Stake Five

In case you’re looking for me next week, you’ll find me relaxed, disconnected and generally bereft of digital devices (save perhaps a camera) on the sunny beaches of Goa. See ya!

If you ever wondered about the value of the Creative Commons, go read Ethan Zuckerman’s reporting of the amazing impact Andrew Heaven’s commonized work is having.Participating in the commons is most definitely a political act, as Andrew’s experiences show only too clearly. Whether you’re contributing pictures of your neighbour’s cat’s kittens, blogging a ColdFusion coding tip (yes, yes, I know I’ve been lax; more of those coming soon!), or, as Andrew has done, sharing portions of your knowledge or commercial work that will otherwise not see the light of day, you’re helping maintain a vibrant commons that our not-so-nascent online communities can build upon.

Do I sound like a zealot? Perhaps I am…

Around the time I put up my first post on privacy, I started noticing conversation on the topic in the blogosphere. Oddly enough, I had started writing that post before I noticed the attention that was being paid to the issue.

After I read Jon Udell writing on the politics of data control, I was absolutely certain something was in the air; how could I possibly anticipate information flows on the Net? Of course, there had to be an explanation, so I settled for the most obvious one - we are approaching the boundaries of the Singularity, that remarkable union of the collective human consciousness and the mass of information and processing power that is the Internet.

Then again, there is all that beer to be considered… and Technorati stats. Did you know that they provide a very cool embeddable trends graph?

With that, we return to our regular scheduled programming. Have a great weekend, folks!

Sean put up his wishlist for CF recently, and one of the interesting things he was wishing for was the capability to call CF from the command line.

The thing is, you can already do this, and fairly easily. Let’s start by getting the right tool for the job - go pick up cURL, a tool for invoking URLs from the command line. Do note that if you choose to download the HTTPS-enabled version of cURL, you will need to also get the libeay.dll library for SSL support from OpenSSL.

That’s really all you need. You can invoke cURL like so: curl (CFM template URL). The output of the CFM is printed to the stdout, which means it will show up in your DOS window/UNIX shell/whatever. Easy, huh?

To invoke a CFC, you’ll have to use the CFC HTTP invocation syntax, which is simple enough:

http://(hostname):(port)/(context, if JEE deployment)/(path to CFC)?method=(function to invoke)&(argument list)

Responses from CFC functions are returned in WDDX format, unless the function returns XML, in which case the XML is returned as-is. Oh, and do make sure you tag your function with access=remote so that CF will allow remote calls to it.

For example, to invoke a function called echo, which takes an arguments input1 and input2, on a CFC my.application.callme, on a standalone CF deployment, you could do this:

http://myhost/my/application/callme.cfc?method=echo&input1=yodel&input2=hey

For those who think all this is just too hard (yeah, right!), here’s a simple shell script that will do the job of invoking a CFC - edit it to change your serverroot, then invoke it at will, passing in the CFC, function and argument list (in the form arg1=val1&arg2=val2).

serverroot="http://localhost:8500/"

callto=`echo $1 | sed -e 's/\./\//g'`
cffunction=$2
args=$3

url=$serverroot$callto".cfc?method="$cffunction"&"$args

curl $url

For example, if your save your script as callCF.sh:

callCF.sh my.application.callme echo input1=yodel&input2=hey

Apologies to DOS users - the scripting that I have done, I’ve done on UNIX systems. Even when I’m forced to use Windows on the desktop, I always have Cygwin installed so I have all those great UNIX command line tools handy.

Now I hear you thinking - do we really have to have a server running to make all these invocations? Couldn’t we have a nice lightweight runtime that can be invoked on the fly? In theory, yes, of course we could. In practice, absolutely not - CFMX was built on the assumption that it would run within a JEE application server. Ripping out, and rebuilding, all the plumbing would be a prohibitively expensive task.

Well, there’s at least one wish fulfilled that we can all talk about - if only the others were as easy! I cannot, alas, yet tell you how many more of Sean’s, and others’, wishes will be granted for Scorpio… But rest assured, we’re paying attention. And some of those wishes, well, they’ve already been granted.

Update: Dopefly opines, as Sean does, that a gateway would provide for more secure invocation. I don’t entirely agree with them - this really comes down to where you choose to put your security, in a gateway, or in a CFC. It could easily be embedded in a CFC by checking that the CGI.SERVER_NAME is localhost, or by ensuring that the IP address of the caller, CGI.REMOTE_ADDR, is in a whitelist of IP addresses allowed to invoke the CFC.

Rupesh, of Coldfused? fame, is finally back to blogging, after having cranked out a final version of the CFThread POC. He’s one of the smartest guys I know, and is at least partially to blame for hiring me to the CF team… ;-)

Check out his entries on Handling J2EE Sessions with Cookies Disabled and JRun Threadpool Settings.

Like Hemant (get a blog, dude!) Khandelwal, the manager on our team, he came to Macromedia from Pramati, an Indian software product company that set out to create a JEE application server. While the Pramati technology is great stuff, it proved difficult for them to make it in a market already crowded with JEE application servers, especially when going up against the likes of IBM and BEA. During his time there, Rupesh worked on a lot of the hard security problems, so whenever we have to deal with things like HTTPS and certificate management, he’s our go-to guy.

And speaking of Hemant, he’s no slouch in the technical department either - he was responsible for the first commercial EJB 2.0 compliant container, in the Pramati JEE server, and has served on the EJB specification committee. While he does enjoy whipping us lazy louts to get some work done, I know he misses coding…

Via James Governor, Kevin Murphy says that privacy policies should have RSS feeds.

Haig reminds us on James’ blog of the P3P (Personal Privacy Preferences) standard, though James seems to think that there’s no way we’ll ever be able to agree to standards for machine-readable privacy policies.

I don’t know about that - surely something akin to the Creative Commons licenses could be created for privacy policies? A common set of policies could be created in plain text, legalese and P3P, so that all consituencies, human, lawyer and machine, could be served equally. Assuming that these policies were capable of covering the privacy policies for most websites, they might find their way into general use, just as the Creative Commons licenses have.

Continue Reading »

My brother Alex’s first band, Soul Burn, just played their first gig at a competition in Thiruvananthapuram and won!

They’re into metal, which is not really my thing (though I did go through an Iron Maiden/Judas Priest/Metallica phase in years gone by), but they do sound pretty damn good. Check ‘em out if you ever find yourself wandering around South India…

Alex has been working really hard at getting his chops up with his drumming over the last year or so, and I’m really proud of him.

So eBay’s partnered with Google to provide Google adwords results for the non-US market; eBay has exactly the same deal with Yahoo for the domestic US market. Odd moves indeed, but definitely safe ones for eBay.

The business behind the partnership is obviously sound; as the Search Engine Journal notes, Google has a greater search engine market share outside the US, which eBay is moving to capitalize on.

However, what worries me (a vague, insubstantial ghost of a worry for the moment), is what happens to our user data. Does eBay really share just search keywords with Yahoo/Google? Or does more user data get moved around? eBay’s privacy policy indicates that personal information may be shared with “members of our corporate family to help detect and prevent potentially illegal acts and provide joint services; (Our corporate affiliates will market only to users who request these services.)”. What exactly that means with regards to the partnerships with Yahoogle (pardon my French) remains unclear - does redirection of user-provided search keywords qualify as a “joint service”? Will users get to opt in to this service (we don’t seem to right now)?

Continue Reading »