tag:blogger.com,1999:blog-14045323652056080262024-03-13T13:15:11.443-07:00Recursive DigressionsUnstructured comments on life and how to live it.Gilbert Pilzhttp://www.blogger.com/profile/07780921856469609693noreply@blogger.comBlogger18125tag:blogger.com,1999:blog-1404532365205608026.post-13710009224075180152014-11-19T13:02:00.000-08:002019-08-01T19:50:40.510-07:00Building a Bitnami Tomcat Image using Docker<span style="font-family: "trebuchet ms" , sans-serif;">I am a long-time fan of <a href="https://bitnami.com/stacks" target="_blank">Bitnami's prepackaged stacks</a>. If you want to, for example, quickly stand up a new <a href="https://www.drupal.org/" target="_blank">Drupal</a> instance, Bitnami allows you to do this - using either a machine image with the stack pre-installed or a binary installer that you can run on the appropriate type of OS.</span><br />
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span>
<span style="font-family: "trebuchet ms" , sans-serif;">When I first learned about Docker, I thought of Bitnami and how it seemed a natural fit for them to offer Docker image versions of their stacks. It turns out that they are in the process of doing exactly <a href="https://bitnami.com/docker" target="_blank">that</a>. However, at the time of this writing, they don't have these available, so I decided to build my own. What follows is a step by step recipe for taking the Bitnami Tomcat 7 installer and building a Docker image that captures the result of a successful install.</span><br />
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span>
<br />
<h3>
<span style="font-family: "trebuchet ms" , sans-serif;">Step 0 - Create a VM and install Docker</span></h3>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;">I did this in a single step using <a href="https://www.digitalocean.com/" target="_blank">Digital Ocean</a>'s ability to select OS / application combos - in this case Docker 1.3.1 on Ubuntu 14.04 (64 bit). To keep Bitnami's installer from complaining about memory (in Step 4) you are going to need at least a 2 GB VM. If you want to run multiple stacks side-by-side on the same VM, you are going to need at least 4GB.</span><br />
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span></div>
<h3>
<span style="font-family: "trebuchet ms" , sans-serif;">Step 1 - Download the Bitnami Tomcat Installer onto Your VM</span></h3>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;">The easiest way to do this is use 'wget' on the VM:</span></div>
<div>
<br /></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">root@vm:~# mkdir bitnami; cd bitnami</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">root@vm:~# wget https://bitnami.com/redirect/to/45854/bitnami-tomcatstack-7.0.57-0-linux-x64-installer.run</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">root@vm:~# chmod +x </span><span style="font-family: "courier new" , "courier" , monospace;">*.run</span></div>
<div>
<br /></div>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;">Note that Bitnami is always updating their downloads so, by the time you read this, the installer above may not be available. Just use the appropriate installer for your OS. Obviously you can also choose to use an earlier or later version of Tomcat.</span><br />
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span>
<span style="font-family: "trebuchet ms" , sans-serif;">Also note the I've saved the installer under a new directory (which we will reference in Step 3) and made it executable.</span><br />
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span></div>
<h3>
<span style="font-family: "trebuchet ms" , sans-serif;">Step 2 - Download/Pull the Base Docker Image</span></h3>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;">Working with Docker is like baking sourdough bread; you need a little something to start with. I chose to use Docker's base Ubuntu image because (a) I really don't care which OS I'm running Tomcat on, and (b) I've used Bitnami's Tomcat stack on Ubuntu before and never had any problems.</span></div>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">root@vm:~# docker pull ubuntu</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span></div>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;">You should see a brief flurry of activity ending with:</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">Status: Downloaded newer image for ubuntu:latest</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span></div>
<h3>
<span style="font-family: "trebuchet ms" , sans-serif;">Step 3 - Start a Container</span></h3>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;">First I'll show you the command, then I'll explain the options:</span></div>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">root@vm:~# </span><span style="font-family: "courier new" , "courier" , monospace;">docker run --cap-add=ALL -i -p 80:80 -t -v /root/bitnami:/bitnami ubuntu /bin/bash</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;">--cap-add=ALL</span><span style="font-family: "trebuchet ms" , sans-serif;">: When it starts, Tomcat tries to set some <a href="http://man7.org/linux/man-pages/man7/capabilities.7.html">capabilities</a> (i.e. establish the privilege to do one or more "superuser like" things). By default Docker does not allow processes within a container to do this. This option allows processes within the container to set any capability they want. This is a sloppy and dangerous thing to do. I should dig into the Tomcat code and figure out exactly which capabilities it is requesting and grant only those capabilities (see the "<a href="https://en.wikipedia.org/wiki/Principle_of_least_privilege" target="_blank">principle of least privilege</a>").</span><br />
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;">-v /root/bitnami:/bitnami</span><span style="font-family: "trebuchet ms" , sans-serif;">: This option bind mounts "/root/bitnami" on the VM to "/bitnami" in the container. This will allow us to access the installer file from inside the container.</span><br />
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;">-p 80:80</span><span style="font-family: "trebuchet ms" , sans-serif;">: By default the Apache web server listens on port 80. This option maps port 80 of the container to port 80 on our VM. Obviously you can map the container port to any free port on your VM (e.g 8080 using "-p 8080:80").</span><br />
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;">-i, -t</span><span style="font-family: "trebuchet ms" , sans-serif;">: These two options connect you to the shell running inside the container.</span><br />
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;">ubuntu</span><span style="font-family: "trebuchet ms" , sans-serif;">: This option specifies the image to run in the container. In this case it is the default Ubuntu image that we pulled in Step 2.</span><br />
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;">/bin/bash</span><span style="font-family: "trebuchet ms" , sans-serif;">: This option tells Docker to run a bash shell inside the container.</span><br />
<br />
<span style="font-family: "trebuchet ms" , sans-serif;">At this point you should find yourself at a container-level prompt like:</span><br />
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;">root@d10f70897ce3:/# </span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
<br />
<h3>
<span style="font-family: "trebuchet ms" , sans-serif;">Step 4 - Run the Bitnami Installer</span></h3>
</div>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;">Next we want to run the Tomcat installer to install Apache, Tomcat, and MySQL into our container:</span></div>
<div>
<br /></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">/bitnami/bitnami-tomcatstack-7.0.57-0-linux-x64-installer.run --mode unattended</span></div>
<div>
<br /></div>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;">This command will take a couple of minutes to complete, so be patient. If all goes well you should return to the container-level prompt where you can poke around a bit to check things out. A "</span><span style="font-family: "courier new" , "courier" , monospace;">ps -ef</span><span style="font-family: "trebuchet ms" , sans-serif;">" should show you the Apache, MySQL, and Tomcat processes, there should be an "</span><span style="font-family: "courier new" , "courier" , monospace;">/opt/tomcatstack-7.0.57-0 directory</span><span style="font-family: "trebuchet ms" , sans-serif;">", etc. You can test whether Apache is up and accessible by browsing to "</span><span style="font-family: "courier new" , "courier" , monospace;">http://<<i>your VM address></i>/</span><span style="font-family: "trebuchet ms" , sans-serif;">". You should see the welcome page for the Bitnami Tomcat stack.</span></div>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span></div>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;">Note that the way in which we installed Apache, MySQL, and Tomcat is extremely unsafe. For example, there is no password for the Tomcat manager application. Under this configuration it should only be a matter of minutes before someone installs something unpleasant onto Tomcat. The Bitnami installer supports a number of command-line options for setting the MySQL password, the Tomcat manager password, etc. You can play around with these to get the configuration you want. This is where Docker shines; you can quickly re-run Steps 3 and 4 to experiment with different configurations. One thing to be aware of is that Docker saves containers after you exit them so, to avoid confusion, you should probably "</span><span style="font-family: "courier new" , "courier" , monospace;">docker rm <<i>container-id></i></span><span style="font-family: "trebuchet ms" , sans-serif;">" on any containers you are no longer interested in.</span><br />
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span></div>
<h3>
<span style="font-family: "trebuchet ms" , sans-serif;">Step 5 - Snapshot the Container</span></h3>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;">Now that you have a container running a configuration of the Tomcat stack that you are happy with, it is time to snapshot that container and create a Docker image. Since we started the Apache, MySQL, and Tomcat processes from the bash shell that we launched on container startup, exiting the shell will cause these processes to terminate. I confess to being somewhat superstitious, however, so I prefer to shut down these processes in the "proper" manner:</span></div>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">root@d10f70897ce3:/# /</span><span style="font-family: "courier new" , "courier" , monospace;">opt/tomcatstack-7.0.57-0/ctlscript.sh stop</span><br />
<br />
<span style="font-family: "trebuchet ms" , sans-serif;">After this completes you can simply exit the bash shell to exit the container and return to your VM-level shell. At this point we can snapshot the container and create a new image using the "docker commit" command like so:</span></div>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">root@vm:~# docker commit -m="Some pithy comment." d10f70897ce3 mybitnami/tomcat:v1</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span></div>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;">The resulting image should be viewable through the "docker images" command.</span></div>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span></div>
<h3>
<span style="font-family: "trebuchet ms" , sans-serif;">Step 6 - Launching the Image</span></h3>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;">Launching our newly created image is simply a matter of starting a container using that image:</span></div>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">root@vm:~# </span><span style="font-family: "courier new" , "courier" , monospace;">docker run --cap-add=ALL -d -p 80:80 <b>mybitnami/tomcat:v1</b> /bin/sh -c "/opt/tomcatstack-7.0.57-0/ctlscript.sh start; tail -F /opt/tomcatstack-7.0.57-0/apache-tomcat/logs/catalina-daemon.out</span><span style="font-family: "courier new" , "courier" , monospace;">"</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span></div>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;">This looks a little intimidating, so let's break it down. The "--cap-add=ALL" option was covered in Step 3. We still need this because Tomcat still sets the same capabilities. The "-d" option simply tells Docker to run the container in the background. We've eliminated the "-i" and "-t" options because we don't need to interact directly with the container. The "-p 80:80" options specifies the same port mapping and we've eliminated the "-v" option because we no longer need to access any host files from the container. What makes this step look complicated is the in-line shell script at the end. What we are telling Docker to do is run the following commands in a shell:</span></div>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">/opt/tomcatstack-7.0.57-0/ctlscript.sh start</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">tail -F /opt/tomcatstack-7.0.57-0/apache-tomcat/logs/catalina-daemon.out</span></div>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span></div>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;">Docker will run a shell that executes "ctlscript.sh start" thus starting Apache, MySQL, and Tomcat. It will then run the "tail" command on the main Tomcat log file, blocking on additional writes to this file. What this means is that the shell process that is the parent or grandparent of all the Apache, MySQL, and Tomcat processes will continue to run, thus keeping the whole tree of processes alive.</span></div>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span></div>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;">There are a number of ways we can monitor our container at this point. We can view a top-like display of the processes in the container via:</span></div>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">root@vm:~# </span><span style="font-family: "courier new" , "courier" , monospace;">docker top <<i>container ID></i></span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span></div>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;">We can look at the container's STDOUT and STDERR using:</span></div>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">root@vm:~# </span><span style="font-family: "courier new" , "courier" , monospace;">docker logs <<i>container ID></i></span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span></div>
<h3>
<span style="font-family: "trebuchet ms" , sans-serif;">Step 7 - Stopping the Container</span></h3>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;">To stop the container running our tomcat stack we can send the SIGTERM signal to the root process of the container (our shell running "tail") via:</span></div>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;">root@vm:~# </span><span style="font-family: "courier new" , "courier" , monospace;">docker stop <<i>container ID></i></span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span></div>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;">This <i>should</i> cause all of the server processes to shut down cleanly. As I mentioned, I'm a bit superstitious about these things so I would prefer a mechanism that invoked "</span><span style="font-family: "courier new" , "courier" , monospace;">ctlscript.sh stop</span><span style="font-family: "trebuchet ms" , sans-serif;">" before exiting the container. I've spent enough time investigating to determine that this is a subject for another post.</span></div>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span></div>
<h3>
<span style="font-family: "trebuchet ms" , sans-serif;">Some Questions</span></h3>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span></div>
<span style="font-family: "trebuchet ms" , sans-serif;"><b>Why Not Use an Existing Tomcat Image?</b></span><br />
<div>
<span style="font-family: "trebuchet ms" , sans-serif;">If you are familiar with Docker you are probably aware that there are plenty of <a href="https://registry.hub.docker.com/search?q=tomcat" target="_blank">existing images</a> that run Tomcat. Why not simply use one of these? Firstly, none of these images (that I am aware of) include an integrated Apache or, more importantly, MySQL. Secondly, I am working with an application that I built using the Bitnami stack and I'm comfortable dinking with this stack. It is less work for me to build an image of my existing system than it is to switch to a new system.</span></div>
<div>
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span></div>
<span style="font-family: "trebuchet ms" , sans-serif;"><b>Why Not Use "docker build"?</b></span><br />
<span style="font-family: "trebuchet ms" , sans-serif;">Steps 3-5 could have been replaced using the "docker build" command and a Docker file. However, at the time of this writing, the containers used during the "docker build" command do not allow their processes to request capabilities. A</span><br />
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;">RUN bitnami-tomcatstack-7.0.56-0-linux-x64-installer.run</span><br />
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span>
<span style="font-family: "trebuchet ms" , sans-serif;">command will fail with the following error:</span><br />
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;">set_caps: failed to set capabilities</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">check that your kernel supports capabilities</span><br />
<span style="font-family: "courier new" , "courier" , monospace;">set_caps(CAPS) failed for user 'tomcat'</span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">Service exit with a return value of 4</span><br />
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span>
<span style="font-family: "trebuchet ms" , sans-serif;">when Tomcat tries to run for the first time. This issue is being tracked by Docker here: <a href="https://github.com/docker/docker/issues/1916" target="_blank">https://github.com/docker/docker/issues/1916</a>.</span><br />
<span style="font-family: "trebuchet ms" , sans-serif;"><br /></span>
<span style="font-family: "trebuchet ms" , sans-serif;"><b>Why Use Docker At All?</b></span><br />
<span style="font-family: "trebuchet ms" , sans-serif;">At the beginning of this post I pointed out that Bitnami stacks exist in machine image form for most popular systems. I can go to AWS and, in less time and less effort, create a new VM that is functionally equivalent to the docker container that I have created here. Some points:</span><br />
<ul>
<li><span style="font-family: "trebuchet ms" , sans-serif;">My Bitnami Tomcat stack Docker image is a just a building block. Next I'm going to install a webapp on Tomcat, a database on MySQL, etc. Then I'm going to snapshot that. Again, I could do the same with AWS, but I can't run an AMI anywhere besides AWS. I can take my Docker images and run them on anything with a compatible kernel.</span></li>
<li><span style="font-family: "trebuchet ms" , sans-serif;">When saved as a TAR file my docker image is approximately 800 Mb. Most VM images are far larger than this. Lighter is faster.</span></li>
<li><span style="font-family: "trebuchet ms" , sans-serif;">Bitnami does a great job with integration but nothing is ever quite exactly the way you want it. The dink-->test-->dink-some-more cycle in Steps 3 and 4 is much faster using containers on an individual VM than using multiple VMs.</span></li>
<li><span style="font-family: "trebuchet ms" , sans-serif;">If, for whatever reason, I wanted to run multiple instances/versions of my stack it would probably be much cheaper to run them side-by-side in separate containers on the same (larger) VM than it would be to run them each in their own (smaller) VMs. This cost difference is even greater if I decide that I need to make my stacks available at a static IP address and/or given DNS name.</span></li>
</ul>
Gilbert Pilzhttp://www.blogger.com/profile/07780921856469609693noreply@blogger.com0tag:blogger.com,1999:blog-1404532365205608026.post-50259331590652665122012-05-09T12:18:00.001-07:002019-08-01T19:40:06.834-07:00The “Let’s Impersonate Eric Holder” Game<span style="font-family: "arial" , "helvetica" , sans-serif;">In the course of numerous arguments about the need for stricter voter ID laws, I’ve had a number people refer me to the story of the man who obtained Eric Holder’s primary ballot from a Washington D.C. polling station (google it if you aren’t already familiar with the story). The people that refer me to this story usually seem to feel that it is some sort of trump card – as in “There, we’ve proven that voter fraud could occur, therefore we need voter ID laws.”</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">This is the same sort of shallow thinking that led to the TSA and our ridiculous airport security procedures. The question isn’t “can one person steal another person's ballot?”, it is “can enough ballots be stolen to change the outcome of an election?” I’ve been thinking about this problem and come up with a little mental game people can play to run through the possible scenarios.</span><br />
<h2>
<span style="font-family: "arial" , "helvetica" , sans-serif;">
The Goal</span></h2>
<span style="font-family: "arial" , "helvetica" , sans-serif;">The goal of “Let’s Impersonate Eric Holder” is to fraudulently cast 1,000 or more additional votes for a congressional candidate. That’s 1,000 more votes than the candidate would have received had you not participated in the game. <strong>Note that I’m setting the bar extremely low here</strong>. Yes, the Franken/Coleman race was decided by less than a thousand votes, but that was a very rare case. The majority of congressional races are rarely closer than 2 or 3 percentage points. Given that the average size of a congressional district is 700,000 people and assuming a voter turnout of around 40% – you’d need 2,800 votes to effect a single percentage point of change in a congressional race.</span><br />
<h2>
<span style="font-family: "arial" , "helvetica" , sans-serif;">
Starting Pieces</span></h2>
<span style="font-family: "arial" , "helvetica" , sans-serif;">To start with you get:</span><br />
<ol>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">A list of all the registered voters in a district including their names, addresses, and party affiliation (if any). This will sometimes be referred to as “the target list”; the people on this list will sometimes be referred to as “targets”. </span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">A list of all the polling places in the district broken down by streets and/or neighborhoods.</span></li>
</ol>
<h2>
<span style="font-family: "arial" , "helvetica" , sans-serif;">
Rules</span></h2>
<span style="font-family: "arial" , "helvetica" , sans-serif;">The following is a list of some common sense constraints on the activities in the game:</span><br />
<ol>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">You can walk into any polling station and vote as anyone on the list provided that person lives in the neighborhood(s) serviced by that polling station and provided that the likely sex of that person’s name matches your apparent sex. For example, someone who looks male cannot vote as a person named “Kathy” though he could vote as a someone named “Kelsey”.* </span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">The assignment of neighborhoods to polling stations is NOT one-to-one. That is, a single polling place may service several neighborhoods. </span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Attempting to vote more than once at the same polling station may result in detection and apprehension (see rule 6). The chance of detection is modified by a number of personal factors. If you are 6’4” with prominent moles etc. (like myself), it is likely that attempting to vote even twice at the same polling station will result in detection. If you are of medium height, medium build, non-descript features, etc. you may be able to vote several times at the same polling station. </span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Attempting to vote as a person who has already voted may result in detection and apprehension (see rule 6). </span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Although the list contains the party affiliation of the voters, it does not contain any information about their voting intentions. You can assume that voters intend to vote for their party’s candidate, but you cannot make any assumption about who people registered as “independent” intend to vote for. </span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Voting fraud is a felony offense with mandatory jail time. If caught, it is likely that you will be charged, tried, convicted, fined, and jailed. </span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Conspiracy to commit voting fraud is a felony offense with mandatory jail time. If caught, it is likely that you and your co-conspirators (at least those who don’t testify against you) will be charged, tried, convicted, fined, and jailed.</span></li>
</ol>
<span style="font-family: "arial" , "helvetica" , sans-serif;">* For the sake of brevity we will not consider cases that involve personal knowledge of the target by a polling worker. For example, attempting to vote as the polling workers next door neighbor.</span><br />
<h2>
<span style="font-family: "arial" , "helvetica" , sans-serif;">
Conspiracy</span></h2>
<span style="font-family: "arial" , "helvetica" , sans-serif;">One of the most readily apparent aspects of this game is that it is impossible for a single player to vote 1,000 times in the same day. On top of this, one can assume that the target list is split approximately 50/50 between women and men. To have a chance of reaching the goal, the player must recruit a number of co-conspirators – some men and some women. Leaving aside the difficulty of recruiting people to participate in a (free – unless you are going to pay them) felonious activity, one has to recognize that the risk of detection increases (at the very least) linearly with the number of co-conspirators. If you don’t want to run afoul of rule 7, you must keep the size of your conspiracy down to the absolute minimum necessary to reach your goal.</span><br />
<h2>
<span style="font-family: "arial" , "helvetica" , sans-serif;">
The Multiplier</span></h2>
<span style="font-family: "arial" , "helvetica" , sans-serif;">The key to this game is what I call “the multiplier”. The multiplier is the number of times the player and his co-conspirators can vote as someone else without getting caught. For example, if the multiplier is 20, you will need 50 people (1 player and 49 co-conspirators) to reach the goal of 1,000 extra votes (sort of – we’ll get into this later). At the end of the game, each conspirator will have their own multiplier, but we can expect that they will tend to clump around some average value. A larger multiplier means fewer co-conspirators and a smaller chance of getting caught; a smaller multiplier means more co-conspirators and a greater chance of getting caught.</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">There are a number of factors that influence the multiplier. One of these is the “lumpiness” of the polling stations – how many neighborhoods per polling station? A related factor is the physical distance between polling stations. Because of rule 3, the ideal situation for the player is fine-grained polling stations (ideally one per neighborhood) that are fairly close to one another. The anti-ideal is coarse-grained polling stations (many neighborhoods in one station) and/or polling stations that are distant from each other.</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">Another factor affecting the multiplier is time. Assuming it takes a minimum of 10 minutes to get the ballot and vote, and assuming the polling stations are open for 12 hours, it is obvious that the maximum theoretical multiplier is 72. Obviously, by rule 3, you can’t vote 72 times at the same polling place, so you must take into consideration the travel time between various polling stations. Also you have to consider the possible presence of lines and/or other delays at the polling stations. Keep in mind that any attempts to mitigate the effects of rule 3 by changing clothes and/or disguises also cuts into the multiplier by consuming time.</span><br />
<h2>
<span style="font-family: "arial" , "helvetica" , sans-serif;">
Timing Is Everything</span></h2>
<span style="font-family: "arial" , "helvetica" , sans-serif;">Rule 4 has some interesting, time-related effects on the course of play. When the player shows up at their first polling place promptly at 7:00 am (as you would assume they would if they were attempting to maximize their multiplier), we can be reasonably sure that their target has not voted yet. When the (by now weary) player shows up at the last polling place at 6:59 pm, they can can be sure that, if their target voted today, they will have voted already. In between these two extremes, the chance of running afoul of rule 4 increases throughout the day.</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">There are two ways to address this issue. The first is to stop voting earlier in the day, perhaps at noon, or 2 pm. This, obviously, decreases your multiplier and requires you to recruit more co-conspirators if you want to reach the goal. The second is to develop an act that will get you out of the polling place when confronted with the inevitable “Mr. Smith, it shows here that you already voted” – something that convinces people that you are a genuine, disenfranchised voter, but at the same time keeps you out of the clutches of any over-helpful poll workers that may inadvertently expose you. Note that, once you “burn” a polling place by hitting rule 4, it is probably unwise to go back there again. This, in turn, reduces your multiplier.</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">Another time-related factor is the changing of workers at the polling stations. If you can get information on when and how these changes occur (not one of your starting pieces, sorry), you can use this information to mitigate the effects of rule 3 (though not rule 4).</span><br />
<h2>
<span style="font-family: "arial" , "helvetica" , sans-serif;">
Overlapping Votes</span></h2>
<span style="font-family: "arial" , "helvetica" , sans-serif;">Suppose that your goal was to cast 1,000 extra votes for a certain Democratic candidate, “Mr. Johnson”. By rule 5, stealing the vote of a target who was going to vote for Mr. Johnson doesn’t count – you basically just did their voting for them. As a player you need to maximize your chances of stealing the vote of someone who wasn’t going to vote for Mr. Johnson. Obviously this means that you should target Republican voters – but it isn’t that simple. The key to maximizing your multiplier is to spread the target list evenly across you and your co-conspirators in a way that prevents you from running afoul of rule 3. Depending upon the make up of the neighborhoods etc. there may not be enough Republican voters to target at some polling stations. Given that independents run around 30-40% of registered voters, it is more than likely that you are going to have to steal votes from the independents who’s intentions, by rule 5, are not guessable. At the end of the day, what this means is that you are going to have to steal extra votes to compensate for overlapping votes. If your overlap rate is 20%, this means that you are going to have to steal 1,200 votes to accomplish your goal. This, in turn, requires you to either increase you multiplier and/or recruit more co-conspirators.</span><br />
<h2>
<span style="font-family: "arial" , "helvetica" , sans-serif;">
End of Game</span></h2>
<span style="font-family: "arial" , "helvetica" , sans-serif;">So is it possible to play this game, reach the goal of 1,000 extra votes, and not get caught? I don’t think so. Given all the factors that I’ve discussed, I can’t imagine an average multiplier any greater than 10. With a modest overlap rate of 10%, this means you would have to recruit (and possibly pay) 109 other people to participate in a felonious conspiracy to change the outcome of a congressional election by less than a single percentage point. Good luck with that.</span>Gilbert Pilzhttp://www.blogger.com/profile/07780921856469609693noreply@blogger.com3tag:blogger.com,1999:blog-1404532365205608026.post-25683314021524723242012-05-08T16:53:00.001-07:002012-05-14T14:55:09.806-07:00It’s the Viewers Dummy<p>I hate to pick on Mindjet again but I wouldn’t bother if I didn’t love their program (MindManager) and really want to see other people use it, yadda, yadda. I’m the “enthusiastic but cranky customer”. Sometimes it’s important to listen to me. So here goes:</p> <p>What’s with the overhead of getting a free, viewer-only version of MindManager? Seriously, didn’t Adobe (and hundreds of others) show everyone the way on this? The value of any document I create in MindManager is directly proportional to the number of people that can “easily” view that document. And (this part is important) the bar on “easily” is going <strong>down</strong> as the internet evolves. Ten years ago you could ask people to spend 20 minutes jumping through hoops to get a free version of your product but, as they say, “things have changed”.</p> <p>I’m trying to share information with people that may or may not understand the value in mind maps. A lot of people are still unfamiliar with the concept. Most of the people I have introduced to mind maps have gotten really excited about them. But, if you make it too hard for them to at least <strong>see</strong> their first map, there’s no chance you are ever going to convince them.</p> <p>The best thing Mindjet could do would be to implement something in the “code-on demand style” that could view any .mmap file (doable in JavaScript? – no idea, sorry.) Short of that, they need to make it very easy to download and install free viewers on whatever platforms make sense (can you really do anything useful with a mind map in a handheld form factor?)</p> <p>Finally, if you (the mythological reader) are thinking of taking me to task for using proprietary file formats – yeah, yeah. I may often claim to be right, but I seldom claim to be consistent. I like all the bling, bling in MindManager and I haven’t found free mind mapping tool that gives me that.</p> Gilbert Pilzhttp://www.blogger.com/profile/07780921856469609693noreply@blogger.com1tag:blogger.com,1999:blog-1404532365205608026.post-29549292713879028202012-03-23T18:42:00.001-07:002014-11-19T14:05:16.291-08:00Cloud Broker Overload<span style="font-family: Trebuchet MS;"> </span><br />
<span style="font-family: Trebuchet MS;"><br clear="all" /><em>'That's a great deal to make one word mean,' Alice said in a thoughtful tone.</em> </span><br />
<span style="font-family: Trebuchet MS;"><em>'When I make a word do a lot of work like that,' said Humpty Dumpty, 'I always pay it extra.'</em> </span><br />
<blockquote>
<span style="font-family: Trebuchet MS;"><em>- Through the Looking Glass</em></span></blockquote>
<span style="font-family: Trebuchet MS;"> <br />
</span><span style="font-family: Trebuchet MS;">“Cloud brokers” are a hot topic, thanks in part to their inclusion in the NIST Cloud Computing Reference Architecture [1]. NIST’s definition derives, in part, from a 2009 Gartner report [2].</span> <span style="font-family: 'Trebuchet MS';">As Ben Kepes points out [3], these definitions of cloud broker are at odds with the accepted meanings of the word “broker”. Ben also makes the point that the issue is more fundamental than what names we use to call the various actors in a multi-provider scenario. The article suggests the term “service intermediary” as more descriptive of the kinds of things that companies like enStratus and RightScale actually do – where “service intermediary” is defined as an actor that does service intermediation and/or service aggregation but doesn’t do service arbitration. </span><span style="font-family: 'Trebuchet MS';">Although I agree with much of Ben’s article, I think it misses the main problem with the NIST definition.</span><br />
<span style="font-family: 'Trebuchet MS';"><br /></span>
<br />
<h3>
<span style="font-family: Trebuchet MS; font-weight: normal;">The Boat Analogy</span></h3>
<span style="font-weight: normal;"><span style="font-family: Trebuchet MS;">Suppose I wanted to buy a boat. For various reasons, I decide to use a boat broker. I expect the broker to (among other things) </span><span style="font-family: Trebuchet MS;">introduce me to the parties selling boats and help me work through the process of buying the boat. The interaction pattern is three-way. The seller, the broker, and I are all aware of each others existence and expect different things from one another. For example, if the engine seized the day after I bought the boat, it is doubtful that I would hold the broker responsible.</span></span><br />
<span style="font-weight: normal;"><span style="font-family: Trebuchet MS;"><br /></span></span>
<span style="font-family: Trebuchet MS;">Suppose that, instead of buying a boat, I simply wanted to rent one. Now, instead of seeking out a broker, I would look for a <strong>boat charterer</strong>. In contrast to my dealings with the broker and the seller, my interactions with the chartering company are <strong>two-way</strong>. The chartering company may or may not own the boat. I don’t know and, ultimately, I don’t care. All I care about is that the boat is made available for my use over a specific period of time. Any problems with the boat are the responsibility of the chartering company – regardless of who owns the boat.</span><br />
<span style="font-family: Trebuchet MS;"><br /></span>
<span style="font-family: Trebuchet MS;">The main problem with the NIST definition is that it lumps “brokers” and “charterers” together and, in so doing, masks the significant differences in the interactions and expectations of the parties involved.</span><br />
<span style="font-family: Trebuchet MS;"><br /></span>
<br />
<h3>
<span style="font-family: Trebuchet MS; font-size: medium; font-weight: normal;">It’s the Relationships</span></h3>
<span style="font-family: Trebuchet MS;">The first step to unraveling this hairball is to stop focusing on the functional aspects of what (for argument’s sake) I will simply call “the intermediary”. Whether the intermediary simply arbitrates requests amongst (nearly) identical back-end providers or synthesizes an aggregation of different providers to create a new service is not as important as whether or not the consumer does or doesn’t have a contractual relationship with these back-end providers.</span><br />
<span style="font-family: Trebuchet MS;"><br /></span>
<span style="font-family: Trebuchet MS;">Regardless of how many back-end services an intermediary uses and regardless of how imaginatively it might use them, if the consumer doesn’t have a contractual relationship with those back-end providers, their interactions with that intermediary are no different than those of any other cloud provider. While the intermediary may have more fodder for excuses (“our storage provider failed in exactly such a way as to expose a heretofore unknown bug in our billing provider”), an SLA is an SLA and, if the intermediary fails to meet their SLA, the consumer is entitled to whatever compensation is specified in the service contract.</span><br />
<span style="font-family: 'Trebuchet MS';"><br /></span>
<span style="font-family: 'Trebuchet MS';">If you squint at the NIST definition you can infer that the distinction it draws between “given services” and services that “are not fixed” are a reference to the visibility (or lack thereof) between the consumer the back-end services. If this is the case, this distinction needs to be made explicit and unbundled from the definitions of intermediation, aggregation, and arbitrage.</span><br />
<span style="font-family: 'Trebuchet MS';"><br /></span>
<br />
<h3>
<span style="font-family: Trebuchet MS; font-size: medium; font-weight: normal;">Functional and Business Relationships</span></h3>
<span style="font-family: Trebuchet MS;">Most of the discussion around cloud brokers tends to focus on the functional relationships (i.e. who sends requests to whom and how are the results processed). Above, I point out the importance of the business relationships (i.e. who has contracts with whom). Obviously both sets of relationships are important. What makes multi-party cloud scenarios interesting is that the two sets of relationships are independent of one another. This can lead to a fair number of different scenarios.</span><br />
<span style="font-family: Trebuchet MS;"><br /></span>
<span style="font-family: Trebuchet MS;">Take, for example, the “punch out” scenario found in many enterprise purchase portals. The consumer (an employee) has both business and functional relationships with the intermediary (their employer). At some point there is an SSO exchange and the consumer is redirected from the intermediary to the provider (the supplier’s website). Although the consumer now has a functional relationship with the provider (in that they are sending requests and receiving responses from the supplier’s site) they do not have a business relationship with the provider (i.e. they aren’t asked for their credit card). Behind the scenes, there are both functional and business relationships between the employer and the supplier (the order information is sent back to the portal and the supplier expects to be paid by the employer).</span><br />
<span style="font-family: Trebuchet MS;"><br /></span>
<span style="font-family: Trebuchet MS;">If we confine our considerations to a cloud consumer, a single intermediary, and a single cloud provider then further restrict ourselves to consider only those cases in which the consumer has, at a minimum, a functional relationship with the intermediary and a business relationship with at least one other party – I figure there are 26 possible scenarios (you may want to check me on this). Granted, many of these combinations may not have a workable business case, but here are some discrete examples:</span><br />
<span style="font-family: Trebuchet MS;"><br /></span>
<span style="font-family: Trebuchet MS;"><strong>Jamcracker</strong></span><br />
<ul>
<li><span style="font-family: Trebuchet MS;">consumer has business and functional relationships with intermediary (Jamcracker)</span> </li>
<li><span style="font-family: Trebuchet MS;">consumer has business and functional relationships with the cloud provider (e.g. WebEx)</span> </li>
<li><span style="font-family: Trebuchet MS;">intermediary and cloud provider have business and functional relationships</span></li>
</ul>
<span style="font-family: Trebuchet MS;"><strong>SpotCloud</strong></span><br />
<ul>
<li><span style="font-family: Trebuchet MS;">consumer has business and functional relationships with intermediary (SpotCloud)</span> </li>
<li><span style="font-family: Trebuchet MS;">consumer has no business or functional relationship with cloud provider</span> </li>
<li><span style="font-family: Trebuchet MS;">intermediary and cloud provider have business and functional relationships</span></li>
</ul>
<span style="font-family: Trebuchet MS;"><strong>Akamai</strong></span><br />
<ul>
<li><span style="font-family: Trebuchet MS;">consumer has functional but no business relationship with intermediary (Akamai)</span> </li>
<li><span style="font-family: Trebuchet MS;">consumer has functional and business relationships with the cloud provider</span> </li>
<li><span style="font-family: Trebuchet MS;">intermediary and cloud provider have business and functional relationships</span></li>
</ul>
<span style="font-family: Trebuchet MS;">Again, the danger with calling all these scenarios “cloud broker scenarios" is that you will mask important differences in their characteristics and behavior.This creates both confusion and misunderstanding.</span><br />
<span style="font-family: Trebuchet MS;"><br /></span>
<br />
<h3>
<span style="font-family: Trebuchet MS; font-size: medium; font-weight: normal;">The Taxonomy Challenge</span></h3>
<span style="font-family: Trebuchet MS, sans-serif;">Obviously we can’t simply give each of the possible multi-party scenarios a unique name; there are too many to remember. What we have is the classic problem of taxonomy. The scenarios are distinguished along a number of different axes and it is difficult to tell which axis is “the most important”.</span><br />
<span style="font-family: Trebuchet MS, sans-serif;"><br /></span>
<span style="font-family: Trebuchet MS, sans-serif;">While I don’t have a complete answer to this problem, it seems to me that it makes the most sense to do the “top level split” around the existence or non-existence of any business relationship between the consumer and the back-end provider(s). Although it pains me to admit it, the industry is coalescing around the term “cloud broker” to refer to scenarios in which there is no business relationship between the consumer and the provider (exactly the opposite of how the term is used in the real world). This leaves the term “service intermediary” to refer to those scenarios in which there is a business relationship between the consumer and the cloud provider.</span><br />
<span style="font-family: Trebuchet MS, sans-serif;"><br /></span>
<span style="font-family: Trebuchet MS, sans-serif;">When describing new things it is easy to fall into the trap of wasting time arguing about their names. Regardless of what terms people use, it would be helpful if we consistently used the same, separate names to refer to the top-level cases I outlined above. “Broker” and “intermediary” are as good as any others.</span><br />
<span style="font-family: Trebuchet MS, sans-serif;"><br /></span>
<br />
<h3>
<span style="font-family: Trebuchet MS; font-size: medium; font-weight: normal;">Final Digression</span></h3>
<span style="font-family: Trebuchet MS;">I suspect that the term “cloud broker”, as it is currently used, derives from an older term – “message broker”. This makes sense because “message broker” is misapplied in exactly the same way as “cloud broker”. “Message broker” is commonly used to refer to an architectural pattern in which you use an intermediary to <em>minimize</em> or <em>eliminate </em>the producer’s and consumer’s awareness of each another.</span><br />
<span style="font-family: Trebuchet MS;"><br /></span>
<br />
<h3>
<span style="font-family: Trebuchet MS; font-size: medium; font-weight: normal;">References</span></h3>
<span style="font-family: Trebuchet MS, sans-serif;">[1] NIST SP 500-292, “NIST Cloud Computing Reference Architecture”, <a href="http://collaborate.nist.gov/twiki-cloud-computing/pub/CloudComputing/ReferenceArchitectureTaxonomy/NIST_SP_500-292_-_090611.pdf" target="_blank">http://collaborate.nist.gov/twiki-cloud-computing/pub/CloudComputing/ReferenceArchitectureTaxonomy/NIST_SP_500-292_-_090611.pdf</a></span><br />
<span style="font-family: Trebuchet MS, sans-serif;"><br /></span>
<span style="font-family: Trebuchet MS, sans-serif;">[2] Gartner, “Gartner Says Cloud Consumers Need Brokerages to Unlock the Potential of Cloud Services”, <a href="http://www.gartner.com/it/page.jsp?id=1064712" target="_blank">http://www.gartner.com/it/page.jsp?id=1064712</a></span><br />
<span style="font-family: Trebuchet MS, sans-serif;"><br /></span>
<span style="font-family: Trebuchet MS, sans-serif;">[3] Diversity, “NIST Decides to Redefine the English Language, Broker != Service Intermediary”, <a href="http://www.diversity.net.nz/nist-decides-to-redefine-the-english-language-broker-service-intermediary/2011/09/12/">http://www.diversity.net.nz/nist-decides-to-redefine-the-english-language-broker-service-intermediary/2011/09/12/</a></span>Gilbert Pilzhttp://www.blogger.com/profile/07780921856469609693noreply@blogger.com2tag:blogger.com,1999:blog-1404532365205608026.post-55970859586075752672012-01-23T14:02:00.001-08:002012-01-23T19:03:49.480-08:00Spec Conformance in the Age of Clouds<p>As a veteran of three or four (depending upon how you count them) majorly disruptive changes in computing, I’m always on the lookout for things that distinguish cloud computing from what-has-been-before. I am seeing a rather interesting change in the notion of “conformance” as it applies to the way specifications are written and negotiated.</p> <h1><font size="3">What Does “Conform” Mean?</font></h1> <p>To be brief (and oversimplify somewhat), in the age of packaged software, a statement in a specification that “conformant implementations MUST support FeatureX” is a promise about the possible behavior of any software claiming to conform to that spec. If you buy a chunk of software that claims to conform to this specification, it must be possible for you to configure that software such that FeatureX is supported. Note that this configuration doesn’t have to be the default configuration. The vendor that sold you the software may even recommend <strong>against</strong> such a configuration. Nevertheless, that vendor can rightfully claim that their product conforms to the spec, even if some of their customers “choose” to configure their deployments in ways that are not spec conformant.</p> <p>In the cloud, a statement that “conformant implementations MUST support FeatureX” is more closely a statement about the actual runtime configuration of any system claiming to conform to that spec. Because the vendor and provider roles have merged, “the vendor” cannot simply allow “the provider” to enable support for FeatureX – FeatureX has to actually be supported in the systems that are deployed and operated by that provider. There are ways the provider can skirt this, for example, by allowing/enabling FeatureX on a per-tenant basis – but, overall, it seems to me that the move to cloud computing has reduced the amount of wiggle room available to implementers.</p> <h1><font size="3">Sausage Making</font></h1> <p><em>Warning to anyone laboring under the illusion that specifications are crafted by disinterested scientists whose main goal is technical quality: this next section deals with some of the political/technical maneuvering that goes into creating specifications and may be unsettling.</em></p> <p>Let’s lay out a scenario: You are involved in a standards-development group that is collaborating on the specification of some API. It turns out that some members of this group feel that it is absolutely essential that the API <strong>MUST </strong>support FeatureX. After researching their proposal you become convinced that these people have been engaging in some activity that seriously impairs the functioning of their pre-frontal cortex. You try arguing them out of it, watering down the requirement, etc. all to no avail.</p> <p>If you are representing an organization that develops and sells packaged software, this situation is not too dire if (1) FeatureX doesn’t affect too many other areas, (2) a minimal FeatureX isn’t overly complicated and difficult to implement, (3) you are reasonably sure that none of your customers will ever want FeatureX. Simply get your developers to implement a minimal version of FeatureX, enable it as a non-default configuration option, and ship. If you are right about (3), the code for FeatureX will never be exercised outside of conformance testing. You and your organization may not want to do this, but you have some degree of flexibility.</p> <p>Now suppose you are representing an organization the develops, hosts, and operates a cloud service. Even with per-tenant configuration tricks, the call to require FeatureX means that your organization not only has to develop the code to support FeatureX, it may have to deploy it and support it. This significantly raises the stakes around conformance – particularly for features that are “operationally infeasible” in your particular architecture. You can’t be flexible about a requirement to support a feature you can’t actually support.</p> <h1><font size="3">Upshot</font></h1> <p>I see a couple of obvious effects of this difference in the context around cloud specifications. The first is that cloud specs will take longer to develop. Arguments that formerly could have been resolved with a “fine, have your FeatureX” now have to follow some (in all likelihood torturous) course that morphs FeatureX into something everyone can support and/or some parties have to reconcile themselves to the refactoring work necessary to support it. Secondly, I expect cloud specs to have fewer strange requirements that were included due to the intransigence of some parties and laziness of others. This is a good thing for interoperability and thus for humanity at large.</p> <h1><font size="3">Caveat</font></h1> <p>Note that none of this has anything to do with the creation (or blessed lack thereof) of “optional features” – i.e. features that are described by a spec but not required to claim conformance. As near as I can tell, there is nothing about the context of cloud computing that effects the creation of such features one way or another.</p> Gilbert Pilzhttp://www.blogger.com/profile/07780921856469609693noreply@blogger.com1tag:blogger.com,1999:blog-1404532365205608026.post-4822167045779614192011-01-05T17:00:00.001-08:002011-01-05T17:00:40.592-08:00lyrics daddy moon<p>If you came across this because you are searching for the artist or lyrics to the song that played on the episode of Parenthood that aired Tuesday, January 11th 2011 that has the hook line “oh daddy moon …” this post is to tell you that artist is <a href="http://www.tomfreund.com/" target="_blank">Tom Freund</a> and the name of the song is “<a href="http://www.youtube.com/watch?v=2egKnOIWn-k" target="_blank">Little Room Of Mine</a>”. You can find the song on his latest album “<a href="http://tomfreund.com/fit-to-screen/" target="_blank">Fit To Screen</a>”.</p> <p>Obviously I like Tom or I wouldn’t be trying to help other people find him. If you liked “Little Room Of Mine” you’ll like is other stuff.</p> <div class="wlWriterEditableSmartContent" id="scid:0767317B-992E-4b12-91E0-4F059A8CECA8:c8188ea3-6a2a-4a62-8ab1-809213944400" style="padding-right: 0px; display: inline; padding-left: 0px; float: none; padding-bottom: 0px; margin: 0px; padding-top: 0px">Technorati Tags: <a href="http://technorati.com/tags/music" rel="tag">music</a>,<a href="http://technorati.com/tags/tomfreund" rel="tag">tomfreund</a></div> Gilbert Pilzhttp://www.blogger.com/profile/07780921856469609693noreply@blogger.com5tag:blogger.com,1999:blog-1404532365205608026.post-31753808412509667312011-01-05T12:35:00.001-08:002011-01-05T12:35:25.400-08:00The Mind that Maps<p>Considering my appetite for cool software tools, it shouldn’t come as a surprise that I’m into mind mapping software. I’ve used <a href="http://www.mindjet.com/" target="_blank">MindManager</a> for years now and, though I like the product, I can’t see shelling out $180 for an upgrade when there are so many <a href="http://lifehacker.com/5188833/hive-five-five-best-mind-mapping-applications" target="_blank">cheaper/free alternatives</a>. Is it too much to expect Mindjet to factor the existence of these competitive offerings into their pricing? Or is it just the case that MindManager is targeted at the enterprise and no one actually uses their own money to buy it?</p> <div class="wlWriterEditableSmartContent" id="scid:0767317B-992E-4b12-91E0-4F059A8CECA8:933b588a-1c74-4948-99d3-3f5a7d53b410" style="padding-right: 0px; display: inline; padding-left: 0px; float: none; padding-bottom: 0px; margin: 0px; padding-top: 0px">Technorati Tags: <a href="http://technorati.com/tags/mindmap" rel="tag">mindmap</a>,<a href="http://technorati.com/tags/tools" rel="tag">tools</a></div> Gilbert Pilzhttp://www.blogger.com/profile/07780921856469609693noreply@blogger.com0tag:blogger.com,1999:blog-1404532365205608026.post-47008300295410607742010-12-22T09:59:00.001-08:002010-12-22T09:59:43.935-08:00Something Clever to Say<p>I often wonder how many misbegotten trends in IT have their origin in the need to say something clever about a subject that you don’t know very much about. Example (circa 2002):</p> <p>Joe’s Manager: <em>Joe, what do you think about this web services stuff?</em></p> <p>Joe: (scrambling) <em>I think it has a lot of potential but, uh . . ., they really need to solve the security problem first.</em></p> <p>The truth of the matter is, at the time, Joe knew almost nothing about web services, SOAP, etc. but he had read/overheard just enough to know that “everybody” was concerned with “the security problem” (whatever that was). The result was the development of a boatload of  new technologies (WS-Security and its attendant profiles, WS-SecurityPolicy, WS-Trust, WS-SecureConversation, etc.) when the vast majority of SOAP deployments do fine with little more than SSL and BasicAuth. I remember a SOAP-oriented conference in 2005 in which a vendor rep asked the audience “How many of you are using or planning to use WS-Security?”. When only one hand (in a room of at least 100) went up, the rep went slightly non-linear saying something to the effect of, “WTF, you asked us to build all this stuff …?!?”</p> <p>Fast forward to today and substitute “cloud” for “web services”. I’m willing to admit that there are a few security issues that are unique to the cloud (mostly around multi-tenancy), but I assert that 99% of “cloud security issues” are no different than current IT security issues. I’m worried that, in their need to have something clever to say about the cloud, people are creating the false impression that someone needs to invent a whole boatload of “cloud security” technologies when we simply need to re-apply our current security solutions.</p> <div class="wlWriterEditableSmartContent" id="scid:0767317B-992E-4b12-91E0-4F059A8CECA8:7fe23bda-77a2-457b-83d6-8d689b9c198a" style="padding-right: 0px; display: inline; padding-left: 0px; float: none; padding-bottom: 0px; margin: 0px; padding-top: 0px">Technorati Tags: <a href="http://technorati.com/tags/cloud" rel="tag">cloud</a>,<a href="http://technorati.com/tags/security" rel="tag">security</a></div> Gilbert Pilzhttp://www.blogger.com/profile/07780921856469609693noreply@blogger.com0tag:blogger.com,1999:blog-1404532365205608026.post-64003656022163337882010-11-11T16:38:00.001-08:002010-11-11T16:38:15.450-08:00For the Children<div class="wlWriterEditableSmartContent" id="scid:0767317B-992E-4b12-91E0-4F059A8CECA8:1d7687cf-c827-4370-af7b-b05511a77b1d" style="padding-right: 0px; display: inline; padding-left: 0px; float: none; padding-bottom: 0px; margin: 0px; padding-top: 0px">BuzzNet Tags: <a href="http://www.buzznet.com/tags/prop19" rel="tag">prop19</a>,<a href="http://www.buzznet.com/tags/marijuana" rel="tag">marijuana</a>,<a href="http://www.buzznet.com/tags/legalization" rel="tag">legalization</a></div> <p>While I’m on the subject of marijuana legalization, I just have to spend a few moments rebutting one of the stupidest arguments I heard in the recent debate on CA’s Proposition 19 - “If you legalize pot, all your kids will be doing it”.</p> <p>To understand why I think this is such a dumb argument I have to relate the following. When I was a kid growing up in the suburbs of Chicago in the late 70’s it was way, way easier for me (and everyone else I knew) to get our hands on pot than alcohol. Why was this? Because alcohol was legal for people 21 and over and pot was illegal for everybody.</p> <p>The people I bought pot from, and the only way that anybody I knew got pot, were acquaintances of mine – sometimes slightly older kids. Meanwhile the only place to buy liquor was stores and bars. The kids selling me pot weren’t taking any great risk in doing so – we’re talking very small quantities here and you had to be a true idiot to get caught. The people who <strong>weren’t</strong> selling me liquor were doing so because they didn’t want to lose their liquor license for the sake of a cheap case of beer and a bottle of peach schnapps.</p> <p>This may all be anecdotal, but I’m pretty sure it’s not. If you want to stop people from selling any kind of drug to kids you have to (a) legalize that drug for use by adults, (b) license the sale of that drug, (c) revoke that license if they are caught selling to minors. You need the carrot <strong>and</strong> the stick. If I were emperor of CA, I’d tie your liquor license, your lottery concession, and your marijuana license into one big bundle – get caught selling any of these to minors and we’ll revoke all three. </p> Gilbert Pilzhttp://www.blogger.com/profile/07780921856469609693noreply@blogger.com0tag:blogger.com,1999:blog-1404532365205608026.post-54167095640150297652010-11-11T15:50:00.001-08:002010-11-11T15:50:08.805-08:00Prop 19 and Huck Finn<div class="wlWriterEditableSmartContent" id="scid:0767317B-992E-4b12-91E0-4F059A8CECA8:e5a4ab56-57de-4ef9-b288-168b01e7dad5" style="padding-right: 0px; display: inline; padding-left: 0px; float: none; padding-bottom: 0px; margin: 0px; padding-top: 0px">BuzzNet Tags: <a href="http://www.buzznet.com/tags/prop19" rel="tag">prop19</a>,<a href="http://www.buzznet.com/tags/marijuana" rel="tag">marijuana</a>,<a href="http://www.buzznet.com/tags/legalization" rel="tag">legalization</a>,<a href="http://www.buzznet.com/tags/marktwain" rel="tag">marktwain</a></div> <p>While reading Huckleberry Finn to Annelise I came across the following:</p> <p><font face="Times New Roman">Pretty soon I wanted to smoke, and asked the widow to let me. But she wouldn't. She said it was a mean practice and wasn't clean, and I must try to not do it any more. That is just the way with some people. They get down on a thing when they don't know nothing about it. Here she was a bothering about Moses, which was no kin to her, and no use to anybody, being gone, you see, yet finding a power of fault with me for doing a thing that had some good in it. And she took snuff too; of course that was all right, because she done it herself.</font></p> <p>For those that voted “no” on California’s recent <a href="http://yeson19.com/" target="_blank">Proposition 19</a>, it seems like Huck has got your number.</p> Gilbert Pilzhttp://www.blogger.com/profile/07780921856469609693noreply@blogger.com0tag:blogger.com,1999:blog-1404532365205608026.post-15105261721851918202010-01-15T23:07:00.001-08:002010-01-15T23:10:59.089-08:00Nature<p>This is a riff on something I heard some mad philosopher say on <a href="http://www.onpointradio.org/2009/12/philosophy-in-the-streets" target="_blank">NPR</a>, so the original idea isn’t mine (I don’t have any original ideas). This guy was ranting that “Nature” had replaced “God” as our cultural conscience. The clichéd assumptions are everywhere: everything that is Natural is good, Nature is harmonious and in balance,  humanity should strive to align itself with Nature - if/when we ever do, all will be well.</p> <p>In truth Nature is anything but balanced. It only looks that way to us because our timescales are so ridiculously short. "Nature” is one giant cataclysm after another. Not once, but <strong><a href="http://www.space.com/scienceastronomy/planetearth/extinction_sidebar_000907.html" target="_blank">five</a></strong> times has this planet seen mass extinctions where, for example, 70% of the land species were completely wiped out. Massive floods of magma could bubble up from the Earth’s core (tomorrow) and wipe out the human race (along with all other mammals, most birds, reptiles, etc.). To “Nature”, this wouldn’t be that big of a deal. Nature isn’t our mother and Nature doesn’t <strong>care</strong> if we live or if we die. “Nature” doesn’t care if we do or don’t try to “live in harmony” with the current equilibrium point (however short-lived it may be).</p> <p>I think we should stop deifying Nature and get <strong>pragmatic</strong>. Take the best telescopes we’ve got and look out at the universe. Do you see, <strong>anywhere</strong>, any place where humans beings can live that we can get to? <font size="5"><strong>No.</strong></font> Alright then, what we have here is a <strong>liferaft situation.</strong> We are living in the <strong>only</strong> place that we <strong>can</strong> live and we have to take care of it because we have no idea how long we may need it to last.</p> <div class="wlWriterEditableSmartContent" id="scid:0767317B-992E-4b12-91E0-4F059A8CECA8:44a43542-3181-4a19-b87f-e69093dc0656" style="padding-right: 0px; display: inline; padding-left: 0px; float: none; padding-bottom: 0px; margin: 0px; padding-top: 0px">BuzzNet Tags: <a href="http://www.buzznet.com/tags/philosophy" rel="tag">philosophy</a>,<a href="http://www.buzznet.com/tags/green" rel="tag">green</a>,<a href="http://www.buzznet.com/tags/god" rel="tag">god</a>,<a href="http://www.buzznet.com/tags/practical+approaches+to+the+survival+of+the+human+species" rel="tag">practical approaches to the survival of the human species</a></div> Gilbert Pilzhttp://www.blogger.com/profile/07780921856469609693noreply@blogger.com0tag:blogger.com,1999:blog-1404532365205608026.post-19505406709985076212009-12-16T16:37:00.001-08:002009-12-16T16:37:23.135-08:00Buckets of Rain<p>My college roommates and I were fanatical about music. When we moved in together in the fall of 1983, our combined record collection spanned the length of our living room wall (long ways). In it you would find generous helpings of XTC, The Clash, Elvis Costello, Dire Straits, The Ramones, what little there was (at the time) from REM and U2, along with the classics we’d grown up with (Beatles, Stones, Who, etc.)</p> <p>One thing I could never get my roommates to appreciate, however, was Bob Dylan. I’d first been turned on to Dylan late in high school. Who knows why these things happen? My older sister had left behind a copy of “Bob Dylan’s Greatest Hits Volume II” when she’d gone off to college and it had infected me (the very best version, ever, of “You Ain’t Goin’ Nowhere” is on that album). Since then I had bought a bunch of Dylan records, earlier and later, but my favorite was “Blood on the Tracks”. I had tried several times to get my roommates to appreciate Dylan but, like most people, they couldn’t get past his voice (and this is before he took to basically speaking his lyrics).</p> <p>So it’s late in that last year of school. Some random, rainy afternoon; between classes there’s just Ken and me in the apartment. Ken is doing dishes and I’m doing I don’t remember what (not stressed at this point – must have already landed first job). I’m playing “Blood on the Tracks” and Ken is putting up with it. “Buckets of Rain” comes on:</p> <p>I like your smile and your fingertips <br />I like the way that you move your hips <br />I like the cool way you look at me <br />everything about you is bringing me misery</p> <p>Ken laughs. He’s thinking about his girlfriend, Kim. He says something like “That’s good” or “I like that”. Small victory.</p> Gilbert Pilzhttp://www.blogger.com/profile/07780921856469609693noreply@blogger.com1tag:blogger.com,1999:blog-1404532365205608026.post-38459467149591897532009-11-29T21:49:00.001-08:002009-11-29T21:49:13.359-08:00Firefox Updates and Magic Formation<p>For awhile now I have used a little gesture-based launcher called <a href="http://tokyodownstairs.blogspot.com/2008/03/magic-formation.html" target="_blank">Magic Formation</a>. Like many of the things that are designed to make my life simpler but end up consuming all my time, I found out about this tool on <a href="http://lifehacker.com/5165523/magic-formation-is-a-circular-dock-launcher" target="_blank">Lifehacker</a>.</p> <p>The tool is pretty simple. You draw a quick little circle with your mouse and up pops this circle of launch icons. It is also pretty addictive. When using a computer that doesn’t have Magic Formation installed, I find myself reflexively drawing useless little circles before realizing “Oh yeah, I’ve got to find the launch bar.”</p> <p>One thing that keeps biting me, though, is that when Magic Formation is running, Firefox updates won’t work. When Firefox tries to apply an update you get “The update could not be installed. Please make sure there are no other copies of Firefox running on your computer, and then restart Firefox to try again.” Obviously Magic Formation is holding a handle to some kind of resource that Firefox update wants to change (firefox.exe?) and Firefox doesn’t like this.</p> <p>The solution is simple. Just “Quit” out of Magic Formation, start or restart Firefox, let it update, then restart Magic Formation.</p> <p>My only hope is that I will either remember I wrote this or goog will pick it up and I’ll find it the next time I have problems updating Firefox.</p> <div class="wlWriterEditableSmartContent" id="scid:0767317B-992E-4b12-91E0-4F059A8CECA8:fb9b15c2-ec76-4148-973e-7a4eab8007e3" style="padding-right: 0px; display: inline; padding-left: 0px; float: none; padding-bottom: 0px; margin: 0px; padding-top: 0px">Technorati Tags: <a href="http://technorati.com/tags/firefox+tools" rel="tag">firefox tools</a>,<a href="http://technorati.com/tags/tools" rel="tag">tools</a></div> Gilbert Pilzhttp://www.blogger.com/profile/07780921856469609693noreply@blogger.com0tag:blogger.com,1999:blog-1404532365205608026.post-54660458091390247422009-04-16T14:01:00.001-07:002009-04-16T14:02:41.998-07:00Intuit, What Were You Thinking?<p>The exercise of preparing taxes always sets me on a organizing binge where I try to get a handle on the chaos that surrounds me. This year one of my big pain points was medical expenses and the management thereof. For reasons I won't go into, we wracked up a lot of medical expenses last year and will probably continue to do so this year. Due to a certain, shall we say, <em>disaffection</em> for the treatments prescribed by the biomedical industrial complex (all of which seem to involve the use of patented pharmaceuticals with side-effects that can only be remedied by additional, patented pharmaceuticals with side-effects that . . . (recurse until death or complete exhaustion of funds)) none of these expenses are covered by my employers health plan (as another branch of the previously mentioned biomedical industrial complex, why would it?). So that brings in my "Flexible Spending Account", multiple, related transactions of slightly different amounts, etc. Obviously I need software to manage this mess.</p> <p>It turns out that my old friends at Intuit have something called "Quicken Medical Expense Manager". Now I'm a Quicken user from way back. I used Quicken back in the days when you connected to the net with a 28K modem and SLIP. I was the guy constantly pestering his bank for Quicken integration and explaining over and over how I managed my money with a program that I ran on <strong>my</strong> computer, at <strong>home,</strong> which I would like to connect to <strong>their</strong> computer so I could save both <strong>them</strong> and <strong>me</strong> time and money.<strong> </strong>I still prefer to use the native version of Quicken despite my general enthusiasm for Software as a Service (or is it "cloud computing" now? . . so hard to keep up).</p> <p>So I come across this Quicken Medical Expense Manager (MEM for short) and initially I'm thinking "Great! I'll buy this puppy online, download, install it and use it to keep track of all this stuff." My initial assumption was, of course, that MEM would integrate with Quicken. By "integrate" I mean something like "If I enter a transaction in Quicken that matches certain criteria (category, payee, tag, etc.) it will automatically show up in MEM." and "If I enter a transaction in MEM it will automatically be imported into Quicken". How else, right? But something made me dig in a little further.</p> <p>It turns out that MEM is <strong>not</strong> integrated with Quicken nor does it seem that it ever will be (please, somebody prove me wrong). MEM is a stand-alone tool with no more links to Quicken than any other program you might download and install. If you enter a medical expense transaction in Quicken, you have to manually enter the same transaction into MEM and vice versa. WTF?!? Talk about out of touch with your customer base! Quicken users are, by and large, the type of people that are driven crazy by having to perform duplicate, manual tasks. We will pay money (and suffer through the unnecessary "upgrades" designed to milk us for more) for tools that save us from this time-sucking drudgery. Why would you try and sell us a tool that adds to this problem?</p> <p>And what's with the "Quicken" label? How is "Quicken Medical Expense Manager" related to Quicken at all if they aren't integrated? "Intuit Medical Expense Manager" would be a more honest title. Note to Inuit: the secret to selling a software suite is to make sure that every application in the suite integrates with every other application in the suite so that, even though the individual applications may not be the very best application you could get for a particular task, the suite as a whole delivers greater value than a collection of unrelated/unintegrated applications. This is just common sense to the ordinary individual but, in the world of software marketing, it looks like a stunningly brilliant strategy ("in the land of the blind . . .")</p> <p>The decision not to integrate Quicken and MEM is so dumb it must have been made by Inuit's upper management. I'm guessing that the thinking went something like this: "Because we have no way of measuring how much integrating the two products will increase sales, it isn't important enough to devote resources to. As long as MEM is 'good enough', people will buy it." They could actually have a point, but it's this kind of irksome decision that erodes customer loyalty and, when times get tough (like . . uh, now), you're going to wish you had that loyalty to fall back on. Ask yourself, "what would Apple do in a case like this?" Of course they would integrate the two even if you couldn't prove that it would result in more sales this quarter! That's why Apple has fanboys and Intuit doesn't.</p> <div class="wlWriterSmartContent" id="scid:0767317B-992E-4b12-91E0-4F059A8CECA8:afe9dbe3-738f-481b-9c9b-5240b33d90dc" style="padding-right: 0px; display: inline; padding-left: 0px; padding-bottom: 0px; margin: 0px; padding-top: 0px">Technorati Tags: <a href="http://technorati.com/tags/software" rel="tag">software</a>,<a href="http://technorati.com/tags/personal" rel="tag">personal</a></div> Gilbert Pilzhttp://www.blogger.com/profile/07780921856469609693noreply@blogger.com0tag:blogger.com,1999:blog-1404532365205608026.post-60925257555398121662008-11-13T14:41:00.000-08:002008-11-13T15:20:10.016-08:00Cool Ways to Teach History<span style="font-family:arial;">Just saw this article in <a href="http://www.theregister.co.uk/2008/11/13/google_earth_ancient_rome/">The Register</a> and it made me think of an old idea for teaching what life in Rome was like circa whenever. Basically you start with the information in "Ancient Rome 3D" and you use it to create a mediated MPORG in which the students can participate as individual characters. I use the term "mediated" because I think it is important to allow the teacher to control plot lines and external events to illustrate specific points such as food riots, etc. The idea is not to replace reading and discussion, but to help provide a more immediate context for these more traditional types of instruction.<br /><br />Obviously this same technique could be applied to just about any time and place for which we have enough data to create the 3D environment. You could hit all the high points, Athens circa 500 BC, Tenochtitlan circa 1400, San Francisco circa 1965. What is really exciting is that, technically, this should be relatively easy to do. That is to say, it could be done with an awful lot of work by artists, programmers, writers, etc. like any game, but we don't need to invent any new technologies to make it happen. All we need is a business plan whereby somebody can make money off of this idea while simultaneously providing it to schools for little to nothing.</span>Gilbert Pilzhttp://www.blogger.com/profile/07780921856469609693noreply@blogger.com0tag:blogger.com,1999:blog-1404532365205608026.post-59370508793384811492008-11-13T10:41:00.000-08:002008-11-13T11:11:01.124-08:00Computer "Science"Someone brought this up at a recent WS-I meeting and I thought it was funny enough to riff on; "Things with 'science' in their names usually aren't". Examples were provided such as "Political Science", "Social Science", and "Scientology" (the last one is a stretch). The shared joke being that we all felt our profession, despite outwards appearances, to be much more akin to political science than physics.<br /><br />Certainly there are sub-fields of computer ccience that are scientifically rigorous, but I would guess that the majority of "programmers" rarely measure anything more than simple performance metrics, rarely use any math more complicated than basic combanitorics, etc. Obviously you need to be able to think logically and express your ideas in a non-ambiguous language in order to program, but that doesn't make us scientists any more than reheating frozen waffles makes someone a chef. I've always thought that Computer Science (the programming part - not the designing chips part) would be more properly thought of as a "Applied Philosophy" than as a sub-branch of mathematics, science, or engineering.Gilbert Pilzhttp://www.blogger.com/profile/07780921856469609693noreply@blogger.com1tag:blogger.com,1999:blog-1404532365205608026.post-64361406945227070672007-10-05T14:35:00.001-07:002008-07-20T22:27:19.227-07:00A Better VOIP ClientI dislike phones. Not so much the phones themselves, but their interface. The basic interface, a bunch of numbers and some special keys, is bad enough, but when this interface is extended it's always a mess. I don't think I've ever seen two phones with the same mechanism for programming the speed dial buttons and the conferencing features are always hopelessly arcane. Even something as simple as putting someone on/off hold can be ridiculously complicated.<br /><br />This is one of the reasons I prefer VOIP service to POTS service. I use a service called <a href="http://myphonecompany.com/">MyPhoneCompany.com</a> (bad marketing - reasonable service) because they allow me to pay minimal $ for "softphone only" plan. Not having to have a clunky piece of legacy, single-purpose audio signaling technology taking up space on my already overcrowded desk is a big plus for me. Wherever my laptop goes so does my "phone", which is perfect because I seldom call people unless I'm using my laptop and, if I weren't, I'd be using my cell phone.<br /><br />But there's a problem to all this. For reasons that I can't comprehend, most VOIP clients go to great pains to try and look like physical phones. The number buttons are the primary interface element and the mute, conference, etc. elements look like the kind of tiny buttons you see on a cell phone. Meanwhile the crucial features like contacts and call history are buried beneath layers of menus. This is just stupid and misguided (I know that Skype, Yahoo, and other IM clients that provide voice service are an exception, but I'm talking primarily about SIP clients here). I want a VOIP client that exploits the fact that it is a <span style="font-style: italic;">computer application</span> with access to all the GUI wizardry provided by a modern OS.<br /><br />Here's what a VOIP client should look like (it's also what an IM client should look like, but let's not go there):<br /><br />1.) It should integrate with my contacts database (whether that is Outlook, Thunderbird, Palm Desktop, whatever) so completely that it should almost seem like an extension of that system. I don't ever want to enter names and phone numbers into the VOIP application and have them stranded there. It would even be okay if the VOIP app didn't allow me to enter contact information, but instead forced me to use my PIM client (though it would be nice to, on those occasions when I manually dial a number, to easily record that number into my contacts).<br /><br />2.) You need to be able to access "the number buttons", but they are <span style="font-weight: bold;">not</span> the most important element of the interface. A numeric keypad should be off to the side and out of the way. Handy when you need it, but not taking up too much space or attention.<br /><br />3.) The most important element of the phone is my contacts. I want to see my contacts as a "tag cloud". The tags are placed on individual phone numbers but the phone numbers should have meaningful names like "Smith, Bob (home)" (the same way <a href="http://del.icio.us/">del.icio.us</a> *tags* URLs but what you *see* is the "site name" or whatever label you have slapped on the entry). Clicking on a tag brings up a list of all the entries labeled with that tag. Clicking on an entry dials the number for that entry. Simple, right?<br /><br />4.) I want the tags to be partially managed by me and partially managed by the VOIP app. For example, there should be an app-managed tag named "mostCalled". This should contain the 10 or so contacts that I call the most often as tracked by the app. Other automatic tags would be the letters a-z correlated against first letter of the persons last name or the name of the company, etc. For example, clicking on the "a" tag would show me a list of entries like "Adams, Michael (home)", "Adams, Michael (cell)", "American Airlines", etc. There could be other app-managed tags that might be useful like "recentCalls", but you get the idea. The other tags should be managed by me pretty much the same way I manage tags for del.icio.us.<br /><br />5.) Obviously I should be able to search my contacts. The contacts/VOIP integration should include launching the VOIP app when I click on a phone number in the PIM app.<br /><br />6.) Conferencing in another number to an existing call should be implemented with a context menu selection off an that entry; find an entry, bring up the context menu, select "conference" and they're called and added.<br /><br />7.) All other features and functions (hold, mute, record, etc.) should be implemented the way you would any normal, modern GUI (menus, toolbars, ribbons, etc.)<br /><br />If anyone implements something like this, please let me know and I'll help test it.Gilbert Pilzhttp://www.blogger.com/profile/07780921856469609693noreply@blogger.com0tag:blogger.com,1999:blog-1404532365205608026.post-87573711586561172582007-04-24T13:43:00.000-07:002007-04-24T13:50:58.350-07:00Two Forward and One Back<span style="font-family:trebuchet ms;">Got to see a demonstration of Salesforce.com's Appex platform and the AppExchange marketplace at <a href="http://www.saascon.com/live/48/events/48SJO07A">SaasCon</a>. I was very impressed by the demonstration. It's difficult to convey the visceral impact of seeing the cycle of idea->development->advertisement ->installation->evaluation->purchase taking place without either the developer or the customer having to install or manage <b>anything</b>. I caught a glimpse into one of software's possible futures. When all was said and done, though, I had to remind myself what I was really looking at; an application coded in a proprietary language running on a proprietary platform.<br /><br />Obviously I have no knowledge of <span class="blsp-spelling-error" id="SPELLING_ERROR_0">Salesforce's</span> plans for <span class="blsp-spelling-error" id="SPELLING_ERROR_1">Appex</span> and <span class="blsp-spelling-error" id="SPELLING_ERROR_2">AppExchange</span>, but what I have seen leads me to believe that they have no intention of opening up the system to competition. Sure, sure, anybody can write apps on <span class="blsp-spelling-error" id="SPELLING_ERROR_3">Appex</span> and anybody can buy these apps. You don't even have to <a href="http://blogs.zdnet.com/BTL/?p=4896">subscribe to the core <span class="blsp-spelling-error" id="SPELLING_ERROR_4">CRM</span> product anymore</a>, but it's still a closed system. <span class="blsp-spelling-error" id="SPELLING_ERROR_5">Appex</span> and <span class="blsp-spelling-error" id="SPELLING_ERROR_6">AppExchange</span> are a big tent in which all sorts of interesting things can take place but, to get into that tent, you have to pay <span class="blsp-spelling-error" id="SPELLING_ERROR_7">Salesforce</span> for a ticket.<br /><br />If you've been in the software industry as long as I have, you know where this is going. Neither <span class="blsp-spelling-error" id="SPELLING_ERROR_8">Salesforce</span> nor any other company is ever going to be big enough or good enough to contain the entire <span class="blsp-spelling-error" id="SPELLING_ERROR_9">SaaS</span> market. Already there <a href="http://www.apprenda.com/">exist <span class="blsp-spelling-error" id="SPELLING_ERROR_10">SaaS</span> platforms</a> that are somewhat similar to <span class="blsp-spelling-error" id="SPELLING_ERROR_11">Appex</span>. These and others not yet built will grow in scope and sophistication to compete with <span class="blsp-spelling-error" id="SPELLING_ERROR_12">Appex</span> . The bigger more successful on-demand <span class="blsp-spelling-error" id="SPELLING_ERROR_13">ISVs</span> are going to find themselves writing and maintaining multiple versions of their applications for these various platforms. They are not going to like this (multi-platform support is a costly activity that provides no business value to the customer). Eventually there will be some sort of open <span class="blsp-spelling-error" id="SPELLING_ERROR_14">SaaS</span> platform in which the <span class="blsp-spelling-error" id="SPELLING_ERROR_15">APIs</span>, management touch-points, deployment model, etc. will be "standardized" (not necessarily by a standards org) and the platform operators will compete on price and service quality (reliability, scalability, etc.). <span class="blsp-spelling-error" id="SPELLING_ERROR_16">Salesforce</span> and the other proprietary <span class="blsp-spelling-error" id="SPELLING_ERROR_17">SaaS</span> platform players are either going to have to switch to this open platform or fight an increasingly difficult battle to keep their <span class="blsp-spelling-error" id="SPELLING_ERROR_18">ISVs</span> and customers locked in.<br /><br />I'm an idealist so, of course, I'm bound to ask "couldn't we save ourselves the pain and go straight to an open platform?" Obviously it's in <span class="blsp-spelling-error" id="SPELLING_ERROR_19">Salesforce's</span> short-term interest to lock the <span class="blsp-spelling-error" id="SPELLING_ERROR_20">ISVs</span> into their language and platform; it's basically a license to print money. But in the long term, when the switch to open <span class="blsp-spelling-error" id="SPELLING_ERROR_21">SaaS</span> platforms occurs, they will have only hurt themselves. The history of the computer industry is full of companies that got so fat and sloppy on their proprietary systems they were unable to compete when the next wave removed their ability to keep their customers captive.<br /><br />It seems counter-intuitive, but I think <span class="blsp-spelling-error" id="SPELLING_ERROR_22">Salesforce's</span> best long-term move is to open up the <span class="blsp-spelling-error" id="SPELLING_ERROR_23">Appex</span> platform to competing service providers. That way the <span class="blsp-spelling-error" id="SPELLING_ERROR_24">de</span>-facto, open <span class="blsp-spelling-error" id="SPELLING_ERROR_25">SaaS</span> platform <span style="font-weight: bold;">is</span> <span class="blsp-spelling-error" id="SPELLING_ERROR_26">Appex</span>, a platform in which they (obviously) have a huge lead. The similarities to Java are obvious but, to be fair, I don't think Sun stood as much to gain from holding onto Java as <span class="blsp-spelling-error" id="SPELLING_ERROR_27">Salesforce</span> does from holding onto <span class="blsp-spelling-error" id="SPELLING_ERROR_28">Appex</span>.<br /></span>Gilbert Pilzhttp://www.blogger.com/profile/07780921856469609693noreply@blogger.com0