those "interoperability people" do not exist as a group. it is a mindset more developers should endorse imo. beats NIH (not invented here) and hacking grandstanding ("you do it yourself, im too leet to care") by far.
but being interoperable (and thus replaceable) as a project may be undesirable for the egoes involved.. reputation lock-in?
RFCs have much more respect in open source circles than committee-created standards.
highly agreed. this is our experience too, do interop in small steps, use what works. we called this the "do a prototype in a day" approach in the article:)
disclaimer im a former postnuke core dev who now works with john cox on the next generation postnuke (along with the rest of the core devs that left in corpore from postnuke)
i looked at SCORM. in my opinion its a bloated mess that stands little chance of being adopted on a broad scale. typical three-letter agency standard:)
first of all, they do have the potential to be cross-browser (ie 6 and mozilla). second, thanks to the built-in schema validation for xopus your users cannot even apply "wrong" text styles etc, because you can only apply styles that are pre-defined in the stylesheets.
finally, xopus is arguably more "wysiwyg" than most editors who are nothing more than textareas with some formatting buttons. for instance, the NYT of switzerland, neue zürcher zeitung (nzz) uses xopus to enter articles. journalists see how their articles flow on the page while they are entering it. quite powerful.
i had to work with their sourcecode, done by the godawful razorfish. (remember, the guys who sent clients away if they didnt like them)
its an ugly mess of asp code generating javascript code which in turn is incorporated via a convoluted include hierarchy.. as to the data model, well they don't have one.
the quality of the code is what you would expect from a teenager, not a professional consulting firm.
i did a few simple changes to that horrid code to see if i could speed it up. instantly it ran 3 times faster.. go figure.
i was really glad when i could dump that code on someone unsuspecting, and head for the hills..
of course i know the/. crowd wants to remain clueless and would never acknowledge that MS is doing something good. it would spoil their immature bashing fun.
heres to hoping that there are some folks left
at/. that actually have a clue about these issues.
the following comment was posted by MS employee Joshua Allen at his weblog
The IIS Plan - This interview with Brian Valentine sums up the main action plan for addressing IIS concerns. The quote that sums up his attitude best is "When we look back in a few years, we will see this as one of the critical inflection points in our company's growth."
Here are my notes, detailing the parts of the plan I found interesting:
Two initiatives for customers: Get Secure:
All virus-related PSS calls for all customers (not just enterprise) are now free. 1-866-PC-SAFETY.
Premiere Support and Microsoft's Consulting Service as of today are offering a Security Assessment Service for large enterprises; this service may be for fee (at discretion of local offices), but will not be profit-driven, and will eat significant costs where customer situation warrants).
Regularly updated Security Toolkit will be distributed. Each will include all known patches and tools, and a one-click "make my system secure." First toolkit mailed and web-distributed on October 15. As of tomorrow, the tools should be available to MS Employees to hand out to customers. All of the tools are fully supported, and are made to run on NT4, Windows 2000, and Windows XP. This is not "resource kit" or loose collection of unsupported tools. Localized versions come later, since getting tools available quickly is top priority.
New set of additional security tools will RTM in December.
Toolkit will not be perfect starting Oct. 14; will make continual improvements based on feedback.
Stay Secure:
Mid 2002 availability of federated Windows Update for enterprises. This lets enterprises run their own windows update service under their own control.
Feb 2002, Provide version of windows update that can be configured to accept and install updates with zero user intervention.
Make security bulletins simpler and integrated with update technology so an IT administrator can simply approve a security patch and have it automatically be pushed to the whole enterprise.
Security patches will now contain absolute minimum fix; no QFE, etc. stuff lumped in.
Internal Efforts (Not Customer-Facing):
(Historically) Windows 2000: Hired a bunch of people to do penetration analysis and code analysis, and placed unprotected servers on the net to let hackers attempt cracking it. Built and used automated code analysis tools to detect some common security bugs.
Windows XP: Code analysis tools have been improved to detect many more types of security bugs, and continued increases in investment in security analysis.
Currently BrianV organizing a full pass review of how security is handled in all groups to look for deficiencies.
Public:
BrianV con-called with 1000+ CIOs and other IT people to get feedback and comment; has handed out his e-mail to everyone.
Any customer should be able to call that phone number above (or contact any Microsoft employee) and get the one-click "make my system secure" tool kit for no charge.
BrianV will be point-person working with competitors, government agencies, etc. on industry-wide solutions. "We think that some of these problems require industry-wide solutions, but we realize that it is incumbent upon us to drive solutions". Brian will take a more visible role in driving these solutions.
So the way I see it, we will be successful to the degree that we:
Assure that no customer ever again finds it difficult, confusing, or time-consuming to keep their system secure.
Improve security going out the door so that fewer patches are required (IMO, this wouldn't have made a difference in any of the recent worms, but is still a good goal for countering potential future threats). The goal here is to be the platform with fewest known vulnerabilities that need to be patched, using any metric you care to apply.
Be a lot more proactive in contacting, encouraging, and helping customers keep their systems secure.
And of course, huge progress in fighting worms could be made by getting the router vendors, OS vendors, and other infrastructure vendors to all work together, and hopefully that happens too.
i am attending microsoft tech ed europe at the moment and had some thoughts about this yesterday which i wrote about in my weblog. the ideas are just a rough sketch what i was thinking about, so please be gentle and judge them by content, not by the form or the clarity of expression..:)
over the course of these presentations it became very clear that microsoft
has unleashed something much larger than it can ever hope to handle like
it has in the past when it introduced the concept of web services. web
services have all the ingridients of a disruptive technology. they place
simplicity where complexity and opaque systems have reigned for so long.
their complete reliance on xml for all aspects has brought them some
critisism from some quarters that they are not being efficient and that
xml adds nothing that was not there before. i was wondering along these
lines as well. however when i saw how the concept of web services has
evolved in one year i started to notice similarities to the classic
and incredibly successful osi model. web services start where osi
ends, but they share the concept of piling indepent services on top
of each other. this has been a very powerful architecture in networking
systems, especially tcp/ip. since xml is such a simple representation
of data it has been very easy to extend web services with additional
layers and make them increasingly powerful. i believe that the benefits
from a large scale adoption of xml will be reaped with ever more layers
stacked on each other, with ever increasing power.
although web services are an active area for the w3c, it remains doubtful
how the industry will counter microsofts.net juggernaut. declaring
support for soap, as ibm, sun, oracle and others have done, is not going
to cut it. what is needed is a credible architecture that can compete
feature by feature with.net. although all the components like apache
(web server), soap for apache, jabber (xml messenging), kdevelop (ide),
postgres sql (database), ldap (directory) exist in the open source
community, they are not part of an overall architecture. it would
be a major undertaking to get the developers of the respective components
to talk to each other and agree on common interfaces.
the old unix argument about never setting policy looks quite silly when
you realize what productivity gains microsoft will be leveraging with
their.net platform.
it also became quite evident that we have seen nothing yet in terms
of the web services architecture. many key pieces are missing, like
meta data to enable the retrieval and processing of semantics from
data (to support agent technology for instance), the questions of
payment for web services and global, fine-grained security matrices (who
has access to which of my data). web services are loosely coupled
but they have no mechanism to guard against api changes or to facilitate
negotiations on usage terms for web services.
oracle & ms are going in the same direction.
on
MySQL FS
·
· Score: 1
with all these companies announcing gnome enhancements, i wonder what the big picture looks like?
any idea how these different projects will work together? or do they have different objectives? afaik, everyone is touting "make gnome easier", but thats quite a fuzzy term is it.
LIDS struck me as a cool way to screw up your system..:)
no serious, i think what this chinese guy is doing is very interesting. he is basically sealing a box equipped with this patch so script kiddies won't mess with it.
among its features (in the words of its author): mem/kmem lock, ptrace syscall lock, Allow some specified processes to access/dev/mem, Modules protection, Mounted filesystem protection, IP Firewall rules protection, Hide sensitive processes, Protects the Append-Only files, Protects MBR of the Boot Device from rewriting. It can prevent the LILO executes.
if you think you have seen your share of cool screensavers, think again.
bomb just blows all of them out of the water.
according to its author, its a visual-musical instrument. It produces animated organic graphics in response to the keyboard, audio music, or on its own. It runs on the console, under X11, or with xscreensaver.
For those folks who saw the Linux Today article about Novell's "Open source plans", here's some food for thought. This is an internal email thread from Novell discussing Open Sourcing of NDS with the principals at Novell with us (TRG) and attempting to negotiate us to stop Open Sourcing NetWare technology on Linux. FYI, Dave Shirk and Novell are full of it, and are in actuality trying to "put the genie back into the bottle" and get us (TRG) under control. Part of their strategy is to FUD the key Linux folks to divert attention and mindshare away from what we are doing. They are out trying to FUD the open source community into believing they are actually going to do something, but it's really a well planned attempt to shut us down from providing NetWare open source technology to you guys.
They first threatened us with more lawsuits if we did not halt our Open Source NDS projects, then Dave Shirk, the so called "open source champion" of Novell fired Bryan Clark, the Novell marketing person who was trying to integrate our Open Source projects with Novell. Dave Shirk called him into an office and fired him for even suggesting that NDS be open sourced on Linux -- then turned straight faced to the the Linux community, stating Novell was moving towards such a direction, and lied to us. The attached internal email threads are provided so the principals in the Linux community know these guys are full of it.
Busted!!!! If they try to suck up to any of you, be warned, their intention is to CONTROL what's going down with their market share. Linux is killing Netware right now, and will easiy assimilate over 1.5 million nodes of Netware next year. This is a predatory move to "trojan horse" Linux and neutralize the threat.
some loser managed to spam tens of thousands of our employees by sending a scam to several internal mailing lists.
of course, other losers within our organization had to check it out and announce to the list that the scam was a scam. (what a surprise)
then, as pressure on the original losers increased, they sent out several retraction notices to basically the whole firm, again. to top it off, still other losers chimed in to complain about all the mails, urging them to stop. (but of course they were too dumb to realize that they added to the problem themselves).
i seriously hope this experience is either followed by an intense education effort or a blocking of these international distribution lists for normal staff.
IX has review too, offline though:(
on
KDevelop review
·
· Score: 1
The german Unix magazine IX has a review of Kdevelop in their october issue. unfortunately, only in the print version.
anyway, you might care to look up www.heise.de/ix, it's a great journal.
>Are the UNIX companies using IA64 to slowly get >out of the CPU business? or the hardware >business in general? That would be an odd >strategy because right now they're making most >of their money off hardware, and that's where >the main differentiation is right now.
This seems a dumb move, if true. After all, the Intel market is more and more becoming a commodity market. Why? Look at recent "server" chips from Intel: Pentium, Pentium Pro, Pentium II, the list goes on. On their launch, they were being touted as server chips and some pundits predicted they would not show up in consumer products for quite some time. And what has happened? They were being used in workstation class machines faster than you could flip through Computer Shopper:)
So, the margins in this market just don't support expensive reinventing of the wheel. After all, they would have a hard time to differentiate on this fairly low-end server hardware (Intel is not really in the E10000 league yet).
To tell any meaningful difference between say Irix and Solaris, you have to look at the high end (read: on non-intel hardware) Yes I know about CDE and Irix's nice gui, but we are talking servers, right?
And no, I don't consider each vendors broken flavour of the standard utilities, each having the urge to redefine command-line flags, as value-adding differentiations. Do you?
In short, I could not agree more with IntlHarvester. I just wanted to expand on his line of thought.
>Um what has fallen so far? Linux killed what? >Irix? Solaris? *BSD ?
Well, it could be argued that SCO has lost quite a few customers to Linux... As for Solaris/x86, it never was a strong contender, so.. The way I parse the recent SGI statements about their future direction, they seem to basically leave the low-to-midrange server market to Linux (consider their donations to Linux: xfs, OpenGL stuff etc) and concentrate on the high end. After all, the money is mostly in hardware these days.
Anyway, Linux does not need to kill any other OS to be sucessful. It sure has brought back the spotlights on Unix, a turn of events beneficial to all Unices (well perhaps with the exception of SCO..) Not to speak of the whole Open Source / Free Software bandwagon.
Slashdot Mirror
BXE is an open source browser-based WYSIWYG XML editor with WebDAV support.
very good thinking. yes, reaching consensus / interop is very hard, both for technical, and especially social reasons.
i wonder if there are ways to overcome the ego barrier. the greater good may be a tired concept, but it applies here too..
-gregor
that's the classic argument "do it yourself".
those "interoperability people" do not exist as a group. it is a mindset more developers should endorse imo. beats NIH (not invented here) and hacking grandstanding ("you do it yourself, im too leet to care") by far.
but being interoperable (and thus replaceable) as a project may be undesirable for the egoes involved.. reputation lock-in?
-gregor
RFCs have much more respect in open source circles than committee-created standards.
:)
highly agreed. this is our experience too, do interop in small steps, use what works. we called this the "do a prototype in a day" approach in the article
-gregor
amen bro.
disclaimer im a former postnuke core dev who now works with john cox on the next generation postnuke (along with the rest of the core devs that left in corpore from postnuke)
i looked at SCORM. in my opinion its a bloated mess that stands little chance of being adopted on a broad scale. typical three-letter agency standard :)
-gregor
uhm hello? why are you re-posting the thread from advogato here?
-gregor
first of all, they do have the potential to be cross-browser (ie 6 and mozilla). second, thanks to the built-in schema validation for xopus your users cannot even apply "wrong" text styles etc, because you can only apply styles that are pre-defined in the stylesheets.
finally, xopus is arguably more "wysiwyg" than most editors who are nothing more than textareas with some formatting buttons. for instance, the NYT of switzerland, neue zürcher zeitung (nzz) uses xopus to enter articles. journalists see how their articles flow on the page while they are entering it. quite powerful.
hope this helps,
-gregor
you are right about earlier versions of PostNuke (they had a lot of legacy phpnuke code in it) but very likely wrong about newer versions.
-gregor
Disclaimer: Im a PostNuke developer.
it does all phpnuke does plus
there is more, but i think you get the idea.
if you want a faster, more stable alternative, try postnuke
it has all phpnuke offers, and more.
no wonder their web site crapped out.
i had to work with their sourcecode, done by the godawful razorfish. (remember, the guys who sent clients away if they didnt like them)
its an ugly mess of asp code generating javascript code which in turn is incorporated via a convoluted include hierarchy.. as to the data model, well they don't have one.
the quality of the code is what you would expect from a teenager, not a professional consulting firm.
i did a few simple changes to that horrid code to see if i could speed it up. instantly it ran 3 times faster.. go figure.
i was really glad when i could dump that code on someone unsuspecting, and head for the hills..
-gregor
heres to hoping that there are some folks left at
the following comment was posted by MS employee Joshua Allen at his weblog
The IIS Plan - This interview with Brian Valentine sums up the main action plan for addressing IIS concerns. The quote that sums up his attitude best is "When we look back in a few years, we will see this as one of the critical inflection points in our company's growth."
Here are my notes, detailing the parts of the plan I found interesting:
Two initiatives for customers:
Get Secure:
Stay Secure:
Internal Efforts (Not Customer-Facing):
Public:
So the way I see it, we will be successful to the degree that we:
- Assure that no customer ever again finds it difficult, confusing, or time-consuming to keep their system secure.
- Improve security going out the door so that fewer patches are required (IMO, this wouldn't have made a difference in any of the recent worms, but is still a good goal for countering potential future threats). The goal here is to be the platform with fewest known vulnerabilities that need to be patched, using any metric you care to apply.
- Be a lot more proactive in contacting, encouraging, and helping customers keep their systems secure.
And of course, huge progress in fighting worms could be made by getting the router vendors, OS vendors, and other infrastructure vendors to all work together, and hopefully that happens too.i am attending microsoft tech ed europe at the moment and had some thoughts about this yesterday which i wrote about in my weblog. the ideas are just a rough sketch what i was thinking about, so please be gentle and judge them by content, not by the form or the clarity of expression.. :)
.net juggernaut. declaring
support for soap, as ibm, sun, oracle and others have done, is not going
to cut it. what is needed is a credible architecture that can compete
feature by feature with .net. although all the components like apache
(web server), soap for apache, jabber (xml messenging), kdevelop (ide),
postgres sql (database), ldap (directory) exist in the open source
community, they are not part of an overall architecture. it would
be a major undertaking to get the developers of the respective components
to talk to each other and agree on common interfaces.
.net platform.
it also became quite evident that we have seen nothing yet in terms
of the web services architecture. many key pieces are missing, like
meta data to enable the retrieval and processing of semantics from
data (to support agent technology for instance), the questions of
payment for web services and global, fine-grained security matrices (who
has access to which of my data). web services are loosely coupled
but they have no mechanism to guard against api changes or to facilitate
negotiations on usage terms for web services.
over the course of these presentations it became very clear that microsoft has unleashed something much larger than it can ever hope to handle like it has in the past when it introduced the concept of web services. web services have all the ingridients of a disruptive technology. they place simplicity where complexity and opaque systems have reigned for so long.
their complete reliance on xml for all aspects has brought them some critisism from some quarters that they are not being efficient and that xml adds nothing that was not there before. i was wondering along these lines as well. however when i saw how the concept of web services has evolved in one year i started to notice similarities to the classic and incredibly successful osi model. web services start where osi ends, but they share the concept of piling indepent services on top of each other. this has been a very powerful architecture in networking systems, especially tcp/ip. since xml is such a simple representation of data it has been very easy to extend web services with additional layers and make them increasingly powerful. i believe that the benefits from a large scale adoption of xml will be reaped with ever more layers stacked on each other, with ever increasing power. although web services are an active area for the w3c, it remains doubtful how the industry will counter microsofts
the old unix argument about never setting policy looks quite silly when you realize what productivity gains microsoft will be leveraging with their
see IFS for an overview of oracles IFS.
or look at MS Vaporware Presentation to learn about ms plans in this area (powerpoint presentation unfortunately..)
the idea has definitely merit, and as others have pointed out, the possibilities are quite intriguing..
the swiss have a data haven of their own: www.mount10.com the site info is in german though..
with all these companies announcing gnome
enhancements, i wonder what the big picture
looks like?
any idea how these different projects will
work together? or do they have different
objectives? afaik, everyone is touting
"make gnome easier", but thats quite a
fuzzy term is it.
LIDS struck me as a cool way to screw up your system.. :)
/dev/mem, Modules protection, Mounted filesystem protection, IP Firewall rules protection, Hide sensitive processes, Protects the Append-Only files, Protects MBR of the Boot Device from rewriting. It can prevent the LILO executes.
no serious, i think what this chinese guy is doing is very interesting. he is basically sealing a box equipped with this patch so script kiddies won't mess with it.
among its features (in the words of its author): mem/kmem lock, ptrace syscall lock, Allow some specified processes to access
and so on...
get it at lids
if you think you have seen your share of cool screensavers, think again.
bomb just blows all of them out of the water.
according to its author, its a visual-musical instrument. It produces animated organic graphics in response to the keyboard, audio music, or on its own. It runs on the console, under X11, or with xscreensaver.
get it here : draves.org/bomb.
building on the great php3, php4 goes where no asp has gone before..
..
i can't wait to see php repeat apache's success over other proprietary solutions.
and, according to the buzz on the street, it is already happening..
i guess its time for asp2php
there was a post on linux-kernel from jeff merkey,
the developer of the existing netware support
for linux.
apparently, novell seems to play games..
decide for yourself.
i copy from:
jeffs linux-kernel post
Linux Community,
For those folks who saw the Linux Today article about Novell's "Open
source plans", here's some food for thought. This is an internal email
thread from Novell discussing Open Sourcing of NDS with the principals
at Novell with us (TRG) and attempting to negotiate us to stop Open
Sourcing NetWare technology on Linux. FYI, Dave Shirk and Novell are
full of it, and are in actuality trying to "put the genie back into the
bottle" and get us (TRG) under control. Part of their strategy is to
FUD the key Linux folks to divert attention and mindshare away from what
we are doing. They are out trying to FUD the open source community into
believing they are actually going to do something, but it's really a
well planned attempt to shut us down from providing NetWare open source
technology to you guys.
They first threatened us with more lawsuits if we did not halt our Open
Source NDS projects, then Dave Shirk, the so called "open source
champion" of Novell fired Bryan Clark, the Novell marketing person who
was trying to integrate our Open Source projects with Novell. Dave
Shirk called him into an office and fired him for even suggesting that
NDS be open sourced on Linux -- then turned straight faced to the the
Linux community, stating Novell was moving towards such a direction, and
lied to us. The attached internal email threads are provided so the
principals in the Linux community know these guys are full of it.
Busted!!!! If they try to suck up to any of you, be warned, their
intention is to CONTROL what's going down with their market share.
Linux is killing Netware right now, and will easiy assimilate over 1.5
million nodes of Netware next year. This is a predatory move to "trojan
horse" Linux and neutralize the threat.
Enjoy,
Jeff
I work for one of the big five consulting firms.
some loser managed to spam tens of thousands
of our employees by sending a scam to several
internal mailing lists.
of course, other losers within our organization
had to check it out and announce to the list
that the scam was a scam. (what a surprise)
then, as pressure on the original losers increased,
they sent out several retraction notices to
basically the whole firm, again. to top it off,
still other losers chimed in to complain
about all the mails, urging them to stop.
(but of course they were too dumb to realize
that they added to the problem themselves).
i seriously hope this experience is either
followed by an intense education effort or
a blocking of these international distribution
lists for normal staff.
The german Unix magazine IX has a review of Kdevelop in their october issue. unfortunately, only in the print version.
anyway, you might care to look up www.heise.de/ix, it's a great journal.
-gregor
>Are the UNIX companies using IA64 to slowly get
:)
>out of the CPU business? or the hardware >business in general? That would be an odd
>strategy because right now they're making most
>of their money off hardware, and that's where
>the main differentiation is right now.
This seems a dumb move, if true. After all, the Intel market is more and more becoming a commodity market. Why? Look at recent "server" chips from Intel: Pentium, Pentium Pro, Pentium II, the list goes on. On their launch, they were being touted as server chips and some pundits predicted they would not show up in consumer products for quite some time. And what has happened? They were being used in workstation class machines faster than you could flip through Computer Shopper
So, the margins in this market just don't support expensive reinventing of the wheel. After all, they would have a hard time to differentiate on this fairly low-end server hardware (Intel is not really in the E10000 league yet).
To tell any meaningful difference between say Irix and Solaris, you have to look at the high end (read: on non-intel hardware) Yes I know about CDE and Irix's nice gui, but we are talking servers, right?
And no, I don't consider each vendors broken flavour of the standard utilities, each having the urge to redefine command-line flags, as value-adding differentiations. Do you?
In short, I could not agree more with IntlHarvester. I just wanted to expand on his line of thought.
-gregor
>Um what has fallen so far? Linux killed what?
>Irix? Solaris? *BSD ?
Well, it could be argued that SCO has lost quite a few customers to Linux...
As for Solaris/x86, it never was a strong contender, so..
The way I parse the recent SGI statements about their future direction, they seem to basically leave the low-to-midrange server market to Linux (consider their donations to Linux: xfs, OpenGL stuff etc) and concentrate on the high end. After all, the money is mostly in hardware these days.
Anyway, Linux does not need to kill any other OS to be sucessful. It sure has brought back the spotlights on Unix, a turn of events beneficial to all Unices (well perhaps with the exception of SCO..) Not to speak of the whole Open Source / Free Software bandwagon.