Getting distracted with XML-RPC and Soap. Went to Staceys yesterday and saw O'Reilly's new book on the subject and whereas once upon a time I would just shell out the $$$, times are tight and so I hold off. I could just keep focused on what I'm doing but I have to just load the shit and play with it.
Authors need to really be encouraged to open-source their book examples. Maybe there could be some sort of certified logo on the book that could help sell it, like open-source inside or something.
Going over Jason Hunter's Servlet book and trying to figure out how his license impacts anything that I do with it. I don't want to worry about this shit. I just want to write good stuff instead of worrying about creating this license mixed bag nightmare. His code requires every one on your "commercial" team to own a copy of his book. The source is there but you can't redistribute. Is this open source? Is open-source non-commercial? I like his book and I don't know any Java programmers that don't own it (not that I know that many personally), but SHIT, do I really want to play these games?
Do we really want to require every fucking open-source programmer to have a law degree, because with all the license agreements and 800lb gorilla IBM like players and infighting like MySQL it is only going to get worse as time goes by.
I really wish that authors of books would just stick to the fundamentals of the languages that they write about. Java seems to have a real problem that the authors of the books don't like somethingoranother about the language and so create a whole set of classes right off the bat and instead of talking about the language, they are talking about the language filtered through whatever sort of code that they have created to make thinks work for them. So instead of learning the language, you learn author X's version of the language. (Thinking in Java is another book with this problem.) Then if you like their ideas you can't even use them because their code isn't open-source so your FUCKED.
Save that shit for chapter 17 or something, instead of right away, cause if the reader doesn't or can't buy the premise that your world view is under, (like JSPs suck or arrays in Java are lame) the whole rest of the book is useless.
It's strange that O'Reilly books have all these strange license agreements. They trumpet themselves as champions of open-source but seem to choke when it comes to their own shit. Just becuase the code is visable doesn't meen that it's open.
I swear, a day doesn't go by where I don't see some job listing that doesn't require X amount of years of experience with some 3 letter somethingoranother that I have never heard of before. Sure MS is evil, but at least they're evil in plain English. Are there like little buzzword gnomes that spend all their waking hours in some secret buzzwordgnome cave thinking up this shit? Maybe I'm the one living in a cave.
Spending way to much time designing buttons and shit instead of coding.
going on... pardon the braindump here.
Coming up with too many different types of situations surrounding permissions/capabilities. Need to abstract it out a bit.
Two basic types that can be issued to individuals or groups:
What the ticket's powers are is not relevant to the ticket itself. It's mearly a key into a door, what's behind the door is beyond it's concern. The design of this should reflect that. It should be able to handle any sort of access that the coders what to give to it.
Maybe it can all be reduced down to tickets, which is what steve seems to be saying. I feel uncomfortable not linking it to a specific person, but perhaps that can be a parameter as well.
The big rub is how do you give the ticket to the other person. As long as it's in house, within the specific universe of the application, that's easy, but how do you get beyond that without turning into a Passport like centralizing system where the person who controls the system controls the world.
BING! LIGHTBULB OVER HEAD
A capabilities standard like an XML schema (such as SOAP)
that can be
exchanged between seperate systems. It can be tied to a
standard code scheme such as public private keys. Each
server broadcasts it's public keys and when the granting
server wants to generate a ticket, it grabs the public key,
encodes the ticket and BLAH BLAH BLAH yeah I know this is
all basic shit to you geeks... Anywho, this seems to fit in
well with what webdav is doing. Extend HTTP for access.
Interesting shit maynerd, but maybe this is all way beyond
me right now. I just don't understand how you can insure
transmission of a ticket to the intended party without
using public/private keyes. Has this been done already?
LINK:
Netscape Capabilities Classes This is for applets which have very narrow goals, but it should be interesting.
Discussion with Stevej about capabilities.
Here's my take in the nutshell. Capabilities is granting of access control to information based on the information itself as opposed to more tratitional authentication where it is the notion of who the user is as opposed to what the user wants to see that is important.
I'm wondering if the shit that the NSA is doing with linux might have some ideas in that area. Steve says that there is some work that has been done on it but it's old. Jason Hunters Servlet book hints at it but gives no details. I'd like to see this written out in detail from a theoretical perspective.
More after I pick up the wife from work.
Working on adding the foundations to capabilities on XD. Two types of tables that store access passes, one for user passes and one for group passes. This will add granular access to content. Steve got me to thinking about this over a burger in Rockridge.
Now i need to add these to things that aren't specific content objects. Just generic passes that can be given out as defined by the issuer. Need to meditate about this more as I take the wife and kid to the mall.
I found the debate relating to MySQL stored procedures interesting on ./. I must confess that I fall on the side of keeping the logic in the code instead of the database since I don't like being locked into a single product, but the other side does make a good case. There needs to be a standard language for this kind of thing that is supported across databases.
This article on Quantum Perl also interested me.
Wondering about benchmarking PostgreSQL when it comes to the difference between using CHAR and VARCHAR. How big of a slow down is it? RIght now I'm using a lot of VARCHAR, but is it a good idea? I wonder this... I wonder that.
Building foreign key and table columns that use various web standards. WebDav, ISO 639- 2 for language codes, rfc2068 for HTTP stuff. Tedious, but I want to get XD easily complaint with things like webdav.
Pouring through them did give me some interesting ideas such as content locking.
New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.
Keep up with the latest Advogato features by reading the Advogato status blog.
If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!
