“IBM May Quit Technology Standards Bodies” WSJ Screams

Some days I wonder about the entire field of journalism. The quoted phrase above is from an article headline in the Wall Street Journal (September 23, 2008, they don’t deserve an actual link). The headline is not inaccurate, but it is close to the most ludicrously sensational interpretation of the facts that is possible.

This is what the actual IBM press release has to say on the point: “The tenets of IBM’s new policy are to: Begin or end participation in standards bodies based on the quality and openness of their processes, membership rules, and intellectual property policies.”

Thus an equally useless headline might be “IBM May Join Technology Standards Bodies.” I thought Journalism was supposed to add value for the reader, but it seems that even for otherwise reputable organizations, it’s really all about sensational headlines that add value to the advertising department. “Reputable” in this context is now officially meaningless. Sad.

I’ve noticed a lot of general criticism of standards processes over the past few weeks, and I think this release from IBM is largely responsible for firing up the discussion. For the most part, the criticism is justified. It seems that standards processes are either needlessly academic and somewhat out of touch with reality, or deeply buried in corporate politics and patent complications, which has a tendency to result in crappy standards. IBM’s policy release sort of touches on this with another tenet: “Collaborate with standards bodies and developer communities to ensure that open software interoperability standards are freely available and implementable.” The problem with this is that IBM seems to want to set itself up as some benign intermediary between the standards process and the people who need to use the standards. Call me silly, but it seems more appropriate that the developer communities should be an integral part of the standards process, not some second-hand “collaborative resource”.

The essence of the problem is funding. Participation in the standards process isn’t cheap. Not only does membership cost, but participants typically absorb the costs of time, travel, and communications. Standards bodies need a funding model that ensures accessibility based on merit and relevance, rather than dollars. I don’t know what that model is, but is can’t be based on revenue from selling standards documents, either. The prospect of having to pay real money in order to ensure compliance with a standard is, in most cases, equally ridiculous and stupid.

In Search of an Application Framework: PHP GTK Python XULRunner

Lately I’ve been thinking about starting yet another project. This one needs a rich GUI that runs as a thin client, as well as more limited support for a web browser (or so I thought initially). I’ve gone through a bit of an eye-opening exercise while looking at the implementation, and I thought I’d record the line of exploration just in case someone else is looking at the same sort of problem. Maybe this will save a little time.

The original idea was to replace an interesting but quirky application that will remain nameless. It’s a fairly large project that implements its own thin client. As I started looking at it, I realized that a lot of what it does is more related to providing the application framework than the application itself. Sometimes I still suffer from the closed-source way of thinking, and I soon began listing requirements for my own framework. A few minutes into defining my XML markup for laying out simple interfaces, I remembered that there is already a pretty good standard for that: XUL.

At the time I was thinking of using GTK+ for the GUI. I’ve grown somewhat fond of various GTK+ applications that I’ve installed over the years. These applications have offered nice rich interfaces and have been pretty reliable. A lot of them are written in Python, and the bridge between GTK+ and Python, >PyGTK seems stable and well documented. On the other hand, Python is a little quirky and at this point I can churn out PHP code faster than anything else, perhaps PHP-GTK is the way to go.

The search is for something that lets me bridge XUL and GTK, be it in PHP or Python. This leads me to Gul, a fairly complete implementation of XUL for PHP-GTK.

Let’s try adding the GTK to PHP. I go to the PHP-GTK site and try to figure out whether to download the binary package or the binary extensions package, read confusing and incomplete install notes, search about a bit, and as best I can tell, the easiest way to run PHP-GTK on Windows is to install a complete copy of PHP with the GTK extensions. This truly fails the cross-platform and easy-to-install tests — I can manage it, but an end user? No way. Then I take a look at Gul 2.0: lots of procedural code that relies on passing things through obscure globals with two characters. Next!

On to Python. Searches for XUL and Python lead, at best, to half-developed projects dating from 2004. Not good. Now the thinking is that maybe a fairly basic XUL module for Python won’t be that much work. I look more deeply into XUL. Obviously, it’s pretty capable, after all it’s the base for Firefox and Thunderbird. But this makes the scope of a full implementation quite a lot bigger than I’d like.

Maybe there’s something in XULRunner. Wow. It doesn’t take much looking around to realize that XULRunner is pretty compelling. It’s obviously got the GUI with a full XUL implementation. It’s got scripting in Javascript, Python, even Java. It has network interfaces and support for XML-RPC and SOAP. It’s extensible: all the features that make it easy to plug extensions into Firefox are part of XULRunner. It’s got localization and custom skins. It’s got an integrated web browser. That’s about 90% of the core requirements and several bonuses right there.

Now the kicker: if you have Firefox 3.x installed, then you have XULRunner installed. Firefox knows how to do its own updates, which means the framework updates seamlessly too. Perfect.

So that’s it. Forget GTK+, nice as it is. XULRunner is a fantastic way to do GUI application development.

Now all I need is a good way to map objects back to a relational database…

Why I Love Open Source

Every user of an application has run into small but irritating characteristics of that application. Most of the time, they can be easily ignored. But sometimes they are part of a repetitive task, and then they become problematic. They have a disproportionate effect on both productivity and the user’s overall impression of the application.

Just about every enterprise makes nice noises about how they listen to their customers and how customer service is important to them, but the odds are very low that comments about small irritations will result in code changes. This is partially because most companies don’t actually care as much about customer service as they pretend to, and partially because tracking these small things and then sorting through them, removing duplicates, and distilling them down to something that can be easily understood is a very complex and expensive task. Most of the time the effort involved simply doesn’t justify the results.

This is something that always attracted me to open source. As a developer, the odds are pretty good that I can find a fix for that thing that irritates me. Then I can change the code to fix my version. If the irritation is idiosyncratic — basically if I’m the only one who doesn’t like it the way it is — then that’s where the process ends, and I’m happy.

The first credo of open source is that you try to give back to the community. So even as a non-developer there is an incentive to find the bug tracker or support forum for the project and to suggest a change. Sometimes that works[1], but a lot of the time good comments and patches simply fall through the cracks. After all, if tracking details like this is difficult for a for-profit corporation, it’s not going to be any easier for a project run by volunteers!

What is really satisfying is getting sufficiently involved in a project to be able to have a direct influence on it, as I am with “Joomla!”. It’s great to be able to identify a minor irritation, to fix it, and to get it to a production release. This has been my experience twice in recent weeks. I’ve implemented small changes to the system that make it just a little easier to use[2, 3]. Not only will I enjoy the product more as a result, I’ll have the satisfaction of knowing that thousands of systems administrators out there might think just for a moment, “oh, they fixed that – great!”

It is an interesting experience. These small tweaks and fixes that I get to make aren’t the biggest contribution I make to the project in terms of lines of code or hours of work, but they’re tangible and real. The direct impact on the user is visible and easy to understand. Implementing unit testing and contributing to the building of a “Culture of Quality” in the project are more complex and significant contributions, but they’re also more abstract. The small tweaks are actually kind of fun, and it’s nice to know that here and there, they is me.

Notes:

  1. If you’re an Eclipse user and noticed that v3.1 puts the entire file path in the window title… that was my suggestion. In the web development world where you can have many files called “index.php” open, this helps you quickly figure out where you are.
  2. Add a new module to a “Joomla!” site from version 1.5.4 onward, and the list of available modules is now sorted alphabetically down the columns, rather than split across rows. We still have an issue to sort out with international characters, but it’s an improvement.
  3. Starting in version 1.5.5, all panes in the parameters block can be collapsed. Before this change, if you had a long list of parameters that ran off the screen, you would need to scroll down to the bottom in order to expand a panel below. Now you can collapse the long block, which lets you see the panels below, and then expand the one you want.

Web 2.0 and the One Page Web Site

I’m busy working on my first major web site using “Joomla!” 1.5. One of the things I did for the site was to install a simple component that provides an index of articles in a side panel. Simple enough, you click on the index link and it fetches the page with that article.

The problem is that it’s quite a page. There’s a nice graphics-rich template that wraps the site, then there’s the Javascript. A full copy of mootools comes with every page. Sure the browser has most of this stuff cached, and Joomla has the actual page content cached, but still the browser has to do a lot of work to reload the page and recompile mootools, just to change a relatively small portion of the page. The user gets to watch as everything is (re)displayed, most of it exactly the same as it was before the request.

The obvious solution would be to have the index link send an AJAX request for the relevant content and then to simply repaint the area that needs to change, but that only works in this specific case and it deprives the CMS of the ability to update other parts of the page in response to the request or to other events at the server.

I’m big on generalizing ideas like this, so why not make the entire site a single page? The first time the browser requests something from the site, send the structure of the template, and most of the Javascript needed to run the site down to the browser. Then make every internal site link send an AJAX request. The server can respond with a list of the areas of the template that need to be updated, along with either the HTML or the data needed to perform the update.

Now my index request could respond with a new menu, any updated news items, the content I requested, or even a completely new page layout. The client-side application then applies these updates, possibly issuing secondary requests. Only the data that’s changed comes back from the server, and most of the Javascript loads just once with the first request, so the page updates much faster than it did before. Best of all, the user doesn’t have to watch the template being regenerated, which is visually disturbing no matter how quick it is.

Now the page is an application in itself, and the browser is playing the role of the operating system. The user gets a platform independent, end-device sensitive interface that can be rich, intuitive, and more interactive.

It’s an idea worth implementing. Not for this particular site, but it would be nice to build this capability right into Joomla!

Microsoft Security Fix Clobbers Two Million Password Stealers

Normally I’m no fan of the “blog by repeating news” style, but in this case I have to make an exception. The headline above is from a Computerworld Security article dated June 20, 2008. Discussing a recent upgrade to Microsoft’s Malicious Software Removal Tool, this excerpt caught my attention:

One password stealer, called Taterf, was detected on 700,000 computers in the first day after the update. That’s twice as many infections as were spotted during the entire month after Microsoft began detecting the notorious Storm Worm malware last September.

“These are ridiculous numbers of infections my friends, absolutely mind-boggling,” wrote Matt McCormack, a spokesman with Microsoft’s Malware Response Center, in a Friday blog posting.

This may be mind-boggling to someone who lives deep in Microsoft culture, but to everyone else, it’s barely a surprise. The missing part of McCormack’s quote should have been “The Linux/Unix guys are right, Windows security still sucks at a deep structural level.” Good thing regular doses of Microsoft Cool-Aid prevents that.

Firefox 3 is Ready, Bug 183689 Intact. Duh.

The good news is that Firefox 3, one of the best web browsers available, is set to release version 3 in a few days.

The weird news is that it’s shipping with Bug 183689 fully intact. Under mysterious (or at least elusive) circumstances, Firefox fails to close a file that the user uploads to a web site. The file is locked and unusable until Firefox is restarted.

This has the ring of familiarity. Any user of Firefox 2.x who has lots of extensions installed will have noticed that it tends to get more and more sluggish over time. A quick look at the process will reveal that memory consumption continuously rises until the best thing to do is restart it.

That’s not really a problem that the Firefox developers had a lot of control over. If an extension is leaking memory, there’s not much the core can do to stop it. In fact this is one of the major improvements in Firefox 3. A new, sophisticated memory manager now finds a lot of these unreferenced data structures and cleans them up. On my system, the memory footprint for Firefox 3 is nearly 200Mib smaller at start up, and if it grows, it doesn’t grow very fast. That alone is reason to upgrade on June 17, 2008 – Firefox Download Day.

The point of this digression is that I’ve become used to Firefox losing track of resources. But losing a file handle? Really. Can that be too hard to find? Apparently the answer is “yes”, since Bug 183689 has been open since December, 2002! There are some good reasons why the browser needs to keep track of the file, for example if you refresh the resulting page, the file is part of the Post data that needs to be re-sent.

But eliminating memory leaks is hard, and it’s easy to just rely on increasingly sophisticated garbage collection tools instead of finding the cause. Unfortunately, a garbage collector has no way of knowing that something it’s cleaning up represents an open file, so the memory leak is fixed, but the file handle leak remains.

Five-plus years is far too long for a major bug to remain open, even for an open source project. But don’t go updating that bug! Despite the fact that there’s no explanation that the issue is independent of the user’s specific circumstances, any provision of additional information will be considered spam by Jonas Sicking, the fellow who has been assigned the bug. Considering that the bug seems difficult to reproduce, the contradiction is obvious. One would think that more examples might lead to the discovery of a pattern, but that seems to not be the case as far as Mr. Sicking is concerned.

Hopefully he was just feeling a little stressed with a major release coming up so quickly, and his comment will be clarified or withdrawn. If not, I’m guessing this one is going to remain open for quite some time to come.

[Note: it has since been determined that an extension, LiveHTTPHeaders, is the culprit for this bug. My “duh” is withdrawn. My disdain for Mr. Sickling’s response remains unchanged, however.]