Friday, September 24, 2004


You smile when it hurts
It makes you beautiful
How easy it is to love
A look and an attitude
It makes you beautiful
It makes you beautiful

You try when its hard
You hold your head up
You make your smile
The light and the sound
For the voice of the world
It makes you beautiful
It makes you beautiful

It's the woman that lives inside
Who knows if she can she can
Tell it all to the common man
They will win in the end the end

It makes you beautiful
It makes you beautiful

len bullard - 09/24/04

Thursday, September 23, 2004

Any Color As Long As It Is Black: Web Services Vs REST

The secret to General Motor's success in unseating the dominant car vendor of the time, Ford, was in acting on the fact of the diversity of the car market itself, and not staying the course of Ford's "any color as long as it is black" strategy. When cars were new, the T-model and A-model Fords with their one-size-fits-all approach worked. With a low investment and low risk, the car buyer could learn about cars while enjoying the advantages of dependable if somewhat unreliable transportation. Once past that learning curve, reliability, fitness, comfort, and style became both possible and affordable. GM knew that classes of customers could afford these features and were eager to get them.

Something like this is going on in the Web Services vs XML-over-HTTP (aka, REST) markets. The XML-over-HTTP defenders are the new Ford. They take the position that a simpler system for building web applications is best and will triumph over the seemingly too complex set of web specifications for web services. The web services offenders claim that to build multi-domain enterprise applications, these must be built from composable parts that enable the designer to meet requirements where high reliability, security, fitness to task, and protocol independence are not nice to have, but essential and affordable. This group is emerging as the new GM, willing to step up to the challenges of mastering the web service stacks, of analyzing and correctly configuring enterprise systems, and of providing customization where affordable to classes of customers who are now past the initial learning curve of web applications and want more targeted products with efficient GUIs, great looks, and brandable appeal. Sex still matters.

The Ford group still seems to be of the 'lone hacker' mentality who want to innovate by building small compact systems that do one thing well. The GM group seems to be the team-oriented designers who understand the problems of designing, assembling, and maintaining large and complex systems that must do many things collectively.

For the Ford group, the problem is market share in a market that quickly can reverse engineer any innovation, and then it comes down to sales. This is the same problem of being an independent record producer who has produced a prodigy that might be the next Britney but can't afford to market the prodigy because access to the media is still the biggest expense, so has to put her on the road in the thousand mall tour in hopes a major label will notice her. Slashdot is the thousand mall market with blogs as the in-betweener gigs.

For the GM group, the problem is choosing a development framework that has effective implementations of all of the required web service specifications but does not impede interoperability with systems designed over other frameworks. Here, the choices aren't that many: Microsoft, Oracle, IBM, and Sun with BEA thrown in for their dedication.

Some think that web services will collapse of their own weight. Obviously, XML-over-HTTP is here to stay because it uses the most fundamental web protocols. On the other hand, it doesn't do much to ensure reliability and affordability for systems that need more than "any color as long as it is black" systems.

It seems to me that the Ford crowd is tilting at windmills, to mix my metaphors. If they don't need web services and are happy to build single domain applications, they have what they need to do that. They are wasting their time and a lot of bytes going after the big companies that provide web service frameworks. I think there is a certain amount of the "anything but Microsoft" and "we are the innovators" and "we are Sun and we are on the ropes so let's kick the tires of the competitors" in this movement. On the other hand, the bigCos are also beginning to take their specification development work offline into smaller working groups so that by the time they submit a specification to a standards body, it is proven and close to fielding. Sun has to play there to stay in business and independent developers have to work with them to stay ahead of the learning curve.

Given that the consumers of the frameworks are the real customers and these are development groups, not Mom and Pop at home surfing the web, the new GM has every chance of doing it again because selling enterprise systems is quite profitable in a market that needs both affordability and differentiation. The interoperability of markets that formerly didn't even give each other a passing glance is evident. These market players don't buy from lone innovators. They watch them for evidence of something worth requiring from their usual suppliers, the GMs of the world.

Using the ecosystem metaphor, the XML-over-HTTP players are distributed across the ecosystem in small market niches. The web service players are distributed but their market niches are large and the core technologies they rely on are provided by the large technology vendors who continue to work together on these specifications and implementations, and who are speeding up their work by stepping back from the processes of the specification consortia yet still are committing to standardization and royalty-free specifications. Given that, the work of the XML-over-HTTP community is done but I don't see a new source of energy to enable anything more than linear growth. On the web services side, I see a complex set of specifications, but implementations in the frameworks could substantially increase the applications of these.

The web is no longer a one-size-fits-all market. This comes down to the lifecycle of the enterprise markets (how often do they buy and in what quantity) and the acceptance in developer shops that what they have built with web services can be reused. What is the value of code that is simple but local and not visible on the wire? Does the XML-over-HTTP approach actually become more cumbersome as more complex operations have to be sustained (eg, duplex-messaging), long running transactions are the norm, messages have to last beyond the initial transaction, transactions where HTTP itself isn't the right protocol, where the endpoints even if independently built have to also be secured and versioned while still being composable into higher level blocks yet still be transparent and loosely coupled?


Those are questions the developers concern themselves with but to the sales and marketing staff, they are as irrelevant as the composition of moondust. That one could make great cement from moondust is meaningless as long as the costs of mining and shipping are too high and effective alternatives are readily available. Even beyond that, a customer buys what a customer wants and the engineers have to build that. HTML was a rotten solution until it became popular. Last year's model of anything sells for less than next year's model. Never undervalue the sex appeal of the product. That is lesson one when selling to the mammals.

GM was willing to tackle the complexity of stratified markets and they dominated the car market over the innovator, Ford. Eventually, Toyota arrived and the higher quality even at higher initial costs took the market from GM. Regardless of the framework and the technique, it still comes down to affordability and quality, and that doesn't mean cheap and easily replaced.

Then, it is a matter of making sexy performant products. The web browser didn't stay grey for long, and two-tone cars with a lot of chrome plus automatic transmissions and power steering and brakes doomed the T-model Fords.

XML-over-HTTP is always there. The question is, is it enough? Smarter people than me don't seem to think so, but the bigger problem may be that the market really doesn't care about that kind of stuff. They want power steering and a sexy body.

Tuesday, September 21, 2004

Social Engineering and the Business Contract

In discussing the problems of proposing laws that govern use and content on the World Wide Web (the information space of the Internet), one must deal with the issue of international law. The web is an international resource and although most countries deal with this using laws based on local jurisdiction, this often does not work well. In many situations, this is a minor annoyance (pornography) and in others, it is a major problem (identity theft). While I certainly don't have a solution, I point out that this problem of jurisdiction is not a problem of the WWW, but of law in general.

Law can have a peer-to-peer effect. The example of domestic partners is relevant at this time in the U.S. Most see this played out on television as officials in cities try to approve local ordinances that contradict the laws of the home state. The next problem is that even if the state approves the unions, the bordering states don't or even pass laws that prohibit such unions. Eventually these cases will go to the Supreme Court or a Constitutional ammendment.

Today, they make for messy contract work. For example, the City of Seattle requires all companies that do business with the city to recognize domestic partnerships and provide equitable benefits. This applies to out of state contractors as well. The problem is identifying domestic parterships when the contractor state has no contract type or provision for recognizing such. In short, to bid on a contract in Seattle, the bidding company can sign an agreement to provide the benefits, but to whom? How does the bidding company know that a partnership as such exists? Without some form of binding contract between the partners, what is presented to the company for which at least one of them works to enable the company to legally recognize the union? Is living together enough? If marriage between same sex partners isn't legal and there is no provision for a domestic partership, is the signatory company breaking the law?

It isn't easy to be a global company. Heck, it isn't easy to do business across state lines. As these scenarios play out, the only safe bet is that the lawyers will have jobs and the preachers will have sermons. Who gets to do business with whom isn't all that clear. The social engineering going on in local courts and city administrations is well-intended, but it often reckons little with just how long it will take to get consensus, contracts, and costs in line.

Monday, September 20, 2004

Ideals and Idiots

At some point, the pundits fighting ideas like sender identification and digital rights management are going to wake up on the outside of the web mainstream looking in. Keep a list of the people who tell you that this is all a bad dream and YAGNI. It's a bad dream, yes, but you sure do need it if you plan to conduct business on the web.

The frictionless 'we are an independent nation' days of Internet engineering are over. Time to grow up and get used to the idea that items in transit, virtual or otherwise, are secured and so are the railways, highways, and information highways they run on.

The wild west was tamed when the man of law was backed up by the man of action. The WWW is no different but for too long it has been men of action ('just the right people') and people who 'talk too much and think too much' but don't have the stomach for the law and law enforcement. New business models will emerge, the cost of an MP3 will find a stable zone, and yes, the RIAA and others will continue to track and prosecute theft.

A lot of the pioneers of the Internet and the World Wide Web are supporters of open systems the way the cattle ranchers were supporters of open ranges. Freedom meant 'don't get in my way' but left little to the imagination of who would have free range and who would have rights. We may wish it were otherwise, but the surges in identity theft, theft of property, spamming and phishing make it important to find those who can combine law and action. If that means Microsoft steps up to the plate and '"git's it dun'", then they win marketshare. If the open sourcers and the free range supporters want to fight that, fine. Linux can die and take the open source movement with it. That's not a good thing, not a desirable outcome, but those who want a free range ecology have to understand the market is never sympathetic to "Sounds Good Maybe Later" when the foxes are taking eggs and the weasels are eating them.

Then there is the URL I received in the mail today. In the 'information space' of 'information resources', this one is a real hummer. It provides the names, photos and locations of agency employees and informants. It provides scans of sensitive documentation from public safety agencies. It proudly proclaims, 'If you have databases on us, we have databases on you.'

It is the most profoundly stupid website I've had to look at to date.

1) If those are real people in those photos and this is not a hoax, the site owner is signing death warrants.

2) Just as the lack of means to classify content by type got us PICS, this will get an even more invasive clampdown.

3) What happens if someone in a snit posts a picture of their freshly ex-domestic partner to that site?

So tell me, web pioneers, pundits of the let a thousand flowers bloom school, what should we do with this garden of poisoned poppies? Should the police agencies who do have some pretty powerful servers get Distributed Denial of Service Attack software and simply blow that site off the air? I can't say I would be bothered by that. It seems to be the tactic of choice when others get snarfled out there. Should they send sharply worded memos or their lawyers? Or should they log any traffic to that site? Can't be done? Couldn't catch the P2P thieves either, right? If you build it, they will listen, and they will react. Why? That is what you pay them to do and they are pretty good at it. Because of sites like this, it will be harder for undercover police to work, harder to turn informants, harder to make cases. Result: drug use in your neighborhood will go up, crime will go up, violence will go up. What will come down? The cost of your web service and your quality of life.

Quite an achievement...

Smart security sustains freedom. Otherwise, "freedom's just another word for nothing left to lose." To those who still want the web as it was in 1993, in the words of the Duke, "You talk too much. You think too much. Besides, you didn't kill Liberty...", you weaseled your way out of it, one stupid idea at a time.

Comment Policy

If you don't sign it, I won't post it. To quote an ancient source: "All your private property is target for your enemy. And your enemy is me."