License Hell

I am still not very happy with the Symbiosis architecture, though I know it is working fairly well, and the GUI is coming along nicely. My major problem is that I want to build this to be as open and extensible as possible, but I feel that I am doing a lot of wheel re-inventing. Because of this I spent some time looking at different distributed architectures which I might be able to use as a base, including JBoss, Jini, JXTA, JMX, and simple XML-RPC or SOAP usage.

JBoss looks like good technology, but it seems to be severely under documented (oh, but you can always pay money to get the documentation), and I haven't been able to find any decent GUI tools for management (but the JBoss group does offer training, how convenient). I am not trying to knock these folks, mind you. Most open source projects lack good GUI tooks and documentation, but, like Oracle, it benefits the JBoss group that it remains this way.

In regards to Oracle I am talking about the amazing self-propogation of Oracle "consultants" needed to make these databases work, though they have had over a decade to make it easier to use. You have to go through and modify a million stupid little text files filled with cryptic informaton to make it run decently? Anyone ever hear of self optimization? Apparently not Mr. Ego, err, Ellison.

After spending time learning the concepts of JBoss, it seemed a bit overkill for my needs, and even with it I would still need to develop a bit of my own "architecture" to glue things together. It is still in my list of possible choices though, as you can turn off some of the massive amounts of capabilites that JBoss has (for example, I don't particulary want to use the EJB Container).

Next was Jini, which looked very good, until I ran into it's license, which made me cringe, fume, and delete all my bookmarks related to it. I am no longer confused as to why nobody uses that technology for open source development. Such a horrible loss.

I had already spent some time on JXTA, and it again is an interesting technology, and I find Sun full of interesting ideas, but yet again, nobody is doing much which this technology, and if I want to have "services" which work with Symbiosis, which I don't write myself, I need to use something where people will have a certain amount of existing knowledge.

Maybe I am missing something obvious, but it seems that almost all systems are built from a different mold, but look very similar in the end. Is there no decent / generic common mold which can be used to build distributed systems from? I suppose as a Java guy I could just use simple RMI with remote interfaces, but RMI is slow, and could never be called an architecture, though some people like to call everything and anything a framework, or an architecture. I even find myself babbling like that.

If anyone has actually read this far, I would love to hear some thoughts or feedback (though sadly advogato doesn't have a wonderful mechanism in which to do that, unless I posted this as an "article", which it is not nearly worthy of).

Symbiosis

Work on Symbiosis went well this weekend, and I am now finished the login / main UI, and now working on the Client framework. Should be able to start putting together the password tracker as the first "client" after that is done. It is going to be a busy week, so perhaps next weekend.

The SF folks cleaned out the old Symbiosis tree for me, so if anyone wants the old code I am probably only 1 of about a dozen folks that have a copy. Other than some IRC Bot code there wasn't anything all that wonderful in the old tree. I will be uploading my new code into the empty tree once I get the Client and Service frameworks solid, so I can be fairly certain I won't be making severe changes to the tree structure.

Just had another disagreement about whether java was pass by value or pass by reference, and I only bring it up because those migrating from C++ (and perhaps other languages), could be confused about some Java behavior if they believe it is pass by reference. I find the following article as a good summary on the subject.

Hope everyone has a great week.

Symbiosis rolls on

Spent (am spending) some time this evening on my life long project (or at least I expect it to take a life time to get everything in it that I want, and I am sure I will come up with more stuff to put in it every day).

Have been doing mostly UI behavior stuff, but I will be finishing the Identity Management sub-system next, which controls the creation / deletion of identities. Identities embody the preferences / resources / authorization of a user, all in one, and the code to use MD5/DES password based encryption for all the user data is finished already. Support for stronger encryption of the data will also be an option (long live polymorphism!)

I am finally getting used to / comfortable with Swing's single threaded event model, and working around it with all my multi-threading code. This is been the best use I have ever gotten out of inner classes, which normally I despise.

Logged a SourceForge job request to blow away the current CVS tree for Symbiosis so that I can import my local / greatly changed code into a fresh tree. This was only necessary because they don't give shell access, or else I would have done it myself. I think this is the greatest drawback (at least for me) of using SourceForge over local development. As a side not, I think I like the new L&F of the site, but I am not sure.

I continue to try out new IDE's on occasion to see if they are better than they used to be, but always end back using vim at the end of the day. I just haven't found one yet that can reat my Ant build.xml and figure out all of the files that I am dealing with to stick it in a project. I hate having to spend the time "setting up" the IDE, just to find out a few hours later that it isn't much better (and is always slower) than using vim.

I agree with jtansen in regards to SOAP / Security discussions, and CGI (and JSP / Servlet, etc) developers have had to deal with this for quite a while now. It all comes down to the fact that, as always, software developers need to be aware of the security issues involved in their work, and to take that into account when writing their code.

Every week it seems a good half dozen security bugs are reported that involve buffer overflow / mishandling of user input! The fact that you must very carefully validate and manage all information which is input into your program / system should be common knowledge to everyone by now. At what point are people going to start using this knowledge, as a whole.

I guess it all comes down to education, and that I don't think a single Java book I have read has done a good job of talking about security issues in relation to Java programming (and I don't mean the security APIs, which are a different issue altogether). It is a mindset that must be explained, a certain level of paranioa or mistrust which the programmer must have towards the users and external data sources which come into their system.

I apologize if I digress, but to summarize, I don't feel that SOAP security is anything new / different from the same kinds of issues that most programmers don't deal with well / at all, and cause the kinds of insecurity that we see in most systems.

I have been reading the last few evenings (and Sunday), rather than working on Symbiosis, but I keep to come up with / document ideas I have to work on. I have been reading "Nothing on My Mind", which is a book about a Man's journey through life at Berkely in the 60's, doing lots of drugs, and eventually discovering Zen meditation.

I am not sure, as I am not done the book is, what the "point" of the book is, or perhaps it doesn't even have one, as is true with a lot of these kinds of books. I am at least happy, based on the author's experience, that I didn't experiment with drugs in my youth, and I have never heard of extreme drug use causing someone to be "enlightened". I think I will stick to the slow and steady approach.

Inspiration

I have had it with forgetting things (usually passwords), and I want a better mechanism to keep track of the work I do on a daily basis, and to document all of the interesting things I learn every day. I am quite sure that I have forgotten at least 20 times as much as what I know right now, and some of that information that I forgot would most likely be useful to know in the future.

Because of this (and a lack of reasonably good XML-RPC APIs for Advogato), I have put Javagato on the back burner, and am back onto Symbiosis, however with a slightly different twist of my previous priorities. The 1.0 plan was mainly Identity Management capabilities for storing / sharing / migrating PKI information, however I will now be concentrating on knowledge management.

I had put together my own simple MD5/DES based encrypted data store, but it isn't very efficient for large data sets (which wasn't needed for small PKI key rings), but as KM is now the 1.0 primary goal I am going to look at some Java ODB / RDB solutions that have fairly small footprints.

Each piece of knowledge in the system will be the member of a particular security realm, even for the 1.0 release, so my post 1.0 plan of allowing remote access to the knowledge system should be a lot simpler. Security and flexibility is the focus, and I am tired of worrying about the security of my data, and now that more and more people are doing things on the net, exclusively (like banking, for example), security should be an important part of all software, IMHO. In symbiosis, all data (including preferences) will be encrypted when it is persisted.