Pavlov Scope

As a wonderful Valentine’s day gift of work for people like me, Microsoft is releasing 7 new patches (updates) to a variety of software, addressing a variety of software flaws (some severe, others not so).

Being its usual tight-lipped self, the Redmond company doesn’t reveal much about the nature of the flaws, so more information will be forthcoming.

Sun’s Java libraries are having a rough time of it lately, but Sun is staying on top of the problems with quick fixes. Here is a link to the publicly available information from Sun on the vulnerabilities. This is written a little poorly and overly specifically, but the main thing to realize is that you probably need to update your runtime libraries accordingly. Additionally, simply having the old libraries available on your computer leaves it vulnerable, so please remove older versions of the JRE.

Most of the time, however, if you left the default install of the JRE, the scheduler will prompt you to download the new updates making this process a bit easier and less esoteric. However, you will still need to disable or remove the old versions as simply upgrading the existing versions won’t completely remove the vulnerability.

For a good rundown of how to handle this, check out Brian Krebs’s blog entry on the matter.

IE7 beta preview is out and you can install it and work with it to check it out.

—- However, I would stear clear of it for now. —- Just check out the screen shots and beta tester reports out on the Web instead of taking the plunge yourself.

• First and foremost, it can cause problems with some patches that come down from Microsoft which can cause you more headaches than it is worth.

• Second, come on.. it is IE - what a great track record it has had.

• Third, several flaws have already been found and remain to be patched – after all, it is BETA software and we cannot expect it to be free of errors yet.

• Fourth – uninstalling it can be a bear, so for the non-technical user, I would highly recommend avoiding any tinkering for now.

• Fifth – Browser add-ons, some virus software, some anti-spyware software, and some firewall software will interfere with IE7 beta or vice versa, causing you some weird behavior and error messages.

This is the browser that will be included by default in the next version of Windows (previously named Longhorn) – Vista. For the non-bleeding edge users out there, I suggest that you keep using what you are using for now. Besides, most of the benefits of the new IE have been in other browsers (notably Opera and Firefox) for years.

Wait and see…

There are also some server DoS-type bugs and other “unspecified” vulns as well, but all of the bugs are fixed by upgrading to 6.5.5 or 7.0.1 – so if you are running Notes or Domino, upgrade and be happy again.

Yesterday, Firefox released an update to bring the version up to 1.5.0.1. Some of you avid users were probably prompted already to upgrade. I suggest doing the upgrade to introduce additional stability and to install the security fixes that have been implemented in this release. Also included is improved Mac support for all you applesaucers out there…

There is an active exploit running around now that takes advantage of a security flaw in the older version, so please update if you haven’t already.

If you aren’t prompted to upgrade automatically, then you can do so manually by choosing Help-Check for Updates from the menu.

Here is a link to the geeky list of specifics.

Additionally, if you have installed some of the great Firefox extensions, you will need to update them as well.

Choose Tools-Extensions, then the Find Updates button on the bottom left of the resulting dialog box. After they are all downloaded, you will need to restart Firefox, but then you will be all up-to-date.

Lotusphere 2006 (Day 1).

Good stuff out of the way first – Jason Alexander was our celebrity guest How cool is that? To redundantly answer my rhetorical question: VERY cool. He was a hoot, as always, and was even cool enough to come out after the opening session and shake hands/take pictures/tolerate all the geeks that surrounded him. Here is my friend Pooja Jain with Mr. Alexander (that was me behind the camera ;-)
He is extremely laid back and giving, especially for a celebrity of his caliber. “Architect” of the future, indeed. If that acting gig doesn’t work out for him, he has a lucrative future in corporate events ;-)

Now, to the less important, geek stuff:

Lotusphere 2006 Slides and Presentations – Get them @ Lotusphere 2006 Online

You need a Lotusphere ID / password (upside down on your badge) to log into this site. Also, to get the slides, you need to go to the “Agenda” header link, then go to the “By Title, By Speaker,” etc. Maybe they should have the Acrobat icon on the home page linked to the By Title section of the slides/presentations area, but hey… what fun would that be…

ND7 should give us same performance with less CPU, so more scale on the same platform. iSeries already heavily optimized, so not as dramatic of a gain. Windows and Linux show biggest improvements (400% increase on SUSE w/2.6 kernel)

Domino Domain Monitoring

• Correlates issues across domains
  
• Rolls up data across servers
  
• Better reporting
  
• Suggests possible solutions
  
• Assign/manage admin tasks responsibities
  
• Autonomic computing

Client Management/Policy
Run as admin ability for SmartUpgrade is forthcoming (ugh.. come on guys.. we don’t give local admin to just anyone). One thing I wish developers and admins alike would do is utilze a test user-level (non-admin) ID when creating and testing new features and capabilities. One day, I hope that computers aren’t running wide open as the general assumption is right now.

DB2 integration
Not a replacement of NSF - OK, then how does it work (gateway)?
Choose specific apps for DB2 enablement (not everyone gets a DB2 mail file right now ;-)
DB2 access views – expose Domino data to other DB2 apps.
DB2 Query views – SQL based queries as views accessed via Notes 7 client
Running on Windows and AIX currently (the two main codestream parents).

Web services integration
SOA – Services oriented architecture is a new paradigm of delivering information to users and configuring IT to perform work. Lotus is positioning several of its products around this idea.
Provides access to Domino apps via web services
SOAP 1.1 over HTTP
WSDL1.1

“Activity” presentation and integration looks really nice. If Lotus can pull it off, it will dramatically change the way (for the better) that people work. Now, if I could only get my users to stop using the Workspace page (people love those infernal squares for some reason).

Chris Miller rocks – If you are an admin, DO NOT MISS his sessions. Look at his blog. He is doing BP402 (Advanced LDAP) and Security SMTP (Hands on session HND104 - will repeat).
Keep up and you’ll learn a lot, but it is somewhat like encountering a knowledge hit-and-run, so you WILL have to download the slides to commit most of it to memory. So, do that and love it.

DB2 (ID105) – ... Very interested, since I saw the first demo of it in 2004, in the integration of DB2 SQL with Notes/Domino. Mmmm, that’s some good query… bye bye FTIs (not really, due to binary objects), hello smoking-fast tables (finally, real RDB for Notes).
A Domino server is “designated” as a DB2 “access” server. Needs DB2 UDB Enterprise Server (ESE).

Immediate Question – How does failover work? If “a” server is designated, what if it is down, how do you get to the data then?
How do you backup the data (data dir)? Which files are critical?
Another issue, but hard to avoid: DB2 OS password might change per security password policies. OS id has elevated access (more than likely) to the database. If the password doesn’t change, then it has a higher potential hacking window (exempt from password expiration). This is not unlike the server IDs (which, incidentally, is where this is stored) in most environments, so it is just something to be aware of and perhaps restrict externally via other means (network-side, DB2 side, etc.). The developers thought of this already and exposed some APIs to set/change the password information in the server.id for use in automating this pw change.

DB2 Access is “not a real server,” just a dll or library used to talk between Domino and DB2 server.

Can move existing data from an NSF to a new DB2 tablespace/group. You want to lock a tablespace/group if the data stored in there has a lot of data / indexes. Mail file was used as an example to move into a specific group (I have several candidates ;-)
Class name is used as a comment/categorization field. Was put in there for backups, so that different tablespaces could be backed up on a different schedule than others (more frequently backups vs. less frequent).
New Replica process (between servers) creates new DBs (on DB2-enabled Domino servers) as DB2 datastores (instead of NSFs) by default. So, indexes and metadata are stored in the DB2 server (I think, this remains to be clarified) – raw data is stored elsewhere (kinda like MailMeter works).

Vendor concesion action: As usual, good stuff and loud. Lots of fun junk, good munchies.

_____________________________________________________________

Lotusphere 2006. This is my seventh Lotusphere. I have arrived and checked in, Carribean Beach… hmmm. Not quite, but we’ll see.
Nevertheless, it is good to be back. ND7, DB2, workplace, etc. Geeking should be good this year, coming away with a lot.

If you are reading this and are at Lotusphere 2006 in Orlando, drop a line.

Hope to see you around, but I’ll be updating this as the week goes on.

_____________________________________________________________

I am very happy to see the growth of more innovative applications on the Internet, particular those that involve truly coming together and building knowledge that will bring us forward whether it is artistically, intellectually, politically, or productively. The advent of what is being called the read/write Internet is a great step toward collaborative cultures coming together. I love sites like Wikipedia (although it has its critics), based on the great Wiki technology, the Rosetta Project which is documenting human languages, and ibiblio (a content aggregator of free information) – these use community submission to build content. By developing these kinds of huge scale bodies-of-work, we approach the ideal that Vannevar Bush envisioned with his ideas of memex.

The Semantic Web is a term, coined by Tim Berners-Lee (W3C founder), to describe how information can be made more useful on the Web. Specifically – “The Semantic Web is an extension of the current web in which information is given well-defined meaning, better enabling computers and people to work in cooperation.” – Tim Berners-Lee (from the article The Semantic Web, Scientific American-May 2001).

For several years Dr. Ted Nelson has been working in related areas while working toward Xanadu. He, Tim Berners-Lee, and a host of others have been working to realize the vision of Dr. Vannevar Bush (a brilliant researcher and scientist) who pioneered the idea of contextualizing and linking knowledge – making it much more accessible than traditional methods of presentation. In a July 1945 article published in the Atlantic Monthly, Dr. Bush wrote a paper describing this idea in a broad and philosophical sense entitled “As We May Think.”

Conspiracy theorists and UFO believers have even speculated that Dr. Bush’s efforts in this area came about through his contact with the aliens that allegedly crash-landed in the desert of Roswell ;-). I don’t buy into that explanation (the man was a brilliant visionary, before and after the Roswell incident), but there is no doubt that he brought this idea, as old as epistemology itself, new life in the 20th century.

These are truly big thinkers and they can be considered practical technicians in this modern-day epistemological effort to bring meaning
and newfound usefulness to the creation of knowledge brought about by the explosion of science in the late 19th and 20th centuries. In the days of our Founding Fathers, between Thomas Jefferson and Benjamin Franklin, given enough time and intellect, one could know pretty much all there was to know at that point in modern history. But, just 100-150 years later, science has changed the world irreversibly not only with its advancements but in the amount of knowledge that has been created – to the point that it has grown to the level where no single person has the capacity to understand and know all that is knowable.

The current Web has the ability to catalog and make available the enormous amounts of information available today, but it is very bad at giving meaning to that information – or perhaps better stated, it was simply not designed to give content meaning. The Web was designed to make information available only. This is why search engines have become a major driver of research in information science – they allow users to sift through this massive information store more easily. But, it is still us, the users, who are giving context and meaning to the information we retrieve from the search engines. When we are returned a list of Google results, it is us that analyzes and categorizes the information presented. The search engine simply cross-references the words and phrases we provide it as input.

The Semantic Web effort would evolve the existing tagging mechanisms used on the Web today. Using technologies like XML, data would be given predefined meaning and context so that it tells the user what it is about upfront. This has the potential to transform the information available into knowledge – relevant, empirical, and continuously adapting to new contexts and developments.

This tool would also unify the language used to describe information on the Web. Take Yahoo! for example – The categorization used by Yahoo! to give context (using the directory model) to other websites form what Jerry Yang calls its “ontology” (or, its unified specification to represent information), as described in the May 1996 issue of Wired. Others have seen this categorization as the reverse: As a mechanism to describe documents individually to create a kind of pseudo-semantic web.

The Yahoo method requires the use of human-based interpretation, analysis, and manually categorization. Albeit sophisticated, this is still an effort that will be inherently flawed and difficult to maintain over time. The promise of the Semantic Web is that it will bring context to the information presented inherent to the document itself. This will modify the way that the document is created from the beginning to automatically have definition built-into the document so that it can be automatically correlated and given better relevance in the larger Web system.

Each document will define what it is, to some degree, so that we can better find, understand, and use the knowledge that would be inevitably created by such contextualization.

_____________________________________________________________