Monday Jun 22, 2009

OpenID and a few cows

By far the most enjoyable and creative part of developing technology is when you can have a free flowing brainstorming session where no idea is too crazy and emerging technologies provide fodder for new approaches.

It was late but everyone was energized by our "futures" session, the conversation touched on new projects such as 'oauth' and revisited one we had discarded a few years back due to security concerns, 'openID'.

At the heart of it was our need to expand our identity management infrastructure to serve more than just the domain. Clearly CDSSO (cross domain single sign on) was at the heart of it, but was that all business wanted, or did we need provide federation using SAML with multiple IDPs? CDSSO is provided out of the box with the Access Manager Policy Agents, but it is a closed solution and would not be available with our custom built SOAP based webservice which comprises 85% of our clients. So do we reimplement CDSSO for our WS clients or just provide full federation capabilities?

Fearing that we would miss our chance for some dinner as it was already past 11 PM, we shutdown our laptops and coiled up our cords. "I don't think it is clear what the business requirement is regarding federation," remarked Kathy.

We walked downstairs to the next level and peered into the windows set into the locked doors. On one side a server room appeared close to completion with servers in the racks, but the other room was still bare with some construction materials to one side. Kathy wanted to take a picture but Nagendra pointed to the watchman inside, "He may not like it". Kathy wondered how they would handle the power outages that frequently occur in India.

We walked down to the next level. The watchman that was supposed to take the little piece of paper that would document our leaving was slumped over his station, sleeping.

Outside, off to the side, on the lawn that was regularly watered and cared for, some people were still about, a cigarette tip glowed red against their dark shapes gathered in the warm Chennai night.

"Technologies such as OpenID are popular because they are so easy for the user" stated Ravi, "it's just a few point and clicks in the browser. It won't matter that the technology has limitations or isn't secure, users will use it anyway".

"Compare that with SAML federation, users will not understand what we mean when we ask them whether to 'link' their accounts", said Bob. "The messaging will be tricky", Kathy agreed. "And I'm not sure what our clients' appetite will be for doing the work on their side"

We walked down to the dirt road, watching the rocky uneven footing. A ghostly shape on the dark road materialized into a white cow as it walked closer. Two more cows, their darker coats harder to see in the night, followed.

"Are these cows owned by someone or do they wander freely?" asked Bob. "They have owners, and they do keep an eye on them, if you watch long enough you will see people come by and check up on them" answered Ravi. "It's amazing how they can keep track of them".

"So the cows are known and they have owners they trust" commented Kathy. "We could support OpenID in this way too", said Ravi, "only trust certain OpenID providers".

We climbed into Ravi's SUV and headed towards the main street to the "Great Kebob Factory" to have an excellent, if overly carnivorous, late night dinner.

Sunday Apr 05, 2009

Web2.0 expo 2009 and Cloud Computing

As I did last year, I visited the Web 2.0 expo conference in San Francisco. This year I had very limited time, having a major release to launch and people to hire, so I only spent a partial day there. However I blogged about it last year and felt compelled to share my impression of this year's event.

Since I recently moved into Sun's Cloud Computing Division I caught part of IBM's BlueCloud presentation. And I saw all of Lew Moorman's (from Rackspace) presentation "Cloud Computing and the Paradigm Shift that's coming in IT". Lew's presentation was one of the better ones I have seen, a good introduction to the topic of Cloud Computing, with clear definitions (eg. good explanation of iSaaS - infrastructure as a service), some eye catching slides to keep the audience awake, and natural feeling introduction of his company's services without that icky "being sold to" feeling. Unfortunately his slides don't appear to be posted on the Web2.0 expo site.

There was less energy this year, and Thursday's booth crawl showed the toll the poor economy has taken. A dinner of appetizers was not to be found, and lines for beer were long. We found the best beer, Anchorsteam, at the Safari Books Online booth, so they get a special mention.

An entertaining touch was the tags you could attach to your badge, such as "Social Media Freak", "Hacker" or "Stealth Mode". I put a "We're Hiring" tag on my badge but it didn't attract any interest (maybe because no one wants to do "WebOps" these days). However I talked to another attendee who was looking for an Information Architect, and he didn't get any bites either. Surprisingly given how many resumes I've gotten for the contract positions I have.

Last year I got a lot out of the keynotes, but this year, they were a little flat. Maybe because I caught the wrong day, but for me the highlight of Thursday's keynotes was a video shown by Anssi Vanjoki of Nokia, a nice conceptual piece showing the mobile phone as a configurable device, that could be worn as a bracelet and take on surrounding colors. The future of mobile computing where a phone will be a "sensor" that can merge physical location information with digital information was a nice glimpse of a future that is really here now. Rushkoff's "How the Web Ate the Economy and why this is good for everyone" was rushed and was way too full of itself, although he had some nice zingers as in "The banks are in trouble because they bought shares of their own Ponzi schemes". Will Wright of Electronic Arts is well spoken and has thoughtful insights that even a non-gamer will appreciate, but I had heard him before, and Spore doesn't really excite me too much.

As always, the best part of these events is the networking, and the step back from the everyday job to gain larger perspective. And you can't beat a free ticket.

Monday Jun 16, 2008

Private IP addresses in an internet facing service?

How did users browsing an external web site originate from a private IP address?[Read More]

Tuesday Mar 18, 2008

Evolution of the Intranet - Learning Center paves the way

With the advent of social bookmarking and the new wave of telecommuting, it's no wonder we have begun to change the way we work inside organizations and our perception of the long-standing "Intranet" has been altered.

Sun has long led the way in telecommuting and collaboration it takes the intranet to the next level and beyond the “firewall” - covering the web, the stuff you can see through your browser (whether it’s hosted internally or externally) and one of the organizations leading this effort is the Learning Organization.

Sun's Learning Services On Demand Portal has been re-tooled to allow Sun Employees to access training ANYWHERE, ANYTIME. This affects ANY employees throughout Sun. The Portal aggregates information from various different sources. Their mission statement is "to train all audiences, not just Sun Employees."

The team is led by Mike DeLoia, Learning Technology Program Manager. In January of 2008, The LMS portal was only accessible by internal Sun employees, and piggy-backed off of the MyHR Portal, authenticating using Federation Manager, and was only accessible via SWAN. Mike drove the effort to "push the portal to the edge" and allow secure access from the 'Net.

Learning Center

Sun's New Hire portal is also a project that was done last year for on-boarding new Sun Employees and is based on the Confluence platform for wikis currently used at Sun. The new hire portal aggregates information from several sources and provides a one-stop page for all information you would need as a new Sun Employee, with everything from new hire documentation to online orientation, to helpful links. It even allows you to play the action game "The Rise of the Shadow Specters" - where you can protect Sol City's network from malicious evil-doer hackers! Perfect for the overachievers not getting enough satisfaction with their 9-to-5 routine.

The Sun Partner Advantage Program (SPA) is a client of Learning Management Center . Currently, partners have to register themselves in two places, CWP (for a Sun Online account), then in MySun (an ECR/Sams application). This should be merged once we decouple SaMS from CWP (scheduled for late sumer 2008) and be extinct once we have fully EOL'ed SaMS with IBIS in January of 2009.

Wednesday Feb 09, 2005

Sarbannes Oxley .. the next Y2K?

I'm sure you all have heard of Sarbannes Oxley. The legislation Congress passed in the wake of CEO wrongdoing (digression: if you really want to read up on some wrongdoing go here). It was supposed to add additional auditing controls to keep those shifty CEOs honest.

Somehow, don't ask me how, this has translated into additional hardening requirements for our servers. Which means I get to do my least favorite task, coordinating downtime for servers among multiple groups at Sun.

It got me thinking, though, about all those articles I've read. About how so and so company had to spend thousands, even millions on upgrades to software and even hardware to comply with the Sarbannes Oxley reporting requirements. It was a flashback for me to the Y2K days. Where if you didn't have a later model PC or server, patched up the wazoo, doom and despair would surely occur on New Years Day.

We've already talked about my marvellous sense of timing. I was, you got it, in QA for the year 1999. Fortunately my product was a combo software development environment plus appserver, not much to worry about, or so you would think. The problem was that it ran on all sorts of platforms, Unix, Windows, VMS, six different databases. And we had to certify our product against the Y2K patches all of these vendors produced. Certification meant running a whole slew of automated test suites against the product on various platform combos (ie. WindowsNT / Oracle). The other problem is the vendors kept generating patches.. whoops, we found another obscure edge case that might be a problem for Y2K, better patch it so we can't be sued. At some point we had to say enough was enough, put our stake in the ground, just so we could get our "Y2K" certified product out the door.

Lots of money spent on Y2K. Seems like lot of money being spent on Sarbannes-Oxley. Maybe I'm stretching it a bit, but could SOX be the reason that the tech economy is lifting out of the doldrums? I mean, might as well buy some hardware for that new accounting system as well. Food for thought.


Thursday Dec 02, 2004

The end of and RewriteRule voodoo

`` Despite the tons of examples and docs, mod_rewrite is voodoo. Damned cool voodoo, but still voodoo. ''
-- Brian Moore,

It is often said that it is a lot easier to launch a site than to EOL it. I have to say I haven't seen an exception to this statement yet. was the first site I worked on. In the late fall of 2000, after tiring of QA'ing products, I took a leap into the unknown and signed up to be the engineering manager for the "Forte for Java Portal". What a marvellous sense of timing I had, to be working on something new in the web space as the dotcoms started imploding all around me. My promised staff of six turned into three contractors. My budget diminished every quarter. But we launched it and it was a success. We had a tight team and had a lot of fun.

It wasn't just an HTML site, it had several applications. For example, the Update Center. This feature was a non-HTML service that provided XML catalogs directly to the product (Sun Java Studio ... formerly known as Forte for Java). It was kind of a non-standard webservice, before such a term was coined.

So I guess it was only fitting, that I ended up working on it's demise. The Update Center has been replaced by another update system. Most of the content had moved over a year ago to, it took that long to get the new update system functional and the catalogs moved over. My piece of this should have been small, the machine serving had been turned over to IT management, so all I needed to do was just log a ticket to get the redirects put in place and then check that everything worked. Or so I thought.

The problem was, that we needed to update the redirects in an Apache server. You see, we don't have very many instances of Apache here at Sun. About 2 years ago, we really started to eat our own dogfood. So Apache is not well known here. And so they asked me to help.

Ok, I thought no problem, I can figure this out, the mod_rewrite module is already being loaded (all those content redirects) so how hard can it be? So I googled away and the first thing I saw was the voodoo quote. Hmmm.

You see I didn't just want to do a redirect, I wanted the redirect to tack the original query string on the end of the target's URL query string. So I came up with (I've shortened the URLs for brevity):

RewriteRule \^/ffjcatalog(.\*)$1 [R,NE,L]

Problem was that the redirect worked, but it lost the query string. The next thing I tried was:

RewriteRule \^/ffjcatalog\\?(.\*)$1 [R,NE,L]

The problem with this is that the rewrite rule didn't get triggered. That should have tipped me off there, that mod_rewrite was doing something special with the query string... because it should have matched, but I didn't have a lot of confidence in my knowledge of regular expressions so I went on trying all sorts of permutations. It wasn't until I read through the RewriteCond doc that it finally dawned on me that the query string was being put into a variable I could use. Here's what worked.

RewriteRule \^/ffjcatalog${QUERY_STRING} [R,NE,L]

These old sites, they don't take EOL'ing too kindly, they fight it until their last dying breath.

Thursday Sep 23, 2004

Techie wannabe

I admit it. I'm a wannabe techie. I used to do hands on technical work, but that was back in another generation, as in before the internet. Now, it seems that most of my time is spent poking holes in requirements (and tell me again, why do you want to do this?) and cleaning them up so my engineers know what to code to. If I get technical, it's with the ops stuff, not into any code.

Speaking of a blast from the past. Remember VMS? I do. I'm glad Unix (and it's grown up rebellious spawn Linux) out-lasted it. I really didn't care for VMS, with all the privileges and quotas. But it used to be popular, so I had to learn it. I used to call VMS the Klingon of operating systems, because both were ponderous and stuck on ceremony. Also both have redundant systems. I can't quite remember but a second something (stomach?) saved Warf from certain death. Guess which species was MS-DOS? I leave that as an exercise to the reader.

So as a wannabe techie, it is with some trepidation I plunge into a description of a technical problem we are having. But it's an interesting problem, so I wanted to put it out there. We recently built a webservice with the thought of making it public for our users to use. Right now the only client is the web frontend that runs on our sites. The service mostly provides read-only data, \*but\* a client can do some writes. As one would expect we require a login-in (user id and password) for the writes, because we are keeping track of the data for each user. This of course means that the client has to pass the userid and password to the webservice. And here is the problem. We don't want the userid and password to be passed to the server in the clear.

The XWS security model seems to assume a peer to peer model rather than client/server. So you can secure the conversation, but only if each side has installed a certificate. This is fine for two servers. But what about a webservice that might have lots of clients ... prebuilt clients that might be used by non-technical users? Getting each user of a client to download the certificate and compile it in is not really an option.

It is interesting to look at how other webservices with clients have tackled this problem, ie. Amazon. They don't use a user id and password. Instead they generate a token for each client. The token is passed in the clear, but at least it is not a password. However not very secure.

The only solution we have come up with is to put the entire webservice under https. There seems to be no way to secure just some of the conversation to a webservice. But having everything under https is way expensive. Much more handshaking has to be done for each connection. If anyone has any bright ideas we are all ears.


P.S. I know that some people have been asking about Alameda. Truth is I don't know much about it's status, as I have been reorged away and taken on new work. If I hear anything that I will pass it along.

Sunday Aug 15, 2004

Open Source Alameda?

Saw an email from one of the folks that works on He got an inquiry about open-sourcing Alameda and was asking about the idea. The powers to be are pondering that one, and I don't have much insight into their decision-making, but it is an interesting idea.

I guess the key question for me, is whether enough of audience for Watson are developers that are willing to contribute to it, or are they mostly consumers? Ie. is there enough grassroots effort to support it?

Despite having a small part in the launch, I don't follow closely the open source world. Yeah, I of course I use software from open source projects (bugzilla rules!) and I follow some of the news. I even started reading the book "The Bazaar". But I'm not deep into it. So much of my job is worrying about keeping servers stable and interpreting marketing requests rather than doing cool technical work. I started wondering about how opensourcing Alameda would change the business model. The answer I came to, is not very much. Here is how I think it would work, you give the client away for free, although maybe at some point a distributor will charge for packaging it with doc & support. It comes with some channels for free, but others have to be paid for (especially if the matching backend service charges), probably on a subscription basis. Often there is a choice between HTML scraping for free (breaks easily) and accessing feeds/webservices for a price.

Word is that, glow (cool calendar Swing app) might be open sourced too.


Thursday Jul 29, 2004

Sun Sigma

I've been thinking what I said in my earlier post and I decided to elaborate. In a complex enterprise such as Sun, gone are the days of stand alone applications. In our world of application development we frequently rely on other core functionality, maintained by other groups, to be there. From the web perspective, it's authentication, entitlement to name a few. The technology is there .. we sell it! But the hard part is coordinating across different groups to have a common understanding of the basic platform needed so that we all can develop to it.

Marching towards a common platform can be hard thankless work, it's isn't some snazzy new feature, it's trying to merge two user registries admist user complaints that their id has changed. EOL'ing applications and sites is hard, particularly when the goto model isn't quite matured yet. But I do believe we have made progress in this area ... it just seems to take longer than it should.


Sunday Jul 25, 2004

Sun Sigma and problem solving

Last week I took a 3 day class called "Sun Sigma for everyday use". I must admit I had low expectations of it. While I believe in process, too many times I've seen people rely on the letter of the process than using that useful tool between their ears. I hate filling out doc just because the process requires it, and I worry about the fact that you can get overwhelmed by the procedural requirements enough so you miss a crucial issue. I've seen it happen. I had heard that Sun Sigma employed a lot of rigor and so was apprenhensive.

Sun Sigma is a derivative of Six Sigma. The idea is to measure the efficiency and error rate of the process. If your process measures at Six Sigma that is the equivalent of a server uptime of 5 9s. The course was a mainly a survey of tools one could use to better your process.

The course was better than expected. Lots of time was spent on the need to adequately define the problem and define measurements of success. This I am all for. I also liked that while the overall process had a high level structure, the tools employed to define, measure, improve the process were somewhat at the discretion of the team. The tools are useful, especially for providing structure around using data to make decisions. This is all good.

What I'm having a struggle with is the Sun/Six Sigma implicit assumption the resolution of all problems is either a newly designed process or a improved process. It's not clear that the problems I face in my job neatly fit into this assumption. For example, my group maintains a server that serves up some legacy applications. The server has a NSAPI module that no one knows the code for and is quite old. We own one of the applications but not the other. We would like to EOL the server, it would be pretty easy for us to move our application, however the other owners seem to not be planning for a replacement or migration of the other app. I just want them to commit to a timeframe and I am willing to be reasonable about it. It doesn't seem like Sun Sigma could help me here, and yet these sort of problems are precisely where I could use some help.

Thanks for listening.


Friday Jul 02, 2004

Some data from the survey

Today I thought I would take it easy. I put in a lot of hours recently and thought I would take off early. I even started early (8AM) just so I could get away... Yeah Right! That didn't happen. I spent far too much time playing around with awk to try and parse the survey data in a better way. My scripting skills are rusty, it took me a few hours to get it working.

Speak of the devil I promised some results from the survey. Well a sizeable number said they wanted at least some of the channels from Watson. I guess that wasn't too surprising. The top five channel requests were Weather, TV listings, Movies, Ebay and Package Tracking. Most people weren't bothered by the orange icons, but some (12%) didn't like the UI overall. There was interest in an SDK. 32% chose "sort of interested" and 25% "yes I'm interested". Given that the audience we surveyed were developers, I was surprised at the consumer focus, both in the suggested channels and in the target audience they selected. While it's true that the survey should have used checkboxes because many thought it would appeal to multiple audiences, most, 79%, choose to answer the audience question with "Consumer". I would have thought more people would have been interested in using this as a solution to their enterprise's overwhelming streams of data and information, but I didn't get a strong sense of that at the show.

I'm pleased that we got input on our project, and I'm \*very\* pleased on how well Alameda ran on XP. Alameda has been developed on Macs and Solaris and has had very limited time on Windows (and Windows 2000 not XP). We had a heart attack when we found the demo machine was XP not JDS. And yet it ran pretty well! I was also pleased to see the 1.5/5.0 and 1.4.2 VMs coexist peacefully. I might be dating myself here, but I remember what a \*nightmare\* it was to have multiple versions of the same software running on a Windows box. On Unix you just created a shell script to set the EVs to point to the desired installation. With Windows you just didn't go there, you found another box. is likely to be quite quiet next week. Sun is having it's annual summer shutdown week. It's forced vacation, but most of us don't mind. I'm flying out to Texas to see my mother and check into some real estate. She doesn't have DSL or cable or even dial up (shudder), and the nearest Internet cafe is 12 miles. Last time I used AOL and it was impossible to close the account and get them to stop billing me... never again ...

Just for fun, here's the Kitchen Sink image we used for the splash screen ...

[Kitchen Sink splash screen]


Thursday Jul 01, 2004

JavaOne wraps up

Hope everyone had a great time at JavaOne. I still have the blinking bracelet from the Tuesday night Rave party as a souvenir, nice party, if a bit dark. I talked to someone for nearly 15 minutes before realizing I knew him. Yesterday (Wednesday) I spent over 7 hours on the Pavillion floor demoing Alameda, as well showing a cool calendar program called "Glow". There was a lot of interest in it. The unofficial word is that it will available in some way soon, for those of you that expressed interest. Also some interest in "Synth", skinnable look and feel. There was/is a Thursday session on Synth and Look and feels. I learned lot about Swing by working at the show, and learning is always cool.

Check out Tony's blog for pictures. Guess which one is me?

Also check out the cnet article. It wasn't intentional to publicize what we are doing, but at least they got the facts straight. There is about one hour left to run on the survey, so if you want to have your voice heard you better hop to it. I'll publish some of the more interesting conclusions after it closes

Thanks to Hoffie for showing me how to add links and feeds to this blog. I'll work on adding more soon.

Random thought for the day: At JavaOne there is never any lines for the women's restroom. --- Kathy

Wednesday Jun 30, 2004

Booth 1016

Tuesday was my first day at JavaOne. And a full day it was at that. Started out with Scott's keynote. Scott is always entertaining and he did not disappoint this time. I liked his interaction with the Brazil contingent and his comments on the Duke awards.

Spent most of my afternoon hanging at booth 1016, which is the Swing pod where we are showing Project Alameda and asking people to take the survey. It's a little odd showing what is essentially is an application where most people are expecting a demo of a particular technology, but it mostly worked, and one of the points of Alameda is that it is an example of Swing. You get a lot of diverse questions at a show like JavaOne. One guy wanted to talk about Swing vs. SWT (Eclipse caused some contraversy by choosing not to use Swing), turns out there was a BOF on that very topic, we could direct him to. I was glad the Alameda developers were there because there were a lot of questions about the choices they made from whether they used layout managers that the IDEs provide (the answer is no) to what Swing component was used to popup a larger version of the image in the Amazon tool. I can talk knowledgeably about production web sites, but in the client world I'm a real newbie.

There was also the never ending stream of folks with questionaires looking for the answer to the question about the new feature in 5.0 that you can attach to any swing component. The other demo in the booth is called Glow, it's a nice calendar tool and shows off this new feature.

There were some rumours flying around the show about 'project watson' so just for the record, it's project alameda, and no we didn't acquire karelia although we do have an licensing agreement with them.

Stop on by booth 1016 if you are at the show, hope to see you there. Kathy

Tuesday Jun 29, 2004


This is great, people are already sharing their thoughts on what channels they would like to see in Alameda. One person mentioned that they would like to see a Java bugparade channel. Well there is already a "bugs" channel that does access the new bugdatabase (new name for bugparade) webservice. If you are at JavaOne, swing by the Swing/2D pods to check it out. The four channels we currently have are

  • NewsReader
  • Amazon shopping channel
  • Search (Google)
  • bugdatabase

At JavaOne we are asking people to fill out a survey once they viewed the demo. Reading through the survey I don't think you have to actually see the demo to give feedback. So I'm making the survey available to you all. The survey will close at 8PM PST on 07/01. If you give a contact email we will enter you to win a book prize (most likely a Amazon gift certificate) and I'm thinking I can get my hands on one of those cool T-shirts that got fired out of the nitro cannon for the lucky winner.


Saturday Jun 26, 2004

Followup to the Why and What

It was pointed out to me that I should really identify myself. Fair enough, I'm Kathy Brown, Engineering Manager. My day job is managing a team of people that develop/maintain/operate a variety of Sun's web properties, including In my spare time I'm helping out as a PM for Project Alameda. It's been really interesting. Since I'm in implementation, I often get involved in projects well after marketing has thought about them a bit. It's been refreshing to be on the ground floor of an idea that still needs polishing.

Up until now, I've kept this blog anonymous because there is the thought that we would turn it into a group blog. But if that happens we'll just have people sign their entries.

Oh and we are also really curious on what people think what channels we should add to Alameda, I think I forgot to mention that before.

Enjoy JavaOne.


We are part of .Sun, a group in Marketing that operates and designs Sun's web presence. So naturally we focus on the web in this blog but random musings slip in often.


« August 2016