A small note: if you are using Lightning for Thunderbird and you install or upgrade to Ubuntu 8.04 (Hardy), you might run into an issue of you calendars disappearing (probably only when using the build from the Lightning website):

Error: [Exception... "Invalid ClassID or ContractID" nsresult: "0x80570017 (NS_ERROR_XPC_BAD_CID)" ...

.../extensions/%7Be2fda1a4-762b-4020-b5ad-a41df1933103%7D/components/calItemModule.js
Line: 67

This is related to the fact that Hardy upgrade the C++ libraries to libstdc++ 6. In order to fix this, you might want to try installing the 5.x version of libstdc++. 

Another goodie: starting with Lightning 0.8, WCAP support for the Java Calendar Server is now part of the main trunk.

I attended a meeting of the Hartford, CT, chapter of OWASP yesterday - James McGovern was so nice of inviting me there. OWASP is a group focusing on web application security, with a heavy emphasis on "application" (in contrast to "infrastructure"). Most of the attendees were either directly working in the financial industry or closely working with them - at the end of the day, it was Hartford.

To me it was a very interesting event - especially since I have mostly been thinking about platform and infrastrastructure security and not so much about the applications. Some of the emerging standards (like PCI DSS) were rather new to me, but seem interesting enough for me to take a look at.

Some more interesting tools and tidbits:

• WebGoat is a "deliberately insecure JEE application", designed to teach developers how to *not* code a web application. This should be fun to take a look at.
  
• WebScarab is an intercepting HTTP(S) proxy.
  
• The OWASP Top Ten also has some interesting reading.
  

Overall, I am looking forward to staying in touch with this group.

It took quite a while, but by now it is out. Please welcome the Windows CardSpace Information Card extensions for OpenSSO:

https://opensso.dev.java.net/source/browse/opensso/extensions/authnicip/

When I started working on this last spring, I was not even hoping to see this released in open source and part of the OpenSSO extensions family in less than a year. It took the goodwill and talent of quite a few people to get this off the ground, but with the public release of this code and the upcoming OSIS interop during the RSA onference, OpenSSO is now "speaking ISIP" ...

tag: CardSpace, OpenSSO, InfoCards

This is seriously groundbreaking: Clemens (also here) just finished an example of a Metro client accessing Microsoft's BizTalk Services (aka Internet Service Bus). "Well", you might ask, "what is so groundbreaking about this? Isn't this what this whole web services thingy was supposed to achieve? Interoperability?!"

Yes, indeed. However, this is the first time ever (to my knowledge) that Microsoft is releasing JEE code, built with Metro within NetBeans, as part of an SDK. Getting there took quite a while, and was largely enabled by Sun and Microsoft working very closely together in a series of interop-plugfests. The latest installment of these got (especially) WS-Trust interoperability to a point where you can now use the client implementation in Metro to access the STS provided by the .NET Framework.

Congrats to Clemens, but also the Metro team (namely Jiandong and Harold).

tag: Interoperability, WS-Trust, Metro, BizTalk Services

tag:Identity, CardSpace, OpenSSO

tag:Ubuntu, Gutsy Gibbon, Sparc, Xorg

tag:qtrax, iPod, music

Maybe, maybe: there are signs on the horizon that the content industry will finally come to grips with the harsh reality that their old models just do not work anymore the way they used to: enter Qtrax, a free, ad-supported P2P network that claims to have the blessings from a bunch of major labels, including Sony/BMG and EMI. Qtrax will lauch tonight, so soon we will know more.

Overall, this might be a sign that the RIAA monopoly is finally understanding that suing their customers is not a good way of advertising your goods. And while MP3s are not exactly the encoding that HiFi fans' dreams are made out of, it is still an interesting start into a hopefully much brighter future.

There are a few things that really interest me:

• They are using the Mozilla rendering engine. That is a good thing. Period.

• They promise iPod compatibility. Hmm.. this sounds odd, since the iPod is quite capable of playing back MP3s. Now - assuming for the moment that they are using MP3s - why would you need to make the iPod compatible? Unless there is some sort of DRM or platform lock-in included ... we will see in about 3.5 hours ;-)

• Who will be the ad source, ie. which advertising seller will get the opportunity to get access to a potentially gigantic market. While I have absolutely no idea, I'd be surprised if the name of that company started with a 'G'.

• How will Apple and the market react? At the end of the day, this whole thing is a thinly-veiled attack against Apples extremely strong position with the iPod and iTunes. If Qtrax can offer a similar level of ease-of-use, Mr. Jobs will have to do some very creative thinking.

• What is their Linux story? Or - to rephrase the question in a more interesting way: What is their open source/open specification story? I can see that they are not particularly interested in opening up their platform, as this would directly undercut their ad-based business model. But will they allow ports or make the engine at least reasonably portable to other OSes, including Linux, but also Symbian or other cell-phone OSes (and - of course - OpenSolaris)?

We will see ... soon.

tag: iPod, apple, audio, music, qtrax

For years I have been playing around with all kinds of computer based TV and multi-media solutions and toys: Windows MCE in its various editions from 2004 to Vista, early versions of MythTV and proprietary stuff. Until now none of these where really at a point where they were actually useful for a family room:

While Windows did have a reasonable UI from the start, the fact that it recorded to a highly proprietary format with nasty DRM implication was a deal-killer right from the start. Some of the tuner-cards (like ATI) attempted to mitigate this by bundling plugins for MPEG-2 conversion, but these were implemented rather clumsily and had frequent failures.

MythTV was - until recently - also more of a geek toy: nice for my lab or office, but nothing I could really throw at my family. Now, with the 0.20 config found in the Gutsy release of Mythbuntu, MythTV takes a rather large leap towards usability. 

• The UI is basically usable and driver support (especially for the tuner cards) is becoming acceptable. I am using an WinTV HVR-950 USB stick now with my digital-over-the-air setup and there is not a lot more I could ask for in terms of device support.

• The proprietary NVidia drivers are good enough and support the motion extensions that are needed to offload motion processing to the GPU.

• For audio, I require at the very least S/PDIF support (mostly for lossy Dolby Digital, but there is no other format like e.g. MLP being used for digital TV at this time), which has been quite painful, but ultimately doable.

• There seems to be decent remote support, but I am right now still fighting with my old ATI Remote Wonder (I think that I will cave in here at some point in time though).

The by far most important factor for family room usability for me is RTC wakeup: I could not near having a computer with its nasty fans running all the time. Enter ACPI controlled RTC wakeup: using a couple of scripts^[1], I was able to make the MythTV box boot up in time for any show that I wanted to record. Very cool.

One thing that I was fighting with in the end was a problem with the way MythTV could be shut down automatically after an unattended recording session. For this, MythTV provides mythwelcome(1) which is a helper program to start the MythTV frontend^[2]. The trick that made is work for me was to instruct^[3]mythwelcome(1) to not start mythfrontend(1) automatically: This overcomes a problem with session management in Ubuntu and mythwelcome, and allows the box to shutdown automatically after it completed recording.

Bottom line is that I am quite happy with my MythTV box for now.

[1] There are quite a few of tutorials on ACPI wakup out there, many using nvram-wakeup. Discard all these, and only use those centered on /proc/acpi/alarm, instead (if you can).

[2]  Mythbuntu Gutsy is actually quite smart about using mythwelcome(1): You only need to go into /etc/mythtv/session-settings and enable the welcome shell. No need to change the mythstartup.sh script.

[3] Press the 'i' key while in mythwelcome(1) to configure this.

This is so brain-dead, it is actually quite funny: In a move to make sure that he will be seen - once again - as a brave contrarian, John Dvorak thinks that Oracle paid Sun to kill MySQL. After reading this article, I had to verify that this was not The Onion, but actually MarketWatch.

His argument is fairly simple: Sun has a bad track-record of M&A, so Larry Ellison forces his old buddy Scott  ... ahmm, no wait, it's Jonathan now ... to buy MySQL and ruin it. To prove his point, Dvorak links to a list of recent Sun aquisitions that - allegedly - went bad.

Let's take a look at that list of "failures" again:

• SavaJe - JavaFX Mobile

• SeeBeyond - JavaCAPS

• Tarantella - Secure Desktop

• Waveset - Identity Manager

• StarDivision - OpenOffice (my addition to the list)

Last time I checked, pretty much all of these above technologies were thriving, some of them actually driving at the leading edge of their respective markets and/or standards regimen. Have there been failures or less successful aquisitions? You bet - that happens practically everywhere. There were also some aquisitions that were mildly successful, and others that came to pay off in rather unexpected ways or much later (Cobalt and the Sun x86 story come to mind).

The MySQL acquisition was and still is nothing short of brilliant. Sun has a major league RDBMS now that is being used by virtually everyone in the (your favorite technology moniker here) 2.0 market. And while most of these organizations and individuals are happy with an unsupported open source model, there are still a lot of big companies that use MySQL who are in need of support and other services. This business model fits perfectly into the entire Sun software portfolio and long-term strategy.

It is probably a sign of the time that tech pundits and columnists are now far behind of what is happening in the industry - especially when it comes to business models. On the other hand, Dvorak has been a commentator with a particularly bad track record of making predictions: think about his dismissal of the Macintosh mouse in 1984, his prediction of the iBook failure, his expectation that the iPhone will be a miserable failure, or even his prediction on Microsoft closing down, since the software market is supposedly dead.

The thing that is really sad is that there are even today people who read the name and the headline and assume that he has got a point. He doesn't.

tag: MySQL, Sun

Dare wrote an interesting piece on why RESTful service are much better off without an interface definition language. He is especially picking up on teve Vinoski’s IDLs vs. Human Documentation post, which emphasizes human readable documentation over IDLs.

I am sure that Marc has a somewhat different opinion on this ...

tag: development, REST, WADL