Do as I say, not as I do. Trev's Blog

After my post on OpenSocial, I had no choice but to do some research and sign up with an OpenID provider. Ok, you don't actually need to do any research to get a good OpenID, but I have a complex that won't allow me to make even the simplest of decisions without due diligence. So my choice was MyVidoop, and here's why: browser integration, multi-tier security, and ease and use.

I'm an early adopter; I don't currently use any sites that support OpenID  (although most of them are working on it), but what's drawing about MyVidoop is that it handles existing passwords as well. Here's something to think about: I've never trusted the browser to manage passwords for me. Call me old-fashioned, but I've seen way too many spyware horror stories and hacked browsers (and it doesn't help that I'm a Windows user). But at the same time, I've got this exploding array of passwords to keep track of. So how does MyVidoop solve my problem?

Try an integrated browser plugin (supports FF3) that allows me to store credentials remotely. Actually, it gives you the option to go either way, per password: store it locally in an encrypted file, OR store it with your profile on their secure servers. Why am I okay with this? Because MyVidoop protects my information with several layers of security. Step 1 is browser authentication. The very first thing they check is the IP address and browser signature that is making the request to their system. If it's not one that I have verified using one of several alternative methods (email, text message, voicemail), forget about it, you're not getting in. Step 2 is what they call an "image shield." It's a random assortment of images with corresponding letters, three of which make up my unique password token for that session. It's category-based, so you might set it up to be something like Trees, Cars, and Animals. It's a clever and rather powerful authentication mechanism that relies on the classic usability principle of recognition rather than recall. 

If you have the plugin, it's a seamless experience. Just log in when you start your browser, and from then on it will auto-populate both username and password fields for any site it knows about. And if it doesn't know about it, it'll ask you if you'd like it to.

The final selling point for me was reading their development blog, which shows how their implementation is secure enough to counter a man-in-the-middle phishing attack that is engineered to exploit OpenID providers. It's a pretty cool walkthrough and you can even mount your own attack to see how it works.

Continuing from my Web 2.0 rave on OpenSocial, I'd like to introduce Sun partner Joyent, which provides a host of on-demand computing and storage services to small businesses and startups. They have put together a highly-optimized and scalable cloud, built on OpenSolaris and the Rails framework.  Space on the cluster is sold to web developers via Joyent Accelerators:

"Accelerators are built on OpenSolaris, multi-core (8+), RAM-rich servers (32GB+ each) and vast amounts of NAS storage. Accelerators are deployed in the best routing and switching fabric (Force 10) and the best load-balancers (F5 Networks) available (and always will be)."

They've also leveraged hundreds of DTrace probes to further optimize their environment.  Amazingly, they're offering free Accelerators for OpenSocial and Facebook applications. This is a great way for social/media applications to get started; they can enjoy the powerful Joyent stack from the beginning, and if they happen to grow to thousands of hits per second, they can simply sign on for a contract and crank up the capacity as needed.

And these guys know Rails; in fact, several Joyent employees are or were members of the Rails Core Team. Not suprisingly, their other core product, Connector, is one of the most extensive uses of the Rails framework yet. Connector is an open-source, web-based collaboration suite providing things like email, contacts, calendars, bookmarks, scheduling, tagging, RSS, and search functionality.  The software itself is free, but you'll need a web host and some storage to make it useful.  Ah, what a perfect example of complimenting products.. run it on the Joyent cloud!  Technologies like this are what makes the next generation workplace (one where I can do my work from anywhere) possible.

Joyent also runs OpenID servers to provide its applications and developers a common authentication service.  I'll keep it short (if you don't already know what OpenID is, you need to get with the times), but basically it provides a true single sign-on ability for web applications.  This is huge, since we already have way too many credentials floating around, and the number of web apps is multiplying every day.  A good description of how it works can be found here.

"Many sites, one API", says Google.  For those that don't know, OpenSocial is an exciting new set of APIs for social software applications. It aims to provide a unified mechanism for accessing core data and functions on any networking site that implements the OpenSocial SPI, which will hopefully soon be the universal standard.  This is revolutionary because now instead of having to write five different versions of the same app, social network developers can just focus on making one high-quality, cross-platform app.  The project is an open-source, Google-born collaboration that is based on XML, Javascript, and the powerful Google Data APIs.  OpenSocial apps can also leverage much of the Google Gadgets infrastructure. 

This is a gift from heaven for vendors such as iLike, giving access to much broader network of potential users.  Many social network giants such as hi5, MySpace, and LinkedIn have already implemented the OpenSocial standards, and many others are in the process.  You will not see Facebook on the list however.  They have taken the Microsoft approach with their Facebook Platform, defining and supporting only their own proprietary API. 

As the browser and desktop grow closer together, people begin to speculate about the race to a "web operating system", a common virtual desktop that would be the crown of distributed network computing.  While there are products out there that literally emulate a desktop, Google is the undeniable leader and innovator in this space (that is, redefining the relationship between the desktop and the browser); they've closed the gap considerably with tools like Google Gears, Google Apps, GWT, and now, OpenSocial. 

Sun is well aware of the world's social media trends, and as Jonathan notes in his blog, nearly half the world's population resides in the developing countries of Brazil, Russia, India, China, and Africa (BRICA).  These are the economies most embracing of open source software and standards, and represent a fast-growing sector for technology firms.  From the business model perspective, these are the next several million people that social networks and content developers will try to reach.  Look for OpenSocial to be the foundation for much of that movement.

I've posted before about the Flight Planner application that my team has been developing the past few months.  I thought I'd share a few screen shots.  We gave Silverlight a try, and this is what we got.  It actually doesn't look too bad.  The first shot is of our custom airport locator dialogue, which lets you run custom queries for specific airports.  The second shot is of the results screen, showing a (simplified) flight plan.  It indicates distances, times, waypoints, and most importantly, current weather at each of the airports.  Still a work in progress, but take a look and see what you think.

 

 

It's been a year already since Sun first announced JavaFX, the new rich interface scripting language that would be built into the Java runtime.  Now, finally, we are on the brink of a first release; the latest speculation is that a stable developer preview will be out in May and then v1.0 shortly thereafter.  It's good timing, considering Silverlight and Flex are trying to compete in this ripe market as well.  But I'd argue that Sun is wise to take its time and do it right. 

Remember my previous post about building a flight planner application with GWT?  Well, unfortunately back in the design phase we changed our minds and decided to go with Silverlight.  What a painful mistake!  We should have known that in Microsoft's hasty attempt to ride the coattails of Flash, time to market would win over completeness of implementation.  Even in what they call the 2.0 release, basic functionality is missing... how the heck is there no combobox control in an RIA framework???

Anyway, Flex is promising, but not yet up to par in terms of speed.  One of the JavaFX architects comments on this in his blog, about how it's complicated to benchmark performance between rich web user interfaces.  He notes that they use this site called Bubblemark, which contains implementations of a simple animation program in several different technologies, including basic DHTML, Silverlight (Javascript and CLR versions), Flex, Java (Swing and JavaFX versions), as well as others.  The findings are amazing: both the JavaFX and Swing versions run 3 to 4 times faster (in fps) than Flex.  He also points out that the graphics layer in JavaFX is built on what is still an un-optimized library. "...we are focusing on bug fixes and correctness right now, not optimization, so it's not as fast as it could be."  Awesome.  They haven't even tried to optimize yet, and still it's faster.  We'll see who wins this battle in the end.

For our User Interface Design class we've been working on a flight planner application to allow recreational pilots and aviators to quickly and easily create a flight plan.  The web technology of choice? Right now it's the Google Web Toolkit.  The rich web interface tools GWT has available are powerful and easy to use.  After all, it's just programming in Java... with some added CSS of course.  We've discovered an extensive add-on library to GWT called GWT-EXT.  This toolkit has the power to turn your browser into a truly rich, desktop-like environment.  There is a full demo showcase, with sample source code and all.   

Window managers, dynamic history support, custom tabbed panels, layout managers... this is really sweet stuff.  Our project is still in the prototyping stages, but within a few weeks a concrete interface should be available for your viewing pleasure.

 

 

 

A couple months ago I wrote a little tool that converts an Excel file to HTML and then uploads it to a remote host via FTPS (that's right, FTP over SSL).  There are a few good Java libraries out there for FTP, but I spent hours and hours finding one that supported TSL/SSL and was free.  And worked.  There are several out there that claim to have this ability, but I've tried most of them, and most of them don't work right out of the box, or at all. 

Finally, I found a library called ftp4che.  It's free, well-documented, and just works.  I'll give you a glimpse of my uploadFile() method:

   private boolean uploadFile() {
        txtStatus.append("Setting connection properties..." + newLine);

        String host = properties.getProperty("host");
        String port = properties.getProperty("port");
        String user = txtUserName.getText();
        String pass = new String(txtPassword.getPassword());
        String path = properties.getProperty("path");

        Properties pt = new Properties();
        pt.setProperty("connection.host", host);
        pt.setProperty("connection.port", port);
        pt.setProperty("user.login", user);
        pt.setProperty("user.password", pass);
        pt.setProperty("connection.type", "AUTH_SSL_FTP_CONNECTION");
        pt.setProperty("connection.timeout", "10000");
        pt.setProperty("connection.passive", "true");
        FTPConnection connection = null;
        try {

            FTPFile fromFile = new FTPFile(htmlFile);
            FTPFile toFile = new FTPFile(path, htmlFile.getName());

            txtStatus.append("Connecting to " + host + " on port " + port + "..." + newLine);

            connection = FTPConnectionFactory.getInstance(pt);

            connection.connect();
            connection.noOperation();
            txtStatus.append("Connected..." + newLine);

            try {
                txtStatus.append("Deleting old file..." + newLine);
                connection.deleteFile(toFile);
            } catch (FtpWorkflowException ex) {
                connection.noOperation();
            }

            txtStatus.append("Uploading new file..." + newLine);
            connection.uploadFile(fromFile, toFile);
            connection.disconnect();

            return true;

        } catch (Exception ex) {
            ex.printStackTrace();
            if (connection != null) {
                connection.disconnect();
            }
            txtStatus.append(ex.getMessage() + newLine);
            txtStatus.append("Cannot continue..." + newLine);
            return false;
        }
}   

Pretty straightforward, as you can see.  You just set up a Properties object with a set of key/value pairs defining the parameters for your connection, including the authentication type, and then just use an FTPConnectionFactory to create a connection.  After that, I try deleting the remote file if it already exists, and then upload the new one, with appropriate exception handling of course.  Simple and easy, the way it should be.

Another interesting article about how web developers have "never had it so good", thanks to Sun and MySQL joining forces.  Check it out.

 

..."Sun Microsystems has hired high-profile Python programmers Ted Leung and Frank Wierzbicki, stepping up its bet on open source and scripting languages."  Full story here.

Another strategic move from Sun, right on the heels of the exciting MySQL acquisition; they have really taken this open source movement to the next level.  Netbeans is already "the only IDE you need", but soon there will be support for Python, among other dynamic languages.  And this support will no doubt make its way into the JVM as well.  Someday it will be the only VM you need.
 

If you haven't already, you need to check out GotAPI.com.  It's a one-stop API source for all of the common web technologies, toolkits, programming languages, and frameworks.  This is a huge time saver, no matter what you develop.  If you work on any kind of integrated systems that use multiple API's or even databases, this is a dream come true.  You load up several different API's in a tab-panel, and then within each one you can custom search for functions and constructs.  It actually crawls the official API's and loads them into its interface.  Check it out.

We got word today that the Texas Advanced Computing Center has officially unveiled "Ranger", the world's largest general-purpose supercomputer.

"Ranger is funded by the U.S. Government's National Science Foundation (NSF) as part of a multi-track effort to improve the computing capability available to scientists. Developed by Sun in conjunction with TACC, it is the most powerful computing cluster used for open science research in the world -- capable of an astonishing 504 trillion floating point operations per second."  Sweeeet.

As I was reading about this, one thing that I noticed is that Ranger is based on the Lustre File System.  All I really have to say is, who comes up with this stuff?  Well okay, Lustre came up with it, but really...  a node/object-based cluster system with capacity for billions of files with such astonishing reliability... HPC has come so far.  The scalability potential here is crazy; I just need a personal server so I can play with stuff like this.

Note that there are already 500+ projects at work on Ranger already, and more are being added all the time.  It's "optimized for science", so scientists: have at it.

Back in January I did a demo on JavaFX, Sun's declarative scripting language for creating rich media and content for user interfaces.  I want to take a few minutes and tell you what I like and what I don't like from what I've seen so far.  First of all, integration with existing Java libraries and the Java language itself is seamless.  Everything works just like a normal Java object, and you can make any API call you need to just as you would in a standard Java project.  In fact, you can have all your business logic be normal Java classes and just write you UI in JavaFX.  Awesome!  Secondly, static typing.  I think it's cool to have a script-like language with static typing, because it better enforces the principles of design by contract.  And again, this obviously resembles the Java language itself.  Thirdly, the language constructs are designed to make building a UI much faster and easier.  For example, anything you put inside a Do loop automatically gets executed in a background worker thread.  You mean I don't have to create a custom override of SwingWorker? Yep, that's right.  There are dozens of these nifty little language constructs and conventions that make life easier as a developer.  Take the declarative syntax, much like the XAML model for the Windows Presentation Foundation:  Instead of defining user interface properties and binding back-end data objects to components via a sequence of method calls, JavaFX script allows the programmer to declare the existence of a user interface component (and any subcomponents) via an easy syntax and then declare that component's value be bound to some back-end object property just using the keyword bind.  From that point on, the UI component property and the back-end object property are fully two-way bound; when one changes, the other changes right along with it.

Ok, so what do I not like?  Well, since in the declarative world program execution is not sequential, debugging support is more or less out of the question.  This means we're left with trial-and-error to find out if our code works (or looks, I should say) as intended.   However, your UI itself should not have a lot of complex code to it, so this is not a big deal.  Another thing you will see is that a lot of the example and demo programs are partial recreations of flash websites, and the look really good, but they have to be run on the desktop.  As of now, there's no way to compile this cool stuff into something the browser will understand.  The best alternative at this point is to compile your FX app into a Java Web Start application.  Unfortunately, we're still limited to HTML, javascript, and css to make things run in the browser.  My understanding, though, is that JavaFX will become like applets.  You'll write your UI in JavaFX, and embed it into HTML, much like the way flash applications work.  It will run in the browser but hook into the consumer JRE for its true power.  The proliferation of the standard JRE is quite impressive, and although this is all just speculation, I bet we'll see more examples like this in the near future. 

As a campus evangelist, one of the most common complaints I hear about Netbeans is that it hogs memory.  While it is true that the IDE does have a moderate memory requirement, I think there are several underlying issues that affect this misconception.    Unfortunately, most students do their development on a laptop, usually with a gig or less of physical RAM.  This in itself is not a problem, unless you have too many other processes running.  From java-tips.org:

"If your Java process requires more memory than underlying OS can provide it can cause swapping of pages from/to disk. This results in significantly degraded performance.  It is sometimes useful to increase amount of memory available to the application to allow it manage memory more effectively and this can reduce the time spent during garbage collection cycles." 

Netbeans does not "hog" memory; it uses what it needs, and sometimes the OS isn't able to provide that.  I run Netbeans 6.0 on a Vista laptop with an Intel 2.0 GHz chip and 1GB RAM.  Fairly good specs, although these days one gig of RAM isn't that much.  I do notice increased memory consumption when running Netbeans, but only experience performance issues when building web apps and running Glassfish, usually.  Why?  Well let's start at the bottom.  Windows Vista and the Aero desktop consumes a large amount of memory in and of itself.  Now run the most comprehensive IDE in the world AND an application server AND the JavaDB database server, all on a laptop.  It shouldn't surprise you if things get a bit sluggish.    

Another issue: I/O operations.  From java-tips.org:

"During some tasks the IDE is performing many I/O operations. With a slow device this can cause slowdown of the whole application. Typical examples are resources accessed on network drives or plugable drives like USB disk, storages using compression or encryption and anti-virus applications guarding all accesses to files.  Notebooks running on batteries have slower I/O too."

It's also important to realize that Java's memory footprint is lower than you might think.  It's not as simple as adding up the numbers for all the javaw.exe processes in Task Manager.  You have to account for shared bytes; a lot of memory is shared between multiple processes, but the "Mem Usage" field adds that shared space to every process that uses it.  More on this here.

Wow, I close my eyes for just a second and two months go by. Here at UNL we're already starting to think about final exams and classes for next semester. Some of the progress made by both Sun and the Campus Ambassadors this semester has been astonishing. First of all, I'd like to point out that the UNL Open Source User Group has been steadily growing and is excited about all the new features and enhancements in Netbeans 6.0. I've been doing a lot of word-of-mouth evangelism with peers and professors lately, and all have been very impressed. Personally, I think that the Ruby support in Netbeans is phenomenal; just another example of how this IDE is so powerful and yet so flexible. It's amazing how many different technologies the Netbeans IDE actually supports. And they're constantly adding more (a PHP plugin is on its way!).

It's also not a bad time to mention that Project Indiana is already turning heads. We're still a few months from the final release, but a developer preview is out and is said to be worlds better than previous versions of OpenSolaris. Traditionally as a non-Linux/Unix user, I'm excited that Sun is making the Solaris operating system easier to use and more developer-friendly. I'll keep you posted when I get it installed.

Today I realized that my iPod is old... and so are the 5000+ songs on it. By the way, I'm glad I didn't overpay by $200 on an iPhone only to get $100 back from Apple while the wiser point and laugh. Anyways I've often found the need for portable music, and more and more I'm thinking that sites like ProjectPlayist and Deezer are the way to go. You wouldn't think that music streaming sites are in the same market as MP3 players, but for the past year I've turned to the internet over the iPod almost every time. Obviously this isn't yet practical when you're out for a jog or at the gym, but the more accessible the internet becomes, the closer we're getting to that reality. Look at phones... they almost all have the ability to get music and video, right when you want it. But back to the point: entertainment has leaped into the on-demand age, and we're redefining "portable". Of course, your stereo setup now needs to include a computer, but hey, isn't that becoming the standard now anyway? Now I can log in from any computer anywhere and have all my playlists instantly at my fingertips, ready to go. It's the same with TV shows and movies. The pace of technology is almost sickening, and it reminds me of all the stuff I have that I don't use. But hey, as long as technology can satisfy my "I want it now" mindset, I'll be happy.