A morning for reliable messaging. I got online this morning and close to nothing worked. I don't know whether today is "international router config day" It's "unpatched SQL Server exploit fest" or something, but and there's suspiciously many IP destinations I can't reach from where I am and tracert shows loops or broken routes at random places outside the Deutsche Telekom network (that's where my DSL is hooked up to). So, at first sight, it doesn't seem to be an immediate problem of my carrier. Sometimes a route comes back and then it breaks again. Very bad. So, whatever the problem is, time and hordes of technicians will eventually, hopefully solve it.
I am very happy that I don't have to make any business critical Web service calls via plain HTTP and without a reliable messaging protocol layer today. I'd be screwed. On mornings like these, "HTTP is the one and only protocol" purism makes handsome gunwounds in both of your feet. 
(snapshot as of 2001-01-25T10:00:00+1, click for current status)
Microsoft's (!) Services for UNIX 3.0 raked in the " Open Source Product Excellence Award" in the "Best System Integration Software" category at LinuxWorld. Ok, again: Microsoft wins an award at LinuxWorld!
Radio discipline! I am in a "heavy coding" phase with about 5 projects (some serious, some play) going on concurrently. So, reminder to self, I shouldn't blog. My favorite "play" project is a pretty radical extension for Enterprise Services and COM+ - it's actually more a "new feature set" than a tool or wrapper. The last time I've written code based on analyzing hex-dumps was about 8 years ago; and now again. The only reason that I state this here is to force myself to actually get it done and make a binary drop available so that people can play with it - once there is a solution found for why it breaks Everett's GC.
Master Key Copying Revealed
A security researcher has revealed a little-known vulnerability in many locks that lets a person create a copy of the master key for an entire building by starting with any key from that building. [...] After testing the technique repeatedly against the hardware from major lock companies, Mr. Blaze wrote, "it required only a few minutes to carry out, even when using a file to cut the keys." [nytimes.com -- free sign-up required]
Here comes the most expensive security vulnerability patch, ever.
Update: Slashdotted.
Welcome Christian!
Germany has a new Microsoft Regional Director. Christian Weyer is by far the #1 speaker on Web services in Germany -- he speaks a lot more about the topic in Germany than I do and does so in a very entertaining way (and lacks political correctness just as much as I do) -- and we, the other German RDs, Bernd Marquardt, Ralf Westphal, Marcellus Buchheit and myself are very happy that he is joining our small group. Next step: Convince him to start a weblog ;)
Transactions. I spent a good deal of the weekend reading two dozen research papers (CiteSeer is a great launch pad to dig into that space) on agreements, consensus, trust, and various forms of blocking and non-blocking atomic commitment models. All that of course motivated by the desperate search for a solution for the Web services space that preserves the simplicity of the programming model for 2-phase commit. Making stuff compensation-based is just a small step for a technology framework person, but it's a giant leap for someone who has to design compensation into the application logic.
Some special problems for Web services as we see them developing:
- How to establish trust between parties? Think about the implications for dynamic service discovery and invocation using UDDI. Think about the fact that ACID transactions, unlike other services, have a direct impact on the behavior of an entire system due to isolation rules and therefore locking requirements. Think about the potential for creating damage by simply spoofing votes on transaction outcome and think about the potential for DDoS attacks by deliberate blocking.
- How does proximity affect trust in this context? Is a transaction participant from my own company and for which I have full control of all implementation aspects, but which is running halfway around the planet as trustworthy as the machine next door? After all, a man-in-the-middle attack that targets blocking will only need to intercept and simply block all further traffic between participants.
- How to deal with connectionless, multi-hop, asynchronous messages? Think about the fact that even these types of message exchanges may require ACID rules to be fully enforced, even of the message exchange isn't synchronous (in the sense of RPC). For optimization reasons, a transactional message conversation may go from Düsseldorf to Dubai, from Dubai to Signapore, from Signapore to Los Angeles and from Los Angeles back to Düsseldorf - so, rather routed once around the planet instead of being communicated in a star-shaped form -- in order to beat the limits of E=mc^2. (One of the reasons why I like things like WS-Routing and WS-Security's capability to variably encrypt select portions of messages).
That's a lot of problems already and just the tip of the iceberg. I've got some scribbles that address a couple of these issues and one of the key workarounds is the introduction of rules around deadlines for when transactions expire even if participants are in a "prepared" state. However, to efficiently limit blocking, this brings up another hard problem: trustworthy and precise (<50ms) time-synchronization between all parties. Tough stuff.
It's a LinuxWorld, after all. Linux advocates will convene at a trade show in New York this week to promote their wares, tout customers, swap business cards and make their case that the operating system is growing up. [CNET News.com]
So, I am thinking how much the word "trade show" is indeed applicable for LinuxWorld?
To my complete surprise, I am the #1 Clemens on Google.
"I believe that this nation should commit itself to achieving the goal before this decade is out of landing a man on the moon and returning him safely to the Earth." -- John F. Kennedy
The Guardian reports (/.) that Bush may announce in his State of the Union address that the U.S. plans to put astronauts on Mars by 2010. If that happens, it'd be a very bold challenge, because, in all reality, the United States space technology for human spaceflight seems to be locked in low orbit. To boot, there is no launch vehicle that would even get near the capacity of the Saturn V and no other manned space vehicles but Apollo 11-17 have ever left Earth orbit. A new launch vehicle, a new spacecraft, several (dozen) exploratory missions with unmanned probes and all that until 2010? Hard to believe.
Do it.
Conincidentally, I am currently reading "Before this decade is out: Personal Reflections on the Apollo Program" and "First On the Moon" in tandem. Reading both of these books at the same time lets you look at Apollo 11 from both angles -- in the spaceship and on the ground. I was born 12 days after Neil Armstrong and Buzz Aldrin set foot on the moon (with Michael Collins taking care of the ship for the voyage home)
Clemens also came to Norway do the .NET Extravaganza on April 9th last year, the day Germany invaded Norway in 1940... [Andreas Eide's Weblog]
I did 5 (!) sessions in a row at that event, with 700 people listening. That was a trip.
In contrast to 1940, the German left after just one day, though, and didn't cause any major damage except to his own health.
|