Tuesday, April 28, 2009

Into the West - sad to see the Sun set


A number of people have been asking me what I think, as an ex-Sun-employee, of the acquisition of Sun by Oracle.

I am mostly sad.  I really liked Sun as a company.  In the beginning of my career, I was a heavy user of Sun technology, from Sun workstations and servers to, when it came out, Java.  And don't forget NFS.  And Open Office.  And and...  Then I was honored to become an employee at Sun, and regardless of how we fared, I always felt that the company's heart was in the right place, and they did things with passion and intelligence.

Oracle, at least from the outside, just isn't like that.  The culture, as I experienced as a competitor at Sybase and from talking to those who have been there, is aggressive and competetive.  I'm sure that's served them very well, but that's just not my style.  When I was in junior high school in Colorado, soccer was played for the most part by Vietnamese and Koreans.  I played soccer both because I loved it and because it was (at that time) just a bunch of friends getting together to have fun. Baseball and football were ruthless, competetive, and not much fun.

I quit playing soccer in high school when someone from the opposing team came at my head with his feet (I was the goalie) and with a malicious grin on his face.  Thanks, but no thanks.  It just wasn't worth it to me.

I see Oracle as a place where baseball and football are played.  Yes, you are successful, but it's not my idea of fun. 

Perhaps companies like Sun can't really succeed in the business world.  Perhaps you have to be ruthless and aggressive and competetive, both inside and outside your organization.  Perhaps a culture like Sun's only does well in the small - small businesses, small goals, maybe even staying private instead of going public.

But regardless, I'll be sad to see Sun and it's Most Excellent culture and products be subsumed into Oracle.  It's the end of an age - the elves are all leaving Middle Earth... :)  So long, Sun...

Friday, April 24, 2009

Reputation-based security

Today I read a transcript of Enrique Salem's keynote at the RSA conference, and in it he talked about something I found to be very fascinating - reputation-based security. The idea is that you can set security policies for applications you allow to run not based on some impossible-to-maintain whitelist or blacklist, but based on an application's reputation.

This new method isn’t all-or-nothing blocking like we’ve had in the past. This is a policy-based approach, where the administrator can configure the protection based on their own tolerance for risk. For instance, a government agency could forbid installation of all software that is less than 30 days old, hasn’t been installed by at least one million users, and doesn’t have a good reputation. This policy would guarantee that all software installed would first have to be vetted by literally millions of other users.

On the opposite end of the spectrum, an administrator at a university—where students constantly download all sorts of applications—could have a more lenient policy. For example one that requires new software to have a good reputation and have been previously downloaded by at least 100 users.

Think about it a little like a Zagat restaurant guide. Some people with a high risk tolerance may go eat at the new sushi place based on the recommendation of an acquaintance. Someone that is more risk averse might want to first check out the Zagat guide and wait until the place receives a high food rating before they go try it. But what’s most important is that you choose how daring you want to be when it comes to picking a restaurant. You should be able to make a similar choice when it comes to security.

I think this is really cool and makes a lot of sense. I like the way it balances flexibility with security. I like the way it takes advantage of the crowd to help categorize the safety of an application. It also helps me see how there are very interesting problems and potentially fascinating solutions in the world of security.

Security as a service

Now that I'm part of a security company, I've been contemplating this security thing.  As a child of the seventies I notice I have a knee-jerk reaction to see security as a force of totalitarianism and control.  I find myself wanting to 'stick it to the Man.'

But here I am at Symantec, a company that is all about security.  I can either be grimly resistant to the whole focus of the company, or I can examine my attitude and try to find an approach that works for me.

Yes, absolutlely, the name "security" can be lipstick onto the pig of extreme, sometimes brutal control and inflexibility.  In the name of security you can make life miserable for people.  But I have to admit, you can't do without security.  It's a part of life.  In Berkeley-speak we call it "healthy boundaries."  If you have healthy boundaries, then you are actually more able to relax and be yourself.  If I think of it that way, my liberal genomes can relax a bit - "oh, healthy boundaries, that's OK."

I've also been remembering my volunteer offering of security at my place of worship in Oakland many years ago.  I remember the stance we tried to have in that role.  We were vigilant, we kept our eyes open, and were prepared to lovingly but firmly escort someone out of the building if they were dangerous or inappropriate.   But most of the time we were Just There.  We didn't have big badges or scowls on our faces.  We just stood there on the corner or at the door welcoming people and watching the world go by.

To me that's Good security - there when you need it, but quietly present when you don't.  It creates a sense of safety and comfort, not one of being hard-armed and constrained.

So, it's a delicate balance you have to play - you don't want to be too loose, and you don't want to be overly firm and harsh.  You need to catch viruses, but you don't want systems to run 10 times slower or exercise absolute control over exactly what applications people can run.  You need to balance risk against cost.  It's really quite a dancing act. 

But most of all, I believe you need to have the right attitude.  If you approach security with a feeling of fear and panic, you tend make decisions that are likely to be overly dictatorial (see the Bush years as an example).  But if you have an attitude of service, respect, and flexibility, then you are much more likely find solutions that work for everyone.

So armed with that attitude - an attitude of service and respect - I'm ready to go have some fun at Symantec.  Security as a Service.

Wednesday, April 22, 2009

Dare Obasanjo - AtomPub fades away

Wow, great discussion of the reported demise of AtomPub. I was playing around with AtomPub a while back, and it's true, I've slowly moved over to just using JSON - see CouchDB for example.
The double whammy comes from the fact that although new forms of microcontent have shown up which do encourage the existence of desktop tools ... the services which provide these content types have shunned AtomPub and embraced JSON as the way to expose APIs for rich clients to interact with their content. The primary reason for this is that JSON works well as a protocol for both browser based client apps and desktop apps since it is more compatible with object oriented programming models and the browser security model versus an XML-based document-centric data format.

In my opinion, the growth in popularity of object-centric JSON over document-centric XML as the way to expose APIs on the Web has been the real stake in the heart for the Atom Publishing Protocol.

http://www.25hoursaday.com/weblog/2009/04/18/JoeGregorioOnWhyTheAtomPublishingProtocolAtomPubIsAFailure.aspx

Tuesday, April 21, 2009

More info about in-memory support in Java DB

Knut Anders gives lots of useful details about the new in-memory support in Java DB 10.5. Very simple to use: just specify "memory" in the URL. I love the tip about backing up your in-memory database prior to exiting the application - it's like doing one big checkpoint at the end. So you get both durability (OK, very large-grained durability :)) and speed.

Saturday, April 18, 2009

Javascript implementation of CouchDB API in the browser

Some very interesting stuff is happening in the browser space. Damien Katz gives a link to this post by Atul Varma about creating an initial implementation of the CouchDB API in JavaScript.

Damien takes this and runs with it, saying that CouchDB is specifically intended to run in the client, and to provide a form of location transparency where your entire application can be running locally or remotely and you really don't know the difference except that perhaps some of your data is stale until you reconnect to the server.
This is the problem that CouchDB is designed to solve. Not just putting your data and apps into the cloud, but onto your laptop, your phone and your local office server. Fully query-able and editable in your browser, your data is available wherever you are, despite network outages, air travel or blocked access.
I like how Damien implies that the cloud doesn't include just servers, but also your own machine - that your client machine is part of the cloud. It's a very different way of thinking about web architectures. I highly recommend you keep an eye on this space.

Friday, April 17, 2009

Cool elevators

Here I am on the twentieth floor overlooking the San Francisco bay and watching the ferry come into the Ferry Building. Pretty posh - I'm trying to enjoy it while I can until we move next week.

But what I wanted to write about was the super cool elevators they have in this building. In most office buildings, during "rush hour" in morning, lunch and evening you wait and wait for an elevator, and then on the way up/down you hit every single floor.

But these are "smart" elevators. Instead of pressing "Up" or "Down" buttons, what you do instead is press the floor you want to go to. The EPU (Elevator Processing Unit) then does optimal calculations based on who wants to go where, assigns elevators to routes, and then a number flashes to tell you which elevator to take. So for instance this morning we had stops on the 18th, 19th and 20th floors, and that was it. At lunch time I stopped at one other floor before heading to the lobby.

That is just so cool, and now that I think of it, so obvious. I do wish all elevators worked this way...

Thursday, April 16, 2009

Derby 10.5 - in-memory support!

I had lunch today with a bunch of old buddies from Sun, including Rick Hillegas and Francois Orsini from the Java DB/Derby team. They confirmed rumors I had been hearing that 10.5 (currently in release candidate mode) has support for running purely in-memory, and that some operations are running 1000 times faster than on disk.

Why is this interesting? Well, think of the scenario where you need to cache data with your web server instances so that your client requests can access the data they need locally, in-memory. This is a very common need to meet the scalability and performance requirements of web applications.

The problem is, most of the caches out there today are simple key/value hash maps.

What JavaDB in memory gives you is an in-memory cache that gives you all the expressive power of SQL. You can run SQL queries over your cache, or use Hibernate or JPA, rather than being limited to key-based lookup and building your own secondary indexes.

And then there are interesting features such as Java stored procedures and table functions, which I can envision being very powerful and useful in an implementation of an in-memory SQL-based cache.

So take a look at the 10.5 release candidate (or wait until 10.5 releases). It may be just what you need.

Wednesday, April 15, 2009

Back at work

My first day here at work at Symantec.  It's a very Windows-oriented environment, which is something I have to get used to.  I've already downloaded cygwin to help me have some UNIX comfort.  Next step is to install Perforce, get a build, and try to build this puppy.

The view here is spectacular - a view of the bay, Treasure Island, and if I just squint, I can see my house in Berkeley.  However, alas, this is not to last -- in one month (to the day) we'll be heading to the sixth floor of an office building south of Market, and no more view :(

My dev machine - well, it's hot.  8GB of memory, over 2TB of disk space, and a 4-core CPU.  Plus I get a company-issued laptop to take home with me - but not a Mac (wah!).   It's a Dell running Win XP.  So nineties :)

Hopefully I'll be up and running soon, but I may not be able to talk much about what I'm doing.  This is not open source in any shape or form.  We'll see what we shall see...

I got a new coffee mug and my boss brought cookies and invited everyone over to meet me - it's a very friendly, good-natured group.  I'm glad to be here.

Friday, April 10, 2009

Stratocaster · iPhone Upheaval

Rich Sands has a very nice analysis of the mobile market and the impact of the iPhone - particularly on the carriers.
Consumers love it. Developers, and content creators love it. Apple surely loves it. But carriers are rightly spooked, because this new model cuts them out of the content business and accelerates their inevitable slide into the abyss of commoditized, dumb data pipes, where price and low cost are the only things that matter, and margins get razor thin. But the carriers should have seen this coming. No matter how much control carriers exert, if what they deliver is more about their profits than satisfying end-users, they’ll eventually be attacked by someone who understands that consumers have the ultimate power, and that developers and other content creators are the source of most of the value to those consumers. The iPhone was inevitable.

http://rich-sands.com/wordpress/?p=51

Getting ready to go back to work...

I have been "not working" for 2 1/2 months now. It was very hard getting used to when it started. And now I'm finding myself preparing emotionally for going back to work, and relishing the time I have left.

I have been working on an under-the-radar project with a friend of mine, and that's been a lot of fun. If it ever turns into something, I'll let you know. Meanwhile, it's time to get back to paying the bills. I'm looking forward to working with the Symantec team - I really enjoyed interviewing with them and they seem like a very good group of people. But what can you say - no rushing in the morning, hanging out at wireless cafes, no commuting - these things just don't come around every day. Sigh...

Maybe I should write about the emotional stages of going back to work, to match my blog on the emotional stages of being laid off...

Old Jews telling jokes

My friend turned me on to this last night - OMG this is so hilarious.  You just have to watch these.  See http://www.oldjewstellingjokes.com/.  Be warned - these jokes are not PG rated, but that doesn't meant they're not funny.

Synchronized iPhone todo list on the cheap - Address Book

I've been trying to find a good way to have a simple todo list that is editable on the web, on my Mac, and on my iPhone.

I've been looking at the apps coming in to the App Store, but none of them seemed really worth the effort, especially since they don't have anything that works on the web or on my Mac.

I tried Evernote, but the dumb thing doesn't let you edit entries created on the Mac on the iPhone when you're offline (which I am a lot, because I don't have a data plan, just wifi and T-Mobile pay-as-you-go).  It doesn't matter if you "favorite" them, it doesn't work because the Mac-created entries are created with rich text, which can't be overriden (e.g. you can't use simple ASCII text).  There was even a todo list on the market that costs 50 friggin' dollars plus $10 for their iPhone app.  TODO: fuggetaboutit.

But wait: Address Book contacts have a notes field.  And I just found out you can synchronize Address Book with Google Contacts, and that Google Contacts has its own URL so you don't have to go through Gmail.

Problem solved.  I create a contact called Todo, and in the notes field I put all my action items.  I can even categorize if I want multiple todos (Todo-Family, etc.) but I've noticed that becomes too complex and is a good reason for me to slowly stop using it, and that defeats the purpose.

Now I can edit that note in Address Book on my Mac, on my iPhone, and even on the web if need be.  That works for me.

Wednesday, April 01, 2009

Obama’s Ersatz Capitalism - NYTimes

A great piece that lays it on the line. Read this, it explains the new bank "partnership" in clear and gory detail.
Paying fair market values for the assets will not work. Only by overpaying for the assets will the banks be adequately recapitalized. But overpaying for the assets simply shifts the losses to the government. In other words, the Geithner plan works only if and when the taxpayer loses big time.

What the Obama administration is doing is far worse than nationalization: it is ersatz capitalism, the privatizing of gains and the socializing of losses. It is a “partnership” in which one partner robs the other. And such partnerships — with the private sector in control — have perverse incentives, worse even than the ones that got us into the mess.
http://www.nytimes.com/2009/04/01/opinion/01stiglitz.html?_r=1