my recent reads..

Atomic Accidents: A History of Nuclear Meltdowns and Disasters; From the Ozark Mountains to Fukushima
Power Sources and Supplies: World Class Designs
Red Storm Rising
Locked On
Analog Circuits Cookbook
The Teeth Of The Tiger
Sharpe's Gold
Without Remorse
Practical Oscillator Handbook
Red Rabbit

Tuesday, June 24, 2008

Regrettably .. my Disqus experiment is over

It held great promise .. and I think still does .. but I am calling my experiment with Disqus commenting to en end.

I've unfortunately had too much feedback that it is just too (friggin) hard for the casual commenter. Bash me upside down, isn't it?

I hope the Disqus folks to manage to improve the interface to remove any barriers to adoption, because I still do look forward to the day we can wave goodbye to forums, and bring in an era of universally connected discussions!

Monday, June 23, 2008

The cutting edge of web applications? 280slides

It is amazing to see the art of the rich internet application (RIA) rocketing ahead over the past year or so, after a slow and troubled gestation over the past 12 years or so. Much of the progress has been incremental and focused on technical reimplementation of old non-web concepts (think event handling in a form GUI). Sometimes we take a big leap forward (think rails, prototype).

37signals arguably kicked of the current phase of web applications with basecamp that finally allow us to forget we are working in a browser (or was it writely? - now google docs).

Now we are seeing a selection of frameworks or products specifically designed for building modern RIAs. Rails is of course now fairly established in this space, but products like Flex, Air, Appcelerator and WaveMaker are redefining the envelope.

Well I'll be bold enough to say now that I think the guys from 280North have just redefined the cutting edge again with their powerpoint/keynote killer called 280Slides.

It's just out in public beta (isn't everything?), but I challenge you not to be impressed with just how much like a great piece of desktop software it is ... except you've also got the power of web access, sharing and delivery.

Perhaps even more impressive is the story behind the app, which you can hear in an interview on net@nite #57. When these guys set out to write web applications (like 280slides), they wanted a real development environment - like cocoa which they were familiar with having worked at Apple. So they built a cocoa-compatible/Objective-C like platform that runs in pure javascript. That's what is running 280slides, but building it is like building any old cocoa app. NB: the platform is still being kept internal, but their intention is to go open source when it is ready for the wild.

280North have only recently gone public with 280slides and the platform they have been building. Interesting to see at the same time we have Apple announcing a more conventional javascript library SproutCore. Can anyone spell a-c-q-u-i-s-i-t-i-o-n  t-a-r-g-e-t?

Exciting times!

Tuesday, June 17, 2008

Doing one thing at a time

James Shore discussed Agile Release Planning on this recent PM podcast, and it was refreshing to hear the benefits of agile pitched to a product management audience.

Like the best ideas, the tenets of agile appear almost too simple to be true. "Master of the bleeding obvious" Basil Fawlty would say. Yet most organisations seem structurally incapable of behaving along these lines.

James' presentation is very entertaining, and well worth a listen. He keeps the agenda short and well tuned to a PM audience. Although the ideas are born from a software environment, they are largely transferable to other domains. A discussion of five concepts to help you increase the value you deliver in business:

  • Work on one project at a time .. it improves your ROI

  • Release early and often .. get to market faster with a minimum, but valuable feature-set. Not only do you get to take advantage of the real customer voice sooner, but, again, better ROI.

  • Adapt your plans .. to slavishly avoid change is to confound the opportunity to increase the value of your work as new things are learned along the way

  • Conduct experiments .. your project can have many outcomes, and you will never know which is best unless you test options, collect data, and analyse

  • Plan at the last responsible moment .. avoid costly planning that is basically trying to predict the future (unsuccessfully). The later the decision, the more information you will have available to make a good decision.

The one project at a time struck a chord with me, as I've recently been campaigning in a minor way along these lines. The classic "proof" is the positive impact it can have on ROI if you allow appropriately sized teams to focus on one thing at a time. This is of course in addition to any productivity benefits you get from avoiding task switching, and giving people the chance to get into a flow state.

Here's my version of the graphic to illustrate the point:

Monday, June 16, 2008

bookjetty - a great new site to track, share, buy and borrow books

I've fallen in love with bookjetty, a great new site for books by Herryanto Siatono.

Although my It's a Prata Life blog is officially dedicated to prata (and always will be!), I also use it to keep a diary of the books I'm reading. I probably always will, but I do make sure to try out all the "book tracking" sites, facebook apps and so on that I come across.

None have really jiggled my worm until I discovered bookjetty.

The killer feature for me is the great library integration on the site. It helps answer all the usual questions I have whenever I hear about a new book..

  • Have I already got it or read it before?

  • Does one of my friends have it? Maybe I can borrow it..

  • Can I get it from the local library?

  • Can I buy it online?

  • (oh, and if the last two steps fail, I may actually visit a real bookstore!)

The library catalogue checks work a treat - right within your booklist. I used this feature yesterday as I knew I would be heading to the library. Within 5 minutes on bookjetty I had added a few books I'd been interested in reading and found out that 3 of them were available and on the shelf at my local library. An hour later, I had them checked out.

The bookjetty developer(s?) have done a great job of integrating the libraries, especially considering that most are still running archaic web 0.1 systems which are not very mashup friendly. I've posted before about a kludge to do library lookups from an amazon page, but it never works very reliably because of the dumb library catalogue it needs to talk to, so I can appreciate some of the challenges they may have had.

And here's an example of how the library checks appear...

If you are into books, I heartily recommend you go and register at bookjetty and check it out!

Sunday, June 15, 2008

Moving to Disqus for Comments

I recently moved this site's commenting feature to after listening to the great interview with Daniel from Disqus on net@night#53. I see I'm not alone..

You may think A Blog Without Comments Is Not a Blog, and most people have reviewed Disqus in terms of the improved commenting features it provides.

There is another point of view that really hit home for me as I considered the move.

I remember the pre/early web days when I was a very heavy nntp (news) user. In the job I had at the time, it became my lifeline to various specialist groups where I would share the little I knew and was able to draw on the sometimes instantaneous feedback from a global community of peers. I think those days still rank as the best and most productive community networking experience I have ever had.

As the early web came to life there were many areas in which we took short-term hits for (hopefully) long term gain. We moved from (pre-Domino) Lotus Notes to web publishing for example, not because it was better but because it represented a broadly accessible, stanadards-based platform. Web 2.0 is I think only now starting to surpass the degree of interactivity you could achieve with Notes circa 98.

IMHO, collaboration is another area that's been through a similar process. Simplifying somewhat, I saw blogs and web-based forums as a bifurcation of the old collaboration experience I had with nntp. Blogs at least did a decent job of allowing anyone to publish what they thought was worth sharing. Web-based forums never really tickled my mustard however.

Implementations have never been quite as efficient for greasing collaboration as nntp, and they lack the universal federation model that nntp has always had baked in. It also meant that forum discussions and information publishing (via blogs etc) became divorced.

So when I look at Disqus (and other similar offerings), I see a scheme to finally re-unify the publishing and discussion worlds. Disqus provides the forum capability integrastes with tyhe blog publishing world, eliminating the question "should I blog it, post it to a forum, or both?"

As you can tell from my little diagram above, I don't see much role for web forums as we know them today in the new world of collaboration. Maybe I am overly negative, but it does make me smile/cringe whenever I hear someone talking about "web 2.0: you know, forums etc..."

Notes on integrating Disqus with blogger

I'm using blogger. Since there are various guides around for the manual integration of Disqus, I thought it would be worthwhile to report on how the process went for me.

I'm using customised blogger layouts for my blogs, and actually found that the automatic integration support built into the setup process on Disqus worked very well.

Just a few things to note:

  • I used the "upload template" feature to load the version modified for me by Disqus. I think because of this, I had to "expand widget templates" and save the template again after the upload to have it take effect.

  • There is no import of existing comments yet (future feature), but it is possible to go back to old posts that do not yet have comments and switch them to Disqus mode by selecting the "Don't allow" reader comments post option.

Postscript: as I noted here, I've unfortunately had to drop my disqus experiment because it just isn't proving easy enough for people to use. Shame .. for now!

Some more on secure social networking - iHazYrCreds

The other day I added my voice to the call to end the perfidious practice of social networking sites requesting your email password.

In the discussion I made an off-hand reference to a fictitious site called iHazYrCreds. Well, it's not fictitious any longer ;-) For better or worse, you can now visit to find out more about the common password traps to avoid.

I'd like to see the day when asking for an email password in order to "import contacts" is deemed totally unacceptable (and negligent professional practice).

I would also welcome any moves by the big email providers (google, yahoo etc) to explicitly outlaw such use in their terms of service. I'm no lawyer, but I believe it is debatable whether it is already a violation.


..or "how to (try) and make the new economy work like the old one"

I recently borrowed John Hagel III and Arther G. Armstrong's Net Gain: Expanding Markets Through Virtual Communitiesfrom a colleague for a quick read.

It was published in 1997 by McKinsey & Company, and I must say it kinda shows. The book suffers from a myopic pre-occupation with the dual assumptions that:

  • organisations must race to establish virtual communities: the spoils will go to the fast and the bold
  • the aim is to profit from transactions conducted by the community while also garnering peerless customer loyalty

Ah, the golden days of the internet bubble! This is an interesting read if for no other reason than to see how far we have come; how much has been learnt, and how much we have yet to learn.

As I studied the authors' recipe for profitable community-building I found myself challenging the principle that success requires an imposition of control by an organisation: the company studies the market, decides what community should be built, writes a business case for it, and appoints the expert team to design, build, launch, and market the community.

This is an astonishing proposition given the book's initial premise:
The rise of virtual communities .. has set in motion an unprecedented shift in power from vendors of goods and services to the customers who buy them.

"Over my dead body!" I can hear the voices echoing from the boardroom - undoubtedly the prime audience for this book, which I think could reasonably be subtitled "how to (try) and make the new economy work like the old one".

The idea of a "community" that is both external to the organisation while remaining under its control permeates the book, and is perhaps the primary misconception that has taken the past 10 years to rethink and recognise for the oxymoron that it is.

This is closely related to the fundamental yet unspoken assumption of a hard boundary between the corporation and the customer/community. In parts of the book that consider the use of communities within the corporation, the emphasis is very much on within the corporation, or at most, between business partners.

My comments have been a little disparaging, and it is perhaps unfair to find fault in failing to predict the future accurately. It does mean that this book is now little more than a historical curiosity.

However, the book I would be very interested to read is a "10th anniversary rewrite". For my money, I'd say that's Wikinomics: How Mass Collaboration Changes Everything (any other recommendations? I'm keen to hear..)

For now, I think I'll let Geek and Poke have the last word...

Geek and Poke

Originally posted on It's a Prata Life

Friday, June 06, 2008

'Promote Bad Security Practice' Grand Achievement Awards

As usual, Jeff cuts to the heart of the matter on Coding Horror when calling out Yelp for the astonishingly evil and unconscionable act of asking users to hand over their email passwords.

I am not sure who started this, but it has somehow scarily become accepted practice, especially among the social networking sites. Facebook, LinkedIn, Plaxo ... they all do it, and seem to think that waving some privacy mumbo-jumbo 'but you can trust US!' makes it OK. Some are particularly heinous, like Tagged, which obscure the fact that handing over your email password is optional.

As many have pointed out (see the comments on Jeff's post), this is a lazy solution to a problem that is solvable in ways that do not need to compromise user security.

Facebook, LinkedIn - these guys should know better. And I think have an obligation to do better, especially since it is becoming more and more common for a social networking site to be an individual's first experience on the net. While the old hands may have well-ingrained security awareness thanks to the evangelizing efforts of people like Steve Gibson and Leo Laporte on the Security Now! podcast, we have a whole new generation of users being taught exactly the wrong thing thanks to the misguided and irresponsible acts of the social networking sites that are requesting email passwords to be handed over.

The proliferation of this perfidious practice must be reversed! A good first step is to heap professional scorn on anyone associated with developing such a feature. Shame!

Tuesday, June 03, 2008

Oracle Release Timeline with Dipity

Derek Dukes was on net@nite #53 the other week, and it was really interesting to hear him talk about dipity.

Dipity is an experiment in information organisation, with time being the primary dimension currently being explored. Similar in a way to MIT's SMILE widget, which I was investigating a while back for visualizing time-based information.

Dipity shows a great deal of promise, and I like its emphasis on self-discovery and organisation information if directed (rather than everything having to be painstakingly entered). It is certainly a fun way to get lost for a few hours and learn a whole lot of stuff you never set out to study (just go to the home page and start checking out different timelines!)

Ulrich has already worked up a history of Oracle Releases. Not complete, but a fantastic visualisation that would be worth supporting and maintaining!

NB: I'm posting a static image here for now, because the embed code doesn't seem to work in all browsers at the moment.

Adding reCAPTCHA to Oracle SSO - now on sourceforge

Yes, it's time for some house cleaning!

One of my favourite little hacks is how to add reCAPTCHA to Oracle SSO, which I wrote about last year. I've now finally got around to setting it up with its own sourceforge project.

OssoRecaptcha is a demonstration of integrating the CAPTCHA service from with Oracle Single-Sign-On. It can be used in production OSSO deployments, and also as an example of integrating any 3rd party authentication system with OSSO. Logo

Monday, June 02, 2008

Request header rewrites with Java servlet filters - now on sourceforge

Some time back I posted a sample and discussion of request header rewrites with Java servlet filters, and I now finally got around to setting it up with its own sourceforge project.

RewriteRequestHeaderFilter is a Java servlet filter for request header rewrites according to regex rules specified in the servlet init parameters. It is packaged as a sample application and also jar that can be inserted into any arbitrary site. Logo