Quantcast
Channel: Planet Apache
Viewing all 9364 articles
Browse latest View live

David N. Welton: Geek Dad: "Skywalker Story"

0
0

I don't usually talk about personal stuff here, but I'll make an exception:

I got tired of telling our two year old daughter the same old stories about children lost in forests, bears, witches, evil stepmothers and so on, so I turned to some other material I know fairly well.  I started recounting simplified bits and pieces of the first Star Wars movie over the course of a week.  She thought it was great fun, what with wookies and robots and a princess and lots of adventures, and now, every evening, asks for "Skywalker story!".   I'm quite proud, although my wife rolls her eyes a bit.


Edward J. Yoon: 타블로, 인터넷 익명성/비대면성, 사이버 폭력

0
0


요즘 타블로가 한국 네티즌들의 hot issue.

그런데 문제는 "스릴 넘치는 "타블로의 학력논란", 그 음모의 진상과 미스테리를 파헤쳐라!?" 와 같은 식의, 일종의 "탐정 놀이" 수준으로 변질되어 온가족을 향한 무차별 사이버폭력이 난무하는 상황.

네티즌들이 협동적으로 한편의 "추리스릴러" 소설을 써내려가며 한사람과 그의 가족들을 난도질하고 있고 그것이 범죄인지를 전혀 모르는듯 하다. 여전히 "법적대응" 에 대한 타블로 안티카페의 반응은 한마디로 "흥미진진". (-_-;;)

전세계 world wide web 대백과사전 wikipedia 는 물론, stanford daily 뉴스에도 이슈화되고있는 이 마당에.. 그의 학위취득 여부에 대해 과연 더이상 의심할 여지가 있는지 나는 잘 모르겠다.

Ortwin Glück: [Code] Gentoo: hal broken after glib upgrade?

0
0
If hald seems not to properly startup after a glib upgrade, make sure to re-emerge dbus-glib. See forum.

Sam Ruby: Syndicating SVG

0
0

Eric Seidel: One of the cool new features of the HTML5 parsing algorithm is the ability to embed SVG and MathML directly in HTML pages. To embed SVG, you simply add an <svg> tag to your HTML page and you can use the full power of SVG.

Unfortunately, his example was sanitized by Venus.  FixedTest.

Nick Kew: Untainting in Apache HTTPD

0
0

Back in the early days of the web, before there was ever an Apache web server, the first widely-used language for web applications was Perl.  And the Perl community took a lead in raising awareness of security issues and promoting Good Practice, notably with their treatment of tainted data and untainting.

Not everyone has followed Perl’s lead.  Applications in, for example, PHP or C, must either re-invent the security of Perl’s untainting or do without.  Or they can delegate it to mod_security, at the expense of introducing a big third-party module and quite a lot more complexity.

So, what if you could do it within Apache itself?  Well, of course, you can, up to a point.  For example, to untaint your application’s cookie:

RewriteEngine On
RewriteCond %{HTTP_COOKIE} !cookie-match-pattern
RewriteRule .* - [E=MyCookie:substitution-string]
RequestHeader set Cookie %{MyCookie}e
.

Phew!  What a hideous hack!  Actually it’s untested: I don’t even know if it’ll work, but you get the point.  Complexity is the enemy of security, and this is already horribly complex before we even start to wrestle with the match pattern and substitution.

In fact it’s worse than that.  A client can send multiple Cookie headers (or any other header).  An attacker could do that to circumvent our protection: in outline, send a ‘good’ cookie to get through our rule, together with a malicious one to attack the application.  Oops!  Well, the directives we just used weren’t designed for security: we should’ve used mod_security instead!

Providing a small, simple untainting capability has long been on my wishlist, and now at last I’ve got around to writing a first draft mod_taint, simplifying the above to:

Untaint HTTP_COOKIE cookie-match-pattern substitution-string
.

with the added bonus of folding any multiple headers into a single line, to close off the multiple-header attack we identified.  In addition to request headers, it can check all aspects of the request line, including form data (though it cannot yet parse it).

The idea is that a simple and effective untainting directive could encourage the levels of usage seen in Perl/CGI, when the community rallied behind the idea of taint-checking every web-facing script.

Actually the mod_taint default is a little different: instead of fixing an unacceptable input, it will check that the request matches an acceptable pattern, and reject the request with HTTP error status 400 (Bad Request) if it encounters an unacceptable request field.  A server admin may also set an alternative error status.

Untaint RequestField match-pattern [error-status]
.

There are of course also things mod_taint won’t do.  It won’t do anything with POST data, nor will it alert you to intrusion attempts (beyond logging them).  That’s where you definitely want mod_security!

Question: do people think this feature should be in the core distribution?  Should I drop it in to trunk, so it’ll be standard in Apache HTTPD 2.4?


Bryan Pendleton: May 6th Flash Crash is still not well understood

0
0
Today is the 3 month anniversary of the "Flash Crash", the peculiar trading behavior that occurred during the afternoon of May 6th, wildly disrupting the markets and resulting in thousands of cancelled trades.

Today, the Wall Street Journal has a fascinating, long, and detailed article about what is known, and what still isn't known, about the Flash Crash. If you aren't a subscriber, you may be able to get to the article by searching for it via Google, since something about the redirect-via-Google-search triggers the WSJ to allow you to read the full article rather than stopping at the paywall.

Some of the details in the article were quite new to me, for example:

At one point, Apple traded for nearly $100,000 a share on Arca, according to NYSE officials, after a buy order for 5,000 shares entered the market and only 4,105 shares were available. When Arca's computers saw that no more shares were available to sell, the system automatically assigned a default price of $99,999 to the remaining 895 shares. Those trades later were cancelled.

A default price of one hundred thousand dollars per share? That's ridiculous, and is just as ridiculous as the one penny per share "stub quotes" that also occurred during the crash.

According to the WSJ, the investigation continues, and "the SEC and Commodities Futures Trading Commission expect to issue a final report on the flash crash within a few months." So hopefully we will soon know more about the details and can study them and discuss what they mean.

In the meantime, the WSJ article has some fascinating tidbits about the interactions between humans and their computers during the crash:

Rumors swirled about of an erroneous "fat-finger" order by a trader at Citigroup Inc.—that the trader mistakenly entered extra zeros, turning millions into billions. Citigroup and regulators later said such an errant trade did not appear to have taken place.

But the rumor helped stabilize the market. If the massive decline was the result of a mistake and not some terrible news, that meant there were bargains to be had.


I'm intrigued by the notion of the rumor stabilizing the market. It is very interesting to reflect on what that tells us about how we reason about our computers, and our algorithms, and our observations of systematic behavior.

The WSJ also confirms what others said about the disturbing behavior of so-called "stop-loss" orders during the Flash Crash:

Some of the biggest ETF traders are firms that try to profit from discrepancies between prices of ETFs and the stocks that they track. But as questions mounted about pricing of individual stocks, these firms pulled back from trading. This hurt small investors who had placed "stop-loss orders," aimed at protecting against big losses by automatically selling once prices fell below a certain level. Those orders hit the market when there were virtually no buyers to be found.

Unfortunately, as the article notes,

Exchanges are unlikely to be able to prevent high-frequency trading firms or statistical-arbitrage firms from bailing out of the market en masse.


So it's still quite confusing about exactly what went wrong, and what should be done to improve the market behaviors, other than continuing to educate the public about how modern markets operate, and requiring consumer-facing financial firms to provide appropriate tools, and appropriate training, for the individual consumers who are trying to participate in the market themselves (e.g., me, with my Rollover IRA).


Also, if you're still listening, the gang over at Nanex are continuing to explore visualizations of some of the algorithmic trading behaviors that they observed during the Flash Crash. I'm not quite sure what to make of this, but the displays are quite intriguing to scroll through. They also maintain a short links page with some further reading.

Danny Angus: I've been Scammed! (not really... but he tried his best)

0
0
Be safe.. the following describes an attempt to scam me into giving someone remote access to my PC, I was in a playful mood so I strung him along, don't you do that same thing unless you *know* what you're doing. And above all never let anyone remotely access your pc unless you're 100% sure that you ant them to.

I just got a call from a company calling themselves "virtual pc doctor".
He said that I was being called because I was a microsoft registered user.

The guy got me to log into my pc.

Then we clicked the start button and he got me to tell him if it said "computer" or "my computer".

Then we looked at the event viewer, he told me that the errors and warnings were some kind of dire "online infections" that can't be detected by anti-virus.

Woo, scary techno-shit, I thought (not!)

Then he asked me to open www.logmein123.com.

I didn't. I googled it instead.

He told me that a technician would log in, and cure these infections and install a "gateway" which would prevent further infections.

At this point I challenged him about the "online infections" and told him that I didn't think "dhcp client cannot obtain address" was very serious at all.

He said that if I thought that then that was my choice, but my computer could be irreperable damaged.

"oh!" I said, "how?"

"by corrupting the harddrive and the operating system" said he,

"OH!" I said, "Thats, bad. But what kind of software is capable of damanging the hardware? I can just re-install windows can't I?"

"No, because this is new, in the past few weeks, thats why we are giving you the call"

So I asked him where his company was located, and when he said the UK I asked him for registration details.

He Rang Off.

I reported the scam to trading standards.

If he calls you, hang up and report it yourself. Be safe!

Bryan Pendleton: Bug-fixing and broken windows

0
0
People often ask me why I get so passionate about fixing bugs, and why, in particular, I routinely take the time to fix "minor", "unimportant", or "harmless" bugs. Sometimes the discussions get somewhat heated, since many programmers, quite justifiably, are very concerned about the risk of bug fixing, and about how to manage that risk effectively. Each bug fix introduces volatility into the code base, and there is no denying that what appear to be simple bug fixes can often be more complicated than they appear, and may break other behaviors unexpectedly, or have unintended side effects. And the volatility itself can be frustrating, because when you are working in a team environment volatility of the code has an expense in and of itself.

But I'm a very strong believer in fixing all bugs, even minor bugs, if at all possible, and, for me at least, this belief is deeply rooted in a theory of social behavior known as the Broken Windows Theory. This theory dates from a famous 30-year-old article published in the Atlantic magazine, by George Kelling and James Wilson, in which they report on several long and detailed studies of neighborhood policing. In the article, Kelling and Wilson observe:

Social psychologists and police officers tend to agree that if a window in a building is broken and is left unrepaired, all the rest of the windows will soon be broken. This is as true in nice neighborhoods as in rundown ones. Window-breaking does not necessarily occur on a large scale because some areas are inhabited by determined window-breakers whereas others are populated by window-lovers; rather, one unrepaired broken window is a signal that no one cares, and so breaking more windows costs nothing.


This is an incredibly important observation, and I believe that it's deeply and fundamentally true.

Moreover, I believe that it's deeply and fundamentally true about software, just as it is about neighborhoods:

one unrepaired broken window is a signal that no one cares

Replace "broken window" with "software defect", in that conclusion, and you'll see what I mean.

So, that's why I get passionate about fixing bugs. But, how do we manage the risk?

Well, here is where I get up on my soapbox with my second passionate opinion about software: test Test TEST! As Kent Beck says,

Never write a line of code without a failing test.


It's very hard to follow this discipline, but it gets easier the more you do it. And, in the end, you'll find that it makes your programming more fun, as well as more successful and productive, if you just follow the basic Martin Fowler-based rules:

  • Don't be afraid to change the software

  • Integrate early, integrate often

  • Always write a test

  • Always run your tests

  • Always pay attention when your tests fail

  • Repair your broken windows



Climbing down off my soapbox now, and heading for the mountains to think about things other than software for a week...

Tony Stevenson: More Apple toys…..

0
0

So, today on the day that the new apple store opened in Covent Garden, London i went ro y local Apple store and picked up a new 32GB iPad, and one of the new wireless trackpads.

Firstly the trackpad. What a revelation, way more comfortable than a mouse, and with all the gestures of the trackpad on my MacbookPro. Fantastic.

Now, the iPad. I bought it mainly for books, photos and web/mail without the need to get my big 17" MBP out. Already added 28Gb (pre processing) of images. They look awesome.

Some of my iPhone games like angry bird are just as much fun.

Only time will tell to see just how much i use it for other things like video/iplayer et al.

Steve Loughran: Gelato

0
0

First, the meal

Italy

Then, time to walk

Italy

It's night, but the buildings are lit up

Italy

Everyone else is out and about too

Italy

And what is available: gelato. Ice cream.

Italy

Lovely

Steve Loughran: Ubuntu 10.04 upgrades

0
0
ubuntu 10.04 upgrades

I am currently upgrading the last machine in the portfolio to Ubuntu 10.04 from Ubuntu 9.04, that being the last version I liked. The only ways to do this upgrade is a complete reinstall of the root disk (probably the cleanest) or an upgrade to ubuntu 9.10 then to version 10.04. If the latter is done (as I do), copy ~/.mozilla somewhere first to stop intermediate firefox upgrades making a mess of things.

Also: expect all thunderbird filters to get lost. This is inconvenient if you use thunderbird as an IMAP client to a large server which keeps many years of ASF email lists and other mail to hand.

Recommendations

  1. Make a note of the filter settings
  2. Turn off the indexing if you have a big server full of data
  3. The junk mail data gets lost too, so keep an eye on the junk folder
  4. If you have >1 account, only one seems to be retained in the upgrade. Consider noting down all the details of all accounts

Other than that, the upgrades have gone fairly well. Sometimes during the install process it stops asking you if some config file you've never heard of should be overwritten, and you have to look at the changes in a file you've never seen or whose meaning you understand. This is not a good end-user experience. And the work desktop sound system stops working on hibernates, so it's a good thing alsa force-restart exists to fix that.

The one thing I don't trust, yet, is the ext4 filesystem. Only one machine -a home laptop with a new HDD- got built up with ext4 on the clean install, and after less than two months that laptop no longer boots after the machine powered off unexpectedly. Filesystems should not do that. I have no further data/experience on ext4 reliability, but it does worry me. I'm curious if anyone is using ext4 at scale in their datacentres, and if so, how reliable its been. Of course, if your datacentre has a power system which never fails, these problems may not show up. At least, not at first.

Anton Tagunov: Hamcrest 1.1, AllOf, DSL, SuppressWarnings And Maven Central

0
0
Hi,

I've never used Hamcrest before; today is my first day with it. And I have already had a lot of "fun" which I would like to share.

My experiences today have been centred around the AllOf matcher. Or rather around this version shipped with Hamcrest 1.1. This is the newest version you can find on Maven central. It also seems to be built into the newest JUnit jar version 4.8.1.

Imagine that in your test you've got variable a of type A and you want to check it against three matchers m1, m2 and m3 of type Matcher<A>. It was quite natural for me to write it like this:

import static org.hamcrest.core.AllOf.allOf;
import static org.junit.Assert.assertThat;
...

@Test
public void testA() {
    ...
    assertThat(a, allOf(m1, m2, m3)); // here you get a warning
}

That works and looks nice. But you get a compiler warning: Type safety : A generic array of Matcher is created for a varargs parameter. I have found this blog post to be very helpful in explaining the nature of this warning. The quickest solution is to write:

@Test
@SuppressWarnings("unchecked")
public void testA() {
    ...
    assertThat(a, allOf(m1, m2, m3));
}

However it would be nice if we could preserve full type checking in the test code. It took me a while to find an alternative solution:

@Test
public void testA() {
    ...
    List<Matcher<? extends A>> matchers
            = new LinkedList<Matcher<? extends A>>();
    matchers.add(m1);
    matchers.add(m2);
    matchers.add(m3);

    assertThat(a, allOf(matchers));
}

This is fully type checked. Unfortunately it is a bit more long-winded and we looses the DSL feeling. On a side note this code can not be shortened to just:

@Test
public void testA() {
    ...
    // doesn't compile
    List<Matcher<? extends A>> matchers = Arrays.asList(m1, m2, m3);

    assertThat(a, allOf(matchers));
}

This sample deceptively looks as legit as the one above it. However it fails to compile because of a Type mismatch: cannot convert from List<Matcher<A>> to List<Matcher<? extends A>>.

I've had to discovere all this the hard way because in Hamcrest 1.1 AllOf.allOf is defined as:

public static Matcher allOf(
        Matcher<? extends T>... matchers) {
    return allOf(Arrays.asList(matchers));
}

public static Matcher allOf(
        Iterable<Matcher<? extends T>> matchers) {
    return new AllOf(matchers);
}


My day would have been saved if I had switched to Hamcrest 1.2. Nat Pryce has fixed the issue in revision 258. We get explicit overloads of allOf method for up to 6 matchers in one go. This makes my very first code sample compile and run without any warnings.

It is also interesting to note that shortly before this commit another issue had been corrected in Hamcrest codebase: revision 194. Matcher<? extends A> has been replaced with Matcher<? super A>. This is most reasonable: indeed we can apply a Matcher<Object> to test a String. On the other hand it is not very useful to apply a Matcher<SomeClassExtendingA> when our object is known to be of class A.

1.2 release of Hamcrest contains both fixes. Unfortunately it is only available on the project website but not on Maven central. Having spent quite a bit of time on the investigation what do I do now? I see three options:
  • use the long-winded version of code
  • wait for Hamcrest 1.2 to be uploaded to Maven central
  • copy-paste AllOf into my own code base and backport these two fixes

I have chosen the last option. This is my temporary fix. It makes my test code look nice right now and I can easily take out my hack later when a newer Hamcrest appears on Maven central.

Speaking of which: to use an updated version of Hamcrest I will need a version of JUnit which doesn't package hamcrest classes inside its own jar. Such a version exists, it is called junit-dep. Unfortunately the latest version Maven central currently has is only 4.5. Does anybody know of any way to cause a newer version of junit-dep to be uploaded? As far as I can tell there is just one person behind JUnit, Kent Beck. Is this right? Is there any chance to accomplish this with or without his help?

Glen Mazza: Web Services Links (8 August 2010)

0
0

Web service related links of interest this week:

Nóirín Shirley: Rock-Paper-Scissors-Lizard-Spock-Friends-Pie

0
0

By popular demand (no really, half a dozen requests or more!), I give you the hand shapes and rules for Rock-Paper-Scissors-Lizard-Spock-Friends-Pie:

Each player forms a fist, and swings it seven times swiftly, to the spoken count of “Rock-Paper-Scissors-Lizard-Spock-Friends-Pie”. After the final count, each player forms one of the following shapes with the same hand, and extends it towards her opponent.

RockPaperScissors
Rock, Paper, Scissors: The classics. “Rock” is a clenched fist, “Paper” is an open hand with all fingers extended together, “Scissors” has index and middle finger extended and separated, with the other fingers held in the palm of the hand.

LizardSpock
Lizard, Spock: Newer additions, invented by Sam Kass. “Lizard” has fingers extended together, straight, with the thumb brought up to touch the tips of the fingers. “Spock” is an open hand with index and middle fingers extended together, and ring and pinky fingers extended together, with a V-shaped gap between the middle and ring fingers.

FriendsPie
Friends, Pie: The newest additions of which I am aware, invented by a sleep-deprived dancer with the encouragement of a pirate who has never had banoffi! “Friends” has the index and middle fingers extended, with the middle finger crossed over the index finger, and the other fingers held in the palm of the hand. “Pie” is a circle made with four fingers touching the thumb.

The precedence rules are as follows:


Rock:
+ Crushes scissors
+ Crushes lizard
+ Crushes friends
- Is covered by paper
- Is vaporized by Spock
- Is made sticky by pie


Paper:
+ Covers rock
+ Disproves Spock
+ Cuts friends
- Is cut by scissors
- Is eaten by lizard
- Is made messy by pie


Scissors:
+ Cut paper
+ Decapitate lizard
+ Stab friends
- Are crushed by rock
- Are crushed by Spock
- Are gummed up by pie


Lizard:
+ Eats paper
+ Poisons Spock
+ Eats pie
- Is decapitated by scissors
- Is crushed by rock
- Is tamed by friends


Spock:
+ Crushes scissors
+ Vaporizes rock
+ Eats pie
- Is disproven by paper
- Is poisoned by lizard
- Is confused by friends


Friends:
+ Eat pie
+ Confuse Spock
+ Tame lizard
- Are stabbed with scissors
- Are crushed by rock
- Are cut with paper


Pie:
+ Messes up paper
+ Gums up scissors
+ Makes rock icky-sticky!
- Is eaten by lizard
- Is eaten by Spock
- Is eaten by friends

Have fun!

Edward J. Yoon: I just changed to 350z from bmw z4

0
0



IMO, a performance, exhaust and interior are better than z4.

Yoav Shapira: Great TED talk: Sweat the Small Stuff

Garrett Rooney: One Year Down

0
0
It's been a heck of a year.

Last week we celebrated Eleanor's first birthday. It was a smashing success, with a nice mix of my friends, Joanna's friends and both of our families. The new deck in the backyard made for the perfect grilling platform, the kids (ranging from several months old to early teens) all seemed to have a good time and the adults enjoyed themselves, although for the first time the stragglers mostly ended up leaving because they were bringing a rugrat with them who needed to take a nap.

In any event, I suppose it's natural at times like this to look back on the past year and take stock of everything that's happened. It's certainly been enlightening, enjoyable and just overall an amazing experience.

Eleanor went from a tiny little bundle of baby to a little person with her own desires (more food please!) and interests (can we read that book again?) who's even starting to walk around on her own (a recent development from the past few weeks).

Joanna's turned out to be an amazing mother (as expected), although she will admit that for quite some time she was a little surprised that she was actually somebody's mom. I suppose it comes with all the babysitting she did as a kid, but it takes some time before it really sets in that yes, this kid is yours, it's not just a really long term babysitting job.

I think one of my favorite memories from this part of our lives together was watching Eleanor deal with a week apart from Mommy. Joanna had a week long conference in Copenhagen, so Eleanor spent the week with me (and her Nanny and her grandparents and the multitude of other people who make up her daily life, of course). She actually dealt really well with the whole thing, but once Joanna got home it became clear exactly how much Eleanor had missed her. Our normally independent little girl spent the next 48 hours or so following her mommy around like a little blonde shadow, as if she was trying to keep Joanna from flying off to Copenhagen again. "You can't fly to Copenhagen if I'm sitting on your lap! Now lets get another book for you to read to me..."

As for myself, I'm enjoying being a dad. It's certainly got its exasperating moments (awesome, diet coke spilled under the table, in the magazines and on the wall!), but Eleanor makes them all worth while. It's just so cool watching her grow up, she's always been more alert and interactive than a lot of babies, and it's only continued as she's gotten older.

We've always been pretty big on taking Eleanor out and about, she likes getting out of the house and if we're going to go someplace Joanna and I would definitely prefer the Science Museum or the Aquarium to the mall. It was pretty clear at the beginning that Eleanor didn't have much of a preference, she can just as easily enjoy looking at the crowds of people at Target as she can the penguins at the Aquarium, but as she's gotten older it's pretty clear she's actually started to get something out of the more interesting destinations for these weekend trips. These days she's just as likely to be staring with rapt attention at the animals at the zoo (she was a big fan of the ostrich at the Franklin Park Zoo and the giant tortoise at Southwick's, for what it's worth) as she is to be staring at the other people in line at the grocery store.

It's been a hell of a year, and looking back all I can say is I'm looking forward to many more years of watching her grow. Eleanor's just gotten more fun as the year went on, and I'm sure that'll only continue as she gets older.

Andrew Savory: Service this

0
0

Lift out of orderServiced offices make an awful lot of sense for some companies. I've spent many years working in them, for example at The Royal (with ballroom!) and the Norwich Bio-Incubator (with swimming pool!) Flexibility of lease, all-inclusive pricing, mixing with other startups ... it's all good.

Except if the serviced office you're in is awful.

Since being in the awful Regus serviced office building in Hammersmith I've experienced:

  • a fridge that hasn't closed properly for a year
  • phones that don't work for 3 business days straight
  • toilet facilities that are rarely clean, including urinals with buckets beneath them for weeks on end (difficult to get plumbers in London, aparently)
  • air conditioning that frequently breaks down (but only on the hot days)
  • a dishwasher that was out of order for more than 6 weeks
  • lifts out of order for several months at a time

I don't actually mind any of that. It's not like providing office space and infrastructure is Regus' core business, is it?

What I do mind is the grim state of the showers here, which actively discourages cycling. Now that I'm a cyclist I get to be militant about such things, since cycling is clearly better for the environment and society in general. So it really bugs me that there's no decent facilities to clean up after the frequently sweaty cycle to the office in the mornings.

The shower of doomHow grim is it? Well, we're talking missing tiles, leaking doors, broken temperature control, broken fan, disgusting shower head, low water pressure, and the shower room itself is frequently locked necessitating a 10 minute hunt for a security guard that can be bothered to unlock it. It's difficult to imagine how it could be any worse, frankly. The full horror is documented in the flickr photos.

This is a quite blatant whine, but it's done in the hopes anyone considering Regus serviced offices have the full facts before them. I'd hate to see them misled by the incorrect advertising on the Regus website. Lest you think I'm being unfair, it's now three months since I reported the shower issues to the Regus staff here. But, as you can tell by the track record of the fridge, dishwasher, and the lifts, I don't expect anything to be fixed for a good few months yet.

Update 10th August: wow, that was quick. I've just been told the shower has been ripped out, and will be out of action until 27th August while it's being refurbished. Let's keep our fingers crossed for a cyclist-friendly refurb.

Andrew Savory: Unstoppable forces and immovable objects

0
0

It's been a busy few weeks, so I'm a bit behind on writing up events.

At the end of July I was in Cambridge for another of the Open Source and Software SIG meetings. This time the theme was "Open Source Software vs Commercial Hardware: When the unstoppable force hits the immovable object ".

The Cambridge Wireless events are usually quite good fun, with a wide range of individuals and a great mix of businesses represented. The format of the event includes a number of talks with ample opportunity for questions, and some networking opportunities before and after the event. They are quite informal, and this tends to result in some lively discussions. This time was no different. Disclosure: I'm one of the SIG champions, so I'm biased. But another of the champions, Dave Roberts of Ogma Solutions, did a lot of the heavy lifting for this event, so this is not entirely impartial praise!

I didn't get a chance to make extensive notes on the talks themselves, but the slides can all be found online. I did however scribble down some questions and comments, only a few of which I got to ask the presenters during the event. As the Chair of the panel session, I felt obliged to let a few others ask questions too, sadly.

James' talk on OpenOS, the phone and the converged device was entertaining and provocative. His (self-confessed) increasingly wild assertions that user experience will become device agnostic feels right to me, especially with the pervasive usefulness of solutions like Dropbox (referral link!) and GMail. Are there any other pervasively useful cloud solutions that are as successful, by the way?

I really liked James' focus on integration being a key problem too, calling out Apple and RIM as examples of successful mostly-closed vertical stacks. It seems obvious that hardware vendors need to work more closely with open source projects in order to compete, bringing more tightly-integrated stacks to market. Linaro is just the start of this.

Nabeel's Impact of Mobile Open Operating Systems on the Mobile Operators provided an excellent snapshot of the operator perspective. He asserted that the operators fear a monoculture and exposure to risk, and that the success of iPhone represents a big risk to them. For example, if the antenna flaw had been serious, the cost of exposure and recall for the operators would have been great, and the damage by losing such a premium item in the lineup is extensive.

It seems to me that the monoculture we're heading for in open source mobile operating systems is equally risky - whilst I think Android is great, I really want to see more than one Linux-based mobile operating system succeed. Competition breeds innovation, and all that. I think the operators have a vested interest in a small degree of fragmentation, and should continue to recognise that.

Two other comments from Nabeel caught my eye - firstly, according to my notes, he indicated that commodity open source mobile devices only attract something like a 3% margin (a far cry from Apple's ~ 30% margin). Is this true? I'd love to see the numbers on this. Secondly, during the presentation, the Vision Mobile developer survey was mentioned, including one particularly insightful quote from an anonymous developer, "Operators should get out of the way of developers". Speaking as that anonymous developer (oops), I think it's worth clarifying that efforts like O2 Litmus (and to a lesser extent, betavine) are good, but the operators do a lot of other things that actively hurt developers (content transcoding is one of the less contentious examples). Facilitate, don't frustrate.

Nigel's talk on Open Source Business Models talked about the 3-6 month product gestation period that's becoming typical, and how open source is the only way it can be possible to put together a product in such a timescale. This left me thinking that maybe we have an industry founded on unrealistic expectations, and the all-you-can-eat buffet of open source mobile components being thrown at products simply won't work. Maybe this ties neatly into Dave's opening comments in Mobile Platforms 101. Hardware might become a commodity, as software becomes more important.

Perhaps that's the true unstoppable force hitting immovable objects: the need for an open source platform approach in a very product-oriented sector. Can we really have both?

Howard M. Lewis Ship: Tapestry 5.2 leaves the gate

0
0

It's been a long time coming. Originally, I had thought we'd be producing Tapestry 5.2 six to eight months after Tapestry 5.1 ... instead, it's been more like 14 months just to get to the alpha release. Why? Well, in that time, I've personally changed jobs (back to an independent consultant), and I've been actively using the nightly snapshots of Tapestry 5.2 in two different projects for two different clients. I've had a lot of chances to see Tapestry in practice and, as always, identify the rough edges and smooth them out.

This new release enhances one of Tapestry secret strengths: meta-programming. It is now ridiculously easy to extend the behavior of components, or method or fields within components, using annotations .... without getting mixed up in all that Javassist business. I'm using that now just about everywhere you might think about using a base class: everything from securing page access, to caching, to integration with Google Analytics.

The big change here is the switch from pooled pages to singletons: In Tapestry 5.1 and earlier, Tapestry kept a pool for page instances. On each request, a localized page instance was pulled from the pool, used exclusively by the one request thread, then returned to the pool. The pool had to be able to expand dynamically, and shrink to release memory.

Starting with Tapestry 5.2, the page pool is deprecated (and only enabled with extra configuration). Instead, a single page instance is created and shared between threads. That may raise your red alert flag ... doesn't that make Tapestry non-thread-safe?

Nope. Tapestry now reworks your simple POJO classes, changing access to all local mutable fields to instead store the value in a per-thread Map. It's an extrapolation of how Tapestry already managed persistent fields (storing the persistent field values in the Session between requests) ... but it now applies to all request-scoped state.

It's an interesting trade off: a lot less memory (just a single instance of each page and all its components) for a bit more work during each request. Part of the reason for this alpha release is to get this code into more hands and get more performance analysis on the result. I'm confident that these changes will not noticeably affect small applications and reasonable request loads but will make a big difference in handling larger applications with heavy request loads.

Meanwhile, the goal is to keep the APIs stable, address a bunch of bugs, and get another release out soon, then vote that up as a beta release. Preferably before JavaOne!

Viewing all 9364 articles
Browse latest View live




Latest Images