JOURNAL OF DIGITAL INFORMATION MANAGEMENT V1.I3 SEPTEMBER 2003 ABSTRACTS. Bill Anderson points me to the abstract on "Handling Overflow in Integer Addition in Online Computations," by Eyas El-Qawasmeh at Jordon University of Science and Technology. I love the clean abstract and the simple proposal. Both C and Java are stuck with no way to catch integer overflows, and the approach of having a function that says whether the sum of two numbers overflows is very handy as a guard beyond the predictive avoidance of overflow by controlling input ranges. The articles do not seem to be online. Too bad.
Joel on Software - The Absolute Minimum Every Software Developer Absolutely, Positively Must Know About Unicode and Character Sets (No Excuses!). This is my kind of subject and I figure if Joel is writing on it, I will like it. So I blog now, then read. [I did love it. This is a great read, as usual, and I told the author so. It is important to get the message and not be derailed by some subtle nuance in the nomenclature of ISO encodings that Joel might have glossed. -- dh:2003-10-17]
Freedom to Tinker. Edward Felten's blog had early information on the silliness of the latest CD copy-protecting technique. Even more interesting is the original SunnComm response that the finding was no problem. Since then they are reported as filing suit against the student who exposed the copy-protecting technique as ineffective and hints that it is, of course, a violation of the DMCA. [And later, the suit was withdrawn. --dh:2003-10-17]
Computer MilieuConfessing that I don't have a good category for this. Well, it is about the impact of standards and of intellectual-property protection, so I suppose it is as much part of the overall milieu as is concern for outsourcing or social impacts of other kinds. Fair enough. Onward ...
Web Services StandardsI should probably not be using the term "standards" here, and be talking about industry specifications or something. It would be good to normalize (small smiley) the notion of standards and promulgation of standards, and maybe even expose the business models of standards promulgating entities. In terms of open-ness and other aspects, the IETF process is exemplary and it would be useful to remember that standards aren't standard until they are standard. Publication of a specification is not the same as something being a standard (unless one thinks of it in terms of "standard" as something to capture, like a flag).
OASIS and the current Web Services tumult
OASIS - Who We Are - Intellectual Property Rights. OASIS has no prohibition against creating specifications that require licenses to implement, so long as there is full disclosure of any known requirements as part of the creation of the specification. The charter of the WS-CAF activity goes beyond that. It will be useful to see how this plays out compared to the W3C position.
OASIS Framework for Web Services Implementation (FWSI) TC This OASIS FWSI activity is one that caught my attention as duplicative. The WS-CAF activity just announced seems to operate a bit differently. Although I wanted to know how FWSI relates to WS-I, which already has an actionable Base Profile 1.0a, I can also see this working to maintain vendor-neutral WS implementation methodologies that deal with more than interoperability. I remain concerned.
The WS-CAF work is based on proposals from June of this year, and the independent September announcement of the Microsoft-IBM solution to composable services clearly muddies the waters at that level. It is an odd tension, with potential IP licensing pitfalls and also the usual wrangle about views of platforms (basically the Java theme versus the .NET theme on what interoperability is, with IBM in this interesting straddle positions). Whatever the forces involved, I think I would prefer to find a way to stay on the outside, not take sides, and most of all not be in the picking a winning horse game.
One problem that I see has to do with the rapidity with which the honoring of these interoperability proposals becomes buried in software tools. The risk is that the tools will determine compliance and also limit progression to an agreed interoperable state. This is a little like doing alpha-testing in public by calling it SOAP 1.1 and then rushing to apply it. So we have these automatic legacies. I am mystified by how all of the players deal with this. Also, the creation of proprietary fixtures that are not accompanied of any account for how their conformance to any specification is accomplished and what exceptions and questions there are is troubling. At some point we need to be dealing with specified, confirmable behavior. I think that is why I favor the WS-I Base Profile and the related activities. I am anticipating major legacy and leveling issues with all of this material, and the rush to move to de facto outcomes and pick winners is not going to help, as far as I can see.
An example of how disconnected this is becoming, beside the wars for our hearts and minds by the different axes, is illustrated by SOAP 1.2. Even though SOAP 1.1 was a note that received standing as the starting point for a specification, the SOAP 1.2 specification has to deal with SOAP 1.1 as a legacy. Meanwhile, SOAP 1.2 has important differences. First, it is abstracted from HTTP and XML and there can be different encodings and protocol bindings. Secondly, the nomenclature and organization of messages has been cleaned up. Finally, the handling of Fault responses has been cleaned-up considerably. This is all fresh stuff, yet the only SOAP specification that has achieved the level of W3C Recommendation is SOAP 1.2. The WS-I leveled on SOAP 1.1 and I suspect that it will stay that way for some time. That's the tension. Anything that is done, at the moment, that isn't grounded on older specifications that have had some degree of adoption is speculative work, and at the same time using the earlier material amounts to surrender to the preliminary work done in a particular community and lacking widespread consensus (apart from all of us knowing the answer to "where does a 500-lb gorilla sit?").
This suggest to me that there is need for some neutral source of tools and some progressive way to preserve interoperability in the midst of evolving specifications and major disconnects around the interdependence of those specifications. It is a reflection of our times that RDF Syntax has achieved W3C Recommendation status but the RDF Semantics has never made it past Candidate Recommendation and is now at the Working Document level (but synchronized to a new RDF Syntax model). Likewise, SOAP 1.2 is a W3C Recommendation, the only one in the XML Protocol area, yet a reviewable XML Protocol requirements document has not moved beyond a year-old working draft. The undercurrents here are not visible to the public, so the rest shall remain a mystery.
In looking at activities like these, I am often led to question how I conduct myself, especially with regard to support for interoperability and the level of competeness of some of my pet projects (i.e., ODMA Support, DMware, and The Miser Project). As a sole operator, I notice that I take myself off the hook. There is something for me to be responsible for here, in terms of my level of contribution. I know basically that whatever I do I want to do it completely transparently. There is more to establish to have there be integrity in my contribution.
OASIS Web Services Composite Application Framework (WS-CAF) TC. This is the charter for OASIS WS-CAF, kicking off at the end of this month. The starter proposals are from the Sun-Oracle axis. The coverage on composable services seems to fit the space of recent Microsoft-IBM announcements. Whatever the complications of this kind of duplicative activity, there is a promise, here, to maintain interoperability. There is also a strong requirement for unencumbered technology, with regard to intellectual property and to have royalty-free, perpetual, non-discriminatory licenses for anything for which an exclusive IP right is held. The commitment is to not promulgate any specification that could not be implemented without an infringement.
OASIS Members Collaborate on Composite Application Framework for Web Services This announcement on CBDi seems to point out, to me, that OASIS initiatives are somehow leading to uncoordinated action where coordination is required. It seems these are counterploys to the WS-I and to the September announcements by Microsoft and IBM of the development of the Web Services stack up through secure transactioning. As an observer, it is difficult to see the merits of these separate initiatives, and it is also unclear what the jockeying is all about. I have some concern it is all around intellectual property.
MiscellanyALA | Principles and Strategies for the Reform of Scholarly Communication. The URL is so hairy that I have to blog this to overcome the tendency of mailnotes to chop it into 3 pieces. The article is about reforming scholarly communication to deal with a crisis. It is said what the crisis is thought to be. I will need to satisfy myself about that.
Grid computing made simple - The Industrial Physicist. A nicely-comprehensive survey with useful links, including the prospect for Grid computing being usable at the low end. This is something I wonder about for Miser, though I am more concerned about trusting remote objects, not deploying them. Still, this could be a powerful application area once some discovery capability is available.
FT.com | Working out what IT all means. Linked by ACM Technet, this David Bowen article looks at what the Oxford Internet Institute (OII) is taking on as part of Wiliam Dutton's stewardship. There are some great anecdotes about examination of the social impacts of technology and the internet specifically. The Financial Times tends to require registration, so I don't know how accessible this article will remain.
Stephen's Web ~ Knowledge ~ Learning ~ Community. Stephen Downes has another article in ACM Ubiquity. This one is about treating knowledge as an artifact, something I am not that comfortable with. So it would be useful to look more closely and also find a place to discuss some of this. And I see that there is much more material and organization here than I remember from my last visit.
Transitioning from the Microsoft Java Virtual Machine. Here's the Microsoft posting on the extension of MSJVM support along with provision of migration support.
Sun, Microsoft Reach Java Deal. This announces continuation of maintenance on the Microsoft JVM so that customers have more time to convert to the Sun JVM. I think we discussed this tangent in our Web Applications course, and it will be interesting to see how this impacts people who do things like on-line banking that work with the MS JVM and not with currently-supported Sun ones. (Recall that the MS JVM and libraries were frozen at pre-Java 2 levels, and I would think this has to be part of it. Support for COM objects is probably an even bigger part.)
Software Reality. I had caught the discussion on becoming software fashion victims without connecting the dots to earlier material on XP and software lifecycle processes. Well, it is all part of Software Reality. There may be some confusion of satire with polemic, but what the heck. This is a good starting point for materials on a variety of methodology questions and technology issues too.
eXtreme Programming: Pros and Cons - What Questions Remain?. This was a fascinating experiment by the IEEE Computer Society in creating a discussion about XP. The project ended in 2000, but it is an interesting compilation of views and appraisals, including the one by Watts Humphrey already blogged. The commentaries are fascinating.
Watts Humphrey Comments on Extreme Programming. This is an interesting appraisal of XP by Watts Humphrey on what he observes as the sweet spot and the difficulties of XP. And the practices are for the most part considered useful ways to establish a disciplined result. The absence of design and use of code as the design and documentation are found not to have much survival value. Something else to look at concerning light-weight software engineering.
Extreme Programming (XP) - An Alternative View. This is the source of XP Refactored (XPR). Maybe it is satire, maybe it is a great dose of relief and some way to scale and deploy XP to a variety of situations. I'm not sure but here's the link for use when I am ready to take a more careful look.
Scrum Development Process. I am not quite sure what is going on here! There is now some debunking of XP, wrapping of XP, and refactoring of XP. I think it will matter. I am not sure how to account for it in light-weight software engineering.
Security Reading Group, Winter 2003. This is a reading group at the University of Washington. There is a mailing list and also some scheduled activities starting at the end of January. The schedule ends in March, and I won't be studying security until Summer 2004, but this looks like a valuable set of resources. [OOPS! I am off a year. Winter 2003 has already happened, of course. --dh:2003-10-17]
Simson's Weblog. A Simson Garfinkel Blog. I found two great links here. I will also bookmark this blog.
The myths of Section 508 accessibility. This is an useful article from IBM DeveloperWorks on accessibility of web sites. There is great balance and useful links here. I hadn't thought about how this might apply to my Miser-Frugal work, so there is something to be concerned about for me there. I should certainly consider it for my on-line books. And for Java documentation and related tutorial and usage materials.
O'Reilly Network: Simson Garfinkel [Mar. 03, 2003]. Simson Garfinkel gets around and I wanted to know more. This author page provides some important resources for examination as part of work on trustworthy computing and trust relationships. I must let my associate Bill Anderson know about some of these goodies. And I must deepen this exploration when I look at Security Engineering in the summer of 2004.
SD Times: SPECIAL REPORT - Rethinking Software Testing. This is a valuable overview of the current state. The movement to reducing complexity seems important, is is the notion that unit testing and early testing must be put back into the equation. Something to look at in terms of software-engineering methodology issues.
Ruling over unruly programs. - CSO Magazine - September 2003. This article, by Simson Garfinkel, already blogged today, is about the computation-theoretic barriers to reliable virus detection and prevention of trojan horses. I think the ability to operate a program in a sandbox is overlooked, and his discussion of the barriers to technically-confirmable trustworthiness is very important.
Pushing Peer-to-Peer. This is a very interesting article on the change in perspective that may be necessary to secure the full potential of peer-to-peer operations. There are new kinds of risks as well, and these need to be considered. This is an important trust issue for Miser.
The Jakarta Site - The Jakarta Project -- Java Related Products. Jakarta is the cover project for all open-source Java work under Apache. It has a variety of nice elements, and I will look at it as a resource. This is probably the closest I want to get to J2EE. I haven't gotten my head around situating enterprise architectures yet, and that may lead me to revise this provisional boundary on my attention to Java.
The Apache Struts Web Application Framework. This is proposed to be a paragon of the Model-View-Controller pattern.&nbps; I am not so clear about that or what this accomplishes. I said I wasn't interested in the EE side of things, but I think I must deal with JSP and also the overlap with XML, XSL, etc. And, of course, security approaches. So I do need to step out her. I got here from a link on software hype and becomeing a software fashion victim (SFV), something I think may happen with RDF because of over-selling. So, another good marker for future review.
TheServerSide.com J2EE Community - News, Patterns, Reviews, Discussions, Articles, Books.. A resource site for server-side Java. My tendency is to want to stay on the SE level, not EE, but it is useful to know this resource is here.
Weblogs Forum - Directories are not Java source file package names. This is an interesting discussion on the package name problem and how packages are mapped to directories, how classpaths are searched, and so on. I think the Java specification is being misinterpreted.  It seems to me that the optionality is not to the developer but to the JVM on a given platform. That's quite different. There are some class-path experiments I wanted to run so I could see how Jars and ZIps fit into the structure, too. So here'a a place-holder for that thought.
Javalobby. A nice resource on things Java. Some good links and topics, including deployment, configuration management, and other aspects of Java as a software-engineering instrument.
Forums - precisefloating 0.1. Here's some material that I should digest for work on Java Inside-Out because I want to provide a serious look at arithmetic in Java and how that works or doesn't in different computing situations. This site is also interesting and I need to remember it.