afongen

Bla-Bla List, Ta-da List implemented in Java to prove a point: that Java apps don’t need to be bloated monstrosities, and along the way to offer a much-needed antidote to the current Ruby on Rails rage. Geert Bevin explains what was done. He used RIFE, a platform for rapid Java web app development, and Laszlo for the rich internet app work. And a pleasant REST API. Pretty cool.

The Minneapolis StarTribune ran an article on podcasting yesterday. I know this because I overheard an elderly couple discussing it over morning bagels:

“It’s like a radio show that anyone, anyone can broadcast. On the internet.”

“Hm?”

(consults newspaper) “It’s called, um, podcasting. And all you need is a computer and an iPod portable MP3 player.”

“Anyone?”

“People talk about all kinds of things, whatever they want.”

I am glad that I managed to restrain myself from stepping in to talk with them, because at this point the conversation descended (yes, it’s possible) into decrying the presence of iPods in the public schools and how it will lead to the decline of western civilization. I doubt my presence would have been welcome at that point.

Video coverage of this year’s SXSW is here. Damn, I thought I might actually get something done this week, but they’ve seen to that, haven’t they?

I had lunch with Matt today. He and I hatched this crazy plan to go to SXSW next year. It just might happen…

One of the many reasons I do so appreciate knowing Matt Schlukebier is little reminders like this: it’s π Day.

Another web site I’ve been following for the last few months is The Panda’s Thumb. It’s a good way to keep on top of the antievolution “intelligent design” movement: what they’re doing, the arguments they raise, and how those arguments trounced by good, solid science. And hey, I learn a lot about biology while I’m there.

A recent post by Mike Dunford almost moved me to tears: The importance of education, on just why it’s worth making a fuss about attacks on our science curriculum:

Children matter. The students that we educate today are going to be the teachers and scientists of the future. They deserve nothing less from us than the best education that we can give them – and that means that we should encourage their curiosity, and provide honest answers to their questions. What they do not deserve is to have their education used as some sort of tool to gain leverage in a perceived “culture war”.

Children matter.

I’ve taken to reading Bruce Prescott’s Mainstream Baptist weblog because it is so refreshing to encounter moderate and liberal Christian voices. I’m surrounded by them but it’s hard to keep that in mind when the news is dominated by (often radically) conservative religious views. So it is with delight that I follow his recent link to Bess Hinson’s wonderful essay, Reclaiming Christianity From the Christian Right.

Prescott has been podcasting episodes of his radio show, “Religious Talk.” A recent fave is his interview with Rob Boston, author of several books including Why the Religious Right is Wrong: About Separation of Church and State (part one and part two of the interview). Boston points out that Pat Robertson and evangelical Christians like him complain that they’re some persecuted minority while in fact they hold tremendous political power. And people believe it! My father certainly does. This is one of the reasons the whole debate about evolution in education is so important to me, along with other attacks against the separation of church and state: it is so obviously not a question of science or even an anti-religious attitude: it’s conservative Christians who cannot accept that theirs is not the only voice. Even so, they manage to control the debate and to project a hateful image of their religion. This is why Hinson’s essay is such a breath of fresh air.

Oh dear. I just discovered that Mainstream Baptist plays background music. Aargh. You’ve been warned.

Harvard has rejected the applications of 119 students whom they accuse of “hacking” a web application to determine their application status. Apparently accessing a URL that wasn’t linked to yet but that was still available counts as hacking. Whatever. ApplyYourself, the company that Harvard uses to manage the admissions process, failed to prevent early access to a page called ApplicantDecision.asp. By accessing that page with their own ID before the announced admit date, applicants could tell whether they had been admitted to Harvard.

To my mind this hardly counts as hacking, but it is unethical. Harvard’s decision to reject those applicants is harsh; on the other hand, I can understand an unwillingness to churn out MBAs who engage in behavior that does not reflect the ethics Harvard expects of its students and graduates.

More interesting to me is ApplyYourself’s blunder: access to that page should be more tightly controlled. You cannot rely on security by obscurity. Or as brian d foy puts it, not linking is not security. I do hope that Harvard deals with the company as harshly as their applicants. I wonder, though, whether this was even identified as a security requirement. I’ve commented before that I have never worked on a project with clearly documented security requirements. That’s changing, but I hold little doubt that it’s still unusual for security to be considered early in many software projects. Unless the developers knew to restrict access to that page, why would their code do so? Of course, if there’s code that does not display a link to the page until a certain date, that should indicate the presence of a requirement. So despite my willingness to give them the benefit of the doubt, they’re not quite off the hook. I’m just not ready to write them off as dumbfucks.

Philip Greenspun has a few pithy comments on the matter. “As progressively dumber programmers build progressively more complex systems we will see more of this kind of attempt to paper over coding mistakes with lawyers, sanctions, policies, and laws.”

My laptop’s frelled, so I was stuck over the weekend with the only working computer in the house being an older iMac running a minimal installation of OS 9. This was liberating in a way, as I was not often tempted to fill my spare time by using the computer. Still, by Sunday night I really wanted to check my email, but the email that I cared about is on Gmail. The only browser on that machine is IE5, and last I’d tried Gmail didn’t support IE5/Mac, since they generate page content with JavaScript remote scripting techniques that aren’t supported in older browsers (i.e. XMLHttpRequest).

But I gave it a shot anyway, and it worked! If it needs to, Gmail now functions like a traditional web app, reloading the entire page as necessary. If you want to read a message, the whole page gets rebuilt. You can use Gmail with JavaScript disabled. It even works in Netscape 4.8!

Excellent. This is the way I generally prefer to use JavaScript: to enhance application functionality rather than serve as its core. There are all sorts of reasons for this: accessibility comes to mind early on, as well as the general principle of graceful degradation and not leaving your users behind. In some situations this is arguably less true for web applications as the content on web sites — I can imagine any number of cases where you can assume and demand a certain level of capability in your users’ browsers — but it’s still a good principle.

I normally go about this through a process of progressive enhancement: designing first for less capable user agents, then adding functionality for modern browsers. I’m doing this in a project right now: at first I’m breaking out a function into several pages, then once I’ve worked out the process I plan to incorporate remote scripting to simplify the user interface and reduce the number of page calls. If a user’s browser can handle it, and most will be able to, their experience should be improved. If the browser isn’t up to it, users can still do what they need to.

Google turned this around, releasing early Gmail betas as JavaScript-only and with their share accessibility problems. Then they did the graceful degradation work and made the service available to older browsers, and presumably more accessible. That makes perfect sense: Google made a big splash and showed the world the sort of thing that can be done inside a browser interface. This isn’t actually “turning it around,” per se: it’s quite a normal way to go about things. Still, glad to see it happening.

Update: Jeremy Keith weighs in on progressive enhancement.

First, a full episode of Battlestar Galactica streamed off SciFi.com. Cool. Now, they’re podcasting commentary to listen to while you watch each episode. Fantastic.

Battlestar Galactica is the one thing that makes me regret dropping cable. Well, that and the Daily Show.

Roger Johansson writes about his experiences with Plone, reaching conclusions not dissimilar from my own. Basically, Plone is a great tool for a lot of reasons, with drawbacks that include a steep learning curve and lack of thorough documentation.

I have to congratulate Mr. Johansson on the site he built: it succeeds most admirably at looking nothing like a typical Plone site. Many sites built with Plone look the same, probably because of the difficulty of figuring out how to do anything else. But once you do, just look what can be done.

I am asked about content management systems quite a bit, unsurprisingly most often by people in higher education, and I keep coming back to Plone and Lenya as my primary recommendations. Plone has the advantage of being a cinch to get running: it ships with an installer that gets you going in minutes, even if it then takes a massive “eureka!” moment to grok well enough to use effectively. Lenya has no such advantage: first you need to get a servlet container like Tomcat running, then Cocoon, then at last Lenya. Not too bad if you’re a Java developer or familiar with Unix, but otherwise not exactly point-and-click. Still, as I am a Cocoon fan (and AxKit as well, which is kind of like Cocoon for mod_perl) and already convinced of what it can do for you, I do like Lenya.