Axis 1.1 is here. Although the news has spread widely, packages might be hard to locate, thanks to Apache XML subgroup's tendency to lazily update their webpages (same comment applies to Jakarta subgroup). You can find the Axis 1.1 packages here.
Category: Technical
Ambient Security
Writing about ambient devices and reading about Gartner Group's recommendation against investing in intrusion detection systems (IDS), I thought this might be a good time to talk about ambient security: protection that weaves into your daily life without being obtrusive.
Most of today's authentication technologies works like locked doors and intrusion detection systems works like security guards laying traps, walking rounds, and examining logs. To enter a door, you open it with a key. Problem with this approach is that you have no idea who might have entered the door other than you. Likewise, security guareds have to guess whether someone who entered is an intruder or not. You and the security guards, one clueles and the other balancing between false alarms and security with guessworks, all because information is not shared between the two.
While I was working at Arcot Systems, I came up with novel ways (read patent-pending) to solve these problems in both the real world and online. The core idea is to give users ambient information (aka full-court awareness) necessary to actively participate in intrusion detection.
One application is to ambiently display login time and duration over past seven days during entry or while inside the protected area. The user can usually remember last seven days of activities so they can notice and flag suspicious activities.
Another application, this time in the real world, is to print recent creditcard purchase activities visually on creditcard receipts so I can ask my wife as I sign the restaurant bill, "Honeybunny, did you go somewhere far and buy something expensive yesterday?"
People talk about abundance of processing power at the edge, but very few realize that there are even greater processing powers beyond the edge: humans. Tapping that potential is not easy, requiring skills beyond cryptography or user interface designs, but potential ROI is huge in all aspects including user confidence.
Update: In light of ideas I presented here, Gartner's recommendation against IDS in favor of better firewalls seems pretty silly. I wonder how long Gartner will wait before advising against firewalls in favor of something else? Firewalls are like the guard at the gate and IDS is like the sitting in a room full of monitors. Both are working with limited information which leave a lot of room for infiltration.
For better security, everything and everyone involved must work together as a team. If you expect to get better security simply by getting an expensive box and flipping a switch, you got a big problem no matter where you place the box.
Laszlo
On Marc Canter's recommendation, I am playing with Laszlo today. It's basically a Flash-based application server/development tool using LZX, an XML-based language, to describe to the application. It's somewhat like server-side XUL with ActionScript embedding. A Java-based servlet eats LZX and spits out SWF. Obviously, Laszlo has to do a lot of smart fine-grained caching for performance.
Although I had a bit of trouble during installation (Radio was using port 8080 unnecessarily and one part of startup configuration was hardwired to default installation location), but it is running now and looks great (except for that UI feedback delay in Flash-based UIs reminiscent of videotext UIs). Cool. I like it so far. I'll tinker with it over this weekend and report back.
Thanks, Marc. BTW, you are absolutely right about that damned Timeline. Macromedia executives need brain transplants IMHO if they think a thick coat of makeup and a new product positioning statement will work. Nothing short of deep soul searching, bareassed understanding of developers' needs, and willingness to invest time and resources long overdue will work.
As to Macromedia stealing Laszlo's idea, I don't think there is anything wrong with recognizing a good thing and embracing the ideas behind it. Besides, I had a similar idea a while back. What I don't understand is why Macromedia didn't buy Laszlo. Laszlo obviously has good people with good heads and the ability to execute. Why bother mimicking when you can get the original and extend it?
Flashing XML
I have been playing with Flash and XML last night, hoping to show today something fun for people to play. It's taking longer than I originally estimated. I must say, Flash MX is one confusing IDE. UI design is fast becoming a lost artform these days.
Watch java.net
Sun is doing something big with java.net. If Sun is a hornet's nest, they have peeled back much of the skin around the nest with java.net, exposing a wild variety of interesting activities that invite the Java developer community at large to join them through a mixture of weblogs, wiki, directories, repositories, and pseudo-magazines.
End result is, well, confusing. But, it is an enjoyable kind of confusion, not unlike being dropped into a new city being built. If it was a city, I would say the city center is the Java Today page. Drop in and check it out. Unless I misread between the lines, I think there is a new bold attitude at work here.
Blond Bombshell on Java Desktop
Sun is making a new Java Desktop push. Check out the jgoodies (sorry) at JavaDesktop, a java.net community. JGoodies, ready-to-go Swing library for crisp look and feel that rivals SWT, is being open sourced at the site. JNDC, Java Desktop Network Components, is a XUL-like mechanism. Read Amy Fowler's whitepaper on JNDC which was good enough to excited Gerald Bauer, the main guy behind Luxor-XUL project. He wrote in an e-mail to XML-DEV:
"Amy Fowler (a blond bombshell working for Sun if I dare to say (*)) wrote a whitepaper titled "Java Desktop Network Components (JDNC): Boosting Interactivity and Productivity at the Same Time" for the new javadesktop.org site (part of the new java.net Sun Community initiative)."
Amy is indeed cute enough for even me to "XUL-over" and her paper is recommended if you are into Java, XML, or UI.
Mozila DesignMode
According to this paper, Mozilla 1.3 implements IE's DesignMode feature. This sounds great except there are enough differences to give web developers headaches. It's a typical boneheaded design decision I have seen Netscape/Mozilla make so often. If they were serious about beating Microsoft at their own game, they should first adopt the "embrace and extend" strategy.
Struts 1.1 RC2
Taking the last step toward the final release, Jakarta Struts team released Struts 1.1 RC2. Links at Jakarta sites are currently mixed up, so go here for the binary and the source. According to the release plan, next release will be final. As to when the final version will be released, the plan only say imminent. I think their definition of the word imminent is likely to be different from the Eclipse team.
Java News
Hibernate 2.0 final version is out. Download at SourceForge. 2.0 adds "powerful new query language features, JCA support, and much more." I played around with 1.0 versions and it was pretty simple to use. I wouldn't recommend it for enterprise applications, but it has proved it's worth in small projects. Roller, a java-based blog server, switched to Hibernate and improved performance significantly.
Java Web Services Developer Pack 1.2 is out. WSDP is basically a web services platform for Java developers, meaning no production use. While it has latest versions of production-quality XML packages, significant number of packages are Early Access versions. For example, it comes with Alpha version of Tomcat version 5. Expect some blood in your hands if you want to play. As for me, I have butcher's hands when it comes to technologies.
Return to YAML
Years ago, I co-founded a subgroup of XML-DEV, called SML-DEV, along with a substantial number of XML experts to work on simplifying XML and XML-based specs. SML-DEV group is inactive now, but while it was active, some members of SML-DEV started working on YAML (YAML Ain't Markup Language) and eventually formed an independent group, led by Clark Evans of Axista, to concentrate on YAML.
The YAML has now come a long way and now they have a score of implementations along with a mature spec. I recommend you to check it out.
Simon St. Laurent writes in YAML Ain't Markup Language:
Long ago, YAML was "Yet Another Markup Language", part of the activity which emerged from the SML-DEV mailing list's work on XML simplification. They've changed the name and sharpened the focus on serialization, wisely severing their ties to markup practice per se, which covers a much broader set of issues.
Don Park's Weekly Habit 