Dreams of a Rarebit Fiend

There are lots of nifty conferences out there for software developers, JavaOne, Apple’s Worldwide Developer’s Conference, Google I/O, etc. One of the best things about them is that many of them no longer treat all of the learning sessions and panel discussions held there as though they were treasure to be buried. Far more developers don’t get to attend these than do so sharing what the experts teach at the conference benefits everybody (including those who paid to go).

Here’s a link to the video of all of the sessions from Google’s recent Google I/O conference. There are sessions there on AJAX, Android, OpenSocial, GWT, and lots more. Soak up all you can.

Posted by John Munsch at 1:45 PM | Permalink | Comments (0) | TrackBacks (0)

I'm not going to post any more game development or Big Villain news on my personal blog anymore. I've got a new one devoted only to that subject at http://www.madgameslab.com. Since I'm doing a little work on the game every day or every other day I'm already up to five or six entries on the blog. If you have any interest in my game or in PBBG development in general, go check it out!

Posted by John Munsch at 10:16 PM | Permalink | Comments (0) | TrackBacks (0)

When I started reading the series of blog posts on the site Building Browsergames, I thought it was cool that somebody had started a project to build a persistent browser based game (PBBG) and shared the code. But it has gone a great deal further than that. Every post that features code is done first in PHP and then repeated again with Perl. Beyond that is the frequency of posts. Having worked on XPlus, DevGames.com, and finally GameDev.net I've heard about hundreds of game projects started by enthusiasts. I can tell you that the vast majority of them have grandiose ideas and then reality intrudes. After a while it gets hard or boring and they stop.

But not this time. Dozens of entries later, you can actually see a bunch of the pieces that make up a simple PBBG sitting there and there's lots of interesting design advice to go with it.

Now it's my chance to participate in the creation of this Rosetta Stone of programming, because that's what it is. The original Rosetta Stone was a tablet carved with bureaucratic proclamations about taxes and statues, it's value lay in the fact that it had the same text in both Greek and Egyptian languages and it gave us a key to begin decrypting hieroglyphics. Maybe this one isn't quite up to that level, but it gives us a place to start discussing PBBG design and it gives us that in both Perl and PHP. My contribution is a simple one. I've gone back and started rewriting all the same code again, this time in Ruby on Rails.

Perhaps someone else will add Python with Django versions of everything or Java and some mix of technologies. I don't know. But whatever happens, this might prove helpful to someone looking for a language to learn, looking to learn about PBBG building, looking to learn programming, or looking to move from one language to another. For me personally it was an attempt to both improve my own basic skills at Ruby and Rails as well as hopefully adding to something that might prove helpful to others.

The entries as they stand today:

Posted by John Munsch at 1:39 PM | Permalink | Comments (0) | TrackBacks (0)

Yahoo! has made a lot of cool resources available for web developers. They have libraries to login using Yahoo! credentials, perform searches, etc. But one of my favorite, one that I think has no equal even from the mighty Google is their Yahoo! User Interface library (YUI). It's a great collection of JavaScript pieces which have been beautifully tailored to be useful to total JavaScript know nothings like me and experts as well. They then marry those with a set of excellent CSS files to handle common needs and test the whole mess on every major browser (or at least the ones making up 95% of the traffic to your site). Regular updates to expand the library or the documentation, and keep it up with the latest advances in browser technology are also de rigueur. If you've ever found yourself needing menus, tabs, color pickers, calendars, etc. for your website, go to the YUI site.

However, if you're using Ruby on Rails to do your web development these days then you know that Rails is already well integrated with the JavaScript libraries Prototype and Scriptaculous. If you're like me, you don't want to give up that easy integration and you may still be too new with Ruby and Rails to figure out how to use YUI's JavaScript parts instead. Anybody doing a website that is for Internet use rather than internal business use can't afford to use both sets of libraries on their pages because of bandwidth and time costs. But that doesn't mean you have to throw all of YUI out. After all, there's still the CSS!

YUI offers four CSS files at present:

I used them on LOL.com and was very happy with how uniform they made my pages look across different browsers. It's usually hard work to do a layout with many parts to it and lots of formatting and test it various places. With YUI CSS I was able to do it once and do some fairly light testing and still get a very consistent look.

Posted by John Munsch at 1:52 PM | Permalink | Comments (0) | TrackBacks (0)

Microsoft is famous for having a really bad case of 'not-invented-here' syndrome. They don't like to accept any protocol or standard or even take a perfectly working piece of software and include it. It wasn't invented at Microsoft so it's automatically crap. They have to "fix it". Yahoo! appears to have turned that on its head.

Yahoo's biggest competitor is arguably Google. Google invented an algorithm for data processing called MapReduce. They use it to process the terabytes and petabytes of data they grind through on a regular basis. They piggy back that on top of their storage system called GFS (Google File System). Because Google published papers on all this software, even though they don't make the software itself available, there was enough description for people to start developing their own versions of the Google tools.

Yahoo has now decided to both use and endorse the toolset Hadoop. Hadoop encompasses implementations of both GFS and MapReduce so arguably Yahoo is now running software that is based on ideas from their direct competitor. They aren't shy about it either, they aren't hiding it, rather they are telling the world that the software is good, they like it, and they intend to support it.

Bravo. I'm impressed.

Posted by John Munsch at 12:55 PM | Permalink | Comments (0) | TrackBacks (0)

If you're not familiar with OpenID and you would like to be, this slideshow lays it out so clearly and quickly that you don't really need audio to go with it. It covers the what, why, and where so you know why you should not be building another username and password system for your web application or if you already have why you should add OpenID as an alternative.

If you've already got an existing user account system in place and you want to add the ability for new users to sign up with their OpenIDs or for existing users to switch to their OpenIDs then A Recipe for OpenID-Enabling Your Site by Plaxo should be a helpful roadmap of issues and design considerations. Plaxo recently did an OpenID makeover on their own site and this should be helpful to you.

Posted by John Munsch at 10:29 AM | Permalink | Comments (0) | TrackBacks (0)

Occasionally you read blog entries from people where they wonder aloud why Microsoft can be so easily bashed despite being so widely used. They seem genuinely puzzled that if anyone bashes Linux or Google similarly then a huge weight of fanboys decends upon them to berate them immediately via email and comments.

Well, if you're one of those people, pull up a chair and listen while I explain one of the reasons we get to bash Microsoft and will continue to do so until the day they change their ways (likely never).

You see recently there has been a big controversy in the Microsoft .NET development community about the availability of TestDriven.NET for Visual Studio Express. What the tool is and what it does is unimportant. What is important is why Microsoft chose to use lawyers to threaten the guy who makes this add-in available. It's because he made it available for not just the commercial software development tools they sell but also for the free version called "Visual Studio Express". This blog entry by a Microsoft employee over the Visual Studio Express product sums it all up with a lovely amount of double-speak: http://blogs.msdn.com/danielfe/archive/2007/05/31/visual-studio-express-and-testdriven-net.aspx

You see, in their eyes this is the way it had to be. At the end of the day, "Microsoft is a business", and that means they have to charge an arm and a leg for their "real" development tools (the ones that allow plugins that is). The free ones are just a favor for you and you should be damn grateful that they condescend to allow you to develop for Windows at all without paying them a fee for the privilege. It's probably best to ignore that IBM, Sun, Red-Hat, Google, and Yahoo are also businesses and successful ones who give away development tools all the time. "Microsoft is a business" and in the end, this is "a perfectly reasonable tradeoff to make that, in the end, provides the best tools possible to an entire class of customer that may never have picked up programming without it".

You know what? If people really want to write programs and they really want the best tools they should go get the Java development kit from Sun where they will give you an excellent IDE + development tools + documentation + application servers for free or go get Ruby on Rails and again get the software that they need to do excellent real development without someone treating handing them a crippled junior version of the tools as a huge favor.

Here's the links you need so you can avoid the developing anything using Microsoft's development tools. You won't be paying for Visual Studio or Universal this or suffer from only one buggy version of things being available. I did that time already for years on end and I'm here to testify like a preacher in a tent. Stay away from their garbage, there are better ways:

Sun's Netbean's IDE + the Java 6.0 Development Kit

Ruby on Rails

Posted by John Munsch at 1:06 PM | Permalink | Comments (1) | TrackBacks (0)

Google has a regular internal lecture series on mostly technical topics with guest speakers and some of their own employees. This is their TechTalks Series and the best part of it is that you and I can see them too. They record and digitize the talks (close to 300 of them to date) and make them available on Google Video, using a consistent tag on each one so you can easily search for them and see if any interest you. The link above will do the search and show you all the videos so far.

Some of the titles that caught my eye:

Privacy Preserving DataMining

Turning Email Upside Down: RSS/Email and IM2000

Strike Up The Brand: How to Design for Branding

Ruby And Google Maps

Ruby Sig: How To Design A Domain Specific Language

Note: I'm not endorsing any of these, I haven't had a chance to view them yet. They just looked interesting to me.

Posted by John Munsch at 3:54 PM | Permalink | Comments (1) | TrackBacks (0)

I had never really learned regular expressions. Oh sure, I could use * and ? as well as the next guy, but throw [0-9]+ at me and I had no idea what it meant. That is, until the last year or so. Regular expressions can be very helpful in pattern matching against file names or user input and I dislike having gaps in the overall toolset of things I'm comfortable using.

So I set out to correct it. I'm still pretty ham-handed when it comes to typing in a regular expressions and I end up having to consult cheatsheets in order to remember the syntax to do a lot of things, but I discovered online tools and websites that helped me overcome the gap in my knowledge. Here are my favorites:

• txt2re: headache relief for programmers - This lets you input a piece of text you want to match against using a regular expression and it displays different expressions you could use depending upon which parts you want to match against. It can give you a quick start on matching even if you aren't yet very regex savvy.
• RegEx: online regular expression testing - This is the other handy part of the equation. Here you can input several items of sample text and a regular expression you wish to test. Hit the test button and it will show you which test text matched, what parts were matched, etc. It's somewhat Java oriented but might be as useful for any language with fairly standard regex syntax. I've found it very helpful for iterative development of complicated regular expressions.
• Regular Expression Library - A library of already crafted regular expressions (with various levels of complexity and robustness) to validate things like email addresses and telephone numbers.
• Regular Expression Tutorial - A tutorial capable of teaching you enough to be dangerous in a fairly short time. Good info and it's not intimidating.

Posted by John Munsch at 3:44 PM | Permalink | Comments (0) | TrackBacks (0)

Peter Cooper has developed a simple source code snippet repository with tagging that I like. It's far from perfect, the syntax highlighting is often squirrelly and if you enter in a multi-word tag like this "unit test" when you go to edit the code you get your tag back as two separate words so you always have to put the quotes back in place. Nevertheless, it works and it's a good start. Plus people aren't being shy about putting code out there.

What we need at this time are a small army of Java developers putting their code snippets into this repository. In no time it could be the place to go for a quick routine to fix a problem.

Here are my snippets thus far:

• Ant 101
• Getting A Data Source From Tomcat
• Data Source 101
• Velocity 101
• Velocity 101 Unit Tests
• Email 101
• Email 101 Unit Tests

They will even give you a feed for when I post new snippets. Unfortunately they don't have feeds for individual tags (e.g. Java) working yet. That's a shame and it's actually one of several glitches I've noticed. But even with the bugs this is still a more believable code snippet repository than many I've seen over the years. The tags go a long way towards making it really searchable and usable. But it will only be really useful if _everybody_ enters in some of their favorite utility functions and classes. So go sign up this minute and put in just three Java code snippets! It will take you less than 15 minutes and we will all benefit.

If there aren't any more improvements or he never releases the source code or it never gets full text search then maybe I'll move my snippets to another repository in the future. But it needs to be one with syntax highlighting, an easy framework for inserting the code in the first place (this is very very easy), and tagging.

Posted by John Munsch at 10:03 PM | Permalink | Comments (0) | TrackBacks (0)

I usually don't get to attend conferences, but given the significance of Waterfall 2006 - International Conference on Sequential Development I'm positive I'll get to go.

Clearly their lineup of sessions, keynotes, and workshops eliminates the need for JavaOne, No Fluff, or any of the other big conferences.

Posted by John Munsch at 6:01 PM | Permalink | Comments (0) | TrackBacks (0)

Since Google started their search engine schtick their front page has remained basically static. A logo, which might change with the season, mood, or to celebrate an occasion, a place to type your seach query and two buttons to perform your search and return the results or, if you were feeling "lucky", take you directly to the best match Google could find. Yesterday, that changed as Google moved a portal page they had been working on for some time to be the default for Google. If you already have a GMail account you can log in and you'll see your most recent messages, you can get stock quotes, news, local film listings, etc. Pretty much what you can do on Yahoo's portal and others.

The thing is, it's like deja vu all over again. It reminds me a great deal of the great Netscape Portal five or six years ago that had the same kind of box structure, similar content, but one thing most of us hadn't seen up to that point was the ability to put news from any random site on the portal as long as the site supported this new "RSS" thing. It was Netscape's portal support for RSS that prompted me to add automatic generation of RSS to the news system of GameDev.net and then I could have GameDev's news on my Netscape portal just like we were some bigshot Associated Press or something.

Google has resurrected that portal from half a decade ago, thrown in some fancy JavaScript to allow you to drag boxes from one place to another and to have it automatically update. There's nothing amazing there. Except that they have also provided the Google Homepage API that allows you to build your own modules that can pull XML from other sites, process that XML with JavaScript, and produce any HTML you need for the user's page. That's a far cry from the heavy restrictions imposed by Netscape on their portal. They would go and get the RSS from a channel for you, parse it and store the results and present that result to you in just one format.

Here you can go and build widgets of almost any sort provided you can find a way to represent the output in HTML form. They can also be interactive with the user, requesting input, allowing choices, and altering their behavior based on the input. So modules can perform searches, display maps, do calculations, or a great deal more. Thus the widgets have more in common with Yahoo! Widget Engine (nee Konfabulator) widgets than they do with the limited extensibility of My Yahoo!, which was, up till now the most configurable of the big portals. MSN.com and Netscape.com both seem to remain firmly stuck in the distant past and allow very little choice for what is on "your" page.

Now the question is, who will use this ability to create some cool modules that will make the Google homepage an improvement over the other big portals?

Posted by John Munsch at 5:03 PM | Permalink | Comments (1) | TrackBacks (0)

Years ago, I naively thought that Google somehow had amazing machines and software that managed to do most everything in real-time even though the huge amounts of data they process pretty much preclude doing any such thing if I had bothered to think about it rationally. I imagined that they were processing each site they crawled as soon as they found it and into the search engine it went. Each news item from RSS was similarly fed straight into an index and made available immediately and no batch processing of reams of data was done.

Fortunately, such magical thinking has not persisted. Google does not use elves in a hollow tree to produce their results, they use intelligent engineers and many of the same tools available to you and me. They have developed all kinds of innovative solutions in order to be dealt with the huge amounts of data they have. Those solutions include:

• Building a truly enormous array of commodity PCs on which they run Linux to handle the computing needs for all of Google. When individual computers fail, their software simply shifts the workload to other functional machines. Supposedly, they buy large quantities of parts in bulk and make their purchases in a variety of ways to avoid being gouged by vendors.


• They created a distributed filesystem that spreads all files across hard drives on three separate machines in order to reduce the chance of failure causing loss of data.


• Built software that makes it easy to handle machine failures, distribute computing tasks across a large number of CPUs, etc.

The best thing about all of this is that they haven't been particularly quiet about how they do a lot of it. For example, if you go to their Research Publications site you'll see papers about The Google File System and Web Search for a Planet: The Google Cluster Architecture.

Now, I'm not going to snow you on this, if you aren't of a technical bent, this stuff is going to be a hard boring slog. Michael Chabon it's not. But, if data analysis of truly ginormous data sets interests you, then you want to read their paper on MapReduce: Simplified Data Processing on Large Clusters [PDF].

It's all about how they split up many data analysis processing in such a way that it is easy to write the algorithm to process the data and not spend time worrying about hardware failures, how many machines you might be allocated to run your software, or how to optimally use those machines to get the data processed in the least amount of time. Instead, it forms a kind of support system that reminded me of using the genetic programming package JGAP. I'll talk in a future entry about how JGAP can make it easy to find optimal or near optimal solutions for problems that would be tedious or impossible for humans. But the important thing it did was to make it easy for me to focus on the specifics of my problem and not on the mechanics of a framework. MapReduce is one of Google's means to achieve that same kind of focus and I think it makes for a really interesting read.

The Java Nutch project includes a Java version of MapReduce and a distributed file system that you could use as part of your own huge data set processing so reading these articles isn't just an academic exercise. You can actually put this to use if you have a project that needs it. Be sure to check out the wiki for the Nutch project for more helpful information.

Posted by John Munsch at 7:17 PM | Permalink | Comments (0) | TrackBacks (0)

I've rewritten this entry because I was told by multiple people not the least of whom was my wife (a person who can actually write sentences that make sense) that an instant message chatlog between myself and Don Thorp didn't make for a readable weblog entry.

It all started when Don pointed me to this entry about what should and should not go into Ruby on Rails: http://www.loudthinking.com/arc/000407.html. The way he put it, it gave him heartburn.

I read it and agree. The position of the author is that higher level constructs have no place in Rails and that in general it's futile to try and construct higher level software components for websites. I consider that to be a big mistake. They are missing is that the underlying model of, for example, ZWNews and MovableType and Wordpress is fundamentally the same. Most blogging software, forums, comment software, link counting, polls, etc. can be reduced to a basic subset of features which are in just about any of the software that various sites are using. If there's that much commonality then you can produce that subset of functionality, offer a few simple hooks into it so it can be extended in a couple of places and it'll probably serve the needs of 80% of the people who are building sites.

I would argue that they make this mistake because:

• They don't spend their time building one weblog after another or five or six forums in succession so they don't see the common elements which underly all of them. This is similar to the fallacy of so many game developers who start off by building a "reusable" sprite library or 3D engine before they begin their first game. They either fail completely or they succeed at building something but pronounce it impossible when they cannot then reuse it themselves later for another project or persuade anyone else to reuse it. It's a poor fit because they didn't grow the API based upon the needs of multiple projects, they instead attempted to divine the interface and capabilities based upon what they thought it would need.


• They imagine both a model and a UI which goes with it. That never works. You can have a UI which is a starting point or an example but the focus of the code has to be on the model and the administration for that model.

Kasai is an excellent example of this. It's design is a good one for an authentication and authorization system which will serve the needs of 80% of all web applications. I know what I've needed in the past and I can look at it and assess whether this would have met the needs of a large number of sites I've worked on and the answer is yes. In fact it really could stand to be reduced or simplified in a few areas and it would still have served my needs.

I think what most people fail to see is what is really a reusable component in real life. In the world of IC components a digital micromirror is a reusable component. It's not a TV all by itself. It has no tuner, memory, light source, etc. etc., yet it's a reusable piece. It's going into all manner of TVs today, all different in subtle or large ways, and for all I know somebody is building a huge array of them for a high resolution video wall.

So when I switch to the world of software, specifically, web applications I should be able to identify reusable pieces that occur over and over again with variations. In the world of websites you frequently have comment systems that have the following characteristics. There are a large number of unique conversations. The conversations are not linked to each other. Each one is a straight linear series of comments. Each comment needs to be attributed to an individual which could easily be referenced via a unique ID. Each comment may have some numeric rating associated with it or a pointer to another set of properties. That is a reusable component. I can build it and you could drop it into the user ratings at the bottom of Amazon products or the file comments at Stock.Xchng or Fark or half a dozen other places and you wouldn't notice that it had changed. Even if the first generation of the component isn't a great fit and needs work (like Kasai) the second or third will be because it was adapted to the real needs of a lot of users.

It's good that there is a major emphasis on making the infrastructure solid in Rails but saying that there shouldn't be a set of libraries that go with it to provide some reusable components for counting links clicked on, comments, authentication/authorization, etc., etc. is like saying that Java would have been better off being just like C++. A language without its huge supplementary library. That library, a well designed one which provided pieces we use every day for things like collections, XML parsing, regex, etc. determined well what some "high-level" components were which could be widely reused. Rails doing the same would only strengthen the framework not weaken it.

Posted by John Munsch at 3:54 PM | Permalink | Comments (0) | TrackBacks (0)

We use Kasai for security on some applications at work now. I was responsible for the choice of Kasai and I recognize that it has some serious problems, in fact, I have a kind of love/hate relationship with it because of the way it is written and maintained. However, before I do an entry complaining about it, let me talk about why I love it and why most people don't seem to understand some aspects of security.

Let me say it simply. Roles are not equal to permissions. Way too many systems (like Tomcat) and way too many people I've worked with treat roles as though they were a valid form of permission control rather than a way to simplify permission grouping. Kasai does this correctly. It treats permissions as though they were the low level access controls that they should be. Every thing you want to control access to, perhaps down to the page or function call level, can each be a separate permission. Because that many permissions can quickly become unweildy they allow for permission groups and roles to group permissions at higher and higher levels of abstraction.

Let's take a real world analogy for an example. Let's say you had a business where you had a lot of cabinets to which you needed to control access. If you did things they way most people do you'd try to do that with as few keys as possible, one key handles the first five cabinets, the blue one is only for special cabinet 'A', etc. Then, if you suddenly have to shuffle around the contents of the cabinets or add somebody new who you only want to open some subset of cabinets for which no key combination exists, you are in a world of hurt because you may end up having to change the locks on each cabinet and get a whole new set of keys.

That's what most people do when it comes to using roles with security. They try to boil down security to a couple of keys which open a lot of locks. They create Admin, Editor, and User roles and "hope" that it will all work out. Then they code up their application (web or otherwise) to check for those roles and in effect, code the security into their application. If somebody comes along who needs to cross over a couple of roles (i.e. James is just a regular user in most respects but we trust him to review newly added forum posts to filter out the junk so he's like an editor in just that one respect) then you end up creating an all new role just for that one flavor of user (and modifying all affected pages), eventually, if carried far enough for enough users, roles become finer and finer grained and can approach being individual permissions again. Except that you won't have any roles or other higher level abstraction to group those permissions for easier application to the majority of users who aren't exceptions and fall nicely into the easy partitions you wanted in the first place. Every user will have to have 20 different "roles" to be able to function.

What you would ideally do is put a different lock on each of your cabinets and have a different key for each lock. Then, even if you rearrange the contents of the cabinets you can just collect all the keys and hand them back out again in the new combinations and your security is restored. Your cabinets didn't have to be modified and the only problem, at least in real life, is the proliferation of tons of keys to deal with. And in the computer world, we can use abstractions like roles and groups to gather together the most common arrangements of "keys" (permissions) that we will be applying to the majority of users.

Get yourself a real security system which has at least permissions and groups. Use permissions in a fine grained way to control access to individual functions. Use the higher level abstraction(s) to group the fine grained permissions into easy to apply units because most of your users will fall into easy to label categories. If you don't do this right though, it's the exceptions which will eat your lunch.

Posted by John Munsch at 9:54 AM | Permalink | Comments (0) | TrackBacks (0)

This woman's story about her spouse developing games for EA sounds like the worst case of employee abuse I've read of for the gaming industry but by no means is it far outside the norm.

If you are really thinking of game development as a career I think you need to rethink that idea. There is better money and reasonable hours available elsewhere doing software development.

Posted by John Munsch at 11:54 AM | Permalink | Comments (0)

I'm always looking for some software that will let me process XML data (or any data for that matter) using a tree of processes that may produce multiple outputs from a single input and that may use the by-products of intermediate steps in later steps. With software that has that ability and that also allows me to create new processes that can be inserted into the tree, I can do pretty much anything I want with data.

Here's some of the projects I've been collecting pointers to in hopes that one of them would head in what I consider the "right" directions. So far none of the top three has appealed to me much but there's a new one called Transmorpher in town that I'm looking at now. A brief glance at the white paper describing it makes it look more appealing than what I've looked at before so keep your fingers crossed and maybe we'll have something really useful for data processing tasks of all kinds.

• XPipe
• Xbeans
• XML Pipeline Definition Language Controller Implementation
• Transmorpher

Posted by John Munsch at 11:40 AM | Permalink | Comments (0)

It's been far too long since I last did an update to my blog so I thought I'd start off my return with a mention of the new release of the Poseidon 1.5 UML Editor. The last couple of releases of Poseidon have really put massive amounts of polish onto this software. Given what Rational wants to charge you for a UML editor (and I've used Rose plenty at work), it's amazing that Gentleware gives you a free community edition of Poseidon and they are offering $100 off of their various commercial editions right now.

That makes their cheapest commercial version only $99 and I think that's a very very fair price if you need a UML tool.

Posted by John Munsch at 4:23 PM | Permalink | Comments (1)