Bob Balaban's Bloghttp://www.bobzblog.com/tuxedoguy.nsf/en-usWed, 2 Jul 2008 03:47:22 PM -0500 Wed, 2 Jul 2008 03:47:22 PM -0500 Marland Kennedy Domino Web Services: What if..... SOAP? or REST? (or both?) http://www.bobzblog.com/tuxedoguy.nsf/dx/domino-web-services-what-if.....-soap-or-rest-or-both?opendocument&comments#07022008034722PMERNSDN.htm Mon, 30 Jun 2008 04:46:30 AM -0500 Kerr "Clouds", the sequel
Clearly there are going to be issues with cloud computing and you've raised some interesting points. Companies interested in this approach are going to need to answer all these points and I agree that the "no mining" rule will be high on most priorities. The subtle legal implications are interesting, but will not be fully worked out until test cases have been heard.

If the big cloud providers don't provide answers to these questions, then someone else will. Certainly there are good answers. If companies are happy to offshore huge amounts of manual data processing to third party companies in India, then I don't see the problem with more automated systems.

There will always be examples of data that is just too sensitive that the risk of exposing it to a third party is just too great. How much that will be? Not very much. Not very much at all.]]>
Clearly there are going to be issues with cloud computing and you've raised some interesting points. Companies interested in this approach are going to need to answer all these points and I agree that the "no mining" rule will be high on most priorities. The subtle legal implications are interesting, but will not be fully worked out until test cases have been heard.

If the big cloud providers don't provide answers to these questions, then someone else will. Certainly there are good answers. If companies are happy to offshore huge amounts of manual data processing to third party companies in India, then I don't see the problem with more automated systems.

There will always be examples of data that is just too sensitive that the risk of exposing it to a third party is just too great. How much that will be? Not very much. Not very much at all.]]> http://www.bobzblog.com/tuxedoguy.nsf/dx/clouds-the-sequel?opendocument&comments#30062008044630ERNDGM.htm Tue, 24 Jun 2008 04:06:57 PM -0500 Thomas Bahn "I’ve looked at clouds from both sides, now"
great thoughts and a well balanced reflection - as always. :-)

I want to second Sven Meirte (8) about the security constraints. Think about a - say american - company with 10,000 mail accounts. As with SPAM, a bad guy can run a dictionary attack against "guessed" mail addresses...

I have seen a session at last year's AdminCamp, where some guys from a university showed research results about passwords used in real world companies. Let's say, I don't trust in one-factor-authentication anymore, when many people are involved. :-(

It's as always: you must sacrifice security for convenience (or vice versa).

Another reason for at least German companies would be laws about person related data. Such data has to be handled very strictly here.

My major reason would be distrust: Would I really give Google (or any other company) all my business secrets? Company (cultures) change, laws change, people sell data... Last year someone sold a CD with thousands of customer data from a Luxembourg based bank to the German tax authorities...

Thomas]]>
great thoughts and a well balanced reflection - as always. :-)

I want to second Sven Meirte (8) about the security constraints. Think about a - say american - company with 10,000 mail accounts. As with SPAM, a bad guy can run a dictionary attack against "guessed" mail addresses...

I have seen a session at last year's AdminCamp, where some guys from a university showed research results about passwords used in real world companies. Let's say, I don't trust in one-factor-authentication anymore, when many people are involved. :-(

It's as always: you must sacrifice security for convenience (or vice versa).

Another reason for at least German companies would be laws about person related data. Such data has to be handled very strictly here.

My major reason would be distrust: Would I really give Google (or any other company) all my business secrets? Company (cultures) change, laws change, people sell data... Last year someone sold a CD with thousands of customer data from a Luxembourg based bank to the German tax authorities...

Thomas]]> http://www.bobzblog.com/tuxedoguy.nsf/dx/ive-looked-at-clouds-from-both-sides-now?opendocument&comments#24.06.2008160657ERNSRW.htm Mon, 23 Jun 2008 04:54:29 PM -0500 Marland Kennedy Here are the files from my View presentation "Java Agents in Eclipse"
Thank you

Marland]]>
Thank you

Marland]]> http://www.bobzblog.com/tuxedoguy.nsf/dx/here-are-the-files-from-my-view-presentation-java-agents-in-eclipse?opendocument&comments#06232008045429PMERNTPL.htm Fri, 20 Jun 2008 09:39:36 AM -0500 Jake Ochs "I’ve looked at clouds from both sides, now"
The larger companies (and let's face it, Notes people are culturally ingrained to understand the kind of large organizations that typically deploy it) may find more usefulness in hybrid cloud services, such as augmenting existing apps with Amazon's s3 for peak demand relief or in testing new features or doing business development on cloud computing before committing to the infrastructure requirements to bring the service in-house. I read somewhere about a photo (or video?) sharing site that was able to easily ratchet up storage capacity upon being slashdotted using s3.

Karen:

IMHO, where the line blurs is on the distinction between cloud computing (usually hosting a specific service such as e-mail or discrete application component such as s3 storage) and outright hosting. Is the differentiator the app vs. the underlying later? (say, providing PHP/MySQL hosting) or is the differentiator how the service is maintained? (say, Google's amorphous cloud vs. a singleton such as a VPS.) How would one classify a VPS (Virtual Private Server), then, that moves around (say, a VMWare enterprise implementation) based upon the prevailing conditions at the service provider of the moment? Is that a cloud?]]>
The larger companies (and let's face it, Notes people are culturally ingrained to understand the kind of large organizations that typically deploy it) may find more usefulness in hybrid cloud services, such as augmenting existing apps with Amazon's s3 for peak demand relief or in testing new features or doing business development on cloud computing before committing to the infrastructure requirements to bring the service in-house. I read somewhere about a photo (or video?) sharing site that was able to easily ratchet up storage capacity upon being slashdotted using s3.

Karen:

IMHO, where the line blurs is on the distinction between cloud computing (usually hosting a specific service such as e-mail or discrete application component such as s3 storage) and outright hosting. Is the differentiator the app vs. the underlying later? (say, providing PHP/MySQL hosting) or is the differentiator how the service is maintained? (say, Google's amorphous cloud vs. a singleton such as a VPS.) How would one classify a VPS (Virtual Private Server), then, that moves around (say, a VMWare enterprise implementation) based upon the prevailing conditions at the service provider of the moment? Is that a cloud?]]> http://www.bobzblog.com/tuxedoguy.nsf/dx/ive-looked-at-clouds-from-both-sides-now?opendocument&comments#06202008093936AMERNK7T.htm Wed, 18 Jun 2008 05:10:42 PM -0500 Lee "I’ve looked at clouds from both sides, now" http://www.bobzblog.com/tuxedoguy.nsf/dx/ive-looked-at-clouds-from-both-sides-now?opendocument&comments#18062008171042ERNTZR.htm Wed, 18 Jun 2008 03:03:20 AM -0500 Sven Meirte "I’ve looked at clouds from both sides, now"
I have a customer that was thinking about the cloud computing business but their main concern is security. In Notes each user has its own id file and all security is centrally managed by the System Admin. Notes/Domino has a great security system based on many different levels (from server to field level). But by moving to Google you create an online account. How about that security? When I look at my gmail account it's not even https.

Oh, and I hope there will be a part 2 because I would really love to read more about this subject.]]>
I have a customer that was thinking about the cloud computing business but their main concern is security. In Notes each user has its own id file and all security is centrally managed by the System Admin. Notes/Domino has a great security system based on many different levels (from server to field level). But by moving to Google you create an online account. How about that security? When I look at my gmail account it's not even https.

Oh, and I hope there will be a part 2 because I would really love to read more about this subject.]]> http://www.bobzblog.com/tuxedoguy.nsf/dx/ive-looked-at-clouds-from-both-sides-now?opendocument&comments#18-06-2008030320ERNBG5.htm Tue, 17 Jun 2008 09:55:18 PM -0400 Karen Hobert "I’ve looked at clouds from both sides, now"
1. web-centric: your classic SaaS model where web-based applications are hosted by a provider and users pay to play, such as Google Apps

2. data center-centric: where organizations rent space and web-based applications on hosted servers and have administrative control of the system, like IBM Applications on Demand service. (http://www-935.ibm.com/services/us/index.wss/offerfamily/aod/a1028600)

Both offer the benefits that Bob illustrates, but they vary in the amount of control the customer has on the administration of the system and information. I'd argue that web-centrice (SaaS) model is much more attractive to SMBs where as the data center-centric model is more attractive to large enterprises. As #2 points out, many large enterprises are doing this already.

As far as vendors;

- Microsoft: it's no surprise that Microsoft introduced its Live (web-centric) and Online (data center-centric) cloud computing businesses this last year. They're going for the whole cloud market. From a search perspective Microsoft bought FAST this last fall which is a great technology

- IBM: IBM has classically been great at the data center-centric stuff through its consulting services and the AoD business is the result of that long standing business. IBM Lotus announced its plans for tackling the SMB and SaaS market this year at Lotusphere but the services will likely take some time to emerge on the market. As far as search, Notes/Dominio has good enough search but if you have lots of data in other repositories you'll need something from the OmniFind product line.

- Google: Google Apps is SaaS only and Bob has covered that pretty well

- Yahoo: Also SaaS, although Zimbra can be brought in-house or can be rented from 3rd party SaaS vendors. Of coruse Yahho is the #2 web search so its on par with Google in that sense

There are plenty of other players in the space as well, Zoho and Jive come to mind off hand.

As far has my concerns about Google. It's not whether or not the apps can be secured but rather the business that Google is in - indexing information. I'd be concerned about what is going on with my data on the Google servers. Juxtapose that with IBM and Microsoft that are in the apps business and I rest a bit easier. I'm not saying anything will happen to may data on Google but I question it anyway. Google is probably aware of business customers concerns in this reagard. Especially considering that a signifcant portion of Google's Enterprise division is made up of former Postini folk who should know better. As a precaution, I'd definately pay for the Google Apps service plus the Postini service ($75 per year) to get the SAS 70 II certification that requires an audit track on all data activity. I would sleep easier knowing that all activity on my data was being logged.

For some interesting commentary on Google Apps see the following posts that Guy Creese and I made in April:

Why GMail is Disruptive (April 19, 2008): http://khobert.blogspot.com/2008/04/why-gmail-is-disruptive.html

Google Should Announce Google Exchange (April 8, 2008): http://creese.typepad.com/pattern_finder/2008/04/google-should-a.html

Stark Reminder: Gmail Is Still in Beta (April 17, 2008): http://creese.typepad.com/pattern_finder/2008/04/reminder-gmail.html

A SaaS Lesson for Microsoft: Simplify the Licensing (April 18, 2008): http://creese.typepad.com/pattern_finder/2008/04/a-saas-lesson-f.html]]>
1. web-centric: your classic SaaS model where web-based applications are hosted by a provider and users pay to play, such as Google Apps

2. data center-centric: where organizations rent space and web-based applications on hosted servers and have administrative control of the system, like IBM Applications on Demand service. (http://www-935.ibm.com/services/us/index.wss/offerfamily/aod/a1028600)

Both offer the benefits that Bob illustrates, but they vary in the amount of control the customer has on the administration of the system and information. I'd argue that web-centrice (SaaS) model is much more attractive to SMBs where as the data center-centric model is more attractive to large enterprises. As #2 points out, many large enterprises are doing this already.

As far as vendors;

- Microsoft: it's no surprise that Microsoft introduced its Live (web-centric) and Online (data center-centric) cloud computing businesses this last year. They're going for the whole cloud market. From a search perspective Microsoft bought FAST this last fall which is a great technology

- IBM: IBM has classically been great at the data center-centric stuff through its consulting services and the AoD business is the result of that long standing business. IBM Lotus announced its plans for tackling the SMB and SaaS market this year at Lotusphere but the services will likely take some time to emerge on the market. As far as search, Notes/Dominio has good enough search but if you have lots of data in other repositories you'll need something from the OmniFind product line.

- Google: Google Apps is SaaS only and Bob has covered that pretty well

- Yahoo: Also SaaS, although Zimbra can be brought in-house or can be rented from 3rd party SaaS vendors. Of coruse Yahho is the #2 web search so its on par with Google in that sense

There are plenty of other players in the space as well, Zoho and Jive come to mind off hand.

As far has my concerns about Google. It's not whether or not the apps can be secured but rather the business that Google is in - indexing information. I'd be concerned about what is going on with my data on the Google servers. Juxtapose that with IBM and Microsoft that are in the apps business and I rest a bit easier. I'm not saying anything will happen to may data on Google but I question it anyway. Google is probably aware of business customers concerns in this reagard. Especially considering that a signifcant portion of Google's Enterprise division is made up of former Postini folk who should know better. As a precaution, I'd definately pay for the Google Apps service plus the Postini service ($75 per year) to get the SAS 70 II certification that requires an audit track on all data activity. I would sleep easier knowing that all activity on my data was being logged.

For some interesting commentary on Google Apps see the following posts that Guy Creese and I made in April:

Why GMail is Disruptive (April 19, 2008): http://khobert.blogspot.com/2008/04/why-gmail-is-disruptive.html

Google Should Announce Google Exchange (April 8, 2008): http://creese.typepad.com/pattern_finder/2008/04/google-should-a.html

Stark Reminder: Gmail Is Still in Beta (April 17, 2008): http://creese.typepad.com/pattern_finder/2008/04/reminder-gmail.html

A SaaS Lesson for Microsoft: Simplify the Licensing (April 18, 2008): http://creese.typepad.com/pattern_finder/2008/04/a-saas-lesson-f.html]]> http://www.bobzblog.com/tuxedoguy.nsf/dx/ive-looked-at-clouds-from-both-sides-now?opendocument&comments#06172008085518PMERN4A5.htm Tue, 17 Jun 2008 11:36:39 AM -0500 Timothy Briley "I’ve looked at clouds from both sides, now"
That's the part I like about Google, amazing searches. The part that I don't like is what you mentioned above, that gmail is still in beta. To quote a Lotus Organizer manager back in the 90's, "Some of your co-workers moved their life's data to software still in beta? Those idiots". As long as gmail is in beta, we'll never consider it.]]>
That's the part I like about Google, amazing searches. The part that I don't like is what you mentioned above, that gmail is still in beta. To quote a Lotus Organizer manager back in the 90's, "Some of your co-workers moved their life's data to software still in beta? Those idiots". As long as gmail is in beta, we'll never consider it.]]> http://www.bobzblog.com/tuxedoguy.nsf/dx/ive-looked-at-clouds-from-both-sides-now?opendocument&comments#06172008113639AMERNMGY.htm Tue, 17 Jun 2008 09:32:52 AM -0500 John Smart "I’ve looked at clouds from both sides, now"
a) SLA - Are they on the hook to keep the service up and running? What if they change their minds, or have a planned or unexpected service disruption?

b) Is there a way to migrate and take your data elsewhere if you decide that isn't the service for you?

c) Is there any signed agreement that says they won't share your information with anyone, or even use it internally?

d) If you want to delete information, will it really be deleted or will the provider keep it forever for their own (research?) purposes?

e) Can you easily recover your password if your account is hijacked?

f) Can they provide backups? (if, for example, your account is hijacked, or corrupted, or your users are stupid or dishonest)

caveats:

- There are some services that satisfy these conditions. Services that back up your computer over the network, for example, cover this stuff.

- Some people are willing to accept these risks. I know that for mom & pop shops, loss of their entire email might not be a big deal and they're willing to soley rely on the cloud provider's then-current reputation.]]>
a) SLA - Are they on the hook to keep the service up and running? What if they change their minds, or have a planned or unexpected service disruption?

b) Is there a way to migrate and take your data elsewhere if you decide that isn't the service for you?

c) Is there any signed agreement that says they won't share your information with anyone, or even use it internally?

d) If you want to delete information, will it really be deleted or will the provider keep it forever for their own (research?) purposes?

e) Can you easily recover your password if your account is hijacked?

f) Can they provide backups? (if, for example, your account is hijacked, or corrupted, or your users are stupid or dishonest)

caveats:

- There are some services that satisfy these conditions. Services that back up your computer over the network, for example, cover this stuff.

- Some people are willing to accept these risks. I know that for mom & pop shops, loss of their entire email might not be a big deal and they're willing to soley rely on the cloud provider's then-current reputation.]]> http://www.bobzblog.com/tuxedoguy.nsf/dx/ive-looked-at-clouds-from-both-sides-now?opendocument&comments#06172008093252AMERNK3L.htm Tue, 17 Jun 2008 06:54:44 AM -0500 Kerr "I’ve looked at clouds from both sides, now"
The challenge for the new breed of cloud service suppliers is to answer those questions clearly and convincingly; something they currently seem reluctant to do.]]>
The challenge for the new breed of cloud service suppliers is to answer those questions clearly and convincingly; something they currently seem reluctant to do.]]> http://www.bobzblog.com/tuxedoguy.nsf/dx/ive-looked-at-clouds-from-both-sides-now?opendocument&comments#17062008065444ERNFYR.htm Tue, 17 Jun 2008 05:51:45 AM -0400 Bob Balaban "I’ve looked at clouds from both sides, now"
-- You can use a Notes:// style URL, but only if you know that the recipient has Notes on the desktop, otherwise it's useless.

-- You can use the standard http:// style URL, but only if you know that the server on which the database resides is running the HTTP server, and is accessible from the recipient's location.

It's a reasonable workaround, but not a cure-all.

@2 - Hi Kerr! While your point is perfectly valid, there are lots of people who are uncomfortable with hosting sensitive data in the cloud. For one thing, can you always be 100% sure that you can get it back when you need it?

For another, it's emotionally more nervous-making to know that your online data is really online, but hosted by someone else, compared, say, to a mag tape, which of course could be mounted and read, but is less accessible than stuff on a computer hard drive. It's not just the hoster that could be reading your email, it's anyone who can hack your account, from anywhere in the world.

Of course, you can encrypt everything, but that causes still more issues....]]>
-- You can use a Notes:// style URL, but only if you know that the recipient has Notes on the desktop, otherwise it's useless.

-- You can use the standard http:// style URL, but only if you know that the server on which the database resides is running the HTTP server, and is accessible from the recipient's location.

It's a reasonable workaround, but not a cure-all.

@2 - Hi Kerr! While your point is perfectly valid, there are lots of people who are uncomfortable with hosting sensitive data in the cloud. For one thing, can you always be 100% sure that you can get it back when you need it?

For another, it's emotionally more nervous-making to know that your online data is really online, but hosted by someone else, compared, say, to a mag tape, which of course could be mounted and read, but is less accessible than stuff on a computer hard drive. It's not just the hoster that could be reading your email, it's anyone who can hack your account, from anywhere in the world.

Of course, you can encrypt everything, but that causes still more issues....]]> http://www.bobzblog.com/tuxedoguy.nsf/dx/ive-looked-at-clouds-from-both-sides-now?opendocument&comments#06172008045145AMERNDKW.htm Tue, 17 Jun 2008 04:45:02 AM -0500 Kerr "I’ve looked at clouds from both sides, now"
Sometimes it's in file box full of dead trees sometimes it's on magnetic tape, but this goes on all the time. If your organisation can come to some agreement with a third party for secure storage of that data, it seems pretty straight forward to extend that so that the data is available over a network rather than via a courier.

Then there are call centres and data centres that are outsourced to third parties. So again third parties are handling potentially sensitive information for your organisation and you need to have good governance in place to make sure your data stays your data. It doesn't seem like too much of a stretch to take the next step.]]>
Sometimes it's in file box full of dead trees sometimes it's on magnetic tape, but this goes on all the time. If your organisation can come to some agreement with a third party for secure storage of that data, it seems pretty straight forward to extend that so that the data is available over a network rather than via a courier.

Then there are call centres and data centres that are outsourced to third parties. So again third parties are handling potentially sensitive information for your organisation and you need to have good governance in place to make sure your data stays your data. It doesn't seem like too much of a stretch to take the next step.]]> http://www.bobzblog.com/tuxedoguy.nsf/dx/ive-looked-at-clouds-from-both-sides-now?opendocument&comments#17062008044502ERNDFP.htm Tue, 17 Jun 2008 02:58:05 AM -0500 Volker Weber "I’ve looked at clouds from both sides, now"
One thought about the Workflow apps: in Notes you often send document links. If you send proper URIs instead, things get easier.]]>
One thought about the Workflow apps: in Notes you often send document links. If you send proper URIs instead, things get easier.]]> http://www.bobzblog.com/tuxedoguy.nsf/dx/ive-looked-at-clouds-from-both-sides-now?opendocument&comments#06172008025805AMERNBCU.htm Sat, 14 Jun 2008 06:03:57 PM -0500 Kevin Broccard I will be showing up....at ILUG (and presenting a session) http://www.bobzblog.com/tuxedoguy.nsf/dx/i-will-be-showing-up....at-ilug-and-speaking?opendocument&comments#06142008060357PMERNV32.htm Tue, 10 Jun 2008 09:43:59 PM -0500 Simon What if....Java in Domino were better?
A reason why we 'need' persistent objects in java agents is

a) You can't use servlets as web query save

b) You can't use servlets as web services, well... ok you can but now that you have a Web service data type having persistence across calls would be sensational. I am sure domino WebServices are just wrapped up agents =)

Currently lack of persistence is my single greatest problem

Simon]]>
A reason why we 'need' persistent objects in java agents is

a) You can't use servlets as web query save

b) You can't use servlets as web services, well... ok you can but now that you have a Web service data type having persistence across calls would be sensational. I am sure domino WebServices are just wrapped up agents =)

Currently lack of persistence is my single greatest problem

Simon]]> http://www.bobzblog.com/tuxedoguy.nsf/dx/what-if....java-in-domino-were-better?opendocument&comments#10062008214359ERN58J.htm Tue, 3 Jun 2008 06:27:51 AM -0500 Klaus Terman Recursion or Iteration? YOU decide... http://www.bobzblog.com/tuxedoguy.nsf/dx/recursion-or-iteration-you-decide...?opendocument&comments#03-06-2008062751ERNFFY.htm Sat, 24 May 2008 01:09:10 PM -0500 chester What if.....we didn’t use <font> tags in our HTML output anymore?
{ Link }]]>
{ Link }]]> http://www.bobzblog.com/tuxedoguy.nsf/dx/what-if.....we-didnt-use-font-tags-in-our-html-output-anymore?opendocument&comments#05242008010910PMERNPAS.htm Wed, 21 May 2008 02:54:10 AM -0500 Bob Balaban QA and Dev, the "Itchy and Scratchy" of Software Production?
However, in a complex environment, with masses of code and an overriding fear of touching too many things, lest one break stuff, imposing TDD too strongly on developers can lead to complete paralysis.

The biggest problem I've seen with this approach is that it falls apart when management declines to invest in building an automation framework that can be used over and over to facilitate TDD. Admittedly this is a big project, on a scale with product development (after all, you have to not only build, but QA/validate the test harnesses. You'll want doc as well).

So, I guess my reaction is, if you've got real corporate commitment to doing it right, TDD can be a fine thing. Otherwise, it's just another time-wasting gimmick.]]>
However, in a complex environment, with masses of code and an overriding fear of touching too many things, lest one break stuff, imposing TDD too strongly on developers can lead to complete paralysis.

The biggest problem I've seen with this approach is that it falls apart when management declines to invest in building an automation framework that can be used over and over to facilitate TDD. Admittedly this is a big project, on a scale with product development (after all, you have to not only build, but QA/validate the test harnesses. You'll want doc as well).

So, I guess my reaction is, if you've got real corporate commitment to doing it right, TDD can be a fine thing. Otherwise, it's just another time-wasting gimmick.]]> http://www.bobzblog.com/tuxedoguy.nsf/dx/qa-and-dev-the-itchy-and-scratchy-of-software-production?opendocument&comments#05212008025410AMERNBAE.htm Wed, 21 May 2008 02:38:20 AM -0500 Bob Balaban Calling Notes CAPI from C#/Visual Studio
To your second question: when you have a BLOCKID, you want to use OSLockBlock (and OSUnlockBlock) to convert to a buffer pointer.

These are macros defined in pool.h. The "lock" operation uses OSLockObject to deal with the ".pool" part of the BLOCKID, then adds the ".block" portion of the struct as an offset. Often the offset is a 0, but not always.]]>
To your second question: when you have a BLOCKID, you want to use OSLockBlock (and OSUnlockBlock) to convert to a buffer pointer.

These are macros defined in pool.h. The "lock" operation uses OSLockObject to deal with the ".pool" part of the BLOCKID, then adds the ".block" portion of the struct as an offset. Often the offset is a 0, but not always.]]> http://www.bobzblog.com/tuxedoguy.nsf/dx/calling-notes-capi-from-cvisual-studio?opendocument&comments#05212008023820AMERNAYH.htm