Why poll for changes?

Two things I’ve come across today have talked about the integration of external RSS feeds into a site or application: SniffingGlu and user control of syndication and Synchronizing REST Resources With Asynchronous Notification: A Practical Proposal. The first is focussed on things like making it easy for users to roll their own version of SuprGlu (my glu, if you missed it before), the second says:

When you render a web page that contains pieces snarfed from other web pages, such as a transcluded RSS box, you would often prefer to start spitting out your web page without waiting for the other web pages to load first. So you maintain a local cache you can consult quickly, which may be out of date, but you try not to let it get too out of date.

You can do this by polling the current state of the other web pages; in fact, when you begin to depend on a new web page, polling for its current state is unavoidable. But it would be nice to push change notifications instead of polling for them. If you run both web sites, you could install software on both of them to do the change-notification pushing; but how does that software work?

We will term the association between a web page and a recipient of change notifications a “subscription”.

Well, *bing* if we haven’t heard that before! Off the top of my head, if you’re going to start to want notifying web pages (read: applications, even if it’s just a state machine) that something has updated, at some point you’re almost certainly going to want to notify other things (like, er, people), so let’s use PubSub, yeah?! If you’ve not heard me bang on about it before, PubSub is basically having information pushed at you (once you’ve asked to have that information). RSS, for example, typically works in exactly the opposite way – your aggregator just keeps on asking a server if it has any more information, again and again and again. With the PubSub way, your aggregator subscribes once, and then when there is something new, the server tells you.

The way this is implemented in the specification is over XMPP, the Extensible Messaging and Presence Protocol, which is the basis of Jabber. There are currently XMPP libraries in every language you can think of: PHP, C, Java, Python and more. There is currently an internet draft for Transporting Atom Notifications over XMPP (although this expires on Feb 20th this year!), and this is how pubsub.com implement their search result browser sidebars and C# code libraries (there is also a tutorial for pubsub.com’s use of XMPP).

The point I’m slowly getting around to is: use Atom over XMPP for your notifications! It’s easy! It’s extensible! It’s buzzword-tastic!

If you know a criminal, are you a criminal?

One of my old colleagues, Adam Smith, has written a very interesting post called If you know a criminal, are you therefore a criminal? bringing together threads from social networks and current informal network data aggregation tools and comparing the impact of voluntary data provision to that of data about you which will be collected on your behalf and stored on government servers when the Data Retention directive comes into force.

A very interesting read, and a nice drawing together of information from different sources. A lot of defendents of the Data Retention directive cite the fact that because the contents of messages (such as phone calls, IM messages and emails) are not stored, no-one should be worried. As far as I can see, and as Adam points out, this isn’t really the case.

Battlestar Galactica kicking ass

The new television series of Battlestar Galatica has started; or rather, the concluding episode of the last series has been aired, and the new series is about to start. If you haven’t been watching it, and you like sci-fi, then shame on you, because it’s brilliant.

As well being a great programme, the website provides top-notch added value. For every episode so far there’s been a downloadable real-time commentary by the producer in mp3 format, and the site makes these available via a podcast, so that you can get the latest commentary automatically, and listen to it when you’re watching the telly.

Additionally, now that it’s come back to the screens, you can now watch the entirety of last season’s finale online, as well as two extra deleted scenes. This, my friends, is what online added value is all about, and is something I’ve not seen before (are there other programmes which do this which I’ve missed? let me know!). What with this, the BBCs iMP and the ever-increasing amount of content available via the existing website such as the new BBC Three ‘comedy’ TittyBangBang (you don’t get a link, it’s not worth the time out of your life), I’m really looking forward to being able to watch what I want precisely when I want, regardless of its origin.

Using JSPWiki in the enterprise

I’m quite a fan of JSPWiki.

I first came across it when I rolled it out at my last place of work, as an experiment. It worked out quite well, being used by just about every department of the company, and we did some internal extension of it via plugins so that it generated things like timetables out of Microsoft Project. By the time I left I think it had something like 800 pages (my former colleagues can correct me on that). In fact, its success was so complete that it induced the rollout of a proper intranet (which happened after I left).

I’ve just rolled out the latest stable version of JSPWiki at my new place, and it seems to be going OK so far. There’s a slower take-up, but then again the team is much, much smaller. It also reminded me that the default install requires you to enter “\” when you want a single line-break. This is completely brain-dead, and I can’t imagine any circumstance when you would possibly want this behaviour. For what it’s worth, MediaWiki also sports this mis-feature. In the earlier 2.0.52 I had applied a patch by Kieron Wilkinson which allowed for what you’d expect the default behaviour to be: implicit linebreaks.

The biggest complaint I received about my first rollout of JSPWiki (which was version 2.0.52) was the lack of ACLs. At first, there weren’t any, but the further the wiki moved into the sphere of people in a more, er, traditional mindset, the more complaints I got.

The latest version of JSPWiki (2.3) has an entire Security 2.3 system and allows the administrator to set both per-wiki and per-page permissions. The documentation is very good, but maybe the most informative information for those wishing to deploy JSPWiki in a business comes in the response to a question in the Security 2.3 FAQ:

The authentication system is totally pluggable, and is based on a Java-standard API — JAAS. […] You should be able to use container-managed authentication to establish who the user is by plugging Tomcat in to an LDAP server or JDBC database… just use their realm support, and turn on the single sign-on (SSO) feature to share cookies between webapps.

Now, as to the subject of what the user can do after authentication, if you are using container-managed authentication you can also use externally defined groups (such as those in LDAP or a database) to establish group membership (accounting, IT, sales, etc.) Then, you simply add access control lists (ACLs) to each page that specify which of those groups can access the page. If you want to set a default security policy for *all* pages or ranges of pages, too, that’s also possible. The policy file is a standard Java policy file, so that should be pretty straightforward to customize. But that’s it. A few config files to fiddle with, but no code to write — and it should hook into your web container security and enterprise realms without any difficulty at all.

I’ll definitely be trying this out when I get some time.

Structured Blogging opens up

OK so this is old news because I’ve not been the blogging mood, but I think it’s important enough to cover anyway.

In November 2005 I posted that:

by far the weakest point of structuredblogging, head and shoulders above any technical detail, is the total lack of any obvious update since April 2005. To all intents and purposes, the site and project look dead from the outside, offering only an email address where you can send comments and suggestions.

and that

I can’t see that structuredblogging stands a chance of gaining a foothold unless it opens up in the same way that the microformats crowd currently do.

Now, although the point was good, I was writing it from slightly the wrong perspective because as Bob Wyman wrote last month: Structured Blogging is a thing you do — not a format. This misconception was an easy one to make because of the lack of communication coming out of the Structured Blogging camp. No more.

The Structured Blogging website has been updated; there is a Structured Blogging blog; wiki (although a bit lacking in content), and a mailing list. There are new plugins for both WordPress and Movable Type which allow the author of a blog post to create posts packed to the rafters with microformat goodness. That’s right, the Structured Blogging plugins create blog posts with microformats. This is clearly the best way to go about it – creating tools for microformat creation is the current big problem facing microformats, and the Structured Blogging guys are creating solutions. Hurrah for them!

I don’t have an MT blog, but I plan on looking at the new WordPress 2.0 this week, and I’ll be checking out the Structured Blogging plugin and seeing if I feel the same way about it as Rod Boothby does about the MT one.

I’m looking forward to it!