's eBay password is and prevents user from submitting the password to any site not on their list of verified sites which is presumeably downloaded from eBay and updated regularly.  It makes sense to discourage users from using their eBay password elsewhere, but it's bound to annoy quite a number of eBay users, many of whom will have to change their universal passwords used at many non-eBay sites.  If it's good for ya, it's usually bitter.

The feature I like the most is the easy spoof reporting although it could create a lot of mess to clean up if misreports flood in.  I hope eBay shares their experience with Account Guard.