Hehe… maybe I wasn’t as right as I thought

One of the best things about having this blog is that there are a number of very bright people who are more than willing to call me on my assumptions and perceptions, and a bunch of folks came out and did exactly that on my 2004 reflections post. For example, a friend emailed me and said

    Nice score indeed but you gave yourself plenty of wiggle room by not providing numbers 🙂

Guilty as charged. 🙂

    That being said, are you serious when you say P2P is dying? Have you used edonkey or bittorrent lately?

And here we get to the crux of the thing: Nope, never used either of them, and as soon as Cedric’s email (and Einar’s and Simon Brunning’s comments) showed up, I went to BitTorrent’s website and had a look around. Interesting, but what was even more interesting was Cedric’s next comment:

    Let me make a prediction of my own: P2P will become so prevalent in the next five years that people will simply stop subscribing to expensive cable/satellite dishes and download (legally or not) all their TV shows on P2P networks.

Wow. Interesting. Now, while I could weasel and say that I don’t think that BitTorrent is quite what I had in mind when I used the term "P2P", that’s not really going to go very far, because it clearly is building on many of the same principles that original peer-to-peer built on. What I was originally thinking was the sort of unspoken idea that most servers would sort of disappear in favor of a peer-based cloud of uncategorized resources, sort of what the "downloading music" frenzy was looking for, and that seemed to have no great future. BitTorrent definitely has some interesting ideas to it, but I still don’t see that it’s going to revolutionize the industry–yes, it provides faster downloads, but that’s about the sum total of it, at least thus far. But, admitting my own lack of experience here, I’ve not used it–just read the protocol specs–so I can’t speak with authority here.

How about we say "the hype surrounding peer-to-peer" will finally go away? Can I get away with that? 🙂

Meantime, a few other comments piqued my attention, as well:

    Microsoft did get sued again – lot’s of times. Its just that there wasn’t anything really, really big. They settled out of court for hundreds of millions multiple times, and have just lost part of the battle in Europe. (From Sandeep Kath)

Probably should have clarified the intent–that Microsoft would get sued by a major player, like Sun, IBM, Novell (as Michael Koziarski suggested), which didn’t seem to happen.

    "… realize that "objects" and "XML" don’t, in fact, go together like peanut butter and chocolate …" Since most people who don’t live in the USA think peanut butter and chocolate don’t belong together in the same room let alone in the same food item, maybe your prediction is more accurate than you thought. (From Tobek)

Supposedly, sales of Reese’s chocolate-and-peanut-butter products recently have been taking off worldwide. But, I’ll also admit, the reference was actually to an old US commercial back in the late 70’s, I think, where Reese’s was advertising their product by having somebody with peanut butter and somebody else with chocolate bump into one another and complain about how each ruined the other’s snack, until they tried it and found that "chocolate and peanut butter are two great tastes that taste great together". Hence the reference. (Sorry for the American pop culture lesson if you didn’t care to know the history, but that does perhaps explain it more clearly.) That said, hopefully the rest of the industry starts to gain the same skepticism about objects and XML that the rest of the world appears to have about chocolate and peanut butter. (As for me, I love Reeses’ stuff. 🙂 )

And as to Einar’s comments that .NET’s adoption in the large-scale enterprise has been a "miserable failure", I just have to punt–any statistics any of us care to quote have to be heavily explained and analyzed, since, as I believe it was Benjamin Disraeli put it, "There are three kids of lies in the world: lies, damned lies, and statistics". Any numbers I or you could quote would likely be coming from sources that have an agenda to push, making them suspect. Anecdotally, Einar, you’re right–I don’t see .NET making headway into large-scale enterprise systems. But at the same time, I don’t see Java making headway into small-scale enterprise systems, either, and both are gunning for what the other has. The point being, the large-scale enterprise isn’t the only place that companies and developers are or will be developing code.

So, I dunno, do I get four out of six?

Want to play around with GC in .NET?

Courtesy of the DOTNET-ROTOR list, I’ve download RMTk, the Rotor Memory management ToolKit, a port of the MMTk toolkit (a Memory Management ToolKit in Java) to the Rotor/SSCLI codebase. According to Andrew Gray’s home page for RMTk,

    A significant part of the project has been completed. MMTk’s null GC, mark-sweep, semi-space and generational mark-sweep algorithms run with SSCLI. The code and information on building and running the port is available. The code is not fully developed, it has not been well tested and significant areas of functionality (for example, support for finalization) are missing.

Not bad. While you’d never use Rotor for a production system (Lord, I hope not, anyway….), learning how the various GC systems work is not only a good educational opportunity, but with the .NET 2.0 release, the CLR has hooks to allow people to write and plug in their own custom GC implementations (it was necessary for Yukon, since SQL Server does all its own memory management for optimizations’ sake), and that would conceivably allow third-parties to plug in new GC implementations for particular reasons. Interesting, wot?

In the meantime, I’m also pulling down the MMTk, which is part of the Jikes RVM (Research Virtual Machine) from IBM. It’s a JVM dedicated solely to research-level topics, and so has Java APIs for lots of JVM-level stuff, like bytecode manipulation and such. Wish it ran on Windows (there’s just Linux/Unix-based releases available, and I’m not brave enough to try and port it), but that’s why God invented Virtual PC, right? 🙂 Jikes RVM looks to be a definite recommended download if you want to play around with JVM internals.

Peter Drayton announces generics are now CLS

Peter Drayton posts a blog entry to the BCLTeam’s Weblog stating that they’ve decided to make generics CLS-compliant, thus ensuring that every language which is a CLS consumer (which most are) must also understand generic types, which is very cool. This has a couple of impacts to the .NET community:

    Programmers defining generic types in C# or VB 8 won’t have to worry about trying to build non-generic equivalents for other languages (like JScript); generics will always be available.
    By virtue of the above, we can assume that consumer libraries will also begin to adopt generics as well, making them vastly more useful in the long run.
    By virtue of the above (again), we can also assume that generics will more quickly thread their way through the BCL itself, thus giving us room for things like strongly-typed DataSets (using CLR types this time instead of XML schema) and less-type-unsafe libraries (like ADO.NET is currently). Imagine WinForms controls enforcing type-safety on what they can bind to, by virtue of genericity constraints, for example.

It also marks an ambitious decision, because it means incorporating a few new features into the various compilers between Beta 1 and Beta 2, so while I’m really glad they made this decision, I’m also not 100% convinced that it’s actually going to happen….

Ted, en Espanol…

JavaHispano, a Spanish Java/J2EE portal, asked to interview me, and the results are now posted on their website, in both English and Spanish. This marks the third language I’ve been translated to, officially; the first two were official translations of Server-Based Java Programming, to Korean and English. 🙂 (To be specific, it was slightly reformatted for sale in India.)

Martin Perez, who wrote up the questions, did a pretty good job coming up with some questions that just begged for candid answers, like:

    I’m just curious. How can the same man write Effective Enterprise Java and being TheServerSide.net chief editor -without entering to talk about your dark side books 🙂 – at the same time ?

or

    Considering the different solutions, platforms, products and languages present today. For any enterprise, is open integration the key to survive on the IT world ?

and its followup

    But talking about Web Services, we found them very immature yet, as many standards are opened yet. Will be this the year of Web Services ?

and one of my favorites

    In your book, one of your advices is to not forget rich clients. But, if we look at most of the published books, each nine of ten talks only about web application world. Are really rich clients live and ready for enterprise applications ?

Man, remind me never to do a live interview with these folks! 🙂

Even if you don’t speak Spanish, there’s some other good interviews in English to read, like Jason Hunter on servlets and XQuery, Erik Hatcher on Lucene, Jack Shirazi on performance tuning…. Go check it out.

Kirk Pepperdine blasts the .NET Rocks! show with me, Don and Mark

Kirk Pepperdine recently blogged about his reaction to a .NET Rocks! radio show spot I did with Don Box and Mark Pollack (of Spring and Spring.NET fame). And boy, Kirk holds nothing back in his reaction. Given his candor, I felt it appropriate and respectful to at least recognize his comments and offer up my own reaction.

Kirk opens his commentary with the following:

    In an episode of .Net Rocks, Carl Franklyn interviews Mark Pollack, Ted Neward and Don Box on Java, .Net and the future. The show starts off with Carl practically calling Java programmer Neanderthals because (oh my gosh) we actually had to write code. He then goes on to down play just about every innovation that did not come from Microsoft. Ok, with a show named .net rocks I expected a certain level of propaganda but in this case, the level of rhetoric was so loud that I only continued to listen because I expected the venerable voice of reason, Ted, to speak up.

    and I waited….. and waited…..
    Ted Neward is someone that I’ve admired because of his ability to sit on the Java Microsoft fence and till now, has seem to avoid getting splinters in his ass. But now I wonder if he?s not sacrificing his integrity when he shows up on net talk shows such as this one. Was Ted sitting in silent agreement?

Not hardly, Kirk, but I can clearly remember being on the phone and wanting to make sure that I gave the other two (Mark and Don) their fair share of radio time. See, I have this reputation (fairly earned) for going on for days about a subject, and I didn’t want this to turn into the "Ted Neward show" by just talking and talking and talking…. Kirk notes later that I seemed to have found my voice, but let me be 100% clear and say that at no point was I deliberately keeping quiet out of some political agenda–I just genuinely wanted the other guys, particularly Mark, who was the original guest host when Carl invited me to join, to get some air time. Nothing more than that.

Kirk also says,

    In blatant, no brazen attempt to discredit the usability of Spring, Carl Franklyn asked one question that, just like the one asked of Rumsfeld in Iraq, had all the earmarks of being planted. I say planted because when the panel turned to the much more interesting question or O/R mapping, the host suddenly disappeared from the conversation! Was the panel out of your league Carl? Too hung up in data holders to understand what an object model looks like? And just why where you trying to discredit Spring? Where you threatened that you might actually have to know more than one thing to be functional in the real world?

OK, let me put one thing straight here: Carl is a bright guy, but he knows nothing–less than nothing, in fact–about Java, and Carl was trying to make sure, as any good talk show host will do, that the conversation kept flowing. As one who’s done interviews in the past, you have to prepare some questions, preferably good ones that will keep the guests talking for a while, ahead of time. Carl stopped talking because it became fairly apparent as the show went on that Mark, Don and I needed little–if any–prodding to keep chatting. I am willing to go out on a limb here and say that he stopped talking because the point of the show is for the guests to talk, not him, and he, like any good talk show host, knows that and when it happens, lets it happen. Please don’t bash Carl out of ignorance–he’s a genuinely good guy and I sincerely don’t believe he had any kind of "bash Java" agenda for the show.

    Ted certainly got back on track pretty quickly once the host exhausted his limited knowledge and let the other speak. In a back at’chit, Ted said that the Java community is more open, more prone to injecting things back into the community than Microsoftites are. And no wonder if the reaction to your work is to get slapped in the face by some wannabe radio talk show host! Why suffer the indignation when the Java community will respect what you?ve contributed! Enough bile, onto the question

Again, this wasn’t to put Carl "into his place" or anything–it’s just a genuine explanation of how things work in the Java community that people who live and breathe in the .NET world may not know about. Unless you live in both worlds, it’s easy to believe that the other guys work exactly the same way you do, and let me be the first to tell you, that is NOT the case with these two communities. That’s why I sometimes describe myself as the .NET Ambassador to Java or the Java Ambassador to .NET.

Kirk next hits on an interesting point of the show:

    What happens if you return or pass this. Apparently you end up by passing the dynamic proxies that Spring weaves into your code. Interesting does this mean that code written to the Spring framework cannot use double dispatch and other OO techniques that rely on the ability to perform call backs? From the answers given by Mark this would appear to be the case. As Ted put it, this hasn?t seemed to have been a problem as the Java community hasn’t used the framework like that. Even so, it was admitted by all that Spring maybe a bit broken in this regard.

What Don was referring to is that in COM, when an object is placed into a COM Context, they have to do a bunch of work to make sure that if the object placed in that Context ever returns "this" (the C++ reference-to-self), it’s not the actual raw object pointer but the pointer to the interceptor that invokes the Context gunk first. In EJB, this would be the difference between taking the raw pointer to bean as opposed to taking the handle to the bean–the handle is safe to pass around, the reference itself may not be. And yes, the Java community hasn’t run into this problem nearly as much as the COM guys did, apparently. (The COM space is somewhat out of my depth–I never did any COM work "in anger", so I don’t know how problematic the problem really was. If Don says it was, though, I have a tendency to believe him.)

Kirk then goes on to a lengthy–and good–treatise on O/R mapping, describing his experiences with O/R and to criticize the discussion, ending with this:

    If there is one more major point that Ted missed in his discussion of O/R mapping. Though it was pointed out that Microsoft has very little experience with O/R mapping where as Java has been struggling with it for 8 years or more, it should also be noted that Java and O/R mapping really grew up together. Note that before Java, only TopLink was available as a commercial product. Consequently, Java has made many mistakes while trying to crack this tough nut. As dot net and Java converge, it is clear that Java will need to become more agile while dot net will start to face the enterprise sized questions such as; just how should we persist an object?

In point of fact, the rumor has it that Microsoft has been down this O/R road a couple of times before internally, and that they’ve backed away from it each time for precisely these reasons. And yes, Kirk, you’ve nailed it on the head: both Java and .NET are going to have to figure out how they want to crack this nut, and my vote is for doing it at the language level, although your idea of tackling it at the VM level is also a good one. (The VM approach I think would just be harder to support across versions and across platforms in the case of the JVM.) For what it’s worth, there was an experimental VM from Sun (PJava?) that went down this object-persistence-in-the-VM road, and it was interesting to look at some of the papers that came out of it. (I will probably go back and have another look before too long, though the project stopped work, as I recall.)

Ultimately, though, Kirk (and others) are basically asking me for a detailed Java Vietnam essay, and I promise to deliver one within the next month or so. It’ll probably kick off my new blog system sometime in February or March; be on the lookout to change your RSS aggregators, though I’m going to try and preserve the old links somehow, either by just storing off the old weblogs as static HTML, or by writing a filter to redirect to the new blog where I’ll have ported over the entries (though possibly not the comments, we’ll have to see).

Kirk rounds out with:

    Just to round out the show, the host biles two report writting products (Crystal being one of them) in favor of the Microsoft product. Man, if you have to bash your competitors….

Oh, and Sun or BEA or IBM never bash their competitors? Fact is, Crystal has a seriously negative reputation as a reporting tool, and a LOT of VB programmers have told me that they’d use anything other than Crystal if something else even remotely close to it were available. I haven’t heard this reaction from Java folks nearly as often, and I’m honestly not sure why, except that maybe we never used it as much, being more server-focused and Crystal being more client-focused. *shrug*

In the end, I thought it was a good show, and a good information exchange between two groups that approach the same problems in very different fashion. Did anybody in the Java world suddenly come to embrace .NET because of it, or vice versa? No, but that wasn’t the point of the show, either, and to assume that anything that has ".NET" in it is a thinly-veiled attempt at evangelism is to make some serious false assumptions regarding the people in the .NET world.

Still think all ‘Softies are evil?

From Bryan Keller’s weblog, from the 13th of this month:

    We received a mail today highlighting just some of Microsoft’s contributions to the tsunami relief fund. I think it’s amazing the amount of generosity the people at this company show. Here’s a snippet of the email:

        As Steve announced in his e-mail of December 30th, Microsoft has made an initial contribution of $2 million to relief and recovery efforts. We also estimated that we would donate an additional $1.5 million to match employee contributions. While we still await comprehensive figures from our international subsidiaries, partial reporting shows that to-date employees have contributed more than $1.8 million, which Microsoft will match. Offices around the world are raising funds in a variety of ways; in EMEA, employees contributed $420,000, to date. Microsoft India reports that 70% of employees have pledged a day of their salary for the relief efforts. These are just two examples of the generosity of our employees.

    That’s an average of $112 per employee, in addition to whatever money people donated separately from our internal matching drive. That makes me pretty proud to work here.

Now THAT’S community involvement.

Folks, I dunno about you, but I’m deeply humbled and impressed that 70% of all the employees at Microsoft India surrendered a day of their salary to the tsunami victims. That’s just awesome. I echo Clemens’ sentiments: "Since my time will be auctioned, too, I can already promise that I will employ a rather liberal interpretation of "hour" if we get enough money in."

“This XML over HTTP thing was supposed to be easy”, he says…

From the Java quarter, a suggestion that those who "are creating a publically available webservice", to "make sure it is available over HTTPS and encourage people to use the HTTPS version":

    There are way too many badly behaved firewalls and proxies (from companies that should know better) that munge things in ways that are very hard to debug. … For instance (just as a totally random example that I swear has caused me no pain what-so-ever over the last few weeks…), Checkpoint’s NG55 firewall has built in "Cross Site Scripting Protection". Unfortunately, it failes to check MIME types, SOAP actions or ever the user agent header – it just blindly drops any content that contains various defined keyword. It’s a stupid, stupid idea (especially since it doesn’t seem to check unicode versions on the same strings) that is best protected against by running over HTTPS.

Unfortunately HTTPS only protects during part of the story–and it only works with HTTP. Transport-level security only protects the data while it’s in transit, and with a growing adoption rate of Web services comes a growing movement to use other transports as well. (Question for those who think HTTPS is enough to secure your Web service: Where do most credit card numbers get stolen from? Answer: the database, where HTTPS/SSL has no effect whatsoever.) This is why WS-Security (and its related specifications) were created, and unfortunately is a sign that Web services are "growing up".

I’m sorry you got sold the bill of goods that said that "XML over HTTP" was supposed to be easy–it’s only easy so long as you did simple things with it. This is what REST is all about, for example. But as we start to use something good, we start asking more and more of it (like to be secure as the data travels in transit), and that’s when the harder stuff starts to creep in and everything gets complicated again.

After all, it wasn’t that long ago when we were happy just to have TCP/IP standardized across the network–after all, how hard can it be to open() a socket and read() and write() to it?

More on “XML over HTTP”

A couple of comments on that post deserve further response:

    Matt wrote:

        How would WS-Security improve the CC#-stolen-from-the-database scenario?

    Depends on how you want to look at it. If the database in question is the "final repository" for the credit card, it probably won’t. But if this message is resting in the database (or on the filesystem, or….) while waiting to be processed, then WS-Security will help, because it secures the entirety of the message, not just while the message is traveling across the network (which is what SSL buys you).
    An anonymous commenter wrote:

        Ted, While I agree that SSL is not the end-all in security I think you missed the point of your quote. The poster was trying to explain that since SSL does encrypt its payload it has the benefit of preventing well meaning yet fundamentally flawed intermediaries from acting upon the data they’re supposed to be delivering. The firewall in this instance.

    An "intermediary" that wants to act on the payload isn’t really an intermediary anymore, but a processing node in its own right that participates in a workflow chain. An intermediary certainly has the right and responsibility to affect the message headers, but not the payload itself. To say that SSL provides the "benefit" of preventing well-meaning intermediaries from doing this is to hide the ill-behaved nature of the intermediary itself, and doesn’t properly address the problem.

Cathi talks about Extender Providers

A while back, Cathi Gero and I got into an extended discussion about the Decorator design pattern, and she brought up the .NET Extender Provider implementation, which I frankly admit I hadn’t seen before. Now she’s blogged about it and based on what I read there, I’ve got to admit, it’s a lot more like an aspect than an actual decorator–the ProvideProperty attribute essentially acts as a pointcut, and the extender provider itself as the advice. (The weaver is arguably either VS.NET or the WinForms library, I’m not entirely sure which.)

Which, of course, begs the question–now that JDK 1.5 has annotations, could one do something similar in Java? Yet another little research project to go onto the list….

My head hurts

I used to think I know C++ pretty well, but between the various "red books" that Addison-Wesley’s been sending me, I’m rapidly discovering that:

    I don’t know templates NEARLY as well as I thought,
    There’s a tremendous amount of power in template-based languages,
    C++ isn’t nearly as dead as current programming trends might like to imply,
    The "red book" series is an awesome series to open your mind (as in, "blast it with a firehose" open), and
    I’m REALLY liking the feeling, even if it hurts. 🙂

Highly recommended reading: "Modern C++ Design" and "C++ Template Metaprogramming", along with Herb Sutter’s "Exceptional C++" and "More Exceptional C++".