Hongli Lai asks why some think Rails deployment is difficult. First, a disclaimer. I am not a Ruby on Rails expert. I have only used Rails for one small production project. I found both Ruby and Rails quite easy to pick up coming from a J2EE background. What can be done with such a small investment in learning and in time writing code is quite amazing. However, I, like others, found deployment to be surprisingly inconsistent with the rest of the Ruby on Rails experience.

First let me begin by adding some detail to Hongli Lai’s description of deploying a J2EE app. A WAR is just a ZIP file of your application’s directory structure that ends in “.war”. You don’t need to create a WAR to deploy J2EE apps, you can also just upload files to the server like PHP. Depending on what framework(s) you use (Struts, Spring, Faces, etc) you may need to edit XML configuration files. Stock JSP, like PHP, doesn’t *require* any configuration files.

The trouble I have had with deploying Rails is the difficulty of ensuring the same gems are installed on the deployment machine as on the development machine. In my view, the confusing issue is that gems by default seem to install system-wide or user-wide unless you configure your Rails apps to look in a specific directory. This is in comparison to J2EE where libraries are by convention usually all in your application’s directory structure (/WEB-INF/libs) so you can just zip up the directory and give it to an installation of Tomcat (or any J2EE application server) and it will *just work*.

I never understand why with the strong emphasis on convention in the Rails development model, why the deployment process includes system administration tasks like gem installation. Why isn’t it convention that gems and Rails are all installed in a place inside the application’s directory structure so as to be independent of whatever versions the rest of the system has installed? The Ruby on Rails deployment model seems to default to assuming the developer has superuser control of the deployment machine. However, this is often not the case both in corporate environments and shared hosting environments.

The website for FMJ cleanroom reimplementation of JMF seems to be down. Its asking for a user name and password via Basic Authentication.

I am having trouble getting a microphone
ds = javax.media.Manager.createDataSource("javasound://");

Exception:
Nov 7, 2007 8:06:50 AM javax.media.Manager createDataSource
WARNING: java.net.MalformedURLException: unknown protocol: javasound
java.net.MalformedURLException: unknown protocol: javasound
at java.net.URL.(URL.java:574)
at java.net.URL.(URL.java:464)
at java.net.URL.(URL.java:413)
at javax.media.MediaLocator.getURL(MediaLocator.java:30)
at javax.media.Manager.createDataSource(Manager.java:513)

Draft 1 OAuth 1.0 spec was announced yesterday. By my count, it requires no less than 6 HTTP request/response round trips assuming the user is already logged in to the service provider.

If the user is NOT logged into the service provider and has to log in before approving or denying the consumer’s request, the number of round trips is increased by a minimum of two for a site using traditional user name/password authentication or even more if the site uses OpenID. Heaven forbid the user isn’t logged into her OpenID provider. In this case the number of request/response round trips skyrockets. Imagine the visible user experience in this case:

1. Initiate protected resource request from service provider
2. Redirected to service provider’s site to approve request….but wait user is not logged into service provider’s site…
3. Prompt for OpenID
4. Redirect to OpenID site to verify OpenID…but wait user is not logged into the OpenID provider’s site
5. Prompt for OpenID provider’s login credentials
6. Prompt to approve service provider’s login request at the OpenID provider site
7. Prompt to approve the consumer’s protected resource request at the service provider’s site
8. Wait as the service provider redirects back to the consumer with the approved request token….
   …which then redirects back to service provider to get the access token…
   …which then redirects back to the consumer…
   …so that the consumer can redirect back to the service provider and access the intended resource.

This may work great in the bay area where everyone is 10 ms ping time away from everyone else, but try even just a simple OpenID login to a USA-based site when you’re on the Asia-side of the Pacific. Even when you’re already logged in to your OpenID provider, there’s significantly more waiting than the traditional username/password authentication session.

Looking for a solution to increasingly complicated OpenOffice.org Calc spreadsheets for maintaining our business and personal finances, I took another look at GNUCash and was pleasantly surprised by its improvement since the 1.x days.

You should be able to install my deb built by following these directions using the below instructions on an update to date install of Feisty.

1. wget http://sinopop.net/downloads/gnucash_2.2.1-1_i386.deb
2. sudo apt-get install libgoffice-0-3
3. sudo dpkg --force-all -i gnucash_2.2.1-1_i386.deb
4. /usr/local/bin/gnucash

Please note you’ll have to create your own icon.

Why does a Landscape-managed deployment of Ubuntu cost US$250 per seat per year? For my 7-seat deployment in our new China-based subsidiary, that would cost us US$1,750/year. Compare to the Microsoft Partner Program’s Actionpack Subscription at HK$2,792 (~US$350) per year. The Actionpack Subscription even provides 10 seats worth of internal-use software. That means 10 Vista licenses, 10 Office licenses and 1 license for an entire back office set up including Windows Server, Exchange and many other products. 10 seats of Ubuntu with Landscape would cost a staggering US$2,500 per year!

To put the cost difference in perspective of the local market price levels, the difference in cost is more than our entire month’s payroll. That US$2,150 could pay a freshly graduated software engineer from one of China’s better universities 4 year bachelor programs for 6 to 8 months.

Now of course, to be fair, the cost of Landscape also includes support from Canonical, but even if support was something we wanted, being only available in English and French, it is hardly something we would be able to make use of in China.

Ohio voters passed the SmokeFreeOhio late last year. Ten months after the voters spoke, the first fines were issued against offending businesses. The penalty for businesses that have ignored the will of voters for almost a year? A measly US$100. There are bars that make more than that on the sale of one bottle of liquor or wine.

Such weak enforcement is worse than no enforcement at all. The message this sends to the market is that the state isn’t really that serious about maintaining smoke-free public areas. The end result is a playing field that’s not level, exactly what a state-wide public smoking ban was supposed to prevent.

Ohio should study Hong Kong on how to enforce a public smoking ban. Hong Kong’s Smoking (Public Health) Ordinance provides for much stiffer penalties for violators of the smoking ban. Individuals are liable for up to HK$5000 (~US$640) per violation on summary conviction. They don’t waste time sending letters saying “please don’t violate the smoking ban.” If you violate the ban, you fork over the money. The much higher fine sends a clearer message to the market about the commitment of the government to enforcement of the law and commitment to protection of public health.

Isak Savo writes about the daily edgy updates that have been appearing the past two weeks. You know there’s a problem with pushing out updates too often when the update icon on Edgy, supposedly the stable version, appears more frequently than the update icon for Feisty, the current development branch. This is starting to feel like windows automatic updates…I just want to turn it off.

How about aggregating non-critical updates and only pushing them out once a week or once every other week? I want to subscribe to the digest version of updates…

Updated Feisty today and after restarting (new kernel) and logging in, I was prompted with a balloon indicating that Ubuntu may be using restricted drivers. Clicking on the new tray icon in the notification area popped up the following window:

I like how it informs users in rather polite language that proprietary drivers are almost impossible for anyone but the driver’s vendor to support.

Perhaps it could contain a link to a list of equivalent hardware that is fully supported by open source drivers? Free marketing exposure for hardware vendors whose products offer open source drivers could help encourage more vendors to see the light.

Packages for Beryl 0.2.0 were released. After updating to them and restarting Beryl, my entire desktop was sluggish and a quick look at top indicated that Beryl was consuming most of the CPU. Deleting my old Beryl settings and restarting Beryl seemed to solve the problem:

rm -Rf ~/.beryl*

I am a huge fan of OpenID. My initial interest was piqued by the promise of no longer having to remember login credentials for dozens if not hundreds of websites. The security benefits of only having to protect one set of login credentials instead of many became quickly obvious thanks to an ebay hacker.

I must say, when I first heard about the use of URLs as identifiers, I was skeptical (and to some degree remain skeptical) that your average, not-an-early-adopter consumer will be willing to wrap her brain around the concept that a website address is sometimes also a username. To me, the most obvious identifier to use would have been the email address. Almost everyone on the internet has at least one and it is already associated with identity in everyday life.

I-Name Skeptic

I became increasing skeptical when I heard that as an alternative to URLs, an identifier called I-Names was also part of the OpenID spec. I-Names are XRI globally rooted at xri.net. This means one organization (a company in this case) has a monopoly on the issuance of I-Names.

We know from economics that monopoly suppliers have the incentive to create artificial scarcity and drive up prices. Yes, this means you have to pay for an I-Name. The going rate is about US$20 for an “individual I-Name” and US$55 for an “organization I-Name.” Wow! Someone must have a lot of confidence the market is going to buy into I-Names even given that OpenID URLs offer many of the same benefits at little or no cost beyond a domain name registration which has almost already been paid for other reasons.

Charging more than twice the current market price for domain names for something that isn’t really that valuable until the network of people that use it is pretty substantial is hardly a way to stimulate viral adoption and gain the benefits of network effect. This is especially true when OpenID URLs are out there are a direct substitute for single sign on identifiers and have a marginal cost of US$0 to the user.

Skeptic Turns Supporter

Despite my early skepticism, I continued to read up on I-Names to figure out why intelligent people would spend so much time trying to create something that at first glance by an identity layman seemed to be a scheme to charge unsuspecting consumers US$20 for something that could basically get for free by using an OpenID provider such as MyOpenID.

Drummond Reed (=drummond) has been one of the most visible supporters and whose posts on the OpenID mailing lists and his blog have been most helpful in shedding light on why I-Names are technically superior and desirable for consumers.

Supporter Buys-In

Convinced of the superiority and desirability of I-Names, I decided to buy my own individual I-Name. You can buy an I-Name for a number of accredited registrars. Having little info to go on, I bought mine from 2idi because it is one of the initial registrars. I falsely assumed that they would have the most well developed feature set and management interface.

I have been using my I-Name to log on to OpenID sites that support it. Hopefully, once the OpenID 2.0 spec is complete, support for I-Names will be more consistently implemented. Right now sites using older OpenID spec 1.0 libraries do not accept I-Names.

Because of the less than desirable feature set of my I-Name provider and the fact that they do not yet support the latest OpenID spec, the best security practices, or provide a means to manage relying parties, I have tried without success to delegate OpenID authority using XRDS to my MyOpenID URL. Has anyone else been able to accomplish this? Perhaps 2idi is listening and could let us know if and when we will be offered a feature set more comparable to other OpenID providers?

Much of the success or failure of I-Names will resolve on getting the world at large to accept and recognize them for what they are, a unified contact handle that has the potential to replace phone numbers, email addresses, mailing addresses and more with one simple identifier all while giving users more control over their information and who is allowed to contact them and by what means. US$20 per year is way too high for anyone but the most enthusiastic early adopters to pay if that goal of mass popularization is ever to be met, at least in the beginning.

One road to adoption that seems very promising is by employers providing delegated community I-Names to their employees or websites to their users. For example:

@example.company*Marketing*Fred.Smith < ----- This would be Fred Smith in Example Company's Marketing department.


@example.company*Smithy < ----- This could be the user with nickname Smithy at Example Company's Web 2.0 application.


Help Delegating

I am interested in providing users of my yet to be launched tech start up with community I-Names. However, I have yet to find an I-name registrar website that provides information on how this could work beyond simply mentioning it is possible.

Simply put, I imagine asking my users to provide their I-name or OpenID when registering. If they provide an OpenID, my site would issue them a new i-number and an associated community i-name under my company’s organization i-name. If they provide an i-name during registration, the existing i-name’s i-number would be used as their unique identifier and an a community i-name under my company’s organization i-name would be issued and associated with the existing i-number.

Ideally, this could all be accomplished with an i-name registrar provided API so that we do not have to run an XRI resolver. Is this possible? Does anyone know of a detailed explanation of how something like this should be implemented?

If this is a service that i-name providers are already offering, how is it priced?

Linksafe seems to indicate that the US$55 / year fee includes the ability to delegate community i-names. Does this mean that Linksafe would provide login, contact, and forwarding services for community i-names that are created under an organization’s i-name?

The I-Name Future

I look forward to the day where I can print my i-name on my business card and people will automatically know what it is and how to use it. Unfortunately, that day will not come until the ease with which people can get i-names is closer to that of the ease with which they get OpenID URLs by both significantly reducing the price of individual i-names and making it a lot easier for websites and companies to provide their users with community i-names with a cost structure that makes sense and minimal technology investment.

If anyone can shed more light on the questions I have raised, or point me to some answers, please leave a comment using your OpenID or I-Name.

Or contact me privately using my i-name.