Entries Tagged 'Technology' ↓

An article I co-authored just went live on the IBM developerWorks site.

ASP.NET Authentication using LTPA and Tivoli Federated Identity Manager (TFIM)

In this article, we show you how to enable your ASP.NET applications for federated single sign-on utilizing the IBM® Tivoli® Federated Identity Manager (TFIM) 6.1.1.1 to translate LTPA cookies set by IBM WebSphere® Application Server. We show how to create an ASP.NET HTTP module that extracts the LTPA cookie then uses TFIM to translate the token into a username via WS-Trust.

Check it out here.

The dust has settled on the XACML interop event at the Burton Catalyst conference, and by all measures the event was a success. We achieved a full 8×8 success matrix on both use cases; meaning the participants could call each others Policy Decision Servers, as well as import the XACML policy produced by the other products.

Interestingly enough, most of the challenges faced in the preparation for the event lay not with the XACML technology pieces themselves but with the supporting technologies. For example, ensuring that the right SOAP version is used for the SAML message exchanges and things of that nature.

So what did IBM show at the event? What we demonstrated was an internal IBM authorization component that is used by some of our products. This Java-based component, which is designed to save products re-implementing authorization functionality, contains a fully-blown native XACML decision engine.

We were asked many times during the event about product plans for XACML. For example, “When is this going to be in a product?” The answer is that there are a few pieces of the puzzle that have to be filled in before we can reach that point. The primary piece is around the manageability of XACML policy - it’s verbose, and quite honestly non-trivial to author, and the tooling just isn’t there yet.

That’s not to say that using XACML as a policy exchange mechansim isn’t worth chasing, because it definitely is. But this is a chicken and egg problem - you can’t have the policy editing tools without the evaluation engine. The evaluation engine demonstrated at the interop is an important step towards the wider adoption of this technology.

On a personal note, it was fantastic to meet some of the driving forces behind this standard. The spirit of collaboration was alive and well, there was a point when I was helping to debug a problem that Jericho Systems and Redhat were having! This open approach, from all vendors, contributed greatly to the success of the event.

It’s hard not to get caught up in the iPhone hype, especially if you’re in a hotel only a few blocks from the Apple Store in downtown San Francisco. The line was already a block and a half long at midday, and it’s only going to get worse from here.

The initial reviews are already in, most notably from David Pogue of the New York Times (link), and there’s a couple of interesting tidbits I’ve picked up that may stand in the way of widespread adoption when this device finally makes it too Australia.

• Lack of 3G support - The iPhone only supports the EDGE, which is an enhanced version GPRS, for data transmission over the phone network. This is probably the biggest criticism of the device in general, even for US consumers. Relying on WiFi connectivity to ensure decent data transmission isn’t going to cut it in Australia. We simply don’t have widespread deployment of WiFi hotspots.
• No MMS - The iPhone does not support MMS, or picture messaging. They really dropped the ball on this one. MMS is widely used in Australia, and if …every phone on the market suppports it and the iPhone doesn’t… well I’m not going to spend over US$500!
• Cheap data plans - AT&T has really stepped up to the plate and is offering plans with unlimited data transmission, whether any Australia Telco will do the same remains to be seen. Steve Jobs will really have to work his magic for this one to happen.

Regardless of the above, I’m looking forward to seeing what this device can do. My Google Reader should be quaking in anticipation of the blog storm that this thing is going to whip up come 6 PM!

One of the biggest annoyances I’ve found when starting to use Apache Axis2 for web services is the new XML object model called AXIOM.

The annoyance comes from the fact that the W3C Document Object Model (or “DOM”) is so commonly used that converting between DOM and AXIOM happens often enough to be annoying. Adding to the frustration was the fact that I couldn’t find any way to convert between the two without writing the conversion code myself.

As it happens, theres a utility class provided that can do these conversions for me. This class is org.apache.axis2.util.XMLUtils, and it provides methods for the following common operations:

• Converting to and from W3C DOM objects.
• Creating an AXIOM tree from an InputStream or Reader.
• Get namespace prefixes and QName objects from DOM nodes.
• Base64 encode a byte array.

Hopefully this post will get picked up by Google and save other developers the frustration that converting between DOM and AXIOM caused me.

Back when Apple and EMI announced they were going to sell DRM-free files on the iTunes Music Store, I made the following comment in my post.

It will be interesting to see if they files are “tagged” or watermarked somehow, so that there is still some accountability if the files end up on the P2P networks. I really hope this is the case, I would hate for piracy to be used as an excuse to stop a bold move such as this.

Well the time has come when Apple has rolled out the DRM-less tracks, and according to a piece by Ars Technica this is exactly what they’re doing.

They pose the question:

We also have to wonder: who is buying DRM-free music with the plans of slapping it up on a P2P share, anyway?

I don’t think people will actually plan to share the music. I’d imagine many people share their music folder, which will include the files they have legally purchases, making them available for others to download. Until now these purchased tracks have been useless to anyone else, but not anymore…

Update (20070601): The EFF is reporting that Apple might be encoding significantly more than just names and email addresses in the downloaded files. See here.

I’ve finally decided to give Windows the flick from my system at home. My Windows XP install had decided to do all sorts of crazy stuff, such as not let iTunes save it’s library file and to run out of RAM inopportune moments. While a yearly re-install is somewhat expected with Windows, it finally annoyed me enough to make the “big switch”.

While I’ve been using Fedora Core 6 at work for some time now, I decided to try Ubuntu at home. Why? It’s reputation as a stable and usable system, with a community that is focused towards everyday use. So far I’ve managed to get the Nvidia drivers installed, and xorg configured to use my Dell 2007WFP in widescreen; both required manual editing of the /etc/X11/xorg.conf file.

I also have Amarok set up for playing music now, and I must say I’m VERY impressed. One of my biggest concerns with ditching Windows was the lack of iTunes. So far, Amarok seems like a very suitable replacement. I’m especially impressed with the last.fm integration, as well as the whole “context” menu on the left of screen.

So far…

Pros:

• No more pirated software
• Hopefully no more periodic reinstalls
• Amarok is awesome
• Beryl is slick

Cons:

• Getting video drivers working STILL requires hacking xorg.conf
• Pidgin isn’t in the “Add/Remove” software installation menu yet
• My other partitions are all NTFS still, so I may have some file permission issues to sort out

To do:

• Find out if GnuCash is a suitable replacement for Microsoft Money
• Get my iPod synced with Amarok

EDIT ( 2007/05/29):
Done:

• NTFS hasn’t been any issue, I have full read-write access after using nfts-3g
• Get all my Samba shares set up so I can watch things on XBMC
• Find out how to use BitTorrent on Linux!
• Worked out the GnuCash can’t import Microsoft Money’s .mny files, and I should’ve exported to QIF first. That’s not the impression I got from the GnuCash main page…

This is the big news of the morning. Apple and EMI have announced that they will be dropping D.R.M. (Copy Protection) on music from it’s catalogue in the Apple iTunes Music Store. The unprotected songs will come at a price premium of roughly 30%, however they will also be encoded as 256 kbps AAC instead of 128 kpbs.

This is long overdue. Apple are in trouble in the EU for the iPod - iTunes lock in, and consumers have been long frustrated by the limits copy protection places on their legitimate purposes. Using the carrot of higher quality is also the right move, I think - entice people to move away from DRM without it being the only reason, as most people won’t care and probably take the cheaper option.

It will be interesting to see if they files are “tagged” or watermarked somehow, so that there is still some accountability if the files end up on the P2P networks. I really hope this is the case, I would hate for piracy to be used as an excuse to stop a bold move such as this.

I wonder how long until this shows up in the Australian iTMS…

Coverage: NY Times, Ars Technica

It’s interesting to see the difference in the way that News Corporation and Fairfax Media reported on the PS3 launch last week.

The Sydney Morning Herald reports:

The launch of Sony’s PlayStation 3 games console got off to a feeble start last night with officials, media and security outnumbering customers for most of the evening.

The Australian IT section, in contrast, makes no mention of a poor turnout - simply saying that:

GAMERS queued outside retail stores across Australia to buy Sony’s PlayStation 3 (PS3) from the stroke of midnight.

You’d think working for IBM’s Software Group would mean we have revision control sorted, right? Well, not quite. We use an internal system called CMVC - Configuration Management Version Control. There’s no reliable integration into developer’s tools (such as Eclipse); you can use either a command-line interface or a dated Java GUI. The servers are based in Austin, so it’s slow to work with from Australia.

It does have strengths though, mostly around it’s integration of defect management with source control. This tends to lead people towards the “one defect, one commit” policy I mentioned earlier, however it does come with overhead. My process to check in some source changes are as follows:

1. Create a defect, if one doesn’t already exist for the change I’m making.
2. Modify the owner of the defect to be me, rather than the owner of the “component” the defect was raised against.
3. Accept the defect.
4. Create a track for the defect.
5. Select the files I want to modify from a list of all the files in the release (or component). Make sure I don’t unselect the list of files!
6. Use a diff tool to merge the local changes into the checked out files. This isn’t a case of copying the modified files, as there are version control flags like ‘%F%X’ that need to be preserved in the checked out files.
7. Using the file list selected earlier, check in the changed files.
8. If you didn’t change a checked out file, “unlock” it.
9. Each “component” that contains a file you modified now has a “fix record”. Set all these fix records to “complete.”
10. When all the fix records are complete, the track you created earlier should now be in the “integrate” state. Make sure this happens, else your code won’t be included in the next build.
11. To make sure our local (ie not in Austin) copy of the backing source gets updated, kick off a script on an internal server to extract the changed files.

Sounds complicated? It is. No wonder so many teams use CVS locally and push changes across the Pacific once a week. In the system’s defense, it’s not designed for rapidly changing development environments. It’s strength is in tracking and managing changes caused by discovered defects in stable code bases.

While there may be newer and better alternatives, this does the job and does it without breaking. Mostly.

Michael Gall over at wakeless.net has written a three-part series on revision control.

• Revision Control
• Why Should You Use Revision Control?
• What’s Wrong With Revision Control?

It’s a good overall introduction to what revision control is, as well as the need for it and current weaknesses in the main revision control systems.

Michael makes the important point that integrating revision control into a developer’s work flow should be a priority. The harder the revision control system is to use, the longer developers will take between committing changes. This increases the risk that multiple “logical” changes are grouped into one commit, making it so much harder to roll back a specific change if a defect is discovered. In my opinion, a defect should be handled by one and only one commit into the source tree.

I’ll follow up with a look into the revision control I use every day in my work with IBM.