Jazoon: Wednesday Keynotes

26. June, 2008

I don’t remember much from these keynotes except that Ted was great as usual and that the second keynote bored me to death. I did take some notes, though: I should have a look at Apache Sling (in incubation) and Erlang.

Ted gave some examples of simple questions which a third grader could solve but which most adults (even those with a degree) can’t solve in any reasonable time. Most needed one hour or more. One was this:

Take two sticks, one is 4 meters and the other is 5 meters. Throw them in a well which is 3 meters wide. In which height do the sticks intersect?

It took me 15 minutes to come up with 2.7 meters (or (5*sqrt(34)) / (5+sqrt(34))). Anyone?

Jazoon Cut: Privacy Supporting Identity Systems

26. June, 2008

Jazoon Cut is a nice idea: You got a project, they give you 20 minutes to present it (i.e. “cut” as in “cutting edge”). In this Cut, we had NetKernel, iGesture, Interactive Paper, and Privacy Supporting Identity Systems. A rather interesting mix.

When we buy something, we hand over money. This money is untraceable. If the vendor passes it on to his bank later, there is no way anyone could tell that it was you gave him this specific bank note or what you bought with it (the vendor might know that but again, he couldn’t say which bank note you gave him). This is a good thing. If the bank could figure out what you bought, some people would become very interested in this data, for example marketing people. They are looking for a way to measure how easy we are to influence for ages.

But the area is getting more tight. If you had some RFID chips on you, say, one of those new passports or a contactless credit card, I could place some people in a shopping mall or city center with technology to track where you go. Under optimal conditions, an RFID chip can be tracked over the distance of 60 meters. That’s not much and I probably need a couple of radio stations spread over the city to do that but with such a system, I could find out what you buy.

“Now,” you say, “I can’t be identified by that,” and you’d be wrong. Some credit cards will offer all the details stored on them (enough to buy something with that data in the Internet) when asked. For the rest of you, you’re lucky until someone figures a way out to do that. Nonetheless, even if I don’t know your identity I can track you. So if your last stop was at an expensive jeweler, chances are that you have enough money that it’s worthwhile to mug you.

And I can pick you from a safe distance of 20 to 60 meters, follow you around out of sight and wait for the perfect moment to strike. Oh, and better not step into some sex shop because I’d know. In fact, I can track your movements for a couple of days, find out where you live (and thus your identity). All without you ever knowing that I even exist.

I hope I have made you understand that the question is not that you have nothing to hide (which is not true; when was the last time you filed a correct tax declaration?), the question is what evil someone could come up with if he knew something about you. The problem with this question is: Nobody knows the answer until someone comes up with a new evil that nobody else thought about so far!

In his talk, Thomas Heydt-Benjamin showed how you might be able to have both: Comfort and security. The attack described above wouldn’t work if the range of the RFID chip in your credit card would be reduced to a few centimeters. It would still be comfortable if you had to put it on the desk for a moment, making hard contact with the surface to be able to read it. Surely, you would notice if someone followed you holding a strange device to your pocket.

The next thing is the data on the card. The vendor needs the data to know who you are and if your credit is valid. But actually, he does never have to see the real data. The only thing he needs to know is “credit is valid” or not. He doesn’t need your credit card number. Or the name. Or the expiration date. Or the security code on the back. What could be done is this:

You check into a hotel. You present your passport to the reader device on the desk. On your side of the screen, you can select which data the hotel guy can see. To allow the police to track you in case you didn’t pay your bill or you’re involved in some kind of crime, the hotel’s computer gets an encrypted code that identifies you. For everyone who can’t decrypt this key, it’s just a long, random string of data. For all legal means and purposes, you’re as anonymous as you want. While this might not make much sense in the hotel scenario (hotel staff hates it to call everyone “Mr. Smith”), it starts to make sense on the Internet.

You’re stuck in some kind of game and want to check the walk through. Only, the game is for people over 16. So the site with the solution should check your age because the walk through contains all those images which were the reason for the age limitation. In this case, you only want to tell the site your age or rather that you’re older than 16 and nothing else. You don’t want to tell them your name, or where you live. Otherwise, the police might decide to shoot you for reasons of precaution (this is an example, okay?).

Or let’s face the truth: 99% of the Internet is pr0n. And you surely don’t want to leave your personal details with people who treat women like in the movies they sell.

With the Higgins framework, such things are possible. This framework allows to transfer data like “I’m older than 18” in such a way that the other side can be sure you are even though they will never find out what your real age is or your name. At the same time, it doesn’t allow for illegal activity because you can be identified by your IP address and when the police compares the data sent to the web site in question and your passport, they can prove without doubt that it was your passport that was used in the transaction.

At that time, you want a passport that can’t be skimmed in the subway.

While I talked to Mr. Heydt-Benjamin, he also explained to me that certain pacemakers contain a radio interface. Which makes sense. By this interface, you can query for the patient’s data (name, for example) and you can also control the pacemaker. This interface is not protected by any encryption or password. So you can see the heart curves recorded by the sensors. But you can also change the sensor settings of the pacemaker. This is actually what happens when the doctors adjust them to your needs after the surgery.

The scary part is that the pacemaker has a function to stop a heart. This is necessary to “heal” certain kinds of heart rhythm irregularities like ventricular fibrillation. Now if I’m a hacker and I don’t like you, I can turn off the sensors and stop your heart. The device will try to start your heart again after stopping it but that will fail because the settings of the sensors will prevent it to get any feedback.

So if you can see a large antenna at the horizon, the words “denial of service attack” might make you feel a little bit uneasy in the future if you do need a pacemaker.

Jazoon Cut: Interactive Paper

26. June, 2008

Jazoon Cut is a nice idea: You got a project, they give you 20 minutes to present it (i.e. “cut” as in “cutting edge”). In this Cut, we had NetKernel, iGesture, Interactive Paper, and Privacy Supporting Identity Systems. A rather interesting mix.

This talk really intrigued me. As we all know, the “paperless office” really means “kill more trees”. Every year, the work consumes about 5% more paper and that’s despite declines in book and newspaper sales. The guys around Nadir Weibel came up with a system to link paper with the screen. When Nadir started to draw on the screen as he talked, nobody noticed at first. We were thinking he used a graphics tablet or something like that but he actually used a clipboard with a few sheets of paper on it. The paper was just normal paper with the exception of a fine grid of points printed on it which you can barely make out (The concept is explained here). You’ll need a special pen that can recognize that pattern but after that, you’re set.

The iPaper guys have created two demonstrations of their technology: PaperPoint and PaperProof. The former is a printout of a presentation with a menu and some buttons printed on the paper. So you can use the pen to control the presentation just by using your pen. You want to jump to a certain slide? Draw a dot on the “here” “button” on the printout and the computer will recognize where you are on the printout and sent the command to your presentation software. There are options to select a color and line width and then you can just draw on the paper and the same lines will appear on the screen. Hint: You will want to sit down when you do that; drawing something more complex than a little arrow while juggling the clipboard isn’t for the easily irritated.

Not convinced? Well, PaperProof takes it step further. You don’t actually have the computer running while you use iPaper. What you can do is print out some long text (like the book or article you’re currently working on). Then you go out, relax in your deck-chair with a nice drink at your side and the sun above and edit that text, making corrections, marking errors, etc. With the traditional way, you eventually return to your computer and then you have to go through all that again copying everything you did from paper into your word processor.

PaperProof does that for you. It can recognize a few gestures and your handwriting. So when you return in this scenario, you start your computer, sync it with the pen and when you open your text document, it will already contain all the annotations, error corrections and insertions you made with your pen. Editors and authors around the world, isn’t that a dream come true?

Jazoon Cut: iGesture

26. June, 2008

Jazoon Cut is a nice idea: You got a project, they give you 20 minutes to present it (i.e. “cut” as in “cutting edge”). In this Cut, we had NetKernel, iGesture, Interactive Paper, and Privacy Supporting Identity Systems. A rather interesting mix.

The presentation of iGesture was a disaster from my point of view. The software is a workbench to create gesture recognition software or configuration packages for a gesture recognizer. That’s it. And it took the people in the audience about the same time to figure this out as it took you to read this. After that, we waited for something to happen and nothing did. Shame. My suggestion: Next time, bring a laptop, show the first two slides of your presentation and then take a mouse and show the real thing: Train the thing and see the people rip it out of your hands.

I did learn a few tricks how you can recognize gestures, though. The most simple way is to filter the input until you have general directions like up (U), left (L), right (R) or down (D), then simply create a string with these characters and use a regular expression to describe the gesture (a rectangle would then be /U+R+D+L+/).

Jazoon Cut: NetKernel

26. June, 2008

Jazoon Cut is a nice idea: You got a project, they give you 20 minutes to present it (i.e. “cut” as in “cutting edge”). In this Cut, we had NetKernel, iGesture, Interactive Paper, and Privacy Supporting Identity Systems. A rather interesting mix.

In the NetKernel talk, Brian Sletten again tried to sell his “RDF is the best and you should use it everywhere.” Basically, NetKernel is a little core where you can register translation services (called … I don’t know what he called them and I can’t find the link to the actual presentation, just the abstract :/). So when a service needs some data (or “resource”), he calls the kernel and the kernel figures out who might be able to serve that request which might go through several hoops before it comes back. Nothing fancy here, Unix pipes do that for ages with the exception that they don’t build themselves.

His demo was to show how you could calculate Fibonacci numbers by using a “bsh” service (BeanShell, that’s JavaScript) to add two intermediate numbers of the result. You would imagine that this is slow as hell with all that creating messages, sending them around, starting a JavaScript interpreter and run each add. As you might remember, the Fibonacci generators are usually implemented recursively and that should kill the NetKernel.

Only it doesn’t. If you look at the runtime graphs, the Java version of the Fibonacci generator needs exponential time as the input grows. Around 30, the Java version takes seconds to run while the NetKernel version always needs to same amount of time. The nice thing about the design is that you can cache the results. So the call to fibonacci(30) will just add the cached results of fibonacci(29) and fibonacci(28) and be done. One level of recursion required.

While this is mighty impressive and surprising, the question remains how that will scale in reality. After all, caching a 500MB result from some service might not be feasible or even possible.

Jazoon: Data Driven Applications

25. June, 2008

Not one of my favorite talks, to be frank. Brian Sletten tried to explain how we would write less code in the future because data would become more important. Seeing is believing and I haven’t seen nothing, yet.

He has a few good point like that we should be able to recall data sets which we created with Web 2.0 sites (kind of like bookmarks on steroids that can save the state of the web 2.0 app as you bookmark it). Also, that the semantic web will make a lot of things possible and happen.

I buy that. But on the other hand, we don’t even have a decent UI framework for Java yet and that’s eight (8) years after Swing came out. This sure looks promising; I just wonder if I will be still around when it starts to deliver and companies get the CPU power and network throughput to really run all their data through RDF converters. And see the result before you get downsized.

Jazon: Building DSL’s

25. June, 2008

Neal Ford‘s talk about DSLs and how to create them in static and dynamic languages (Java and Groovy in this case) was very interesting because he clear up the fog around DSL’s a but, why they are great and when they help. Basically a DSL is “jargon”. It is compact code that allows you to express much more tightly what you want than any “general purpose” language (“one site fits all” actually makes everyone look ridiculous).

Remember that old OO promise to allow to mirror the world in a programming language, to allow to model the code after what the customer had in mind? Turns out, that OO was … nah, not lying … it was just overselling itself because customers don’t think in objects or models. They think jargon. And DSL’s allow you to make a compiler understand jargon. That’s even possible with Java even though “Java is like taking to a retard”: You always have to repeat yourself to make sure that the stupid compiler gets what you want (pun intended).

A DSL is not to be confused with an API. An API uses explicit context like “obj.setThis(…); obj.setThat(…);” etc. Here “obj” is the context and “setXyz()” is not meaningful without knowing the object we’re talking about here. A DSL, on the other hand, is all about context and context is implicit. It goes “obj.should(…).allow(…).this(…)”. An example is hamcrest: “assertThat(theBiscuit, is(myBiscuit));” Reads fluently, compact code, and it’s obvious that “is(myBiscuit)” should be compared to “theBiscuit” in some way.

The handouts of his presentation are available from his homepage but without his witty remarks. A pity but still worth to check out if you want to see just how far you can push Java to get code that your customer might understand.

Jazoon: Rich GUI development with Java

25. June, 2008

If you ever tried to develop a nice you with Java, you’ll know the pain. Swing: Old, steep learning curve, unweildy widgets. SWT: Nice, good learning curve, “which JAR’s do I need, Sir?” and who puts that DLL in my search path. There might be other contenders but I don’t even remember their names.

So the guys at Canoo faces the dragon and chipped a few scales off it. As Bruno Schäffer said in his talk:

Developers should focus on the what and not how.

They used Swing, some components from SwingX, JGoodies Smart Client and Jemmy for testing for the UI and something called c3pO for JDBC connection pooling to build a smart client. openArchitectureWare was used to generate a model editor for the data model, so they could generate the DAO classes for that efficiently.

Their application is split into modules but they don’t use OSGi or any other module framework out there because they got in their way, it’s just good old, traditioal loading on demand from the classpath. I can relate to that. OSGi is so great and stuff … but it somehow lost contact to the base. It’s just eithet not flexible enough or not simple enough for me to understand and use.

Good talk but less product placement for your company next time, Bruno.

Jazoon: openID

25. June, 2008

Robert Ott showed off openID. If you wondered about these strange links which start to pop up all over the web near the login buttons, openID is a way to register yourself once at a place you trust and then use that to login elsewhere.

The idea behind openID is that you click on the link, the web site passes you on to an identity Provider which can use any means to make sure you are you and then give that confidence back to the original site. See the openID.net website for details.

The cool thing about openID is that you just have to manage a single identity and use that to log in into various services on the net without giving all of them the same password (and thus make you very vulnerable agains attacks). The main problems which openID doesn’t solve is stalking and spamming.

openID makes stalking easier because you have to enter your openID at every place you want to log in to. Same id means same person. There are talks in the openID community to allow a person to have more than one ID and still use the same identity provider but there is nothing definite, yet.

Also, openID doesn’t protect against spammers. It might help, though, because of two things: a) You can black list identity providers which allow spammers and b) you can send the police to the other identity providers which will hand over the real identity of the person behind the openID to the authorities on court order. So this might help in the war against forum spam, we’ll see.

All in all, a good talk.

Blogging From The Jazoon: Keynotes Tuesday

24. June, 2008

So this is day one of the Jazzon with the keynotes and talks. I’ll go through things as they happened.

Scalable Languages

Martin Odersky, father of Scala, gave an introduction to scalable languages or rather to Scala. Well, Scala looks really promising with its traits and other features. But my original objection still remainds: The syntax is just ugly. Proves my point that there are only five people on this planet who can design a language and of them, I only know Guido van Rossum.

Adoption-Led Market

Simon Phipps followed wth a talk about the “Adoption-Led Market“. It’s astonishing how many OSS projects Sun supports or started and how little is known about that. Marketing again. *sigh* His talk wasn’t all about Sun but how people start to despise vendors or rather their promise that their product is going to deliver to the promise … after you’ve paid for it. Of course in an OSS world, where you can just download something and try it out, it becomes increasingly hard for them to “justify their 1000% profit margin.”

This is a very good point. With OSS software, you pay for what you need (and not what the vendor things is best for himbbbyou). If you need a feature, support or whatnot, well, you can always pay someone to give it to you. But then, you pay when you need it. That makes is a justifiable cost, not an arbitrary one. Also, support gets you what you need when you need it. Just imagine to ask MicroSoft for a specific feature in Windows which you need. How much would that cost? What are you’re chances to actually get it? Forget it! But with OSS, for the first time in software history, you can get what you need for a reasonable price and you might even make someone on the other side of the planet very happy.

Of course, “the greatest threat to freedom is a happy slave” but the talk gave a lot of arguments how to sell OSS to your company, even if that company happens to be the government.

He also gave a good reason which OSS license to chose for your next OSS project:

A license is the constitution of a community

Eben Moglen

Nice guy, good talk. If you can, vote for his photo at his website.


The third keynote was by Rod Johnson: “Where will tomorrows innovation in Java Enterprise come from?” After explaining where innovation comes from, he shows how standards kill innovation and how committees can’t drive innocation due to political games by the companies who dispatch the people that form these committees plus general group stupidity.

After the more or less failure of the JCP in recent years, attributed mostly to ignoring feedback from the community and drowning ideas in ceremony, he hopes that JSR 316 (that’s Java Enterprise version 6) will help to fix Java EE. If it does, then that might mean that a good sign that the JCP has become a helper for the Java cause instead of another reason to abandon it.

%d bloggers like this: