Planet Intertwingly

Mike DierkenUltimate Twitter revenue model - chatbots??

From ReadWrite Web

"Essentially, this would entail Twitter parsing over the Tweets of a given user, as well as the Tweets of the users he/she is following. Common keywords, themes, and phrases are then pulled from this data and associated with that user. As a result, highly-targeted ads can be displayed based on the user's network of content ("web design", for example). These simple text ads would look very similar to regular Tweets, but would be clearly marked as "Sponsored Content"."



I think chatbots haven't work for a reason - people want to chat not shop.

Reading RWW and other pundit blogs that describe "how the future will work" reminds of reading Popular Science as a kid and gazing in wonder at the flying cars and transparent house soon to be built.

Google Data APIsRev the engine, Eat up some feeds

Jeff Scudder, Google Data APIs Team

As you may have heard, Google recently released Google App Engine, which allows you to run your code on Google's highly scalable infrastructure.

Since App Engine currently runs Python code, I thought it would be a good idea (and fun) to get the gdata-python-client to run in this new environment. After making a few changes, I wrote a simple sample application and an article on retrieving authenticated feeds.

For more details, see the post about Google Data APIs on the Google App Engine Blog.

Bruce SchneierFriday Squid Blogging: Squid Fishing Lures

In a variety of colors.

David WeinbergerCharlie Nesson’s Poker U

When I blogged about Flyp on Tuesday, I didn’t know it was about to run an article about Charlie Nesson’s poker university, a place where students learn about life by playing poker online. The article is short and showy, but it’ll give you the idea… (Charlie is the founder of the Berkman Center. [Tags: ]

Chris J. DavisA good couple of days

Man, it has been a good couple of days for those of us in Habari land.

Yesterday we added two more commiters to the project, Ali Al-Wasity and Michael Heilemann. They both have been doing amazing work on Habari, and it is a real sign of our commitment to the meritocratic model that we extended membership to them.

This brings our commiter pool to 22. Just fantastic. If that wasn't enough to make me smile, I found out this morning that Habari has been added to the FreeBSD Ports Collection, and we are well underway with some of our translations.

Speaking of great work, Owen lit a fire under our collective butts and we are hard at work getting Monolith in shape and ready for release. You won't believe some of the insanely cool things we have coming.

It is safe to say that steam is being picked up and Habari is set to take some major leaps this year. I hope you are all along for the ride.

Graham GlassFirst Bloom

I have a Fuschia tree on my balcony that has been hanging on to life by the tips of its fingers. So it was very nice to see a first bloom on it recently:

Flower

Google Maps APIUpcoming Events

There's four big Geo events in the San Francisco Bay Area this month, and Mano and I will be at all of them. Here's the details:

Where2.0: May 12-14th

Sharing Your Content on the Google Maps API

In this session, you'll roll up your sleeves and learn about publishing and sharing using the Maps API. Then we’ll hear from Google partners about what constitutes “great” content and how they expose it.

Searching the Geoweb: Exposing Your Geo Data to Search Engines

Have you been wondering how to drive traffic to that cool maps mashup you created recently? We’ll show you how to get your maps mashup crawled and indexed, and how best to optimize your content for user discovery via search using KML.

WhereCamp: May 17-18th

No sessions planned! This is an unconference - that means the participants do the session planning on the spot. So if there's a Maps API or KML topic you want to talk about, come on by and propose it! (And stay for the slumber party, there'll be lots of hacking and coffee). And, it'll be at the Googleplex! And it's free!

Web 2.0 Mapping and Social Networks Group: May 20th

Communities + Google Maps: Harder, Better, Faster, Stronger

Pamela Fox will talk about the various ways of using Google Maps & the Maps API to create user-contributed maps, covering the spectrum from no-coding solutions to full custom databases and code, and showing examples of sites successfully using each technique.

Google I/O: May 28-29th

There's lots of Geo sessions at Google I/O, here's just 3:

Harnessing StreetView, Static Maps, and other New Additions to the Google Maps API:

Ben Appleton will review some of the recent additions to the Maps API including how to use Static Maps for fast page loads and printable maps, and how to incorporate Street View imagery in your app.

Hosting Your Geo Data, an Overview of Design Options:

Mano Marks will discuss the various options for hosting your Geo data, including Google App Engine, and explain how to choose the right data model for your project.

The World's Information in Context:

Michael T. Jones will discuss new product directions and key trends of importance to geo developers.

Be sure to visit the Google I/O website to see the complete list of sessions and to register. For those coming from out of town, we've arranged discounted room rates at nearby hotels. Read the details on the website to take advantage of the discount, but move fast because the hotel discount ends May 13th.

We're looking forward to seeing you at some of these events soon.

Patrick LoganObjectively

"Rubinius switched from C to C++ to implement it's core VM"

For the life of me I cannot understand why projects use C++ rather than Objective-C. Hmm.

Catching up on comments to this post...

Yeah, I can be too brief sometimes. Here's the essence of what I like about ObjC vs. C++. ObjC attempts to keep the Obj and the C distinct, while C++ attempts to combine them. As a result the Obj in ObjC is very much like the Obj in Smalltalk. And the C on Obj C is very much like the C in ANSI C.

The Obj in C++ is significantly more complicated than the Obj in Smalltalk or in ObjC. The C in C++ is also significantly more complicated, to the point where I don't think it can be called "C". People will talk about the expressiveness of C++ and how much it has evolved over the years. I still very much prefer the simplicity of ObjC.

I am also surprised the ObjC has portability issues. With the GNU implementation?

And I am surprised about the Ruby kernel issue as well. I also thought this would be so small to warrant just C or even better, a subset of Ruby that compiles easily into C. This is what Squeak uses for its kernel. Gambit Scheme does something along the same lines, allowing a very C-ish dialect of Scheme that translates directly.

O’Reilly RadarMySpace's Data Availability is not Data Portability

Yesterday MySpace, Yahoo!, eBay, Photobucket (also owned by News Corp), and Twitter announced the Data Availability Initiative. While I could write at length about how this shows the big companies have already realized how to diminish the DataPortability group's brand by linking anything they do "data portability," that isn't the point of this post. The crux of the announcement yesterday was that shortly MySpace would begin allowing third-parties to embed MySpace profile information within their own services in the name of "data portability". Unfortunately, the details around this remain buzzword-laden at best.

Their press release yesterday stated:

Additionally, rather than updating information across the Web (e.g. default photo, favorite movies or music) for each site where a user spends time, now a user can update their profile in one place and dynamically share that information with the other sites they care about. MySpace will be rolling out a centralized location within the site that allows users to manage how their content and data is made available to third party sites they have chosen to engage with.

At first glance this seems like a great thing. MySpace is partnering with Yahoo!, eBay, Photobucket, and Twitter to solve a pain point on the web; the inability to keep parts of your profile in sync around the web where you'd like them to be. The announcement didn't however offer any insight into how this would work beyond that, "the MySpace Data Availability initiative uses OAUTH [sic] and Restful APIs as its core technology underpinnings." After this announcement I had the pleasure of speaking with a reporter who was on the briefing call. He explained that MySpace said that due to their terms of service the participating sites (e.g. Twitter) would not be allowed to cache or store any of the profile information. In my mind this led to the Data Availability API being structured in one of two ways: 1) on each page load Twitter makes a request to MySpace fetching the protected profile information via OAuth to then display on their site or 2) Twitter includes JavaScript which the browser then uses to fill in the corresponding profile information when it renders the page. Either case is not an example of data portability no matter how you define the term!

To make this worse one of the pieces of profile information made available is a list of a MySpace user's friends. Once again there are two reasonable ways to do this: 1) MySpace provides a user's friends as a list of hashed email addresses to Twitter or 2) MySpace provides a user's friends as a list of MySpace usernames. While the hashed email route would certainly be simpler and easier for sites like Twitter to match against their own user database, I highly doubt this will be the implementation due to concerns around undesired account linking. Rather I think MySpace will choose to provide a list of other MySpace usernames. What this means is that in order for Twitter to make use of the information they must encourage all of their users to fill in their MySpace account on Twitter so that they can map a MySpace username to a Twitter username. Obviously in the best interests of MySpace to have more of their profiles linked to from around the web thus increasing page rank, visitors, and thus ad revenue.

At the end of the day it seems that MySpace is trying to become a large centralized profile repository on the internet. One where information might be available but certainly not allowed to be actually moved outside the network's walls. A good try, but just as no one would like Microsoft own identity for the entire web with Passport I fail to see how others will let MySpace own all of the profiles.

GoogleHelping victims of Cyclone Nargis

Over the past few days, we've followed the devastation left in the wake of Cyclone Nargis in Myanmar (Burma). News reports have tallied more than 22,000 dead with another 41,000 missing. We're extremely saddened by the loss of life due to this cyclone, and hope you'd like to help assist with the relief effort.

As we did after last fall's wildfires in Southern California, we've created a Checkout Donations page so you can easily donate to UNICEF or Direct Relief International. Both organizations are working to directly assist the victims on the ground in Myanmar.

To help visualize the damage, there are Google Earth layers showing an animation of the cyclone's path (using satellite imagery from the Naval Research Laboratory) and the extent of the flooding using data from the UN Institute for Training and Research Operational Satellite Applications Programme (UNOSAT). We'll keep posting information to the Lat-Long Blog as more data comes available.

There are also several Google Grants non-profits working to provide relief to those affected. Save the Children currently has a 500-person staff in the area, while Oxfam America has committed $800,000 to help NGOs meet the immediate needs of people. World Vision and Doctors Without Borders are also taking action with two of the most vulnerable populations in the crisis: children and the injured. We are pleased to be working with and supporting these organizations that are contributing directly to cyclone relief. We encourage you to visit them and consider lending them your support, too. For more details on these organizations and other non-profits providing support for the victims of the disaster, visit the Google Grants blog.

In addition to the Google Grants non-profits, we want to highlight a few additional organizations we've gotten to know through Google.org's Predict and Prevent initiative, which supports a regional disease surveillance network with six Mekong Basin countries, including Myanmar. These on-the-ground organizations are working around the clock to deliver resources to the victims of Cyclone Nargis. CARE has more than 14 years’ experience in Myanmar and will assist hundreds of thousands of people in the coming days with their immediate needs (including water, food and shelter), as well as providing long term recovery solutions over the next few years. International Medical Corps is deploying an emergency response team that will help address urgent health needs in addition to distributing medical supplies in the hardest hit areas, and NetHope is working to provide technology and satellite communication solutions for many responding organizations.

The Google Earth and Maps team continues to make new imagery and relevant data available. The latest Lat Long Blog post shows how Direct Relief International is using Google Earth to plan its work, including a KML layer of health facilities in Myanmar. We continue to follow the political situation with concern and hope aid can flow rapidly to the people of Myanmar who need it so desperately.

Update: Added two new paragraphs at the end.

Steve JonesJPC - winner most mentally brilliant thing I saw at JavaOne

At JavaOne you always seen some crap presentations and you see some great presentations on things that you will never actually use in the real world. Then occasionally you wander into a presentation where people have done something in Java that is truly mental but actually has a point. Welcome to JPC, the Java PC emulator. Yup you can run an x86 PC on top of a JVM, including running Linux.

Gunnar PetersonPrice is what you pay, value is what you get

Nice work by Francois Paget (hattip Andrew Jaquith) pulling together underground economy's willingness to pay up for quality

Last Friday morning in France, my investigations lead me to visit a site proposing top-quality data for a higher price than usual. But when we look at this data we understand that as everywhere, you have to pay for quality. The first offer concerned bank logons. As you can see in the following screenshot, pricing depends on available balance, bank organization and country. Additional information such as PIN and Transfer Passphrase are also given when necessary:
Fp_blog_080502_1

Since financial services drives a lot of the information security industry it is fair to ask - are they doing a very good job at securing systems and data or are they just moving more risk on to the consumer? In 2008, should we be telling people to type usernames and password into web forms and the use those "secrets" (cough, cough) to make business decisions?

Weak identity = weak claim = weak access control.

From Ross Anderson's book (2nd edition)

Were I designing an online banking system now, I would invest most of the security budget in the back end.

Jason KolbReach out and tap someone on the shoulder

Imagine you're sitting in an interview and your phone suddenly tells you that your friend John went to college with the person you are interviewing with.  Pretty cool huh?

I was just complaining the other day that radical innovation seems to be in short supply these days.  Then today I stumbled across this really cool idea called Mobile FOAF (they're calling it FoafMobile, but that sounds too much like a funny little car to me--maybe because it rhymes with PopeMobile?--so I'm calling it Mobile FOAF instead).  The basic idea is that friends and people you know, who are in close physical proximity to you, can be discovered using Bluetooth-compatible mobile devices.  It's a small world, after all...

The gist of it is that each Bluetooth device has a unique identifying address (like a MAC address), and if you put that address in somebody's FOAF graph you can trace a Bluetooth device back to its owner.  You could query your FOAF graph for anyone you know who has that particular Bluetooth device, and even ask your phone to show you if anyone in the restaurant knows any of your friends.  If so you could pull up their name and picture and go find them to have a cup of coffee.  A magician could have a field day with this stuff.

The writeup I found on Mobile FOAF is actually pretty old (2003), but I'm not sure how something like this would have been useful before SPARQL was ratified this year anyway.  <hint>Hopefully this will get picked up by some enterprising company and taken to market,</hint> because this would certainly be some radical innovation.  If a Bluetooth "beacon" could be baked into wireless routers you wouldn't even need GPS to locate somebody...

Damian KatzCatapult Operator

If you lived in the Dark Ages, and you were a catapult operator, I bet the most common question people would ask is, 'Can't you make it shoot farther?' No. I'm sorry. That's as far as it shoots. - Jack Handey

Bruce SchneierSchneier Talks

Last month I gave a talk at InfoSecurity Europe in London. The title was "Reconceptualizing Security," or maybe "The Theater of Security," and it is a follow-on to my work on the psychology of security. I haven't yet written this work up, but you can listen to or watch my talk.

Philip Elmer-DeWittApple legal clears its desk


Are Apple’s lawyers getting ready to go on vacation? For the second time in as many days, the company has agreed to settle a lingering class action suit.

On Thursday, it was a pair of complaints out of Canada that 1st, 2nd and 3rd generation iPods were delivering something like three hours of music, not eight hours as advertised. Although one case was granted class action status and the other wasn’t, Apple (AAPL) agreed to settle both, according to the Montreal Gazette, offering $44 store credit to any Canadian who purchased one of the affected iPods before June 24, 2004. As many as 80,000 could be eligible. Hearings are set for May 26 in Montreal and June 20 in Toronto.

Then on Friday, according to the LA Times, Apple agreed to pay some 2.3 million Mac owners refunds of $25 to $79 to resolve claims that some of its power supplies were prone to fray and spark and self-destruct. Customers who bought replacement adaptors for PowerBooks and iBooks could be eligible for the refunds, according to documents filed in federal court in San Jose. A final court hearing is scheduled for Sept. 8.

Still pending, notes the Gazette, is the case filed against Apple Canada last fall by law student David Bitton who was surprised to discover that his 8GB iPod Nano held only 7.45GB. According to his lawyer, Bitton is asking for the full $220 purchase price, but will settle for 7.5%, plus court costs.

_whySome Chrome For Pjs

So, yeah, Processing.js. Big fans of Pjs in this vicinity. Doesn’t do all that Processing does (in the way of: video exports, 3-D, and plugin support) but it’s totally amazing what it does with a few K of JavaScript and a browser. This will wipe out the applet completely.

Rather than just link to it and yelp HOORAY!, I thought I’d keep Resig’s birthday jaunting along with some XUL chrome, designed to mimick the real Processing.

One great thing about this is that you can run this app if you have Firefox 3.

firefox -app /path/to/processor/application.ini

Processing.js is included in the app’s tarball. Just add Firefox or XULRunner.

I don’t know if anyone else has tried this yet. Don’t want to step on any toes. The git repo is open for contribs.

Ross MayfieldRecentChangesCamp in Palo Alto this Weekend

I'm in London this weekend on business, so its a shame to miss RecentChangesCamp in Palo Alto.  Hosted by Socialtext, the event is more than a Barcamp for wikis.  It draws people from afar with in interest in wiki spirit. 

If you are in town, definitely stop by.

Ian SkerrettNew resource for Eclipse newbies


DZone has just released the first set of their Refcardz, including a ‘Getting Started with Eclipse‘. It looks like a great resource for anyone starting in Eclipse.

Nitin from Dzone was kind enough to drop off some of the Refcardz for the Eclipse booth at JavaOne; they proved to be very popular. Lets hope they do more of these for other Eclipse projects.

Robert S SutorDaily Links 05/09/2008

  • Back-Up Your Mac, Effortlessly - Pogue’s Posts - Technology - New York Times Blog

    “The beautiful thing about this arrangement is that it backs up your laptops automatically and completely, too–without your having to hook them up to anything. Any time the laptop is open and turned on, like when you’re using it, the Time Capsule backup is quietly doing its thing.”

    tags: OB, Mac, backup

  • Fantasy and Science Fiction

    “The Magazine of Fantasy & Science Fiction, founded in 1949, is the award-winning SF magazine which is the original publisher of SF classics like Stephen King’s Dark Tower, Daniel Keyes’s Flowers for Algernon, and Walter M. Miller’s A Canticle for Leibowitz. Each 160 page issue offers: compelling short fiction by writers such as Ray Bradbury, Ursula K. Le Guin, Terry Bisson and many others; the science fiction field’s most respected and outspoken opinions on Books, Films and Science; humor from our cartoonists and writers.”

    tags: science fiction, magazine, OB

© Robert S. Sutor for Bob Sutor's Open Blog, 2008.
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Unported License.
Posted under: News.
Permalink | No comments

Gunnar PetersonRote Based Access Control

I think RBAC is, next to firewalls and SSL, the biggest silver bullet misconception in infosec. I cannot count how many times I have heard managers say if we just had rbac all our identity problems would be solved. These same managers work in companies that reorg every 6 months and outsource anything that moves. Not that RBAC is useless, it can solve some problems, but introduces some too, Pamela Dingle

Roles are indeed in the domain of the “identity weenie” — but alone, roles are nothing but a maintenance nightmare - they exist to be leveraged. Rules on the other hand, are the problem of the “authorization weenie” and are written (for example) as a WAM policy that says “All Production Accountant Level II resources can access the accounting SharePoint instance”. When you collect roles into a profile and collect rules into a policy and then evaluate for a given user, resource, and point in time, what you eventually get is an entitlement, ie “Jenny should get into the accounting SharePoint instance”. The goal is to have transitive logic between roles and rules, such that two different people can take on the two different statements being made. Jenny’s Manager can authoritatively state (through a workflow approval) that Jenny is indeed a production accountant. The owner of the Accounting Sharepoint instance can authoritatively state (through an authorization policy) that all production accountants should have access to their site. ... What happens when the system detects the static presence of two conflicting roles? What happens if one role is “truer” than another at some point in time?

The other silver bullet fallacy the RBAC introduces is the idea that objects, subjects, and sessions can be bundled so nicely enterprise wide. People look at their nice org charts and assume that you just plug that into your directory and go. Works great in a domain with hard edges like a call center where discreet groups of people execute the same tasks the same away across many sessions. Not so good once you step above the rote task level. Interestingly "God level" access works well with roles too, but we are not supposed to be building systems with that stuff any more, right?

Bryan O'SullivanSlides from last night’s BayFP talk

I had a lot of fun talking about concurrent and parallel programming last night. Thanks to Keith Fahlgren for organising the event, to Twitter’s Alex Payne for making space available, and to everyone who turned up and asked questions.

With any luck, Keith will have the video of the talk up in a few days. I spoke for about 45 minutes, and took questions afterwards for a further 75 (really!). The atmosphere was great, and the questions that followed very engaging.

I’ve posted the slides from the talk to Slideshare.

If you prefer, or Slideshare acts balky (unfortunately common), you can download the slides in one of several offline formats:

They’re CC-licensed, so have fun using them for your own purposes.

(Oh, and credit for the Haskell logo in the slides is due to Ketil Malde.)

SlideShare | View | Upload your own

Bruce SchneierMaking Security Cuddly

I don't know what I think of Sweet Dreams Security.

Rafe ColburnOur drug war feeds Mexico’s civil war

For the past six months or so, I’ve noticed a smattering stories that paint a very grim picture of goings on in Mexico. This morning’s news is that Mexico’s national police chief was assassinated in his home yesterday.

Last year the Washington Post reported on murders of Mexican musicians by drug cartels.

For more background, read about Los Zetas, a group of former special forces soldiers who hired themselves out to a Mexican drug cartel.

These ultraviolent drug cartels are all competing for shares of the US drug market. As violent as America’s drug trade is, it doesn’t hold a candle to places like Mexico and Colombia.

David Ascherinames: any hope?

So I have this nice short iname that I registered last year when I was poking around OpenID and the like. That registration is about to expire, and I think I have yet to use it except for testing purposes, in part because there’s no way when being asked for an OpenID to know whether the server supports inames or not. In addition to being just shorter hence cooler, I can’t even remember the benefits of inames over traditional URLs. I guess I’ll let it lapse…

Somebody fix identity. Please?

Paul FremantleMore Cool - GeoTwittering

If you want to see how incredible our mashup platform is, take a look at this example. Basically, one of our engineers saw TwitterVision. Just 5 hours later and the same idea is running on our open mashup platform. Sign up and start creating your own mashups! Its also pretty compelling viewing too... for some reason I find twitter much more interesting on a map.

Stefan TilkovRESTful JavaOne

Tim Bray, reporting from JavaOne:

Down in the big Java One trade-show, there was a “SOA village”, where all the vendors of SOAP/WSDL/WS-* technology were talking about Governance and Reliability and Integration and so on. “Village” is the word all right; a village left behind by history. It was kind of sad, actually. REST may not have won, but SOA-as-in-WSDL is in the middle of losing.

My second take-away, watching the presentations’ sample code: there was way too much of it. When you’ve been living in Ruby-land for a while, Java’s verbosity starts to hurt your eyes. In particular those constructors spilling across two or three lines, festooned with hideously-nested generics cruft; that’s just wrong.

David AscherContagious user interface concepts

Every now and then, a UI concept is so good that it becomes contagious in fascinating and frustrating ways. I’ve run across two recently.

The first is the iPhone touch screen. A few months ago, when I first got my iPhone, after playing with it for about 30 minutes, I went back to work on my mac, and my fingers automatically expected things like the two-finger zoom to work. I was stunned. Not surprisingly, that is now a feature of the new Macbook Air, and I expect it’ll be in all mac laptops.

The second occurred to me this morning. I was using ssh (a command line tool) to log in to a variety of machines with cryptic addresses, and I knew that I had to start looking for a place to write down those username/hostname combinations. At the same time, I realized that what I really wanted was the awesomebar for my terminal window. The notion that “the computer” should just remember what you’ve done no matter where, because past behavior is the best predictor of future behavior, and that we can implement that quite well with simple mechanisms like keeping a history and doing some math on that history, is a contagious idea. (Note to unix weenies: I know that with the right magic i can get some pseudo-awesomebar within bash. Not good enough! I want bookmarks, tags, weave!)

Naturally, it applies to Thunderbird as well. I routinely go back to “the same” emails. We should find a way to make that as obvious and invisible as Firefox 3 does for web pages.

David N. WeltonLangPop.com - programming language popularity - update

These few days when Ilenia and Helen are still in the hospital are the eye of the storm for me. It's quiet at home and I actually have a few free hours when I'm not allowed to be in the hospital, or when they need to get some rest.

One of the things I managed to do recently was some Javascript hacking in order to create a timeline for LangPop.com: http://www.langpop.com/timeline.html. It was fun, because most of the "heavy lifting" is done by Timeplot, and I just had to push the data into place. Of course, there isn't much interesting there because the site is relatively new, but it should be interesting to see how languages fare over time.

I did some hacking on Timeplot to make it easier to host it on my own server, and to load a bit faster by stuffing it into one big ugly blob of Javascript. When I get a bit of time, I'll make my changes public, as I think they're fairly useful for anyone who wants to fiddle around with Timeplot some, and thus host it themselves.

The other thing I did with the site was switch the X and Y axis of the charts, because that works out better in terms of screen space for the labels, with so many languages to keep track of.

Strange Attractorlinks for 2008-05-09

Scott Johnsonlinks for 2008-05-09

Gunnar PetersonLearning from Ghana

Its always interesting to see where the developed world can learn from emerging economies. A lot of the best engineering work comes from having to deal with harsh constraints (opposite of architecture astronomics). I blogged awhile ago about using smart cards for digital cash in Africa


Ezwichcard

Looks like there is a new system in Ghana as well

E-zwhich smart launched

-ZWICH smartcard, a universal electronic system that facilitates easy access to and transfer of money has now become part of financial transactions in Ghana.

The new system which is also designed to remove the cumbersome and insecure processes of using cash, was launched in Accra yesterday by President J.A. Kufuor, with a call on corporate bodies and government agencies to use it to ensure transparency and integrity on payrolls.

E-zwich is an electronic payment system that allows one to make payments for goods and services or transfer money to others without having to carry physical cash.

Available at all banks countrywide, the system involves the loading of money onto the smart card after registering with any bank without necessarily having an accounts with that bank.

President Kufuor said the introduction of the system has the potential of transforming the payments landscape, the financial services industry and the general conduct of business in the country.

He said accessing the technology was an integral part of government’s overall vision of making Ghana the gateway to the West Africa sub-region and transforming her into a major financial hub.

The President said that globalisation has come with a major challenge of adopting best practices in all spheres of endeavour especially within the macro economy in order to survive in the market.

He said it was against that background that the government has pursued polices to develop and modernise the financial sector to enable it to play a key role in resource mobilisation for increased investment.

With the reforms and the stability of the macro-economy, President Kufuor said the nation was witnessing dramatic growth in the banking sector.

He pointed out, however, that inspite of the impressive growth of financial institutions, an estimated 80 per cent of the eligible population was still "un-banked" or "under-banked" and seemed not to have access to financial services.


Wonder when we will see US, UK, and other first world banks and brokerages catch up to Ghana and South Africa on these technologies? Is it really a good idea in 2008 to have everyone type their username and password into a web browser?

Bob GellerBonfire of the Merger Vanities

(Fair and balanced in love and war)

The drama and anticlimactic ending of Microsoft's play for Yahoo made me realize how much I love to read about mergers.  Not so much for the news, but for stories that the media loves to tell about the personalities, companies and industries involved.

Let's face it, if it were just about the uncolored dry facts, you'd see a few news items around the major milestones of the deals.

Instead we see tons of commentary, analysis and sweeping narratives.  The personalities involved are often painted as larger than life, with Shakespearean brush strokes.

You see some of the same types of coverage when the media starts a war (or as a I am sure they would protest, just covers one), i.e. pits one company against another (Microsoft vs. Google).

But usually, with mergers, the narrative arc is different because there is a shorter time frame, deals don't get better with age and they either just happen or don't within some finite time frame.  Also, news about deals tends to focus more on the personalities involved.

There are of course some very important PR implications because , no matter what happens, the players will be judged and portrayed as winners or losers.

In this case, no one came out looking very good, least of all Ballmer.  He should take a page from Oracle chief Larry Ellison's book, Ellison is the master of the art of the deal.

Rafe ColburnThere are programmers …

… and then there are programmers. jQuery creator John Resig has ported the Processing visualization language to JavaScript. Not only is this an incredibly cool hack, but it also makes Processing a heck of a lot more useful in a practical sense. I wonder if this will become the new best approach for presenting graphs and other data visualizations within Web pages?

Gunnar PetersonSun in Microsoft's Rearview Mirror on Software Security

James McGovern muses:

Good to run across Sun employees such as Gerald at OWASP chapter meetings. Hopefully for the next event, he can figure out how to bring down a dozen or so folks from Sun labs. After all, they probably understand the need for writing secure code more than the Microsoft crowd. This makes me wonder if Pat Patterson has ever attended OWASP meetings on his side of town?

Would be great to see Sun get involved with OWASP, but I see no evidence that they understand the need for writing secure code more so than Microsoft. In fact I see every evidence that Sun is several years behind Microsoft on software security. Let's do the list - Howard/Leblanc's work, threat modeling, software security patterns and practices, SDL, SecPal, BlueHat, OWASP guidance work and that is all before we get to identity stuff. From what I see its a yawning gap. Would be great if Sun would re-discover its engineering roots at some point, but right now I don't think they are even in the conversation.

O’Reilly RadarDisaster Technology for Myanmar/Burma aid workers

There is an ongoing crisis in Myanmar (Burma) in the aftermath of cyclone Nargis. The ruling military junta is finally allowing humanitarian organizations into the region after denying access for almost a week. The situation is grim, and you can help by donating to organizations like: Doctors without Borders, Direct Relief, and UNICEF.

There has been some incredible discussion on the humanitarian tech and Geo lists in the past 24 hours around adapting/improving existing collaboration services to work with the tools in the field. Mikel Maron and I will be speaking about this at Where2.0 next week, and it looks like some exciting work will be happening there and at WhereCamp.

Eduardo Jezierski from InSTEDD is currently working to localize the Sahana Disaster Management System
EdJez Twitter: Have some Burmese speakers (thanks!) but need a handful more for localizing sahana for cyclone Nargis response support. Tweet/email me !

Jonathan Thompson's organization, Humanlink, has been working on adapting technology for aid workers for some time. You can follow recent developments on the Aid Worker Daily blog.

rw_TC_mmr080507.png

UNOSAT Flood Destruction Analysis - Burma / Myanmar

Davanum SrinivasIBM WebSphere Application Server V7.0 Open Beta

Get your copy here. If you run into trouble, ask here. IBM WebSphere Application Server V7 Beta key capabilities Java EE 5 support, including Web services enhancements and Enterprise Java Beans 3.0 support Optional components for implementing a more flexible, scalable, and asynchronous administrative topology Improved user experience and systems management features, including: Properties-file-based configuration tool Expanded command assistance in the [...]

Philip Elmer-DeWittiPhone graphic: Apple’s new map of the world


Like many Apple (AAPL) watchers, the investors at IMO’s Apple Finance Forum have been closely following this week’s flurry of announcements of iPhone deals with carriers around the world. One of the contributors to the forum — a regular from Toronto who posts as CdnPhoto — has summarized the information graphically in a color-coded map of the world. With his permission, I’ve pasted it below.

Countries where the iPhone is now available, or will be this summer, are marked in red:

[E-mail subscribers: click here to see the map.]

Switzerland, Spain and Poland probably should be tinted a light shade of pink; these were rumors, not official announcements (see here).

Of course, if unlocked blackmarket iPhones were included, most of the world would be colored Apple red. See The iPhones of Equatorial Guinea.

For those who prefer their information in list form, here are the countries added in the past couple weeks:

For Vodaphone (VOD) (link):
Australia
Czech Republic
Egypt
Greece
India
Italy (also Telecom Italia)
New Zealand
Portugal
South Africa
Turkey

For America Movil (AMX) (link):
Argentina
Brazil
Chile
Colombia
Dominican Republic
Ecuador
El Salvador
Guatemala
Honduras
Jamaica
Mexico
Nicaragua
Paraguay
Peru
Puerto Rico
Uruguay

For Rogers Wireless:
Canada

Rumors (link):
Switzerland
Spain
Poland

No word yet:
China
Korea
Japan
Russia

For updates, check APPLinvestors, which keeps a running tally here.

Rich BowenWeek Two, less exhausted

I'm completing week two of being an IT manager. Last week, I went home every day falling-down exhausted, from trying to understand a sizeable codebase (861157 lines of code - yeah, I know, that's small beans to some of you, but we have a small team), trying to understand the business process, and trying to understand the dynamics of team interaction.

This week has been better, although I've had a horrible head congestion thing that has rendered me almost deaf all week, which is extremely frustrating, and tends to cause me to retreat to email rather than just going to see people and resolving confusion in person.

I think I've finally gotten an understanding of how the code fits together, and how the database fits together, and while I certainly would have done it differently, it appears to be largely a matter of style, rather than one of substance. It's good code, and it works - it's not how I would have done it.

Anyways, last night I went home and was able to have coherent conversations and not fall into a coma right away. I consider this to be progress. Any day now, I'll be able to contribute actual functional code, rather than just stylistic tinkering.

And, Paul, if I've learned anything from you (I hope I've learned a lot, but, you know, I had to choose just one thing) it's the Positive Power of Donuts.

Bruce SchneierCell Phone Spying

A handy guide:

A service called World Tracker lets you use data from cell phone towers and GPS systems to pinpoint anyone’s exact whereabouts, any time — as long as they’ve got their phone on them.

All you have to do is log on to the web site and enter the target phone number. The site sends a single text message to the phone that requires one response for confirmation. Once the response is sent, you are locked in to their location and can track them step-by-step. The response is only required the first time the phone is contacted, so you can imagine how easily it could be handled without the phone’s owner even knowing.

Once connected, the service shows you the exact location of the phone by the minute, conveniently pinpointed on a Google Map. So far, the service is only available in the UK, but the company has indicated plans to expand its service to other countries soon.

[...]

Dozens of programs are available that’ll turn any cell phone into a high-tech, long-range listening device. And the scariest part? They run virtually undetectable to the average eye.

Take, for example, Flexispy. The service promises to let you “catch cheating wives or cheating husbands” and even “bug meeting rooms.” Its tools use a phone’s microphone to let you hear essentially any conversations within earshot. Once the program is installed, all you have to do is dial a number to tap into the phone’s mic and hear everything going on. The phone won’t even ring, and its owner will have no idea you are virtually there at his side.

Patrick LoganIsn't That What The Internets Are For?

Joe Wilcox watches Microsoft and wonders...

"Mesh is the only thing that really makes sense out of a Yahoo
acquisition to me. Yahoo has rich content services—and they're
everywhere. If Microsoft could plug Mesh into that infrastructure,
fast, and flip the switch "Wow!" Imagine, for example, Mesh making
Flickr photos instantly available to all your PCs, cell phones and
TVs. Software plus hardware plus services."

But isn't that what the internets are for?

http://www.microsoft-watch.com/content/web_services_browser/yahoo_between_a_rock_and_a_hard_place.html?kc=MWRSS02129TX1K0000535

Norman WalshDocBook 5.0: The Definitive Guide Updates

Better content, better presentation.

Yesterday, I published a new version of DocBook 5.0: The Definitive Guide (TDG5). Over the weekend, I finally sat down and updated chapters 4 (Publishing DocBook Documents) and 5 (Customizing DocBook). There's still not much in chapter 4, but chapter 5 is much improved, I think.

The element descriptions in the reference are now up-to-date with the official release of DocBook V5.0.

In the original Definitive Guide, the content models were expressed in DTD syntax. The DTD, in turn, was constructed from parameter entities which are really a string substitution or macro language. Expand all the parameter entities, reformat the text, and you get something that's terse, but relatively easy to learn to read.

In DocBook V5.0, the content models are expressed in RELAX NG. While RELAX NG has a compact syntax, the patterns aren't simple string substitutions. In addition, a few of the patterns exploit co-constraints which are tricky to read. One option for displaying them is simply to leave all the patterns in place:

element biblioid {
   db.biblioid.attlist,
   db._text
}

But that says more about the underlying structure of the schema than it does about what attributes are allowed on bibliod and what content model it allows. If you want to know what can go in a <bibioid>, you don't care what I called the patterns.

The solution I reached eventually was to expand the patterns, simplify them where possible, and present them as lists:

biblioid ::=

That works, mostly, but it's a bit hard to read when the list gets very long. For many DocBook elements, the list of inlines is quite long: I selected biblioid for this example because it's relatively short.

Recently, I decided to try grouping related elements in the list:

biblioid ::= [x] [+]

That seems to be an improvement. In a JavaScript [L] -aware browser, you can click on the graphics to expand part or all of the list, for example, the indexing inlines:

biblioid ::= [x] [+]

If you click the “ [x] ”, the grouping is removed, restoring the original presentation. On a non-JavaScript-aware browser, all of the lists are shown expanded.

I think that's an improvement. And it works across all the browsers I tried.

Comments and suggestions most welcome.

Norman WalshSMlocl

This is the permanent status page for SMlocl. SMlocl is a SmugMug local backup tool and XSLT API. The first alpha version is now available.

SMlocl is an XSLT API for SmugMug and a set of scripts for creating a local backup of your SmugMug galleries. It is a command-line application. This version of SMlocl includes only the XSLT API and a couple of examples stylesheets that use it. Future versions will more closely resemble Flocl, its conceptual twin for Flickr.

The current release is 0.0.2 from 22 February 2008. This is a very alpha release; it is implemented in XSLT 2.0 and should run on any platform that supports XSLT 2.0 or later and has a command-line. You can get “smlocl” from the Sourceforge download page for the project or read the homepage. It is available under the terms of either the GNU General Public License Version 2.

Previous releases:

  • 0.0.1, from 10 February 2008 was the initial alpha release.

SMlocl is maintained by Norman Walsh . Please report any bugs that you encounter.

If you'd like to build the project yourself, you can browse the the Subersion repository or access it directly from https://smlocl.svn.sourceforge.net/svnroot/smloc.

SMlocl was first announced on 10 February 2008.

Last modified: Fri, 09 May 2008

Norman WalshNew XProc Working Draft

The XML Processing Model Working Group has published a new Working Draft of XProc: An XML Pipeline Language.

The working group has, I think, finished its review of all the comments received. Last November, we revealed several significant changes adopted by the Working Group. Today, we're revealing the rest of them.

The changes (since November) in the XProc [L] working draft published today are:

  1. Fairly substantial syntax changes. A <p:pipeline> is now just syntactic sugar for a particular <p:declare-step>.

  2. Significantly reworked the syntax and semantics of variables, options, and parameters. Added <p:variable>. Imposed a syntactic distinction between declaration (<p:option>) and use (<p:with-option>/<p:with-param>) of options and parameters.

  3. Clarified the scope of variables and options.

  4. Removed value attribute from <p:variable>, <p:option>, <p:with-option>, and <p:with-param>.

  5. Removed automatic declaration of parameter input ports; you have to declare them explicitly if you need them.

  6. Added p:base-uri() and p:resolve-uri() XPath extension functions to support (XPath 1.0) pipelines that need access to the base URI of documents.

  7. Removed ignored namespaces, added <p:pipeinfo>.

  8. Redefined the <p:label-elements> step to use a step-local variable in the XPath context.

  9. Added psvi-required attribute to pipelines.

  10. Changed definition of <p:error> to better address localization issues.

The syntax changes, and making <p:pipeline> syntactic sugar for a particular <p:declare-step>, have the effect of making very simple, straight-through pipelines syntactically simple again.

Reorganizing some of the option and parameter elements, and adding a variable element, makes the language bigger (in the sense that it has more elements) but I think it has significantly reduced some of the confusing sublty that used to exist around declaration and use of options.

In general, I think these are all changes for the better. And I think we're done. This is a Last Call working draft in all but name. The changes are significant enough that we thought it would be best to float them in an ordinary working draft first. That will, I hope, save us the embarrassment of having to do more than two last calls.

Read and review! Comments on these items, in particular, please.

Gazing into my crystal ball, I see another last call in June, Candidate Recommendation in July, and a Recommendation before the end of the summer.

Norman WalshMark Logic

Makers of an exceptional XQuery engine and XML content platform. And my new employers.

Whenever one door closes, another opens.

Starting in May, I'll be working for Mark Logic as a "Principal Technologist" in their publishing group. Mark Logic is doing exactly what interests me: XML markup of mixed content. At the end of the day, I think that's where all the really interesting data is to be found: I'm a document guy. Typed object graphs and relational tables are a fine way to store data, but data doesn't have any meaning until it's put into context, and we put information into context by documenting it: by writing mixed content and surrounding it with markup.

My day job will consist of some mixture of web standards, product development, evangelism, customer engagements, consulting, and probably other stuff too. Ask me again in a few months.

So far, everyone I've met at Mark Logic has been great and the more I dig into the server product, the more impressed I become. I think this is going to be a lot of fun!

Ian SkerrettThoughts on JavaOne 2008


Just finishing up this years edition on JavaOne. Some thoughts…

  • JavaFX was definitely the main message from Sun. The Sun keynote was full of JavaFX demos showing spinning pictures. It reminded me of 1998 spinning Java logos in applets. Sun appears to want to go head to head with Adobe and Microsoft for the hearts and minds of designers and web programmers. Unlike Cote, I think they are too late and I am not sure anyone really cares about JavaFX.
  • JavaOne is usually full of announcements from the major vendors, this year was the exception. In fact the Sun and Oracle keynotes were non-events; kind of boring.
  • One thing that was very surprising to me is that there was little discussion about openJDK and open source Java. Last year it was all about open source Java. I know Sun is still committed to openJDK, it was just surprising the absence of discussion.
  • OSGi did really well at JavaOne. Lots of people were clearly interested but most people have no idea. We still have a long way to go to educate people about Equinox and OSGi but things have started.
  • The Eclipse party at the Thirsty Bear was a great success. Thanks to everyone that came.
  • I also went to the eBay party. eBay is a huge Eclipse user and they are doing some neat things. btw, eBay is looking to hire some Eclipse experts. If you are interested send me an e-mail.
  • Once again we gave out 750 t-shirts at the Eclipse booth. Thanks to everyone that came by the booth. It is great to hear from all the enthusiastic Eclipse users. See you next year.

Santiago GalaIntegration: the filtering of source code revisions

From time to time it is fascinating to learn how the linux community deals with the Software Engineering processes involved when the development speeds is so damned fast as it is being for the linux kernel as of lately. This whole thread is very interesting. Linus hightlihts development as patch pressure:

So here's the math: 3,500 commits per month. That's just the *average* 
speed, it's sometimes more. And we *cannot* merge them continuously, 
because we need to have a stabler period for testing. And remember: those 
3,500 commits don't stop happening just because they aren't merged. You 
should think of them as a constant pressure.
So 3,500 commits per month, but with a stable period (that is *longer* 
than the merge window) that means that the merge window needs to merge 
that constant stream of commits *faster* than they happen, so that we can 
then have that breather when we try to get users to test it. Let's say 
that we have a 1:3 ratio (which is fairly close to what we have), and that 
means that we need to merge 3,500 commits in a week.

Later, when asked to slow down:

On Thu, 1 May 2008, Rafael J. Wysocki wrote:
> 
> > And there's no way to avoid the fact that during the merge window, we will 
> > get something on the order of ten thousand commits (eg 2.6.24->25-rc1 was 
> > 9629 commits).
> 
> Well, do we _have_ _to_ take that much?  I know we _can_, but is this really
> necessary?
Do you want me to stop merging your code?
Do you think anybody else does?
Any suggestions on how to convince people that their code is not worth 
merging?

Another pearl of wisdom:

An example of this: I don't believe code review tends to much help in 
itself, but I *do* believe that the process of doing code review makes 
people more aware of the fact that others are looking at the code they 
produce, and that in turn makes the code often better to start with.

And this whole message:

Hey, guv, do you _honestly_ believe that some kind of ISO-9000-like 
process generates quality?
And I dislike how people try to conflate "quality" and "merging speed" as 
if there was any reason what-so-ever to believe that they are related.
You (and Andrew) have tried to argue that slowing things down results in 
better quality, and I simply don't for a moment believe that. I believe 
the exact opposite.
The way to get good quality is not to put barriers up in front of 
developers, but totally the reverse - by helping them.

And this one, for us, normal people, who are really slow:

And as a result of that, my personal belief is that the best way to raise 
quality of code is to distribute it. Yes, as patches for discussion, but 
even more so as a part of a cohesive whole - as _merged_ patches!
The thing is, the quality of individual patches isn't what matters! What 
matters is the quality of the end result. And people are going to be a lot 
more involved in looking at, testing, and working with code that is 
merged, rather than code that isn't.
So _my_ answer to the "how do we raise quality" is actually the exact 
reverse of what you guys seem to be arguing.
IOW, I argue that the high speed of merging very much is a big part of 
what gives us quality in the end. It may result in bugs along the way, but 
it also results in fixes, and lots of people looking at the result (and 
looking at it in *context*, not just as a patch flying around).
And yes, maybe that sounds counter-intuitive. But hey, people thought open 
source was counter-intuitive. I spent years explaining why it should work 
at all!

Keep on reading the thread, those linux kernel discussions are great software engineering!

Russell BeattieMowser.mobi !

[image]

Mowser has a new home!

It took a few weeks to work out the details, but pretty much on the day that I announced Mowser was shutting, the guys at dotMobi got in touch with us interested in the service. Today is the official announcement that they've acquired the site and technology, and will be adding to their growing number of services targeted at mobile publishers. James Pearce has written a bit more here about the acquisition.

This is great news - Miker and I got pinged by a surprising number of people and companies interested in Mowser, but we went with dotMobi because they were first, enthusiastic, and we felt they would provide a good home for our work. While we didn't get rich on the deal by any stretch, I've been able to pay off a bunch of debts (and not worry about stuff like rent and food) which has been a huge load off my mind.

Miker is, as I write this, in Dublin right now at the HQ of dotMobi helping out with the transition, and both he and I will be consulting for a few months as well as they integrate the service into their back end and help develop some new offerings based on the code as well.

It should be a busy summer!

:-)

-Russ

Adrian SuttonFinally Set Up At IBM

Since Ephox is an IBM business partner and we pulled the right strings and made friends with the right people, I get access to IBM’s offices (apparently world wide but Bedfont Lakes is closest and best set up). They’ve got quite a nice business partner suite on the first floor looking up at all the real IBM employee’s offices but before today it’s always been a major pain.

Firstly, without a car it takes about 2 hours to get here which is never fun, but today I have a car so that was ok.

Then you need to have your IBM badge to get in the front door which on previous occasions I’ve either not had yet, forgotten or in one case walked in the front door and lost, gone back out cancelled it and got a temporary replacement, walked back in a found my last card on the floor. Today I remembered my badge and at least so far it’s managed to not fall out of it’s little holder so it’s still with me.

Once you’re in the business partner suite you find that it’s very difficult to plug a MacBook power adapter into the power points here if you only have the short plug - you need to have the actual cord which until recently I only had an Australian version of.

Then you find that you need a login for the wireless internet which is easy enough to sort out but until today, somewhat inexplicably, HTTP POST didn’t work (GET worked perfectly, but not any HTTP operation that sent a request body), so I was left using my mobile internet. It seems that while I was back in Australia they’ve managed to fix that so I’m up and running again.

Even better, there’s now a beasty Dell server sitting in my utilities cupboard at home running the IWWCM VMs I need to work with and demo and I’ve actually got the firewall configured right so I can SSH in and set up tunnelling to access it from here.

Who knows, I might actually be settling in over here!

Simon Phippslinks for 2008-05-09

  • Do we need to protect open source from the cloud?
    Gordon's argument here will warm the hearts of Apache activists, but I suspect Free software fundamentalists will still demand more protections. I'm in the middle; it takes both stick and carrot, in my view.
    (tags: Cloud