Today, we released the hData technical specifications: hData Record Format and hData Packaging and Network Transport. This is the mail that went out to the mailing lists:

Today we are releasing the first public version of the hData specification for the record format and the packaging and network transport (REST API). They are available here:

http://www.projecthdata.org/documents.html

We will be making some changes to the documents in the next few days to add a simple meta data model and streamline certain elements. Once this is complete, we are planning on moving the specification to a wiki and open up the process of editing. Until this is done, we would like to ask you sending your comments to hdata-general@googlegroups.com

At this time we are also exploring how the hData specifications can be licensed in an open source friendly way. Possible options include an OASIS style non-assertion covenant – please contact us if you have suggestions.

So far, this covers the core data and exchange architecture, but we have started to work on a RESTful security architecture, as well. The scenario we are trying to solve is outline in a recent presentation at NIST's IT Security Automation Conference. In support of this I have come up with a meta data schema, which I will put into the v0.8 version of the hData Record Format specification. Hopefully, I can upload that new version some time next week.

We are very much looking for comments and suggestions. 

tags: hData ehr health care hl7 hitsp

Our effort to improve electronic health data exchange is starting to pick up some steam: After a very successful rounds of discussions at the HL7 General Plenary in Atlanta in late September (kudos to Andy Gregorowicz for covering this one) and a pretty warm reception, I presented last week at the NIH in Bethesda during the Tao of Attributes workshop on hData and our plans for the identity management and access control piece. I got some really great feedback, and I am hopeful that the idea of using a set of technologies that is know to scale (RESTful architecture style) can address the needs of a complex health data exchange.

Going forward, we would really like to start building a community around hData and L32. To this effect, we have created a couple of email aliases (see here for details) for starting a dialogue. 

hData ehr health care identity

My town (Burlington, MA) has just revived the Information Systems Advisory Committee (ISAC) to assist in the alignment of the school system's and the administration's IT departments. With many high-technology companies in town, the administration has been at the forefront of the IT development, with a respectable web presence that dates back into the 90s - at a time where only few towns and cities took the web seriously.

To support the new projects, I have been appointed to a position in the ISAC, and I am looking forward to helping the town staff to decide how to move forward.

In an earlier article I talked about data ownership - or lack thereof - at a low, technical level. There are three principal technical actors: the physical custodian, the logical custodian, and the data originator. This article deals with the problem (for the data originator) to limit the powers the physical custodian has. As the owner of the physical equipment that hosts the data, the physical custodian can perform a number of undesired actions with the data he hosts, specifically: (i) copy and distribute it and (ii) disable physical access to it. In many cases, both actions are not desired by the data originator or consumer.

As a first step towards limiting the physical custodians powers, it is important to make sure that the physical custodian (PC) is not also a logical custodian (LC). By this I mean the following: the PC has access to the physical equipment that hosts the data, as well as the transport infrastructure to get access to it. By denying the PC the role of the logical custodian, he may ultimately host data, but will not be able to use or interpret the data in a meaningful way. An obvious way to achieve this, is to encrypt the data and make sure that the PC does not get access to the key. For most practical purposes, this addresses action (i).

But even if the PC cannot access the data he hosts, he still has the "power of the plug": if the PC cuts that connection to the network, or switches of the data equipment, all access to data is lost. In order to be able to address this problem, one can use the following scheme:

1. Data is stored in some atomic units like files, that can be represented as a data stream.

2. The data stream is encrypted; keys are not stored with the data.

3. The encrypted stream is chunked into at least two chunks of identical size. The number of chunks is arbitrary.

4. At least one parity chunk is computed - think RAID 5 or 6.

5. The chunks are stored on different data services. This could be a traditional data service, but also other services such as a mail service or a blog service could be used to store the chunks. The table linking the different chunks is stored separate from the data.

The effect of creating such a "Redundant Array of Independent Services" (RAIS) is obvious: not only can the physical custodians not access the data since it is encrypted and they only have a portion. Also, since there is at least one parity chunk, if one provider decides to "pull the plug", the lost data can be reconstructed from the remaining chunks. As an additional protection, users might want to mirror individual chunks on different services as well, thus improving availability.

The obvious open questions are crypto key and chunk table management, especially since these become high-value targets. Master key techniques and independent RAIS systems can address some of these issues through best practices.

tags: data privacy intellectual property

Data ownership is a rather nasty topic: at a legal level, we have many rights related to data we create or that is about us: privacy regulations, intellectual property rights, copyrights and trademarks, etc. are all aspects of how society attributes ownership to immaterial goods. This practice has been in place since at least the early 19th century, but even then there were critics, among them Thomas Jefferson and James Madison.

With the advent of digitized storage, reproduction of immaterial data has become cheap and lossless. This has a significant impact on the industry: for example, the entertainment industry is currently facing the consequences of this highly disruptive technology advancement, and has yet to redesign their business model to accommodate this paradigm shift.

But this change goes far beyond the entertainment industry or any specific market: at this time, most people have started to realize that data they release about themselves will be reproduced, indexed, and made available via 3rd party search engines. Once the cat is out of the box, it it too late for restricting distribution.

This leads me to believe that we need to re-think the concept of data ownership, at least at a technology level: it does not make a lot of sense to claim ownership of data if one has no means of asserting this ownership in an effective manner. The judicial processes are too slow and too much bound to physical objects. As a result, only a small portion of data ownership infractions is dealt with by courts, and effective enforcement on a global scale is practically impossible.

As a result, it would seem appropriate to me to abandon the concept of data ownership on a technical level altogether - and replace it with concepts that are better suited to how information systems are designed in the 21st century:

• A physical custodian of data has access and control over the physical object where the data is stored. In many cases this will be effectively a system administrator that is taking care of the computer and harddrives where the data is stored. It also makes sense to consider the organization that employs the system administrator(s) to be physical custodians. The physical custodian has significant control over the data, since he can simply "pull the plug" and make data unavailable.
  
• A logical custodian can access and modify the data. A logical custodian can also grant the logical custodian role to other entities. While in many cases a physical custodian is also a logical custodian, there are important cases where this is not the case: in multi-level security systems or environments where data-at-rest is encrypted, the physical custodian might not have meaningful access to the data. The granting of this role can not be reversed: once an entity has access to data, this data can be copied to other physical systems and be re-used.
  
• The data originator is the entity that created the data. While origin may be an important factor to determine authority or validity of the data, it does not guarantee either.
  

Anything beyond these roles cannot - at least with current technology - be properly modeled without relying on concepts beyond the realm of technology. Nevertheless, even these limited roles can be used to model interesting scenarios. For example, a distributed storage system that stores encrypted and chunked data with parity (i.e. RAID 5 or 6 across different services, not disks), can practically eliminate the role of the physical custodian.

Higher level technologies (such as DRM or multi-party encryption) may be successful in restricting the significant control that a logical custodian to some extent, only external mechanisms (such as system certification, trust models, or judicial redress procedures) can limit the logical custodian.

tags: data privacy intellectual property

For some time I have been working with a number of folks at MITRE on a simple representation for electronic health data. Digging into the depth of various standards organizations such as HL7, HITSP, or HIMSS was interesting, painful, and enlightening at the same time. Since last week, our project is online at http://projecthdata.org/, and the hData project has announced releasing specifications, schemas, and code there soon. At this time, you can get the hData white paper, which was also presented at the recent Balisage 2009 conference in Montreal. Overall, hData's approach is very much focused on implementability and ease-of use for developers (since - quoting Mike Kay at Balisage - "As a developer I am also human.")

Interestingly enough, the combination of ODF/Jar style packaging and RESTful integration (taking a ZIP archive of hierarchically organized component documents and representing it as a collection of resources) has some folks interested. If there are more, I will suggest taking this out of hData and creating an independent specification.

tags: hData ehr health care hl7

Ok, the under 35s may be digital natives ... but if that is so, I am not a digital immigrant, but a "digital colonist". 

tags: digital immigrant digital native digital colonist

For this year's Balisage in Montreal, we (R. Dingwell, A. Gregorowicz, H. Sleeper, and myself) have been accepted as a late-breaking proposal for our work on hData, which addresses some problems that are currently plaguing electronic health records. Our session is scheduled on Thursday at 11:00am. This is the abstract:

Title: hData - A Simplified Approach to Health Data Exchange

Interoperability issues have limited the expected benefits of Electronic Health Record (EHR) systems. Ideally, the medical history of a patient is recorded in a set of digital continuity of care documents which are securely available to the patient and their care providers on demand. The history of continuity of care standards includes multiple standards organizations, differing goals, and ongoing efforts to reconcile the various specifications. Existing standards define a format that is too complex for exchanging continuity of care information effectively. We propose hData, a simplified XML framework to describe health information. hData addresses the challenges of the current HL7 Continuity of Care Document format and is explicitly designed for extensibility to address health information exchange needs, in general. hData applies established best practices for XML document architectures to the vertical health domain, which has experienced significant XML-based interoperability issues.

As you might imagine, we will have to say a few things about identity, access, and privacy management for electronic health records, as well. Looking forward to seeing you there.

tags: balisageConference09 EHR HIT health care health records hData

tinyarro.ws: http://➡.ws/榾 (wood chip)

This is a little off-topic: I just got an invite to cast my proxy vote for my Fidelity mutual funds. In addition to the usual crud like blessing the board, there was an initiative to instruct the board not to invest into companies that support genocide in e.g. Darfur. While this should be a no-brainer, I was extremely surprised to see that the current board (which is seeking re-election just two lines up) is strongly suggesting to vote AGAINST such guidance (see also here). Their line of thought is that they are already barred from any direct investment into companies related to Darfur and Sudan, and that every thing else (such as investments into PetroChina Co.) is just sound investment.

I strongly object to this: the activities of the Sudanese government and their henchmen in Darfur have been determined to be genocide and crimes against humanity.I do not want to see any of my money being used for fostering these criminals or any other group that perpetrate the most heinous crimes. At this time, I am very much leaning towards moving my entire portfolio away from Fidelity to TIAA-CREF if there is no satisfactory resolution on July 15.

tags: fidelity investment genocide darfur

Right now, I am taking a class on Air Traffic Management (ATM), which is already yielding some very concrete useful knowledge: unbeknown to me, the FAA and NOAA have a lot of very interesting tools on the web. These web sites may help you to get a better picture of your expected delay; much better than what gets announced at the airport or within the cabin, anyways.

ATCSCC

The Air Trafic Control System Command Center (ATCSCC) is responsible for mananging the entire National Airspace System (NAS). As such, they are in charge of all re-rerouting and have tons of interesting data for travelers. From their web page I can recommend:

• The overview map (by region or airport) on their home page gives you an interactive and easy to interpret view of the current air traffic situation. Clicking on the airport yields a summary of expected delays and their real reason (no more airline babble about that strange gasket that was out of order).
  
• The Operational Information System has a nice overview about what is going on in the NAS in more detail.
  
• The airport arrival demand chart tells you what the line for arrivals at the destination looks like. If there is a backup, you will fly happy holding patterns.
  
• The advisories database has all current ATCSCC advisories, including ground stop (i.e. the reasons for sitting on the tarmac for 3 hours before getting cleared for departure). Note that these advisories are not in clear text, but you need to understand the shorthand.
  

Finally, you can sign up for an airport delay email notification for the 40 busiest US airports at: http://www.fly.faa.gov/ais/jsp/register.jsp

NOAA

The National Weather Service has an aviation weather site at http://aviationweather.gov/. There are a lot of interesting services there for the avid hobby pilot or flightsimulator nerd, but the CCFP is most interesting from a airline-delay-perspective: it provides a 2h, 4h, and 6h convective pattern forcast (read: bad flying weather). This, and the turbulence charts can tell you at what segment of your trip to expect flying coffee cups (in the best case). Putting everything together, you can install the Flight Path Tool for a rich client GUI.

tags: faa aviation tools weather

Today should be "International Freedom Day", against all suppression of individual liberties, everywhere.

This is a happy Friday afternoon rant.

I am still following the headlines for Sun (as long as that is still possible), and today I found some interesting headline: "Oracle Should Spin/Sell Sun Hardware Unit, Analyst Says". Well, interesting enough, I open the article, expecting some deep insight into what is going on. Unfortunately, the full report was not available, but the blog did mention the $23 dollar target set by the analyst, and that he would not know who might be interested in buying the Sun hardware business from Oracle.

Wow, impressive. Unless there is a lot of interesting detail in that research report (which is not available on AmTech's website), this is completely trivial: yeah, Oracle holding on to Sun's hardware business seems illogical from the outside. Good thing we have an analyst telling the world that. And Oracle will soon be at $23? I would neve have guessed that, given that they are currently at about $20, the market is pointing upward, and there is a good chance that the market will see the completion of the aquisition some time in the summer as something positive.

I think that I should consider a second career as software industry analyst: Money for nothing and the chicks for free...

Ok, fair enough - I give up: now on Twitter: @beuchelt. Big question: what are people using to keep up with Twitter? Right now I got the MicroBlog plugin for Pidgin, but I am not 100% sure if I like it.

When I read Larry Seltzer's piece on H.R. S 773 IS, I fell into a constant nod about the issues he raised. In addition, I have two more:

SEC. 11 (a): Lofty goals, but these seem rather obvious, since they have been at the heart of any computer security research for a rather long time.

SEC. 14: This sections empowers the Secretary of Commerce with very far reaching powers, especially since 'critical infrastructure' is so woefully underspecified.

In general, I am very unhappy with the bill's vagueness and lack of definition, especially since there are enough provisions (such as SEC. 17 - see Larry's comments) that can significantly impact the civil liberties of all U.S. persons. The intent of the bill seems honest enough, but in order for this to not backfire, a lot more work needs to go into a more robust draft.

The excellent article "Security and Data Sharing" by Mark Richard and Leslie Lebl points to a few very important ramifications that the less than ideal current data sharing situation with the E.U. brings and what the ratification of the horrible Lisbon Treaty would mean for the future of international security cooperation. The article also mentions the potential positive effects of the U.S.-E.U. MLAT framework.

What really caught my attention, though, was the authors' regard for the supposedly high European standards for data protection and privacy. They are correct in assesing that the implementation of the Privacy Directive varies within the various member countries, with countries like Spain or some of the relatively new members not paying to much attention to privacy issues at all. At the same time, Germany is portrayed as having a very high standard of privacy and PII data protection. Unfortunately, this is not at all the case:

While many middle-aged Germans do remember the strong controversy about the 1983 census (which was relatively harmless in itself) and the German surpreme court even recently emphasized a basic right to privacy protection, the implementation in the real world are a far cry from the supposed nirvana of "information self-determination".

First, it seems prudent to make a fundamental difference between the rights of the German population viz-a-viz the private sector and government. When dealing with private entities, Germans do actually enjoy a fairly high level of control over what information someone might legally store about them, how it is used, and when it has to be amended or destroyed. Reality paints a somewhat different picture, though. Over the last few months, a number of scandals have surfaced, cutting across the entire spectrum of privacy invasions: large companies have spied on their employees and customers using hidden cameras or collected and used profile data without their knowledge. Beyond that, a number of shady address collection agencies have sold millions of records including financial information. In some cases, significant sums of money were misappropriated by thieves that automatically drafted funds from bank customers through the ACH. Obviously, these criminal acts (at least those that have surfaced) are being investigated, and hopefully the judical system will be able to mediate the harm done. 

The situation with respect to government privacy intrusion is much more dire, though, and it would be fair to state that any resident in the U.S. enjoys a much higher level of government intrusion that any German ever had. For starters, every German (in fact, European) is now issued at birth an 11-digit taxpayer identification number that is unique and valid over their entire life. One might argue that the SSN is very similar in this respect, but there are two significant differences: (i) no U.S. resident is *legally required* to obtain a SSN and (ii) the FTC and the other government agencies have realized the ID-Theft threat that such an identifier poses and there is active work to limit the use of SSNs.

But the issues go far beyond unqiue identifiers: every resident of Germany is legally required to notify city hall within 30 days if they move  - either within their street or across the country. Interestingly enough, this data is readily available to any interested private company, and some 400+ towns and cities have made some nice extra cash by selling off these lists. In addition, all residents are required to own a national ID-card, which will soon contain their digital photo, fingerprint, and a practical RFID chip for easy data skimming. 

This list goes on, and includes absurd stories of mandatory public broadcast fees (which are sometimes collected from residents that have been dead for more than 400 years - but, being Germany, they do have to pay.. or at least the church where they are burried). At the end of the day, the de-facto privacy protection in Germany is not at all better than e.g. in the U.S., where at least a strong vertical and horizontal division of powers and an active community prevents a centralization that has become so typical for Europe.

Totally off-topic, but I really feel like communicating this: After 9 years in Massachusetts, I can now proudly claim to be a U.S. citizen! Along with 2717 other condidate, I took my Oath in the Hynes Convention Center in Boston and may now feel as a part of the family...

Here are a few pictures:

 

It's been only 2 hours of waiting so far ...




2717 new Americans



The speech.

Jeff thinks that my term describing the privacy situation in Europe is a little harsh. I cannot blame him, since the Europeans, and especially Germany has been working hard on presenting themselves as the global guardians of privacy. And, true enough, the rights that a European citizen has viz-a-viz private sector companies is considerable. Also, Germany's supreme court confirmed on multiple occasions that there is a "Informationelles Selbstbestimmungsrecht" (right to information self-determination).

Yet, when it comes to the government or its associated entities prying into peoples lives, all bets are off:

• Go to the U.K. and try to not be captured on a surveillance camera. Anywhere.

• Try renting an apartment or buying a condo in Germany. Within 30 days you must submit a form to city hall declaring who you are, where you lived before, and who else is living in your home. This data is automatically shared with semi-private organizations such as the collection agency for public broadcast fees, but also with anyone walking up to city hall that deems you a debtor.

• There is a EU directive that establishes a community-wide unique tax ID number far all citizens and residents of all ages. This number is permanent, and must be shared with employers, banks, and - potentially - insurance companies. Sounds familiar?

• All trucks in Germany are required to use a satellite-based tracking system to determine tolls for using the Autobahn. This data is collected by a private-sector consortium on behalf of the government, and there are a number of politicians suggesting this for all vehicles.

• Finally, Germany's "Personalausweis" (national ID card) is mandatory for anyone over 16. So far, city hall was managing this data, but since there are preparing to put biometrics on this one, there will soon be a comprehensive federal database of all citizens of Germany over 16, complete with digitized photo, fingerprints, and later iris scans.

The list could go on and on - I am sure that Robin has a lot to add to this list. Needless to say that there have been numerous occasions where data collected by government agencies has been "lost", stolen, or otherwise compromised. While we are talking about theft: Germany has paid more than EUR 5 Mio for stolen data about alleged tax evaders.

So yes, my choice of words might have been harsh, but unfortunately quite justified.

tags: privacy europe germany

Most often people will believe bad news much easier than good news, displaying a general sense of pessimism that is part of the human soul. But sometimes it is really hard to believe what kind of madness politicians come up with: The Governor of Massachusetts, Mr. Deval Patrick, is currently concerned with the state's budget. Well, the times are tough, and it is understandable that we either have to cut programs, raise taxes, or both. These are hard decisions, and I do not envy anyone having to take them.

However, one suggestion Mr. Patrick made yesterday immediately got my attention: there are apparently plans on the table to introduce a "chip" in the state's vehicle inspection stickers, so that cars can be tracked as they use the Commonwealth's highway system. What might seem like a prudent idea to shift the cost of the transportation infrastructure to those that are causing them, is in reality an attempt to introduce an Orwellian surveillance system of European proportions.

It is bad enough that the private industry (in the form of the wireless carriers) have a rather comprehensive location profile of all their customers. Yet, it is really easy to turn of the cell phone, leave it at some place, or switch to another cell phone, in case one wants to obfuscate one's location. However, even in Massachusetts it is rather hard to get around without having to resort to using a car. Within the 128 belt this might be manageable, but once you get beyond 495 it becomes impossible. Mandating a tracking and surveillance device in vehicles for tax purposes will now create a gigantic database with rather sensitive information. The potential for abuse is scary:

• With location data, one can attempt to create a political profile by tracking conventions, conferences, and events a person goes to. I am not a lawyer, but this seems to be getting rather close to infringing a couple of First Amendment rights.
  
• The collected data can be subpoena in all kinds of litigations, including sensitive things like divorce proceedings or insurance disputes.
  
• If the database is ever breached, the hacker could have a field day, exposing location profiles of individuals. Depending on whose data is stolen, this could actually result in increased personal risk for exposed persons.
  

There are a lot more things that can go wrong, so this bill must never even come close to being considered.

tags: privacy massachusetts deval patrick big brother

The DHS Data Privacy and Integrity Advisory Committee of the Privacy Office of DHS has sent a letter to the new Secretary of Homeland Security, Janet Napolitano, making some recommendations for the adjustment of the way the department deals with privacy policy and issues. Some of the more notable ones include:

• Compartment Privacy Officers

• Data Governance

• Interoperability and Data Integrity

• Overhaul of the 1974 Privacy Act

• Independence of the Privacy Office from the rest of the organization

These are excellent suggestions, especially when applying them as a whole: having a compartment Privacy Officer, that can act independently of the rest of the organization has the potential of channeling the efforts of the department into the right direction. Improved data governance, integrity, and better interoperability should really be on the agenda of the CIO as well, but especially in the context of E-Verify or Border control these issues also gain a privacy facet.

Overall, this letter should be a recommendation not only to the DHS, but government and private organizations in general (mutates mutandis). Major privacy invasions (as we have recently witnessed them en force in Germany) can only be avoided if privacy compliance is considered as critical to an organizations success as any other good governance principle.

tags: privacy dhs

Oh well, I finally sat down and took the time to convert my aging main web site into something more dynamic. Since my - overall - quite reliable hoster gives me free PHP5 and MySQL databases, I took a closer look at Drupal, given its overall support, ease of use and add-on module availability. My first impressions are quite good: it was easy to get up and does not seem to be too hard to administer. Converting my exising HTML went well, although the default editor (or more specifically: the Drupal filters) have a tendency to get in the way at the beginning.

Now, one thing I will probably spend a little time on over the next few weeks (time permitting - haha), is to develop a somewhat more reasonable authentication scheme for my various web properties. I have a happy collection of PHP apps, this .NET based blog, and also some custom Java apps. So far there is really no identity management in place; a fact that has been a sore for a while. A simple SSO authentication scheme across these difference platforms is a panacea, but it should not be to difficult to achieve. I am looking actively into using Oauth or SAML as the token format, and a simple RESTful transport.

tags: web site identity saml oauth rest

Times are changing, and people have to change with it. Doh - another pearl of obvious wisdom, but there is an interesting application to the work life: while regular employment might change rather abruptly, business and community relationships usually do not. So while you might no longer be working for a particular company (say, Sun, for example), you would still be interested in continuing your work in a particular area of interest (say, identity, for example).

In this spirit, I decided to join the Liberty Alliance as an individual member. The new structure of the organization, combined with a reasonable fee schedule allows me to continue my formal relationship with one of the more comprehensive identity consortia currently in existence. While I have not yet quite made up my mind on how this engagement will be, I know that there are a number of current project in TEG and IAEG that stir my interest.

One of the most interesting developments in Liberty right now is the realization that a RESTful approach is quite necessary to extend from an enterprise-centric identity management system to one that can scale up to the needs of health care providers and governments. The need for a lightweight IdM and federation framework is indisputable, and the GSA and Internet2 have already demonstrated that the existing feature set in SAML2 is sufficient to build a meaningful federation. However, it will take the legal and business rules framework of the IAF and related efforts to extend these technologies into the realm of social networking and eGovernment where you cannot rely on having a mutual trusted partner in identity.

So, going forward, it will be a lot of fun to dabble with the same technology, only now from a slightly (or not so slightly) different angle. 

tags: project liberty identity rest

Wow - what a week this was... I have been through quite some ups and downs, and that is not even mentioning the fact that the U.S. got a new administration.

Bad news first: not only did I have a mild form of food poisining (not that there was anything 'mild' about it, but I heard it can be much worse), but I am also affected by the workforce reduction at Sun. Yes, that's right... after a meager 11+ years I am on to new adventures elsewhere. To all those that I have been working with: it was a very interesting and mostly fun ride. I really had a sense of being able to work on something big and accomplish a lot, but the energy and the creativity at Sun was very inspiring. I met a lot of smart people there, and I hope that I will have the chance to continue working with them, one way or another.

Going forward, I see myself continuing on the themes that I have been dealing with for a while now: interoperability, web-centric (now cloud) computing, and the related identity and security aspects. There is a lot of work ahead, and I am quite determined to continue contributing. 

Since my age-old email at Sun will cease to work soon, you will now be able to reach me though an interim alias: work-at-removethispart.beuchelt.com^[1]. I am also on Facebook and LinkedIn, so please feel free to connect with me:

http://www.facebook.com/people/Gerald-Beuchelt/615829807

http://www.linkedin.com/in/beuchelt

With more time on my hands for now, I will also start spamming your RSS readers... just kidding - but I will write more here now, so stay tuned.

But now for the good news: yesterday my application to become a U.S. citizen was approved and - assuming all goes well - I will take my Oath in early March. Contrary to its horrible reputation my experience with USCIS (formerly INS) was actually quite good: yes, they are bureaucratic (you should have seen the piles of files they had on me), but overall the process was quite efficient and fast: it will have taken less than 6 months from sending in the application to my Oath ceremony.

Interestingly enough, my becoming a U.S. citizen will also open new doors on the job market: as of March I will be able to get a security clearance, work on certain government contracts, etc. The timing could not have been better.

tags: identity management naturalization workforce reduction

[1]Sorry for putting the "removethispart" subdomain in - obviously it is only beuchelt.com after the @ sign. 

UPDATE: Many thanks to Tim Bray for highlighting this note in his (most unfortunately rapidly growing) Stray Sunbeams series!

There has already been quite some discussion on how to get Windows 7 to run under VirtualBox (bottom line: it works - just install it). Here is a litte add-on to this discussion: Running Windows 7 Beta 1 under VirtualBox on Solaris 10 U5 over a SunRay terminal (exhale....).

Now, since I had tried Vista under VirtualBox, I was not expecting anything (except abysmal graphic performance), but - lo and behold - I was quite positively surprised: the install was complete smooth, and the VirtualBox Vista drivers worked like a charm, once I was using the compatibility mode with Vista (right-click the executable on the mounted ISO image, select Properties and the Compatibility tab, select Vista, close everything and then simply double click to install). Without this trick, the VirtualBox installer would complain about not supporting Windows 7 yet.

Overall performance was pretty much as expected: a lot better than Windows Vista, and about the same as Windows XP. Now bearing in mind that the SunRay system is not exactly targeted at power users for CAD applications, and you will arrive at a the conclusion that Windows 7 Beta 1 under VirtualBox is a logical step from running Windosw XP in the same scenarios to deal with those 7 applications that you just cannot find in open source. If Windows 7 actually came in a freeware version, it could actually be worthwhile upgrading those legacy HDD images. But then, Microsoft has shown over the last few years that they are capable of learning, so I will not loose my hope ...

Seriously: if Windows 7 has a similar performance and resource demand profile as the beta versions, it has a good chance of convincing me to attempt another upgrade. Just one thing will be crucial: application backward compatibility.

tags: Windows 7 Sunray Solaris VirtualBox

The workshop on Open eGovernment is starting right now. Here is my slide deck, for all that might be interested:

MIT MediaLabs - Open Identity Archtecture.pdf (1.01 MB)

Soon after this is complete, the entire workshop will be posted on the MediaLab webpage - please stay tuned for the link.

tags: identity management policy

As part of the new U.S. administration's BigDialog and Open Government technology agenda, the CommunityCount web forum is polling for issues that are relevant to the identity management community. If you want to make you voice heard with the transition team and the next CTO and science office staff go here, put in your questions and issues, and vote on the others.

Here is my contribution - please vote.

tags: identity management policy

    I love foundational discussions - they always have the potential to fundamentally change my world-view, which is quite stimulating.

    Radovan picked up on my little piece on reputation. In particular he suggests that the question "What attributes should be influenced by reputation and what should not?" does not make any sense.

    I fully agree with this statement, but not necessarily with all conclusions that Radovan draws. As I see it, the question is not what attributes of an entity should be influenced by reputation, but much more about what attributes can be reasonably approximated by a mean-value approach such as reputation.

    In Radovan's example, the height of a given person can be precisely determined (up to an error margin, that is part of that measurement). The result of such a measurement--as long as it is reproducible--is the objective value of the attribute "height". It does not make any sense to attach a reputation to this value. But you can attach a reputation/"credibility score"/whatever to the measurement process (this is typically done through the specification of the error margin), or the faithfulness of storing this information in a given storage system (e.g. through the reliability score of this provider, determined by averaging over the subjective reliability score given to the storage system by its customers/clients). The aggregate "reputation" of this process (measuring, recording, storing, reproducing) can then be used to calculate the "reputation" of you saying that I am 147 cm tall.

    But--and this is important: your statement about my height (or the aggregate statement of the community about my height) does not influence the fact (if you want to use this hopelessly overloaded term) that I am 187cm tall.

    This is fundamentally different from what might happen with other attributes: for example, let us look at my "reputation for drawing aesthetically pleasing pictures". While I ( or my daughter) might be convinced that I have a rather high score for this attribute, the rest of the world might beg to differ. My community-wide^[1] reputation as a gifted painter could thus be much lower. Note that I do not have any reasonable recourse: there is (fortunately) no final authority, or repoducible process that can determine a definite value for this particular attribute.

    Nevertheless, for such non-CFD, mean-value attributes you still face the same issues that you do face for objective attributes: there is the change of recording or storage failure, and thus other factors that might ultimately determine the reliability of a "reputation as painter" score I might have.

[1] Note that at this point it becomes very important to define the correct domain of your mean-value process, i.e. you have to fix an ensemble.

    Paul proposed a conjecture regarding the validity of using reputation systems in the context of identity systems. This (and some discussion on the IDGang list) inspired me to dig again through some of my notes regarding the ontology of physical reality (and thus--by extension--quantum theory).

    My personal position in the discussion on the most sensible approach to physial ontology was always firmly rooted in the realist corner: I completely reject positivism and--mostly-- empiricism on fundamental principle. There is no doubt in my mind that there is an objective physical reality, independent of human (or any other) observer^[1].

Reputation in information systems

    Now, a reputation scheme can easily be interpreted as mechanism to determine the value of an entity's attribute by averaging over the subjective values of that particular attribute, as seen by an ensemble of parties interacting with the entity in question. So, for example, to determine the "trustworthiness in business transactions" of user A of an auctioning site, one can average over the subjective opinion of business partners of user A on his trustworthiness.

    This approach is valid, and as many social (or even business) sites indicate very useful. It can be applied reasonably well to attributes of an entity that are either non-counterfactual definite (i.e. completely subjective), or not measurable by an objective and reproducible measurement approach.

    "Trustworthiness" is a good example for a subjective attribute, and credit-worthiness of a company or individual might be an attribute of the later type: while the fundamentals of a company determine its ability to shoulder a certain about of debt without collapsing, there is (to my knowledge) no definite algorithm to compute a simple "creditworthiness" attribute. However, the averaging over the credit ratings from different rating agencies (i.e. a kind of "credit reputation") is normally a good approximation of this attribute^[2].

    However, there are some attributes that cannot be averaged over: those attributes are counterfactual definite, i.e. objective and can be measured by a repoducible mechanism. A good example for such an attribute is my physical height,  my employment status with a given company, or my gender. All of these might change in time, but at a given point in time, they can be easily determined and have an objective value--even if nobody measures it. Applying a mean-value approach to these does not make any sense.

    One might interject, that for such a counterfactualy definite attribute there might be a different perception of its value with other entities. For example, while my actual height is 187cm (~ 6' 1"), some people might think that I am taller or shorter.  Now, my actual height does not change because a number of people are thinking so. It is my perceived height that changes and this attribute is entirely different from the former.

    So, in the end it is very important to evaluate carefully if a given attribute of an entity in an information system lends itself to be used in the context of reputation systems. In some specific cases this does make sense, but in others it is entirely pointless.

[1] Yet, while realism is vital to my world view, I am much more inclined to abandon local reality than counterfactual definiteness.

[2] The current financial quagmire is an example of how such a reputation system can fail.

  GIMPS has released a statement indicating that the 45th and 46th Mersenne primes were recently found at Sun by Tom Duell (right here in Burlington, MA) and Rob Giltrap (Wellington, New Zealand). Both ran on Sparc based systems. Congratulations!

tags: mathematics prime numbers

    Amazingly enough, it took less than 24 hours to see the first massive privacy issues flaring up with Google Chrome. In a CNET interview, Peter Eckersley of the EFF says:

"We're worried that Chrome will be another giant conveyer belt moving private information about our use of the Web into Google's data vaults," Eckersley said. "Google already knows far too much about what everybody is thinking at any given moment.

    Now this is a total surprise, is it not? Not only can Google read all your mail, knows what you are looking for on the web, and has your financial information through Googlc Checkout or Adsense. With the Omnibox (or the mysterious "one or more unique application numbers"), they now also see all the places you go to -- on the internet and any possible intranets.

    Now, I do not know exactly how this will play out legally, but as far as I am concerned, the internal structure of an Intranet is usally some I'd rather not expose to outsiders. Beyond privacy concerns, there are clear security and intrusion concerns, and allowing Google to obtain this data for free and without any binding contract between Google and my company does not seem very prudent. If I had any say, I would strangle recommend to prohibit the use of Chrome in any enterprise environment. This should obviously extend to government agencies, and among them law enforcement and military. How embarrassing would it be, if--by honest mistake--the DNS or CA infrastructure of the combat command and control systems of say, the Airforce or the CIA would suddenly appear on a Google search result.

    Do not get me wrong: I do like Open Source, and adding competition to the market is always a good thing. I simply see the ugly face of monopoly lurking around the corner, and this time it also has a big file on any internet user. This is a little too much power in the hands of a single entity. If Google was part of a government, people would be a lot less eager to submit their most private data (with the exception of Germany, of course--there it works the other way round).

tags: google chrome privacy

Just in time for First Beam, the LHC staff has released a video. It's geeky, but quite funny:

Watch First Beam on September 10 at http://webcast.cern.ch/

  No, I am not talking about Google Chrome (yet). But it is related: if you look at

it seems that Germany has already conquered Denmark, Benelux, Switzerland, and Austria-Hungary. It could also be a the EUSSR with its capital in Brussels...

  Or maybe this is a completely new country call "Googleland", where every citizen deposits all their data in a save datacenter, identified by a unique id. "Information Self-Determination" is a basic human right, and any data merchant will get shot on sight. 

  The only exception is the operator of the datacenter (that would be Google, being compensated for their services by an unalienable right to use any of the data for targeted advertising campaigns), or any data thief that offers information on citizens suspected of being involved in terrorism, sedition, or tax evasion.

humor privacy google chrome

  This is just another installment of how the freedom of expression and scientific research is being sacrificed on the altar of "public safety" and "property rights". From the CNET article:

"A federal judge on Saturday granted the Massachusetts transit authority's request for an injunction preventing three MIT students from giving a presentation about hacking smartcards used in the Boston subway system."

  To summarize this incident: a couple of student find a giant security hole is a publicly financed payment system. They inform the authorities and involved parties to given them a change to work on the situation. The faceless bureaucrats respond in the way any large (and thus inefficient) organization will respond: ignorance and disbelief. The students follow the time-honored tradition of publicizing their results and suddenly the gears spring into actions: federal courts, FBI, and preliminary injunctions appear. The official reason is "public safety", but everyone involved knows that this is just a very lame excuse. In truth, it is the desire of an inadequately powerful state-sponsored enterprise to hide their incompetence and silence their "subjects".

  The fact that this can even be done is the availability of unconstitutional laws (at least in spirit) like the DMCA and similar utterly meritless legislation. Coming from Europe, I am used to the frequent oppression of freedoms, even today. So far, the U.S. has been setting an example of how e.g. the freedom of expression should be interpreted. This gag order by a federal judge in Boston (sic!) is an untenable limitation of this right. It goes against some of the most fundamental principles enshrined in the Constitution and the Bill of Rights. 

  For more information, check the EFF website. 

tags: civil rights, freedom of speech, mbta

I just laughed out loud:

Go King Homer I. of Spain!

tags: humor, simpsons

The U.S. Patent and Trademark Office (USPTO) is considering to invalidate many (if not most) software patents and significantly restrict the issuance of new process patents. No doubt, intellectual property does deserve decent protection, and I think that this move by the USPTO will in fact result in better protection of property: copyright law provides ample protection against IPR theft while not getting in the way of real innovations.

To draw a technical comparison, process patent law protects the API, while copyright law protects the implementation. Although it takes a lot of thought to come up with a good API, it should be the implementation that is at the heart of the competition to not harm the end-user.

In this sense, the new direction of the USPTO will benefit the end-users (consumer as well as application developers) by allowing the concrete implementation of ideas to compete while keeping interoperability at the idea-level intact. In the end, the entire market will benefit including the vendors by lowering the barrier for interoperability significantly. 

tags: internet law IPR patents

The current economic situation is not exactly ideal: amongst many significant issues, one of the most concrete and pressing problems of today is the highly volatile energy market. Many current problem in the world (such as clean water, food, housing) could be solved almost completely, given that there is sufficient energy at hand[1].

Electric energy generation has seen a variety of approaches: some of them are quite childish, while others lack in public acceptance. Ultimately, only a sound mix of nuclear fusion and a select number of reasonable renewables such as solar or geothermal energy source (were available) will make sense.

However, electricity is not particularly easy to store, making it by far less attractive for any type of transport, especially individual transport. No technology that has been available so far has created a reasonable alternative to fossil hydrocarbon fuels: they have a sufficient energy density, are easy to handle, and the technology is very well understood. Alternatives such as canola-based diesel or ethanol-enriched gasoline are mostly carbon-ineffective ways of wasting money and alimenting lobbies.

Now, a new genetics based approach is making the rounds in various news outlets: LS9 is a South San Francisco company that succeeded in creating microorganisms that can produce hydrocarbons from renewable sugar sources. In other words, it will soon be possible to replace the back-yard compost heap with a small LS9 reactor that produces gasoline instead of dirt.

It will be interesting to see, if this technology can actually scale to a level where a large (and energy hungry) economy such as the U.S., China, or the E.U. can rely on this renewable fuel for a significant portion of their needs. But even if this approach is not fit for mass energy production, it still guarantees the available of hydrocarbon based products (i.e. plastics) in the post-fossil age.

[1] Obviously, in today's world there is also in many cases a lack of political will, but that is - at least to some extend - again a result of scarce energy.

To day, I would like to take a peek at a technology that has been living in the shadows for some time. While HDTV and digital broadcast over-the-air have been getting some attention lately (especially with the January 17, 2009 deadline looming), digital radio broadcast have not been getting any significant media attention in the U.S.A.
One of the reasons for the lack of attention might be that the digital radio standard chosen by the FCC has been met with some serious criticism. The two arguments that are most profound here in my mind are sound quality and proprietariness.
Nevertheless, since I am listening to a lot of radio during the day, I have decided to give this broadcast system a try. For receiving, I chose the Sony XDR-F1HD component tuner that allows most easy integration with a standard stereo system. Connections are made simply through RCA style component wires. The system comes with an AM and FM antenna cable, but standard connection (e.g. to you home TV antenna) are available. The unit is very simple to configure and has - in addition to the radio program information - a large clock. The display is illuminated.
Reception of FM HD radio stations is - overall - pretty good, even under adverse conditions. My antenna is setup inside the Sun office, which is a steel reenforced concrete building with excellent radio shielding qualities (sigh!). In addition, the indoor antenna cable is close to two CRT monitors and a variety of transformers. Most strong stations (such as WGBH) are readily avilable with little or no reception problems. However, AM reception is rather spotty and so far I have only been able to receive WBZ when holding the antenna at 83 degrees North-North-West about 3'7" above my desk.
The sound quality is most of the times acceptable. The radio signal codec is a proprietary version of the AAC encoding, encoded at 36 kbit/sec. This is far from being CD quality, but it does remove the noise floor of the FM signal to a large extend.
Overall, I would probably recommend this setup, as long as the broadcasting community is dedicated to continue using this sytem.

In my earlier article today I pointed out a rather significant security blunder in Germany, where a number of municipal IT departments failed to secure their systems. This lead  to exposure of at least 500,000 personal data records to the internet - so far I have not heard that any affected person was informed about their involuntary expose to identity thieves.

In this context it seems a little untimely to publicly announce a new electronic signature program that will start in 2012.Under this program, anyone claiming any benefits from any public source (unemployment, social security, etc.) will be required to use a smart card with a personal key. In addition, employer will have to submit all salary and compensation information to a federal, centralized database that will be fully accessible to all participating government agencies on the federal, state, and local level. Contained in this database are obviously all employer records, but - in all likelihood - also all data records of current or past applications for government benefits. Employees are expected to pay for these new services themselves, with private sector  financial institutions or government agencies playing the role of the trust broker.

This program is sold to the public in two ways: on the one hand, it is supposed to save the employers and the government agencies a lot of money by streamlining reporting and decision making processes. On the other hand, in its centralized form it is expected to help limit welfare fraud, which is quite common in Germany. 

In and by itself, such a database seems harmless enough: it has some tangebile benefits, including significant savings for the private and public sector. However, this effort does not stand by itself. Over the past couple of years, privacy from prying government eyes has been under the most severe attack immaginable: A comprehensive tax ID that is coma

While Germany and Europe in general have some of the strictest rules regarding the use and storage of personally identifiable information, the last few months have seen rather extreme data security breaches. Today, the German media is reporting about a new installment of irresponsible negligence government incompetence:

According to the SPIEGEL ONLINE a spokesperson for the software company HSH admitted that the personal information of more than 500,000 residents of at least 15 cities and towns were readily available on the internet for at least 3 months [1]. According to a investigative news program (Report aus München), this problem actually affected more than 200 municipalities for more than 3 years. The alleged cause for this blunder was rather simple: the software used by the cities to manage these huge data collections had at least one default/demo account that was not disabled by the IT staff of the authorities. These credentials were inadvertantly published by the software maker on their web site and thus available to every one.

While problems like this can happen, it seems odd that this massive security breach has not caused a major uproar with the various highly paid privacy guardians. In fact, there i svirtually no report on this incident in any language but German. One might get the impression that there is a strong desire with a rather large number of people to keep this incident on the q.t. and avoid further investitigations and public disclosures.

Germany has (or had?) after the horrible experiences with two dictatorships and their respective secret police a tradition of resistance against data collection and privacy invasion. The proposed general census of 1983 was stopped by the German Supreme Court in a decision that laid the foundation of what has recently been termed "Informationelles Selbstbestimmungsrecht" (right to informational self-determination).

So far, Germany has not seen a large number of identity theft cases: until last year, there was no unique ID  in use and most electronic transactions are currently handled through a European debit card system that is less exposed to a number of frauds. Also, while the various branches of government had been busy collecting large amounts of data on German citizens and residents, there have been only a few federal databases. When talking to people on the street, I found a growing indifference to the German governments extended data collection and linking programs. The general attitude seems to be that "we do not have anything to hide", and if a little (or even more than just a little) loss of privacy leads to a few high profile tax evasion prosecutions, everyone is happy.

[1] Germany has a national ID law that requires citizens to register with city hall and disclose persoanlly identifyable information such as names, current and former addresses, religious affiliation, birth date and place, children, current and former spouses, tax information, serial numbers of the national ID card and passport, and more. Since last year's July, this data also includes a tax ID, the German equivalent of a social security number.

While Germany and Europe in general have some of the strictest rules regarding the use and storage of personally identifiable information, the last few months have seen rather extreme data security breaches. Today, the German media is reporting about a new installment of irresponsible negligence government incompetence:

According to the SPIEGEL ONLINE a spokesperson for the software company HSH admitted that the personal information of more than 500,000 residents of at least 15 cities and towns were readily available on the internet for at least 3 months [1]. According to a investigative news program (Report aus München), this problem actually affected more than 200 municipalities for more than 3 years. The alleged cause for this blunder was rather simple: the software used by the cities to manage these huge data collections had at least one default/demo account that was not disabled by the IT staff of the authorities. These credentials were inadvertantly published by the software maker on their web site and thus available to every one.

While problems like this can happen, it seems odd that this massive security breach has not caused a major uproar with the various highly paid privacy guardians. In fact, there i svirtually no report on this incident in any language but German. One might get the impression that there is a strong desire with a rather large number of people to keep this incident on the q.t. and avoid further investitigations and public disclosures.

Germany has (or had?) after the horrible experiences with two dictatorships and their respective secret police a tradition of resistance against data collection and privacy invasion. The proposed general census of 1983 was stopped by the German Supreme Court in a decision that laid the foundation of what has recently been termed "Informationelles Selbstbestimmungsrecht" (right to informational self-determination).

So far, Germany has not seen a large number of identity theft cases: until last year, there was no unique ID  in use and most electronic transactions are currently handled through a European debit card system that is less exposed to a number of frauds. Also, while the various branches of government had been busy collecting large amounts of data on German citizens and residents, there have been only a few federal databases. When talking to people on the street, I found a growing indifference to the German governments extended data collection and linking programs. The general attitude seems to be that "we do not have anything to hide", and if a little (or even more than just a little) loss of privacy leads to a few high profile tax evasion prosecutions, everyone is happy.

[1] Germany has a national ID law that requires citizens to register with city hall and disclose persoanlly identifyable information such as names, current and former addresses, religious affiliation, birth date and place, children, current and former spouses, tax information, serial numbers of the national ID card and passport, and more. Since last year's July, this data also includes a tax ID, the German equivalent of a social security number.

Starting today, I will try to review some of the more interesting gadgets that I have been playing with. The first installment will be on the Windows Mobile phone that I won last week at TechEd. After attending a Mobile Security session, I won this phone for knowing the original code name for the first Windows Smartphone (that was "Stinger"). The phone is a SAMSUNG Blackjack II with AT&T branding.

The list of features is good:

• Windows Mobile 6.0

• Tri-Band UMTS (3G) and Quad-Band GSM

• 128 MB RAM and µ-SD port (up to 4GB)

• GPS

• Thin (0.4") and light-weight

• 2.0 MPixel camera

In general, the device is easy to handle. It has a jog wheel that feels a little flimsy, but it works ok (so far). The keys are a little small for my clumsy fingers, but that way the phone does not get too big, so it is a good compromise. While the above feature list ist good, there are a few things that are sorely missing:

• No WiFi - this is probably the biggest shortcomming on this device.

• Proprietary connector - now standard USB, no standard headphone jack, no antenna extension - just proprietary connectors. This was acceptable in 2000, but I am no longer willing to tolerate this in 2008.

UMTS/3G internet services are quite good, at least in most places North of Boston. As such, most web sites suited for mobile browsers display quickly and efficiently in IE mobile.

The advertised add-on software (mobile TV, Navigator, etc.) is rather disappointing: some of it works all-right, but pretty much all of the applications are only short-term trials. This is highly annoying, especially since there is no easy way to remove the various links to these app from the Start menu.

Overall, I am quite happy with this new toy (especially at the price), allthough I would probably not have extended my contract for two years and paid USD 99 for it.

I attended a meeting of the Hartford, CT, chapter of OWASP yesterday - James McGovern was so nice of inviting me there. OWASP is a group focusing on web application security, with a heavy emphasis on "application" (in contrast to "infrastructure"). Most of the attendees were either directly working in the financial industry or closely working with them - at the end of the day, it was Hartford.

To me it was a very interesting event - especially since I have mostly been thinking about platform and infrastrastructure security and not so much about the applications. Some of the emerging standards (like PCI DSS) were rather new to me, but seem interesting enough for me to take a look at.

Some more interesting tools and tidbits:

• WebGoat is a "deliberately insecure JEE application", designed to teach developers how to *not* code a web application. This should be fun to take a look at.
  
• WebScarab is an intercepting HTTP(S) proxy.
  
• The OWASP Top Ten also has some interesting reading.
  

Overall, I am looking forward to staying in touch with this group.

There are quite a few indications that the hopes for an industry backed, ad-supported music exchange were - at the least - too early. Maybe it's a scam, maybe it is just a test-balloon, but in a world of iTunes hating music companies, this scheme did make some sense...

tag: qtrax, iPod, music

Maybe, maybe: there are signs on the horizon that the content industry will finally come to grips with the harsh reality that their old models just do not work anymore the way they used to: enter Qtrax, a free, ad-supported P2P network that claims to have the blessings from a bunch of major labels, including Sony/BMG and EMI. Qtrax will lauch tonight, so soon we will know more.

Overall, this might be a sign that the RIAA monopoly is finally understanding that suing their customers is not a good way of advertising your goods. And while MP3s are not exactly the encoding that HiFi fans' dreams are made out of, it is still an interesting start into a hopefully much brighter future.

There are a few things that really interest me:

• They are using the Mozilla rendering engine. That is a good thing. Period.

• They promise iPod compatibility. Hmm.. this sounds odd, since the iPod is quite capable of playing back MP3s. Now - assuming for the moment that they are using MP3s - why would you need to make the iPod compatible? Unless there is some sort of DRM or platform lock-in included ... we will see in about 3.5 hours

• Who will be the ad source, ie. which advertising seller will get the opportunity to get access to a potentially gigantic market. While I have absolutely no idea, I'd be surprised if the name of that company started with a 'G'.

• How will Apple and the market react? At the end of the day, this whole thing is a thinly-veiled attack against Apples extremely strong position with the iPod and iTunes. If Qtrax can offer a similar level of ease-of-use, Mr. Jobs will have to do some very creative thinking.

• What is their Linux story? Or - to rephrase the question in a more interesting way: What is their open source/open specification story? I can see that they are not particularly interested in opening up their platform, as this would directly undercut their ad-based business model. But will they allow ports or make the engine at least reasonably portable to other OSes, including Linux, but also Symbian or other cell-phone OSes (and - of course - OpenSolaris)?

We will see ... soon.

tag: iPod, apple, audio, music, qtrax

For years I have been playing around with all kinds of computer based TV and multi-media solutions and toys: Windows MCE in its various editions from 2004 to Vista, early versions of MythTV and proprietary stuff. Until now none of these where really at a point where they were actually useful for a family room:

While Windows did have a reasonable UI from the start, the fact that it recorded to a highly proprietary format with nasty DRM implication was a deal-killer right from the start. Some of the tuner-cards (like ATI) attempted to mitigate this by bundling plugins for MPEG-2 conversion, but these were implemented rather clumsily and had frequent failures.

MythTV was - until recently - also more of a geek toy: nice for my lab or office, but nothing I could really throw at my family. Now, with the 0.20 config found in the Gutsy release of Mythbuntu, MythTV takes a rather large leap towards usability. 

• The UI is basically usable and driver support (especially for the tuner cards) is becoming acceptable. I am using an WinTV HVR-950 USB stick now with my digital-over-the-air setup and there is not a lot more I could ask for in terms of device support.

• The proprietary NVidia drivers are good enough and support the motion extensions that are needed to offload motion processing to the GPU.

• For audio, I require at the very least S/PDIF support (mostly for lossy Dolby Digital, but there is no other format like e.g. MLP being used for digital TV at this time), which has been quite painful, but ultimately doable.

• There seems to be decent remote support, but I am right now still fighting with my old ATI Remote Wonder (I think that I will cave in here at some point in time though).

The by far most important factor for family room usability for me is RTC wakeup: I could not near having a computer with its nasty fans running all the time. Enter ACPI controlled RTC wakeup: using a couple of scripts^[1], I was able to make the MythTV box boot up in time for any show that I wanted to record. Very cool.

One thing that I was fighting with in the end was a problem with the way MythTV could be shut down automatically after an unattended recording session. For this, MythTV provides mythwelcome(1) which is a helper program to start the MythTV frontend^[2]. The trick that made is work for me was to instruct^[3] mythwelcome(1) to not start mythfrontend(1) automatically: This overcomes a problem with session management in Ubuntu and mythwelcome, and allows the box to shutdown automatically after it completed recording.

Bottom line is that I am quite happy with my MythTV box for now.

tag: Ubuntu, MythTV, mythwelcome, Audio

[1] There are quite a few of tutorials on ACPI wakup out there, many using nvram-wakeup. Discard all these, and only use those centered on /proc/acpi/alarm, instead (if you can).

[2]  Mythbuntu Gutsy is actually quite smart about using mythwelcome(1): You only need to go into /etc/mythtv/session-settings and enable the welcome shell. No need to change the mythstartup.sh script.

[3] Press the 'i' key while in mythwelcome(1) to configure this.

This is so brain-dead, it is actually quite funny: In a move to make sure that he will be seen - once again - as a brave contrarian, John Dvorak thinks that Oracle paid Sun to kill MySQL. After reading this article, I had to verify that this was not The Onion, but actually MarketWatch.

His argument is fairly simple: Sun has a bad track-record of M&A, so Larry Ellison forces his old buddy Scott  ... ahmm, no wait, it's Jonathan now ... to buy MySQL and ruin it. To prove his point, Dvorak links to a list of recent Sun aquisitions that - allegedly - went bad.

Let's take a look at that list of "failures" again:

• SavaJe - JavaFX Mobile

• SeeBeyond - JavaCAPS

• Tarantella - Secure Desktop

• Waveset - Identity Manager

• StarDivision - OpenOffice (my addition to the list)

Last time I checked, pretty much all of these above technologies were thriving, some of them actually driving at the leading edge of their respective markets and/or standards regimen. Have there been failures or less successful aquisitions? You bet - that happens practically everywhere. There were also some aquisitions that were mildly successful, and others that came to pay off in rather unexpected ways or much later (Cobalt and the Sun x86 story come to mind).

The MySQL acquisition was and still is nothing short of brilliant. Sun has a major league RDBMS now that is being used by virtually everyone in the (your favorite technology moniker here) 2.0 market. And while most of these organizations and individuals are happy with an unsupported open source model, there are still a lot of big companies that use MySQL who are in need of support and other services. This business model fits perfectly into the entire Sun software portfolio and long-term strategy.

It is probably a sign of the time that tech pundits and columnists are now far behind of what is happening in the industry - especially when it comes to business models. On the other hand, Dvorak has been a commentator with a particularly bad track record of making predictions: think about his dismissal of the Macintosh mouse in 1984, his prediction of the iBook failure, his expectation that the iPhone will be a miserable failure, or even his prediction on Microsoft closing down, since the software market is supposedly dead.

The thing that is really sad is that there are even today people who read the name and the headline and assume that he has got a point. He doesn't.

tag: MySQL, Sun

Dare wrote an interesting piece on why RESTful service are much better off without an interface definition language. He is especially picking up on teve Vinoski’s IDLs vs. Human Documentation post, which emphasizes human readable documentation over IDLs.

I am sure that Marc has a somewhat different opinion on this ...

tag: development, REST, WADL

This makes total sense - and finally Sun gets a real database. I can think of at least 10 different major software products from Sun that would benefits enomously from switching from their respective current database platform to a single data store. I am really looking forward to having a single API and place to store structured data in Solaris and Java. Cool.

It reminds me also of the phrase someone coined: "LAMP is for boys, MARS^[1] is for men."

tag: Sun, Solaris, MySQL

[1] MySQL, Apache, Ruby, Solaris

A nasty experience, that I would like everybody to avoid if you can: A few months ago, my bank (NetBank) was acquired by a - by then to me - unknown bank called ING Direct. Having gone through this cycle a couple of time, I did not think a lot of it and trusted that this acquisition process would go as smoothly as the many I have experienced before. Boy, was I wrong.

During the acquisition process, we had our grand family vacation, and shortly after I had a couple of trips to California scheduled. During the vacation, my father-in-law passed away, and we had to arrange for travel and some fund transfers to Germany. The travel was quickly arranged, only the - otherwise perfectly simple - international wire transfer was suddenly impossible with this new bank. Over the course of a few weeks (during which I was not able to sit down at home and sort things out), the quality of service degraded steadily from good (prior to the acquisition), through horrible (prior to the complete conversion) to street robber courtesy (after the conversion to ING Direct).

Here is an example: with NetBank, I had a checking account and a money market account. Simple, nothing fancy. After the ING conversion, I ended up with two savings accounts, no ATM cards, and no checks. Transferring money from either of my "Orange" accounts to an external checking account was - essentially - impossible. Now, ING offers account linking of their savings accounts to an external checking account. I tried that, and it turned out that they had an incorrect social security number registered for both accounts. Ouch! After this was resolved (another 5 ING banking business days, i.e. 12 calendar days pass), they presented me with an online quiz about prior credits (the one you have to fill out to get your credit report online). Fine, unfortunately the credits/data presented had nothing to do with me, so they blocked the option to link accounts online.

And so on, and so on. Bottomline is that ING Direct and their representatives I talked to never even pretended that they were appreciating my business. In that category, they get big kudos for being honest. Everything else, including the online login, which could easily be inadvertently misused to get information about other customers, was an outright disaster.

So here is my verdict: even though they offer pretty decent interest, you will pay for this by having to deal with a customer service department that is only rivaled by United Healthcare for customer non-appreciation. Stay away.

... since I joined Sun. Actually 10 years almost to the date, so Bill presented my 10 year recognition certificate to me today.

It has been a very interesting 10 years: I started out as a pre-sales systems engineer in Frankfurt, Germany, moved to the U.S. in 2000 to work with the Sun Legal team (mostly) and then joined the Business Alliances group in 2005.

From this point a big "Thank you" to everyone who I worked with on this journey.

tag: Sun

Not only that a lot of people have been complaining about my funky ports, but by Internet provider also decided to start blocking the 8080 port. That's somewhat of a problem, since without this port my blog will not work. Sigh!

I therefore decided to bite the bullet and start using a professional ASP.NET hoster. So please update your links and feed readers to my new blog address:

HTML: http://blog.beuchelt.org/
Feed: http://feeds.feedburner.com/WebServicesContraptions

Thank you for your understanding.

tag: blogging

UPDATE: My ISP allows inbound connections on 8080 again, so now I was able to put a redirection in ... Hope that helps. The only thing bugging me right now is that Technorati does not allow me to claim this blog on the new address ... sigh.

So, the long family vacation has been on for over 2 weeks, and it really feels good to unwind a little. We started on Big Island, went on to Kauai (where I got - after 28 years of planning on doing this - my diving certification with KAS^[1]), and are now on O'ahu. The differences between these islands never cease to amaze me. Here are a few pictures that we have put up so far:


Snow and Telescopes on Mauna Kea


The evening view from our balcony on Hawai'i


Me after hiking to the top of the dormant Pu'u Huluhulu


Sunset on Kaua'i on Turkey Day


Waimea River Canyon

[1] My experience with KAS was really superb. I had Damion McGinley as my instructor - he was fun and relaxed, but still made me go through alll the drills over and over again. One of the best things was that he knew the area and the aquatic wildlife quite well, so I got to see many critters and turtles.

Over the next few weeks blogging will be light, since I am traveling. I hope to be back to here for IIW...

Paul found an "periodic" table of data visualizations, which is quite nice in its own right (Paul: I think I have seen a knowledge map of the identity landscape some time ago). But I certainly prefer this "periodic" table of ... beers (hmmm).

tag: humor, beer

Sorry, due to a recent surge in Trackbacks, I have deactivated this feature for the time being. Spammers are really an annoying bunch ...

What made it now just unbearable is that my blog was being misused to advertise the services of the worst health insurance that I ever had: United HealthCare. My conscience does not allow me to help this highly incompetent and - at times - immoral company in any way. It says a lot about a company (especially in HEALTH care) when they or their agents employ SPAM tactics to get people interested in their offer.

tag: blogging, spam, trackback

Ok - I just upgraded my blog engine to the 2.0 release of dasBlog. A big "Thank you!"
to the team for keeping up the great work.

One thing that does seem to work again is comments - so please giv it a try, if you like.

UPDATE: I just saw that the publishing times have been changed during the upgrade (or something else went wrong between the new version and Feedburner), so you will see a lot of new articles, that are not that new. Apologies.

Electronic health record are a very touchy subject, since these affect some of the most personal data. While a usable and reliable system for such electronic records would certainly save a lot of money and also prevent even more health-care related mistakes, the Microsoft HealthVault solution is probably the very worst way of trying to solve these problems.

Do not get me wrong - I do applaud Microsoft for trying to push this effort ahead, so that we (as a society) can make progress towards a reasonable solution. But a centralized (one is tempted to say: totalitarian), Passport-like data sink for my most personal data does not even sound bad to me^[1]. Here are a couple of questions that came to my mind immediately after reading the announcement:

• Why would I trust an unrelated and (health records wise) completely unexperienced company trust with my health records?

• What happens in case of a data breach?

• Why should I consent to having my data shipped to *any* other country?

• Why is Microsoft only worried about third party "Program" provider satisfying *their* Privacy Policy needs and not mine.

• What happens if health related surfing habits are harvested not through the HealthVault web site, but through the *required* Microsoft Passport account?

The list could go on and on after reading the boiler plate privacy policy. I just cannot understand why Microsoft is pressing forward into this area without taking much more caution to prevent security breaches (ha: they are using SSL and strong passwords!!) and limit liability. In this area (particularly when dealing with super personal data like real-time live sign data) there is no "get it right the third time".

Paul Madsen made a very good point of this area of application being ideally suited for Liberty technologies. I think that data as sensitive as medical records should be regulated to only be kept in federations: without my explicit consent data should not move from one silo (doctor A) to any other (doctor B or insurance). In fact, the way the (ineffective, but privacy preserving) way health care works today is a federation model.

tag: healthvault

[1] I am really in a Pauli mood today.

I just ran across this song (from 2006) called "Download this Song" by MC Lars. You can certainly debate the quality of the song itself (although I still very much like "The Passenger"), but the point he is trying to make is probably quite right: 10 years from now, CDs will probably be considered either audiophile, totally redundant, or both. Popular music will at that time be produced, promoted, distributed, and listened to online.

However, I doubt that the small, but dedicated group of people interested in classical, contemporary, or Jazz music will be that easily converted - at least not without CD equivalent (or better) download offers.

Anyway, here is the video:

tag: humor, music, audio

Just some Friday humor:

tag: facebook, identity, humor

I usually try not to act as a sound board for marketing, but this seems quite interesting:

"IBM and Sun announced that IBM will distribute the Solaris operating system (OS) and Solaris Subscriptions for select x86-based IBM System x servers and Blade Center servers."

Cool... the power of Open.

tag: Sun, IBM, Solaris

... don't try this at home:

And here is what should happen to all mediocre audio equipment:

tag: humor, apple, iPhone, iPod

This is the taping of the full lecture - highly recommended:

tag: science, evolution

Totally unrelated to the usual topics, but still interesting (IMO): I have been really into multi-channel high-definition music for some time now and really enjoy SACDs and DVD-Audio discs. Chances are that you haven't eve heard about these formats yet, since the content mafia music industry decided to introduce these very exciting formats with no marketing at all. Both have been around in force since about 2001 and they deliver (sometimes) excellent 5.1 surround music in extremely high definition: 

• DVD-Audio (PCM)
  
• Stereo: up to 192 kHz/24 bit = about 4.3 times the frequency resolution of the Audio CD and 144 dB theoretical sound to noise vs. 96 dB with the Redbook CD (that's 256 time better).
  
• Surround (5.1 discrete channels): up to 96 kHz/24 bit - still more than double the frequency resolution than Redbook Audio CDs and 28000 Hz above the best human perception.
  
• These high-resolution formats are contained in the DVD-Audio section of the disc that CANNOT be read by a "normal" DVD-Player. You will need a special DVD-Audio or Universal player for this.
  
• DVD-Audio discs most often also have a DVD-Video section that typically contains the stereo track in standard 48 kHz/16 bit PCM stereo and sometime a DTS or Dolby Digital version of the surround mix. This section is playable in any standard DVD player.
  
• DualDisc DVD-Audios have two sides - one containing the DVD-Audio side, the other containing a CD Audio side.
  
• SACD (DSD)
  
• Instead of the usual PCM encoding, the SACD uses DSD encoding which is significantly different from PCM by using a single bit quantization at a relatively high sampling rate (2.8 MHz - yes, MEGA Hertz). The claim of the DSD fans is that the demodulated signal is closer to an analog signal when compared to PCM encoding. Opponents complain about the more limited S/N ratio at high frequencies, artifacts of the (necessary) noise shaping and - in general - about a too low sampling rate in the SACD specification.
  
• SACDs must have a stereo DSD track and most often also have a 5.1 surround DSD track. These tracks can only be read by SACD players (or universal players). Most times, the signal is only available as an analog signal, although there are some players (Denon 3910, Oppo, PS3) that convert the DSD signal into high resolution PCM and send it over HDMI to the DAC or receiver.
  

While DVD-Audio is most common in popular music (e.g. Talking Heads re-release on DualDisc), SACD is most common with Classic titles. Since the have had such a slow start from 2001 through 2006, many early adopting labels have either stopped DVD-A and SACD production completely right now, or are only releasing obscure titles or only a very limited selection. Notable exceptions to this are (in the Classical world): Tacet, MDG (DVD-Audio); Pentatone, Channel Classics, BIS, Alia Vox (SACD). Please check my del.icio.us links for online retailers.

Going forward, I expect that SACD will get a lot of attention, especially from the labels (see e.g. the Genesis re-releases on SACD). The reason for this is quite simple IMO: SACD the the *ONLY* format that has not been hacked so far - all others (including BluRay and HD-DVD) are copyable. And I think that this will stay like this for quite a while for the following reasons:

• There is no SACD drive for computers - that makes hacking infinitively more difficult.
• The copy protection mechanisms are not very well understood.
• There is no known way to create a SACD at home that can be played on a stock SACD player.
• Even if the SACD was hacked, there is virtually no mainstream hardware and almost no software support for DSD, making the digital data very mainstream unfriendly.

You might argue that you could sample the analog out at 96 kHz or better or capture the converted PCM from some hacked HDMI conversion player. All this would require a lot of expertise and probably some fairly expensive hardware, again making this approach not attractive to the mainstream user.

No even if you overcame all these hurdles, you'd need to play the 5.1 96KHz track somewhere. The only easy-to-use solution today is the creation of a DVD-Audio disc (which is not trivial or expensive). Alternatively, you would need a decent PC with a 6 analog out and some knowledge to configure the soundcard(s) properly ... not mainstream user, again.

Instead, they would simply copy the RedBook data from Hybrid discs and be happy. Therefore, I think that at least the SACD will survive the HD wars.

tag: DVD-Audio, SACD, High-Definition, Audio

I recently decided to join facebook (to be precise, right after reading Lauren's blog). So far it seems like an interesting little social tool, that benefits hugely from it wide support in the academic community.
What make facebook really interesting (in my mind) is that it is actually an application platform or - to use a now unfashionable term - a programmable portal.
THis feature really enable facebook to mash-up all kinds of services (Amazon, Dopplr, Google Maps, del.icio.us, to name a few) and present them in a fairly simple UI to users.
A downside (at least right now) in my mind is the insane default privacy settings: If you do not change your default privacy settings: If you do not change your defaults, your data is pretty much exposed to anyone, anywhere (especially since joining a regional network is rather uncomplicated). While this might have some appeal for college students, it is the single biggest issue that I have with facebook - and probably one of the most important reasons why facebook (and MySpace and other social networking tools) got a fairly bad reputation. Sharing personal information by default without EXPLICITLY opting-in is a bad thing.

Interestingly enough, you can extrapolate from facebook et al. to legal standards in general: While the U.S. has largely an opt-out approach to sharing personal information, the E.U. take a much more restricitve opt-in approach^[1].

tag: facebook, privacy, policy

[1] Except when dealing with the various governments - in that case there is pretty much no opt-out at all available for European citizens (e.g. the German GEZ will be able to get all kinds of very personal address history data from town halls and central agencies).

Germany recently changed their copyright and intellectual property laws, with a devastating effect on science and research: Going forward, libraries will only under very limited circumstances have the right to send out digital copies of a scientific article. There are many other new and significant changes - most of the times to the benefit of the "Content Community" (aka content mafia).

Maybe you are directly impacted, or maybe only tangentially. But ultimately, this kind of advantage for the content creator will continue is nibbling away from our rights to private copies, fair use, and - eventually - free speech. And since we do live in a fairly globalized world (at least as far as lobbying by the content mafia goes), this will effect all of us. Therefore, I ask you to consider signing the "Göttingen Declaration", asking for a reform of the latest changes in one of the biggest economies in the world.

tag: Copyright, FairUse

Here is a short little article by the German news magazine DER SPIEGEL on green datacenters. Interestingly enough, one of the biggest German hosting companies (1&1) has decided to go with the SunFire systems with the Niagara processor (8 core SPARC). Econony and ecology go hand in had into the mainstream...

The MPAA has finally proved to the world what they really are: a criminal cartel that does not stop short of illegal means to advance their interest. CNET reports that TorrentSpy has filed a complaint against the MPAA, accusing them of hiring a professional data thief and anarchist (a.k.a. hacker) to steal private communication and trade secrets from TorrentSpy.

Protecting intellectual property and prespecting copyrights? Yeah, sure...

No, this post is entirely unrelated to LAMP or even technology. This is only about a bird nest in the lamp over our main entry door at home. The are two chicks in that nest that really make a lot of noise ...

And here is a closeup:

Anyone an idea what birds these are?

tag: Nature, Birds

This is quite astonishing: I am sitting in a public elementary school in Massachusetts, happily booting my laptop to finish reading some PDF document. After logging in I suddenly notice that my wireless adapter picks up a network: 'linksys'. Amazed that some neighboring home reached into the school building with their WiFi access point, I only quickly check the nameserver to see which ISP that access point is connected to: (name of town).mec.edu. What??? I am in the school network? No WAP/WEP, firewalls, proxy or anything.

Given the fact that the calendar shows the year 2007, I am now really astonished and shocked, that the IT environment of an entire school system is exposed to the world through an unprotected WiFi AP.

The security, privacy, and potential ID theft implications are huge: I assume (though I cannot speak for certain, since I did not even try to touch any of the systems) that some of the systems in this infrastructure contain personally identifyable information about the school staff, teacher and even students. Even a well patched and maintained system that is monitored by advanced intrusion detection software can not necessarily replace a firewall that blocks in-coming traffic. I just hope that - going forward - things like this will never happen again.

tag: security, schools

... software, that is here the question.

There have been quite a few comments for the leadership of my employer lately (GregP, JonathanS), and now Mark Shuttleworth of Ubuntu chimes in.

His argument goes as follows: Microsoft (and in extension most, if not all major corporate software player) really do not have an interest in software patents. Why? Simply because they are obviously the most juicy target a patent troll can hope for: deep pockets, big software products that cover vast areas of intellectual property. Examples of this can be found at Mike Dillon's blog.

In the light of these developments, Non-assertion covenants such as Sun's for OpenID are of crucial interest to the developer community and the public as a whole. These initiatives truly create a "patent cold war" in a good sense, at least within the software industry.

What remains is the patent-troll industry, and here is where regulatory bodies are required to evolve the current patent and copyright legislation ^[1] to a model where inventors and practitioners (like developers or artists) are rewarded, while parasites (like patent trolls and ...) have their air supply cut for good.

I am wondering one thing (and maybe there is a legal expert/lawyer out there who could clarify this): Can I license e.g. software in a way that would revoke license rights from potential patent plaintiffs?  So that any software license has a 'nuclear' provision, that renders the entire license provision null and void, if the licensee (i.e. user of the software) uses software patents for the sole purpose of suing without practicing such patents in a meaningful way. Note that this provision should not be directional, but cover any suit based on horded patents.

If the open source community and the commercial software community adopted a model like this, the patent trolls would at least be relegated to using paper and pen for all of their fillings.

tag: patents, IPR, intellectual property, NAC

[1] absolutely including the completely brainless DMCA and its WIPO relatives

UPDATE: After talking to a few folks (that are quite cynical at times ), I guess my license idea would not work: It would be quite easy for a troll to setup a front and 'outsource' business activities ...

Wow, sensible ideas *do* seem to spread by themselves ... I just read in eWeek that more and more companies are using desktop virtualization. No kidding. I have been using desktop virtualization for more than 4 years now, with my production machine (Email, Blog reading, OpenOffice, etc.) virtualized now for almost a year. Anything else would be totally insane for me, especially since I use a lot of beta (or alpha) software that has a tendency to break certain OSes.

tag: Virtualization

Last night's untalend show was - as usual - quite interesting. Here is the lyrics of some of Eve's andmy song (snippets):

Twinkle, twinkle WS-Star
How I wonder what you are

Architecture in the sky
Now in part in WS-I

Twinkle, twinkle WS-Star
How I wonder what you are
(traditional)

and

Bye, Bye, Mr. InfoCard guy
May be managed some day later
Now he's self-certified

When he left Dot Net
And kissed Kim Cameron goodbye
Saying "Soon I'm gonna be a profile,
soon I'm gonna be a profile."
(after Wierd Al - The Saga Begins, after Don McLean - American Pie)

tag: IIW2007, un-talent

Paul has a wonderful letter to Hubert on his blog ... Sorry Paul, 5 CDN will not do - but here is a web site that might help

tag: identity, OpenID, opensource, sunopenid

I just picked this up from Phil Windley(he also found the lyrics):

Gee, I haven't laughed like this in a long time

tag: humor, mathematics

As most of you have heard by now, a certain number is the focal point of a major controversy between the a small an mostly insignificant, but loud portion of a minor industry segment on the one side and the majority of people living on this planet on the other. Somewhere in the middle are folks like Wikipedia, Google, and as of yesterday digg.com.

The root cause for all this nonsense is - of course - the DMCA, which states that even parts of a DRM "circumvention device" are illegal.

I find it completely intolerable that such a very small group has the audacity to claim protection rights for a simple sequence of 32 hexadecimal numbers that are on equal basis with the protection rights for intellectual property. This is - by all due respect for *actual* intellectual property - completely ridiculous. In fact, I think that this claim undermines the value of intellectual property per se, since  - if this would hold in a courtroom - literally anything could now be claimed to be protected by the DMCA:

Consider the following situation: I am using the number 20 07 as my secret key to unlock 'protected work'. As such, any reference to this number that is even remotely associated with DRM or content protection is a violation of my DMCA guaranteed right. So, if you, or your company should happen to work in the DRM field, be sure to not write down years in any of your communications. While this example is a little over the top, it still illustrates the extremes that are possible in this legislation.

Another interesting question would be: What happens to a person getting a tattoo of a part of a circumvention device? Can he/she be ordered to get skinned? Or terminated?

tag: FreedomOfSpeech

Funny, I find this number everywhere now ... What could it only mean?

UPDATE: I get it! The numbers in the title are only the lyrics to this song on YouTube. I hope that citing his lyrics here is covered by fair use.

tag: FreedomOfSpeech

Here is a nice short article by Scott Hanselman on what is currently happening in .NET land - especially at MIX07. I find his graphic on the evolution of the various .NET technologies quite interesting and helpful. A couple of interesting take aways and comments:

- Silverlight 1.1 alpha, along with the "CoreCLR" will be interesting to disect. According to Scott, there is nothing "micro or tiny" about this runtime, only sane refactoring. That might be so, but the Base Class Library amounts to somthing of a Micro/Mobile edition ...?!

- The Dynamic Language Runtime is interesting - but I am not quite so optimistic to believe that the Microsoft Permissve License will really win the "hearts and minds" of the hardcore open source community...

- The JavaScript/CLR (in process?) integration sound *really* interesting.

Ultimately, the success of Silverlight and the CoreCLR program will probably depends on platform support. And as Sun has learned very painfully, sufficent platform support can only be achieved with truely open source software.

Talk about procrastination: for the longest (sic!) time, the EU-U.S. negotiatons on the open skies agreement seemed to be the the very definition of procrastination. This is now fortunately over: starting next year, we can hope that the monopoly of the few exalted airlines with trans-atlantic licenses will falter and competition and market forces will reign. About time!

tag: Open Skies, Air Travel, Monopoly

The next two weeks (three weeks really) are going to be interesting: first I will present at JavaOne on AJAX interop, together with Marina Fisher. This JavaOne should get really exciting for a whole number of reasons, especially for the open source identity community ... stay tuned.

After that, Phil is inviting again to IIW 2007 which will certainly be interesting and entertaining. I promise to post frequent updates on what is going on there, as well.

tag: iiw2007, javaone, Identity, Open Source

WPF/E (Windows Communication Foundation/Everywhere) is now called "Microsoft Silverlight" and available as a beta here. I think it will be really interesting to see if Microsoft goes beyond Windows and Mac and will start supporting other OSes (like Solaris or Linux) as well... and also *continue* to support this for the future.

Ok, I gave in. I finally registered my personal i-name. So going forward you can (also) reach me by using =beuchelt. My contact page can (obviously) be accessed by

http://xri.net/=beuchelt

Let's see how this goes....

tag: i-name, XRI, Identity

It's been a rough ride for the last couple of weeks since I had a family emergency in December and have been quite busy. Since live is coming back to normal, I will start blogging again (hopefully).

One interesting thing to mention is the Identity Landscape Paper at openliberty.org. It took some time to get this project going, but it is definitively starting to take off. So if you are interested in contributing, please let me know.

tag: Identity

By now, most people must have seen what caused some massive traffic delays in Boston, fear of terrorism, and some pretty uncomfortable press for a major network. Ok, the almost pavlovian response to a number of unlicensed ad signs might have been overblown, and one could make the case that this plays well into a general atmosphere of hysteria and fear.

However,  even the remotest advertising monkey should have realized by now, that there has been a major terror attack in which more then 2500 people died. Part of this attack (and subsequent attempts) was an intentional disruption of public services - bridges, planes, trains, etc. Putting unprofessional ad signs, with wires, batteries and LEDs at critical infrastructure points and high-traffic areas is not only stupid, but DOES raise old anxieties. This is highly unnecessary and - as far as I am concerned - "Terror in Advertising" (some might call it 'Guerilla tactics', but this seems to be a point of view).

I would love to see those responsible punished by the full extend of the law, since these sign were deliberately positioned at critical points - it seems quite implausible that the possible ramifications of such placement were not obvious (unless - of course - they do plead stupid, which is also not too unlikely). Also, a full prosecution and punishment (including termination of the cartoon series, and revocation of their broadcasting license) should serve as a reasonable deterrence for potential other Terror-Advertisers, they feel like they have to top this so called 'stunt'.

tag: Boston, Advertising, Terror

Thanks to Pat, I caught the five-things-bug as well...

So here are the five things that most folks probably do not know about me:

1. I attended a Jesuit border school in Bonn from grade 9 through 11. The only reason for getting away from there was that I was kicked out after partying too much ...

2. In order to make some money during my university years, a friend and I started a boot camp for high school students, to prepare them for their final exams (Abitur). After the first few years this became a big event, and Uwe is now making a living of it. He is mz son's godfather.

3. There is a story behind my given name "Gerald": My parents had differing opinions about how I should be called, so "Gerald" (my father's name) was the compromise. He got that name, because my grandmother really liked the movie "Gone with the Wind" and named her son after Gerald O'Hara.

4. I am really a Linux guy by heart. I converted my PC (a 486) to SLS at kernel revision 0.99.15 in 1992. Seems like a few lifetimes back ...

5. My favorite beer is Mühlen Kölsch.

And now the pleasant part: Robin, Dale, Hubert, Clemens, Marc - you're it!

In a recent school shooting in Germany, a troubled and bullied kid went on a killing spree, wounding 37 and killing at least himself. He was apparently disillusioned by an economic situation that would have sent him straight from the school into unemployment. This is very sad and a horrible waste of talent that no modern society can really afford in an age of global competition.

Now, after the desaster, politicans across the board are trying to "understand" what happened, i.e. come up with lame excuses for their incompetence and offer rash, unreflected but popular strategies to address the issues. Germans - with their tradition of state control and a somewhat troubled history of civic freedoms - have an universal approach to this: Verboten! As such, it is not surprising that first-person shooters (such as e.g. Half-Life or Quake) are targeted for censorship.

I do not want to argue about the pedagogical value of such games. However, in a society where freedom is considered one of the fundamental values [1], censorship is not an option. I do think that access to violent computer games should be limited to adults and that children should be educated about proper use of modern media in school. But teletubbyfying entertainment is simply ludicrous.

The gravest failure lies with the parents, and to a lesser degree with teachers and local society as a whole - they are co-responsible for the failure to educate this young man and offer him a future. At the end of the day however, he pulled the trigger - so the primary responsibility lies with him - and certainly not with the game industry or with the Internet in general.

The proper questions to ask would be: Why did the parents allow him play FPS for such a long time? Why did they not recognize that he had social and academic problems at school and react accordingly? Why did the teachers not discourage bullying at an early stage? And finally: how long will Germany continue on its current trajectory, where qualified labor is desperately needed, but the structures in education and the labor market are so inflexible that talented young people do not get the chance to excel and pursue happiness?

[1] Germany national anthem begins with "Einigkeit und Recht und Freiheit ...", i.e. "Unity and Justice and Freedom ...".

After some extended time without any new entries, I am back. Besides being insanely busy with all kinds of work for the last couple of weeks, I am going through a somewhat stressful personal time: a close family member is going through liver cancer and it is not yet clear what is going to happen. In such times it is really reassuring to have colleagues that are quite understanding, so thanks to all of you.

On more technical side, I have been playing a lot with the (now released) Windows Communication Foundation.. congratulations to the entire Indigo team for delivering the product. Also, Windows CardSpace is occupying a lot of my time and last, but not least, there is the ASP.NET AJAX Beta 1 which came out recently, along with the production release of NetBeans 5.5, the official start of the Interop Vendor Alliance, open sourcing Java ... and so on.

I hope to be able to put down a few interesting things in the next couple of days - however, tomorrow and on Friday I will attend the Higgins face to face meeting in Cambridge, MA.

My paper on persistent AJaX is to be published in the Research Disclosure Journal. Please find it here.

There are no new additions, just a formal publication.

Thanks to the folks at blogs.sun.com, crossposting works for me (again). THe issue was that in the new 3.0 Roller deployment, all XMLRPC traffic was redirected to an HTTPS endpoint - which makes a lot of sense, but caused my client (dasBlog) to give up.

Hopefully, we will see ATOM based publishing soon ....

Tom Clark brought a very interesting article on patents to my attention:

http://www.eweek.com/article2/0,1759,2013011,00.asp

This is really not to single out Microsoft - everybody in the technology field(s) is doing this kind of thing right now. But it is plain wrong: On the one side I do see legitimate needs for software and similar patents - but the current system is obviously so overwhemled that all kinds of nonsensical applications can make it through the process.

From personal experience: some time ago, I had a friend who was in deep trouble: he wrote some open source software to control toy trains. Open source software - nice. Well, some patent troll from Oregon contacted him and told him about a patent he was granted that was - allegedly - infringed by this OSS package. My friend got an invoice for $200,000. It turned out that tthe patent in question "covered" any  cross-process communication - as long as it was related to toy trains. This patent was actually granted in 2003 - about 35 years after the first DARPAnet cross-machine communications RFCs and more than 17 years after Marklin released their first digital control system for toy trains. Bottom line: the system *is* broken.

Here is a very nice introduction to ontologies within the context of the semantic web and - in particular - OWL:

http://www.cs.man.ac.uk/~horrocks/ISWC2003/Tutorial/

Well, I finally bit the bullet and decided to update my production blog engine to the latest build. This will be a new adventure, since I am now really on some 'terra incognita': I am running on a beta platform, with unchecked code. Cool.

Part of this experience was to migrate away from CVS (at least for this project) to SVN. One of the reasons I was hangin on to CVS was the wonderful Tortoise CVS gui that makes versionb control usable even for people who do not love command lines of at least 120 chracters. Realizing that there is now a Tortoise client for SVN as well (here), the move was easy.

The next 'challenge' was to migrate my blog from a .NET 1.1 platform to 2.0 (since I definitively prefer VS.NET 2005 over the older versions, and also like some of the performance improvements in 2.0). Again, this was reasonably painless (almost like Java (tm) ).

So now here I present dasBlog 1.9 on ASP.NET 2.0. Hope it does not break.

BTW: Many thanks to the entire dasBlog developer team! Great job.

Since I was recently going through my inventory of Javascript components to update a web site, I decided to link a few of the nicer ones here. They are not as integrated as the GWT or Microsoft Atlas, but - at times - still quite useful:

Tigra Menu

http://www.softcomplex.com/products/tigra_menu/

This is a nice, easy to configure JavaScript menu bar that works quite well across different browsers (with the notable exception of using absolute positioning, so IE and FireFox will *always* require some different handling).

There are a few more components ot SoftComplex - check also their 'Tigra Hints', 'Tigra Tree Menu', and some more of their components.

The basic edition is free - they have PRO components for money.

SynForce

http://www.netspinner.co.uk/synforce/html/synforce.html

This is a small validation library, that comes under LGPL.

Xin Calendar 2

http://www.yxscripts.com/xc2/index.html

Really nice JS calendar that is free, as long as you keep a link to yxscripts.com from your web site. REALLY nice and extremely configurable.

Here is a little article on Persistent AJaX (P-AJaX) I will be publishing:

---

Persistent AJaX

Applications using Asynchronous JavaScript

There are a growing number of applications that use Asynchronous JavaScript with the XMLHttpRequest object to dynamically update the contents of the user interface. This style of application creation is commonly referred to as AjaX and it is used widely for web based applications. Typically these application can only be used while the client is connected to the internet, since they update the content of the user interface dynamically. A big benefit of AjaX applications is that they can present a very rich user interface and can be used across a large variety of platforms and browsers.

At the same time, it is possible to use similar techniques for creating dynamic applications that are hosted on a local machine and do not require a connection to a server. Such applications tend not to use the XMLHttpRequest object, since network connections are not used.

The boundary of connected and disconnected applications is usually not crossed: either an application requires a network connection or it does not. However, there are many applications that can operate in connected and in disconnected mode, such as email, calendar, etc. Users are usually online, but also take the application to places where network connections are not available and use them in an offline mode.

This paper describes a pattern to create AjaX applications that can be used in connected and in disconnected mode. Ideally, a Persistant AjaX (P-AJaX) application and its data could be stored on a portable mass storage device, such as a USB “thumb drive,” and taken to any computing platform whether connected or not.

Connection State Discovery

It is important to determine for an application whether it is connected to the server or not. This can be done very easily by sending an initial XMLHttpRequest synchronously and setting a boolean variable to online or offline:

var online = false;

function testState() {

req.onreadystatechange = testOnline;

req.open('GET', url, false);

req.send('');

}

function testOnline() {

if (req.readystate == 4) {

if(req.status == 200) {

online = true;

}

}

}

Persistence Technique

In order to be able to use the P-AJaX application on a disconnected computer, it has to locally cache at least some data it receives from the server while connected. This can be done is a variety of ways, e.g. through HTML browser cookies. A more powerful way to cache data is by using a Java^TM technology-based RDBMS system, as it has been described in [1].

There are some major drawbacks to these techniques: browser cookies are stored in installation specific parts of the file system and cannot easily be transferred from there to a USB drive. While the database table and the engine code for the Derby Java RDBMS can be stored anywhere, there is no guarantee that all platforms have a Java runtime installed, thus losing cross platform interoperability.

A simple way to store data in arbitrary locations is a flat file. Such files can contain XML, text or any other data that would be fit for use with a P-AJaX application. This can be easily achieved in Internet Explorer using the FileSystemObject:

var fso = new ActiveXObject('Scripting.FileSystemObject');

var f = fso.createTextFile("C:\\temp\\file.txt",true);

f.Write(time);

f.Close();

f = null;

The FileSystemObject is an ActiveX object and therefore only available on IE. For Firefox there exists the jslib library [2], which implements a similar file JavaScript API for file access.

Cache Updates

In order to allow offline updates to the application data, changed data should get flagged if it changes. This can be done by encapsulating the application data in an XML node and preceding this node with a 'dirty-flag' node. This should include a time stamp of the last write access to the data, like this:

<root>

<status changed=”1”>

Wed Aug 16 10:28:40 EDT 2006

</status>

<data>

...

</data>

</root>

[1] http://java.sun.com/developer/EJTechTips/2005/tt1122.html

[2] http://jslib.mozdev.org/

I was setting up SQL Server 2005 client tools (which are in parts .NET based) and notced that as part of the installation process, the installer generates native images from the the .NET MSIL code. The benefits are obvious, but I was under the impression that Microsoft was - at least in the past - discouraging such deployment behavior.

As you might know, Sun is shutting down their operations during the 4th of July week, so my bloggin will be fairly light over the next couple of days. A few thinks that I intend to spend some thoughts on over this break include:

• Is user-centric identity - as implemented by CardSpace - truly useful for interoperable and privacy-encouraging identity? The obvious interoperability limitation is the somewhat artificial restriction of WCS to WS-Trust. But I think there are other problems with WCS as well: will it be "just another box we have to click away"? If identity information about a user can be transmitted with a single click (by releasing an InfoCard), users might get lured into giving away personal information more easily, effectively having a negative impact on privacy. A good example is the AutoFill function of the Google toolbar: since I am using it, I am a lot less careful about giving away PII - when I still had to enter everything by hand, I was always thinking twice about releasing information.

• How can a CardSpace-like model play well with REST/POX web services? The whole question of lightweight identity enabled web services and application is still quite open.

• Will Germany make it to the Finals? THAT question will be answered on July 4.

Here is a way to ruin your day: watch this movie about a simulation of a 500km rock hitting earth (most unfortunately only in Japanese, but the pictures are excellent).

Well - it seems that WinFS returned to the undead for at least another 1-2 operating system releases: Quentin Clark writes in the WinFS group blog, that WinFS is canceled for Vista and XP. They are now moving those parts that are stable enough for productization into SQL server and ADO.NET.

This article effectively ends Microsoft's second push to move to a relational file system. The infamous Cairo OO-OS in 1991 that was supposed to be built on NT, and then WinFS, as one of the pillars of Longhorn in 2002.

My guess is that this whole thing will be completely tabled until after Windows Vienna ships - this would probably make it 2010 until it comes up, add 5-10 years development efforts, so you might have a chance seeing this by 2015.

Well, if Microsoft wants to update their NTFS file system, they can certainly take a look at Solaris' ZFS. Maybe ... ahh, I am dreaming now.

Since last Thursday, I am a happy owner of a Cingular 2125 (HTC Farady) with Windows Mobile 5.0 Smartphone Edition. I have to admit that since my first step with Windows CE (Pocket PC 2002 on an iPaq 3850) they have made some great improvements. Networking is MUCH easier now, and with the EDGE capabilities I get easily about 100+ kbps in my area. This is good enough to listen to a stereo audio stream, which means that I can now listen to my favorite radio stations from Germany (DLF) whereever I am.

Another great feature is the VPN capabilities of the phone itself. Really useful though is the Bluefire Security VPN client that allows me to dial into my corporate network using a SecurID card.

The next steps will - obviously - to start dabbeling with the Mobile 5.0 SDK and the Mobile extensions for NetBeans.

I talked about Atlas pains in the last entry - here is an innovative approach how to get this across to the developers at Microsoft. Kudos to those who can make fun of themselves. Enjoy!

Nicholas Allen shot a photo of Kirill and myself during our chalk talk yesterday.



Nice to have you met in person and thanks for the photo, Nicholas!

Seldom have I seen somebody less honest than Mike McCurry: His claim that the discussion around Net Neutrality is 'left' vs. 'center' and/or corporation bashing could not be much further from the truth. As many have already pointed out, Net Neutrality is about enabling markets and even more so, limiting the power that a fairly small oligolpoly (in some more rural areas even monopoly) has.

The barrier for entry into the high-speed internet provider market is quite high (next to getting your backbone going, you need to reach out to your customers, which you only really can if you get into some contractual relationship with the very few owners of the 'last mile'). If people like McCurry actually pretend that there is something like market dynamics (let alone be a free one) playing here they are either (i) dellusional or (ii) liers.

If there was real competition and the chance for new competitors to actually enter the market, I would be in full support of letting the market play it out. But this is simply not the case.

After J#, X# and some more abberations, Microsoft is now fiddeling with the idea of Script#. This is a code generation tool for JavaScript - you start with a C# class, run the ssc.exe compiler and get JavaScript from the C# source, instead of IL. He also has some integration with Visual Studio working at this point. The obvious target for Script# is the AJaX world.

I haven't quite made up my mind if I like this approach or not. It definitively seems intriguing for developers that do not (yet) have a solid understanding of UI-side development.

Ars Technica reports some good news on the net neutrality issue. At least there is now an alternative to the Communications Opportunity, Promotion and Enhancement Act proposal available. Some members of Congress seemed to have realised the importance of this measure (maybe those that subscribe to Vonage??)

My final project for this quarter's Stanford course (MS&E 201: Dynamic Systems) is going to be quite interesting. We will try to understand the dynamics behind open source adoption and the challenges it brings for Microsoft.

You might know that StAX (JSR 173) and the System.Xml.XmlReader/Writer classes are quite similar, at the very least in scope. A very interesting difference (that gave me a lot of grief in porting/implementing these APIs) is the way namespace attributes are being treated.

In StAX, namespace attributes are typically dealt with through different calls than those used for 'normal' attributes. This special treatment also comes with a table, where defined namespaces can be stored and referenced. In .NET, a namespace attribute is just another attribute, but they also have an XML namespace table, managing prefixes and scope.

While the differences are only significant on layer 8 and 9 of the ISO stack (politics and religion), porting from one to the other API is quite interesting and - at times - forces you to think about the infoset in new ways.

Lauren Wood sent me this web link.

Internet Net Neutrality

I wrote this a few years ago, just months after moving to the U.S. I was in San Diego at that time, at the 49th IETF meeting. One afternoon, I had some time, so I decided to drive to the U.S.-Mexican border. It was quite an experience, and quickly afterwards I sat down in a small outdoor cafe to write down some thoughts that I had back then. I just found this piece when cleaning up my home directory.

Sadly, the House Commitee on Energy & Commerce decided to strike down the provisions in a draft bill that would have allowed the FCC to stop ISPs and telco from extorting customers and web service providers. The arguments of the ISPs are hypocritical: the lack of such provision will allow them to stifle innovation, effectively shut down or limit competition (like e.g. Vonage VoIP service, or the next generation of media delivery).

I sincerely hope that other commitees of the House and maybe other parts of Congress in general will handle this ciritical situation with a better understanding of the technological and commercial ramifications. I also hope that Rep. Markey will not bow down to this defeat, but instead fight for his very sensible provisions elsewhere.

It is interesting to see what Microsoft has done with Windows Mobile so far, and where they plan on going. This presentation give a good overview and also a fairly good lookout on what is coming and when.

Some highlights:

• Windows Mobile 5.0 - released
• MSMQ support
• SQL Server 2005 mobile
• .NET 2.0 compact
  
• 'Crossbow' Release in late 2006, to hit the market by mid-2007
• 'Photon' Release in late 2007, to hit the market by mid-2008
• New kernel
  

It seems that they are now switching to releasing a new version of the mobile OS every year or so.

Interestingly enough, they seem to have cut the roadmap slides in the above version (or am I missing something?), but you can still see the full slide deck using Google's cache.

Aside from everything else happening around me, I had 'one of those days' yesterday:

It actually started pretty good. I finally got my acto together and moved my 19" rack from my garage to work, to get better use out of it. Fortunately Marc H. was able to help me, since this thing is really heavy (and would never fit into my little crappy car). Everything worked great, and in less than two hours the rack was happily humming in my lab. We went to lunch.

Now, after lunch I want to move my old server (mail, file & print, CVS, etc.) into the rack. Fair enough, not a big one: everything in the rack connected, I start the system, BIOS and POST come up, the OS is starting to boot happily ... 3 ... 2 ... 1 ... BLACK. No more restarts - the system is DEAD.

A few sweat drops later, I see that the fuse in the power supply blew. Well, not a problem: it is a six year old system and after a little scavenging in old PC rubble, I find a compatible 6.3A fuse, replace it, put the system back together: it works! Great, back into the rack, power on, BIOS comes up ... 3 ... 2 ... 1 ... BANG, smoke coming out of my server .... argh!

The adrenalin level is quite high now, and I decide that a smoking power supply will be a little too hard to fix. CompUSA is your friend, and a few 45 minutes later I am back with a brand new 500W power supply. Finally. Well, the old one was over 6 years old anyways, no surprise. Into the rack, power on ... 3 ... 2 ... 1 ... BANG ..BANG.... (dead silence).

Something is definitively fishy here, right? Have I just lost my marbles or what is going on?

Well, something is strange, but this time it was not me: The Compaq (now Hewlett Packard) PDU (Power Distribution Unit) is a 127V 30A monster, which comes with a fat power cord and a huge three prong plug. In the past it fit happily into a 125V, 30A outlet. The outlet in my lab, which fits the plug really well, is a 250V outlet.

It seems to me that either (i) the electricians of the building have made a fatal mistake, (ii) the Compaq (now HP) engineer designing the PDU was smoking something terribly unhealthy or (iii) the electrical code is inconsistent. Either one of the three possibilities is not quite reassuring ...

This will make the SunRay slim clients more useful: You can attach all kinds of USB mass storage devices to the SunRay USB ports. E.g., if you have your USB key chain drive, you can connect it and it will be automounted in

$DTDEVROOT/mnt

which resolves by default to

/tmp/SUNWut/(username)/mnt

CDs, DVDs and the like are not yet fully supported, but they might work.

To administer your drives and allow for graceful removal, use the /opt/SUNWut/bin/utdiskadm command.

It kinda seems obvious, but you will loose access to the drive if you hotdesk (i.e. switch from one terminal to the other).

This feature is available since the SSRS 3.0 release.

Today, Sun opens their Enterprise tools to the NetBeans community. This is really good news for Java developers, since they now get a truly modular, extensible, easy-to-use and easy-to-install IDE, that features:

• UML modelers (both ways)
  
• XML tools
• SOAP orchestration
  

This is obviously in addtition to the Matisse UI builder, the profiler, the J2ME development tools etc. Also, the NetBeans platform is now also being used for non-development applications (see e.g. the Stocktrader application).

The blog on my home system was last night not reachable, since my cable modem decided to refuse service. I hope this is fixed and service will be reliable, once more.

Hmm - unfortunately, dasBlog is not very friendly to JRoller when talking MetaWeblog. It seems that I have to stick to Blogger ... sigh!

Here is a screenshot of Vista on a Sun Ultra 40 AMD workstation. I forgot to post it earlier, my apologies.

Note that the video board is fully supported without any additional drivers. Only the audio board does not work out of the box.

Through Tim's ongoing: Check out this post on WS-SopranosDesperateHousewivesKwisatchHaderach ...

Erwin Tenhumberg made some remarks on his blog that I would like to comment.

Microsoft trying to support their legacy products with an open standard is not an oxymoron. It would certainly be a lofty goal and would find my full support.

The problem that they are facing however, is that this goal is not only lofty, but extremely hard to achieve within a reasonable time frame. The old MS Office file formats are not trivial and they support OLE objects. To come up with a truely open format to support this and many other features, some of which haev been created by their 3rd party ISV's, is very hard.

If you consider now the time and market pressure, Microsoft was in need of choosing between a truely open format and a somewhat documented proprietary format. They chose the later for business reasons (I guess). One issue with a truely open format would have been the problem that public stewartship of the protocol would have further delayed either Office 12 or the implementation of that format in Office 12.

The fact that they are now trying to sell the 'OpenXML' format as open is somewhat dubious. Even worse is the proposed ECMA seal-of-approval for a subset of the output of Office 12 [1] and its submission to ISO/ITU-T for consideration as an international standard. 'Open' means much more that RAND - see e.g. the Minnesota house draft.

[1] The OpenXML specification does not include the full specifications for OPC. While straightforward (I am tempted to say 'copied from Star/OpenOffice' ...), Microsoft could potentially stall, delay and/or deter implementations for OPC through legal means. Office 12 creates OpenXML documents that are contained in OPC files. See here for some more discussions on this.

Once more, I am trying if dasBlog and JRoller are finaly cooperating. This is the first entry to be cross posted. Let's see if this works. Since I am using dasBlog as my Main blog, here are the settings for crossposting to http://blogs.sun.com/roller/page/beuchelt:

Profile Name
Host Name		Port
Username		(set)
Password		Repeat
Endpoint		API Type	Blogger

Again through ConsortiumInfo: Minnesota is introducing a bill that will require the state CIO to chose products that support open standards over those that feature proprietary ones. This is definitvely good news, particularly when looking at the extensive definition of "open" in the text (H.F. 3971, 1.1 (f)):

(f) "Open standards" means specifications for the encoding and transfer of computer 
data that: 
(1) is free for all to implement and use in perpetuity, with no royalty or fee; 
(2) has no restrictions on the use of data stored in the format; 
(3) has no restrictions on the creation of software that stores, transmits, receives, or 
accesses data codified in such way; 
(4) has a specification available for all to read, in a human-readable format, written 
in commonly accepted technical language; 
(5) is documented, so that anyone can write software that can read and interpret the 
complete semantics of any data file stored in the data format; 
(6) if it allows extensions, ensures that all extensions of the data format are 
themselves documented and have the other characteristics of an open data format; 
(7) allows any file written in that format to be identified as adhering or not adhering 
to the format; 
(8) if it includes any use of encryption, provides that the encryption algorithm is 
usable on a royalty-free, nondiscriminatory manner in perpetuity, and is documented 
so that anyone in possession of the appropriate encryption key or keys is able to write 
software to unencrypt the data.

Wow - this goes definitively far beyond RAND and comes pretty close to my understanding of what 'open' really means.

It seems noteworthy that as per provision (6) in this list, the 'openness' of a data format is quite viral in the sense that it requires all descendants to be 'open' as well. One problem that I have with this provision is that the standard itself cannot gurantee that any descendants will be open - if there is an extension point, any implementator could choose to extend without documenting. This should be clarified in the text, maybe to the extend that it should reference the implementation, not the standard.

There are a couple of quite interesting developments in the office document formats discussion. One if them being that the Australian National Archive is now moving their entire content to ODF. This can be considered a major victory for ODF on the long road to broad government adoption.

A little mixed is the current situation at SC 34 of ISO regarding the formal standardization of ODF through ISO/ITU-T: since Microsoft recently joined the sub-committee working on this, there is the possibility that they are trying to stall the process, until their OpenXML formats make ECMA and thus go head to head with ODF.

Microsoft on the other side is now also sponsoring a community dedicated to working with their XML office formats. There is nothing about the binary formats (yet?), but it hosts a few interesting articles and links, including a high-level introduction to the packaging model.

The Sun Game Server is the first product released from Project Darkstar. It is a online gaming engine that scales massivly and comes with a rich set of client APIs. You can get the EA bits here: https://games.dev.java.net/.

Update: The final web site for Darkstar is going to be http://www.projectdarkstar.com - Thanks to Jeff Kesselman for pointing this out.

Tags: Online Gaming, Darkstar

Yahoo! (well, actually more: Goooogle!) Google Earth finally has some decent resolution for my most favorite regon on the planet: Cologne, Germany and surrounding areas. My parents house is extremly crisp - you can see the citrus plant on their porch .

Tags: Google Earth

Here is an interesting interview with Steve Ballmer of Microsoft. In it, he muses about the potential claims that Microsoft might make against the Linux user and development community.

This is just plain sickening: FCC Comissioner Martin expressed understanding for the plans of the large telcos like AT&T to extort Internet web sites and services. While some arguments brought forth might be valid, in the end the consumers actually pay the ISP and telcos to get access to all internet sites with any traffic they (the customers) like. As far as I am concerned, creating a 'multi-tiered' internet is getting dangerously close to limiting free speech. To me this is a great example of over-regulation and monopolies harming individuals rights.

Tags: Regulation, FCC, Internet

And now for somthing completely different:

The Japanese AIST has created the first truly three-dimensional pictures ever. Is this the beginning of the Holodeck?

Well, I am finally back.

No, I did not take an extended Christmas/Hannukah/Holiday vacation, but had to dubious pleasure to undergo some neck surgery on December 21. Surgery, hospital, and pain by itself do not create a lot of good feelings with me, but neck surgery is really quite bad: you cannot turn your head, you have severe problems swallowing, you have to sleep upright ... the list goes on and on.

For the past couple of days I have been able to walk around all day and most of the incoveniencing limitations put on me post-OR are now lifted. Stay tuned ...

Threads are cool. You can do a lot of things at the same time: you can calcuate a response, paint a screen, or even block a resource so that all other threads have to wait -- and all at the same time ...

Seriously, a well threaded application should in these days be the norm. At least that's my point of view, and therefore it is not hard for me to point you to Sun's recent CoolThreads technology (formerly codenamed "Niagra"). The hardware folks put 8 cores on a single die, each being able to run 4 threads at the same time. That's threading - in hardware.

Once more, I am toying with the idea of using an offline editor to edit my blog entries. There are currently two contenders: WB Editor and RocketPost. While I do like the RocketPost interface better (so far), they do not seem to support non-standard TCP ports. Since my blog lives on port 8080 (for a variety of historical reasons), this could be a show stopper.

As for WB Editor, I am quite pleasantly surprised how far offline blogging has come since the early days of w.bloggar. A really nice feature is that it utilizes the IE URL history, making it ridicously easy to add hyper links. I will probably continue to use this tool, at least during the trial, and then make a decision afterwards.

Well, the new release of FireFox is out and it is not looking bad. It is really refreshing to see that after the browser wars were supposed to be over, we are seeing again some healthy competition. There are already a few nice features that FireFox introduced that Microsoft announced for IE7 which is due some time in December. Tabbed browsing is one of them, eliminating browser clutter.

Recently a German news weekly posted on their website that they are already seeing between 32% (weekdays) and 40% (weekends, from private PCs) FireFox usage, which is significantly more than the usual reported numbers of around 5% market share.

I expect a fairly interesting new battle in the browser wars epic with the arrival of WPF/E capable browsers [1] on the Microsoft platforms. This time HTML might be at stake, although I would be surprised if XAML applications would actually start to replace HTML applications on the public internet.

 

[1] For the uninitiated: WPF stands for Windows Presentation Foundation which is the long announced, yet to be delivered Avalon API for .NET. the "/E" stands for Everywhere - WPF/E is supposedly an IE-embedded Avalon/XAML runtime, that will render XAML instead of HTML.

...contains a nice collection of articles and factoids on the Open Document Format debate. Please take a look at it here.

Since I finally decided to follow my most basic instincts/conscience/sudden inspiration/whatever and setup a personal web site, I am now promoting it...

Please check http://www.beuchelt.com/ or http://www.beuchelt.net/ for my page. You will be able to get to this blog at http://blog.beuchelt.com/ and http://blog.beuchelt.net/, although the old address (http://beuchelt.blogdns.net:8080/ will stay).

In the unlikely circumstance that you are interested in taking a look at some of my older articles, please drop me a line at: work at beuchelt dot com.

I just wanted to step back and thank my collegue Lauren Wood for her superb efforts organizing the XML conference (for the 5th year!). As a speaker, as well as an attendee, this was a most pleasant and interesting conference.

For all attendees of XML 2005: I just updated my paper on Using SAML for Platform Security. Please check http://2005.xmlconference.org/proceedings for the updated version.

All non-attendees: The proceedings will be made publicly available by Nov 30, this year. I will also publish the paper here.

I have just configured dasBlog to use cross posts. Let's see if this post makes it to my old blogs.sun.com blog.

For those reading this on blogs.sun.com: my new blog is at http://beuchelt.blogdns.net:8080/.

Hmm - 2nd try.

Now, here is an interesting talking point: XML Encryption (XMLEnc) is bad.

"Why?", you might ask. Well, in their lack of infinite wisdom, the XML encryption community left out a very important concept: Authenticated Encryption, i.e. combining signatures and encryption to produce ciphertext that maintains confidentiality and can be associated with a key (i.e. a subject/identity/principal/whatever). Section 6.1 in XMLEnc-Core reads:

"The application of both encryption and digital signatures over portions of an XML document can make subsequent decryption and signature verification difficult."

and

"[...] the interaction of encryption and signing is an application issue and out of scope of the specification."

So, essentially, AE is left as an exercise to the reader. This is not good, particular since AE is not too complex, and - in fact - quite well understood. See RFC 3961 (Kerberos) or "Authenticated Encryption ..." by M. Bellare et al.

Without AE, XML encryption is not complete and - for many real security applications - useless.

Yesterday, we had our first day at the booth here at XML 2005. We were able to attract a fairly large crowd, talking about the Identity products, StarOffice, the XML Registry, JWSDP and Open Solaris. Up there is a picture of the booth prior to opening the showfloor.

 

Living in Massachusetts, I strongly support the state's move to migrate their publications and documents to a truely open format (i.e. OASIS Open Document).

Now I recently ran across a public petition to the German Parliament to enact a similar regulation for the German authorities.

Now: if you are German and feel like this is a good idea, please go here: http://itc.napier.ac.uk/e-Petition/bundestag/view_petition.asp?PetitionID=11

Due to very limited internet connection, I have to be brief. Here are some of the result of my trip to IETF 64:

• There is definitively a fairly broad interest in using SAML within the GSS-API framework.
• A small group is currently discussing feasibility and scope of such a approach

Originally, we proposed three major modes of combining SAML with GSS:

• An internal decoration approach: SAML assertions could be used WITHIN existing mechanisms (such as e.g. Kerberos) to carry addtional attributes associated with the principal.
• An external decoration approach: Similar, but instead of using pre-existing extension points, use the stackable mechnism approach instead (see www.ietf.org, kitten WG). This approach would have the clear benefit of being composable with mechnisms that do not have extension points (e.g. Username/Password).
• A native mechnanism: A SAML AuthN statement is exclusively used. While - IMHO - most promising, this approch will be technically most challenging: first, there is no key exchange defined, second, the only crypto related XML standards (XMLDSig, XMLEnc) are - at best - poor

I will post more after XML 2005.

Well, I have to admit, it is a lot easier than it used to be. A few caveats, though:

• I prefer to configure after the installation manually. I had one nasty failure during install at some time when I was using automatic configuration during install (This was actually because I installed JES on an AD domain controller, so port TCP/389 was bound, so the LDAP configuration would fail, and (almost) all other configuration after that depends on the availability of the config server).
• When configuring the directory server, please edit the directory server properties file before running DSConfig.bat. The README doesn't say so, but I had a much better time when I did.

When uninstalling JES, you might end up with a case where the Directory Server Windows Service was not unconfigured. In that case, you must go to HKLM\System\CCS\Services and delete the keys for slapd-(your server identifier here).

Here is a very interesting analysis of the debate between proponents of the OpenDocument format and Microsoft:

http://en.wikipedia.org/wiki/Open_Office_XML

If you are looking for a Java IDE, please take a look at the latest Netbeans 5.0 beta: http://www.netbeans.org/

Some of the new features:

• Support for Tomcat, Sun Application Server, BEA WebLogic and JBoss
• Massively improved GUI builder (Matisse)
• Web Services client support built-in
• Web Frameworks (JSF or Struts), including palette drag-and-drop

I will post more about this a little later.

Last night I went to one of the most under-advertised session at PDC. At 9:00pm the ShowOff team showed 22 short films by developers and small companies about their "that's cool!" projects.

Highlights included:

• "Finalizer" - a WinCE powererd Battlebot
• The BarCode service in 15 minutes
• The steel-ball labyrinth game on the tablet PC that got motion tracking through a web cam
• LegoLand entertainment park rides controlled by real-time CE and XP

As far as I know, these movies will be available sometime next week on channel 9.

I just realized that all my old blog entries are missing and thus, some people might not know me:

My name is Gerald Beuchelt, and I work in Burlington, MA, as a Web Services Architect for Sun Microsystems, Inc. My bio can be found here, along with a picture.

UPDATE: You can now find much more information on me at http://www.beuchelt.com/.

Well - I always *love* to arrive in LA (not!): The plane was late, we deplaned on the taxiway, the baggage took 1 hour and I got lost (again) in LA's freeway jungle. Just to top it off, LA is currently in the middle of a major blackout .... Oh, well.

("Don't be such a winer" - yeah, I know. Still, I love to hate this city )

I'll head over to the conference center around 4:00, and I guess I'll be hanging out in the BOF are or around Commnet. See you at 9:30!

After partially loosing my old blog here, I decided to get a fresh start. I will post a few of my older articles here, if I find the time.

Since last week's Monday (March 7) I am in a new position within Sun: I am now working in the CTO's Business Alliances group, together with people like Eve Maler, Bill Smith, Lauren Wood and some more really smart people. We are working closely with different groups within Sun and Microsoft on making the alliance of the odd couple (Sun/Microsoft) a reality. I am truely looking forward to this challenge, since this group is in the unique situation of being able to influence not only Sun's but the entire industries perception of interoperablility and Web Services in particular.

To me, this is a long-due fine-adjustment to my tenure at Sun: I started with Sun Germany in 1997 as a pre-sales Systems Engineer responsible for "PC" Interoperability. Then - in 2000 - I took up a job with the (mostly) Boston-based Competitive Strategy Group. Our charter was to support the Sun Legal team on various occasions and supply them with Microsoft Interoperability Information...

This is going to be fun.