Thursday, May 17, 2018

 

WeAreDevelopers 2018 conference notes – Day 2



Thursday was another busy day at the WeAreDevelopers 2018 world congress in Vienna. Some of the logistics challenges with missing or unannounced overflow areas have been resolved, and I did even see a picture posted of the afternoon snacks, so they do exist but seem to be going fast. The ÖBB booth at least had some nibbles left.

A major upgrade of a JavaScript framework or switching to a different framework altogether can be quite a hassle, as most of us probably have experienced. Tracy Lee (@ladyleet) started day 2 with the bold promise of writing highly reusable, future proof code. The secret sauce to enable this magic is Reactive programming and the RxJS library for reactive programming using Observables.


Following Tracy’s intro, Michael Hladky (@michael_hladky) looked into the gory details of RxJS schedulers, with live coding and cool demos on stage. There are several types of schedulers, asapScheduler, asyncScheduler, queueScheduler,  animationFrameScheduler, virtualTimeScheduler, and testScheduler.


 The execution order of events depends on the type of scheduler. Little known and hardly documented is the fact that introducing a non-zero delay effectively turns any scheduler into an asyncScheduler, which may lead to unexpected results.

Security analyst Florian Grunow (@0x79) shared his security hall of shame with examples of insecure Web Applications and creative but futile countermeasures. Surprisingly, the security issues are still largely the same as a decade ago, like clear text credentials, missing authorization checks, sequential ids, autocomplete passwords, and cross-site scripting attacks.

Non-alphanumeric cross-site scripting is a good example of why input validation and stripping some special characters is not sufficient, for example

this['ale'+(!![]+[])[-~[]]+(!![]+[])[+[]]]()

Colm Doyle (@colmisainmdom) showed how companies are using #slack to enable ChatOps 2.0: Bringing ChatOps Principles to the Whole Organization. Organizations are wider than just technical teams, and command line interfaces may not be for everyone. Shopify, one of the companies mentioned, has a pretty detailed description of their incident management procedure on their engineering site.



In the afternoon, Horst Kargl of Sparx Systems gave an introduction into modelling using Enterprise Architecture tools and languages like UML and SysML; not sure if the agile aspect was covered in greater detail later, as I had to leave the session.

Writing Perfect Code with Standard and ESLint by Feross Aboukhadijeh (@feross) could have been the shortest talk ever:  npm --install standard; done. Fortunately there was more on programmer errors, best practices, and style issues, and how linters can help with these. Pretty neat examples of broken or otherwise surprising JavaScript code, for example

[]==![]    // true
[]==false  // true
![]==false // also true, yikes!


Continuing the awesomeness was Una Kravets (@una) with an exciting story about the past, the present and the future of CSS. The past was ugly hacks and lots of browser specific code, been there, done that. The present already held some surprises unless you have been following CSS developments closely, and the future capabilities range from “Wow, I had no idea you could ever do this” to some really crazy stuff.

 
@supports, display: grid, the will-change property, CSS variables, variable fonts, font animation, ambient light media queries are among the more recent features, with varying browser support (read: mostly not working in IE). gridtoflex.com comes handy when implementing a grid design using flexbox. What was particularly nice was the fact that the presentation deck itself was HTML+CSS, allowing live demos of most features from the debug console.

Flavia Sequeira and Ernst Naezer of ING shared the evolution of their API journey at ING, from the initial API discussions to a working API management practice, and the benefits of regulatory pressure in the form of PSD2. What makes a good API? APIs are different from Web services in that they should be designed from the outside in.


The categorization into self, screen and stage APIs depending on who they are made for sounds about right, and the POST to GET is a commonly seen pattern both for security reasons and request size restrictions. The one thing I wish we had thought of when designing APIs a while back is the /me pattern for the authenticated user, instead of passing the user identification again in the request.

Rounding off the day, Matthias Huttar (@matthuttar) took the audience on the journey to trunk based development, explaining the importance of successful builds and being on time at kindergarten, and energizing the crowd for the last session with a superfast round of high fives.

Trunk development is great for well integrated teams that value speed over safety, and can help reduce cycle times, conflicts and ultimately errors and rollbacks if done right. There are scenarios where trunk development may be less suitable, including highly regulated environments such as financial services or utilities, as well as open source projects where the circle of trust is much smaller than the circle of contributors.

Related links




Labels: , , ,

Wednesday, May 16, 2018

 

WeAreDevelopers 2018 conference notes – Day 1

Some 8,000 developers are getting together this week in Vienna for the WeAreDevelopers 2018 world congress.

Registration was surprisingly fast and painless, a Graham roll and an energy drink as developer breakfast maybe slightly too clichéic (or I am getting old), but fortunately there was plenty of coffee available all day, including decent cappuccino at one of the sponsor booths.

Asked at the conference opening what topics people would be most interested in hearing about, Blockchain came out first, followed by machine learning and, still, devops.


Steve Wozniak rocked the Austria Center with an inspiring “fireside chat”. Talking with the brilliant Monty Munford, The Woz answered questions submitted by the audience and shared his views on anything from the early days of computing and why being a developer was great then (“Developers can do things that other people can’t.”) to self-driving electric cars (overselling and underdelivering) and the Blockchain (too early, similar to the dot com bubble), interspersed with personal anecdotes and, as a running gag, promoting the Apple iCloud.


As a long-time mainframe guy, I liked his claimed his programming language skills too, FORTRAN, COBOL, PL/I, and IBM System/360 assembler, although he did mention playing more with the Raspberry Pi these days.

Mobile payments was a good example of the design principles that made Apple famous and successful. Steve mentioned how painful early mobile payment solutions were, requiring multiple manual steps to initiate and eventually sign off a transaction, compared to Apple Pay where you don’t even need to unlock your device (I haven’t tried either one, and they don’t seem to be too popular yet.)

The most valuable advice though was to do what you are good at and what you like (“money is secondary”), to keep things simple, and live your life instead of showing it off, which is why he left Facebook, feeling that he didn’t get enough back in return. For an absolutely brilliant graphical summary of the session, see Katja Budnikov’s real-time sketch note.

Johannes Pichler of karriere.at followed an ambitious plan to explain OAuth 2.0 from the protocol to to a sample PHP implementation in just 45 minutes. I may need to take another look at the presentation deck later to work through the gory details.

A quick deployment option is to use one of the popular shared services such as oauth.io or auth0.com, but it comes at the price of completely outsourcing authentication and authorization and having to transfer user data to the cloud. For the development of an OAuth server, several frameworks are available including node.oauth2 server for NodeJS, Sprint Security OAuth2 for Java, and the Slim framework for PHP.

In the afternoon, Jan Mendling of the WU Executive Academy looked at how disruptive technologies like Blockchain, Robotic Process Automation, and Process Mining shape business processes of the future. One interesting observation is about product innovation versus process innovation: most disruptive companies like Uber or Foodora still offer the same products, like getting you from A to B, serving food, etc. but with different processes.

Tasks can be further classified as routine versus non-routine, and cognitive versus manual. Traditionally, computerization has focused on routine, repetitive cognitive tasks only. Increasingly we are seeing computers also take on non-routine cognitive tasks (for example, Watson interpreting medical images), and routine manual, physical tasks (for example, Amazon warehouse automation). 

Creating Enterprise Web Applications with Node.js was so popular that security did not let more people in, and there was no overflow area available either, so I missed this one and will have to go with the presentation only.

Equally crowded was Jeremiah Lee’s session JSON API: Your smart default. Talking about his experience at Fitbit with huge data volumes and evolving data needs, he made the case why jsonapi.org should be the default style for most applications, making use of HTTP caching features and enabling “right-sized” APIs.


Hitting on GraphQL, Jeremiah made the point that developer experience is not more important than end user performance. That said, small resources and lots of HTTP request s should be okay now. The debate between response size vs number of requests is partially resolved by improvements of the network communication, namely HTTP/2 header compression and pipelining, reduced latency with TLS 1.3 and faster and more resilient LTE mobile networks, and by mechanisms to selectively include data on demand using the include and fields attributes.

Data model normalization and keeping the data model between the clients and the server consistent was another important point, and the basis for efficient synchronizatiion and caching. There is even a JSON Patch format for selectively changing JSON documents.

Niklas Heidoff of IBM compared Serverless and Kubernetes and recommended to always use Istio with Kubernetes deployments. There is not a single approach for Serverless. The focus of this talk was on Apache OpenWhisk.


Kubernetes was originally used at Google internally, therefore it is considered pretty mature already despite being open source for only a short time. Minikube or Docker can be used to run Kubernetes locally. Composer is a programming model for orchestrating OpenWhisk functions.

Niklas went on to show a demo how to use Istio for versioning and a/b testing. This cannot be done easily with Serverless, which is mostly concerned about simplicity, just offering (unversioned) functions.

The workshop on Interledger and Website monetization gave an overview of the Interledger architecture, introducing layers for sending transactions very much like TCP/IP layers are used for sending packets over a network. Unlike Lightning, which is source routed so everyone has to know the routing table, Interledger allows nodes to maintain simply routing tables for locally known resources, and route other requests elsewhere

Labels: , , ,

Sunday, April 22, 2018

 

Vienna City Marathon 2018, and why this may have been my last one

Today I finished the Vienna City Marathon (VCM) half in 02:24:59, an improvement over the half marathon two weeks ago despite the heat, and better than I expected after a long involuntary training break. It was a good run, and I am quite happy with the result. Nevertheless, this may have been the last time I participated in the Vienna City Marathon, and here's why.

I ran my first marathon here in 2015, and have been coming back every year since. The course is great, the atmosphere is great, with people cheering along most of the route, but the quality of service just doesn't feel right, especially not for one of the more expensive running events.

Much has been written about the lousy “starter packs”, which are just the clothing bag and some vouchers, no goodies, not even an energy bar or a drink. Now I don't need a large bag filled with useless, unrelated stuff (like salad sauces!), but a little something would be a nice sign of appreciation. (There was a finisher bag this year with some fruit, snack and drinks.)

42,000 athletes sound great, and combining full, half and relay marathons in one competition surely provides for fantastic pictures at the start. The downside is that things get crowded at times. Very crowded. Today, the first two supply stations had long queues of runners desperately looking for water, and the (too few!) poor folks at the booths couldn't keep up with the demand at all.

At the 15km supply station, we were told that they still had cups but had “run our of water.” What? I saw several dehydrated runners seeking assistance from emergency services. It is the damned duty and  responsibility of the organizers to ensure sufficient supplies, not of the emergency services. Oh, and given the lack of supplies the moderator's recommendation to “drink plenty” sounded like utter mockery.

Lastly, one of my pet peaves: At most running events, you will find waste bins after the supply stations, allowing for a controlled disposal of plastic cups. Granted, some still land on the street but for the most part this works fine. Not so at the Vienna City Marathon, there are no bins and consequently cups are disposed off on the street. Running over thousands of plastic cups and sticky energy drinks is not fun. (I admire Pumuckl and the few other barefoot runners who have to go through this unprotected.)

In the finish area, I overheard several people complaining about the organization, too. As long as the various competitions are still fully booked every year, the organizer will probably see no reason for changes. I have been seriously disappointed today, and will consider whether to participate in this event again next year.






Sunday, April 23, 2017

 

Vienna City Marathon 2017: Slower than before, and happy about the result

Spoilt by the improvements in running in the first two years, I had to drop down a gear this year. After finishing the first few races in 2015, including two marathons and two halfs, and accumulating 1000 km running by year end, the following year was even better. The improvements over all distances brought me recognition and a nice collection of cups by the Running@IBM club.


This year was off to a slow start. Suffering from colds for several months, running was out of question. I reluctantly skipped a long-distance event only after luring a colleague to consider the event, and haven't been training much until recently.

With only two long jogs in the last quarter, going for the marathon distance seemed unreasonable, and I postponed the decision to the racing day. After a good first half I decided to go for the full distance anyway. The lack of training did show in the second half when I hit the wall around km 30 but eventually finished, slower than in previous years with 04:55:13 h.



Still an enjoyable run, happy that I made it through!

Labels: ,

Thursday, December 31, 2015

 

1000 km—Or: How I Became a Runner

When I started running some 15 months ago, my goal was to relax and live healthier.  If you know me, I haven’t been much of a runner before, aside from occasional runs through the Wiener Prater or along the beach a few times per year.




Today I completed my 1000th kilometer this year. I have run two full marathons and two halfs, competed in a trail run and some shorter races and finished ninth place in the local Running@IBM cup.

Why I started running

Like most nerds spending long hours in front of their computers, I had been sitting in my office chair for long hours, seeing my health parameters getting worse at every annual checkup, not to alarming levels but still, constantly gaining weight, and getting recommendations from my doctor to eat less and exercise more … and found tons of excuses why I had other things to do first and could never find the time.

Over the years I have admired sporty family members, friends and co-workers, including an Olympic walker, marathoners, ultra-runners and triathletes, and have drawn inspiration from their determination and their successes. But it was a newspaper ad from an insurance company that literally flipped the switch, a lonesome runner in the middle of the night explaining that some folks call him “Daddy” and he’d like to keep it that way for long.


Starting slow

And so I got my old sports shoes out and started running. Took the stairs instead of the elevator. Made an effort to eat healthier and intermittently switched to alternate day fasting (“weekday 10-in-2”).  Joined the Running@IBM club and made new friends there. Downloaded training plans and (here comes the nerdy part) wrote some scripts to ease importing them into my calendar. Bought a book on long-distance running.

The beginning was hard. I barely managed short distances non-stop. Soon I started seeing improvements, and in October last year I boldly decided to go for the full marathon distance in April and as an extra motivation join the #Run4CARE charity campaign. The initial response when I started telling people about my plans later on was usually along the lines of “You? Seriously?!”, usually followed by encouragement and support.

The first marathon

During winter I mostly followed my training plans, regardless of weather conditions. Facebook somewhat made up for the lack of a training buddy (finding someone nearby for midnight and early morning runs wouldn’t work out), the Likes and comments helped me staying on track. When I eventually finished the Wien Energie half marathon in March, I felt a great sense of accomplishment and pride, and even more so in April after doing the full distance at the Vienna City Marathon.

What was meant to be a once-in-a lifetime experience has turned into a bit of an addiction. I was hooked and just have to keep on running.

Happy New Year everyone, and Happy Running!


Labels: ,

Sunday, April 12, 2015

 

Vienna City Marathon 2015

Yes, I did it! Today I finished my first marathon race, the Vienna City Marathon 2015

More than 9,000 runners completed the marathon, of 42,742 athletes overall who participated in five disciplines.

We had a beautiful day, with sunshine in the morning and some light clouds and wind in the afternoon, and the volunteers, the co-runners and the spectators made  this a friendly and enjoyable event.

One of my favorite signs, displayed by a supporter towards the end of the track, read: “Going back now would be a bad idea.” So we kept running.

My finishing time was 04:54:15.

I dedicate my first marathon to my dad, an experienced long distance runner who ran the Vienna City Marathon before, in just over three hours.

Thank you everyone for your encouragement, support and advise, and also for the generous donations for the #Run4CARE charity run.

PS. One small suggestion for the organizers: Waste bins after the supply stations would be great to keep the track at least somewhat cleaner. Running on layers of crunching plastic cups and through seas of Powerade is no fun.

Labels: ,

Sunday, March 15, 2015

 

Wien Energie Halbmarathon 2015

Today I finished my first race ever, the Wien Energie half marathon 2015, in 2:06:26.

Weather conditions were fine, with 7°C, modest winds and no rain, and I had a nice run at almost constant speed throughout the race. I even ran right next to the unbeatable Lemawork Ketema, if only for a split second, as he was passing the field to start his third round. Thanks to the organizers, support staff, cheerleaders, drummers and spectators for making this a great event!

Now that I have completed the half marathon distance, I have even more respect for the challenge ahead of me.

Next month I will #Run4CARE at the Vienna City Marathon and raise funds for charity. CARE is a leading humanitarian organization fighting global poverty, providing disaster relief and supporting sustainable development projects.

Please help my quest and support the “Packages for Children in Need” campaign. Thank you kindly!

Labels: ,

Sunday, February 22, 2015

 

Running for charity: Vienna City Marathon

40,000 runners from around the world will participate in the Vienna City Marathon under the theme “We are Europe” on 12 April 2015. I plan to be one of them and have signed up for the challenge.

I have three goals for the Vienna City Marathon 2015:
  1. Running the full marathon distance and finishing the race in reasonable time.
    This will be my first marathon. In fact, unless I find a good practice race, it will be my first running competition ever. Running the marathon should be doable still. I have run half-marathon distances just for kicks without much training. Finishing the race in reasonable time will be tougher. A friend of mine was joking that she walked faster than I ran. I will do my best but expect no miracles, anything before the cut-off time counts!

  2. Raising funds for “CARE – Packages for Children in Need”.
    CARE is the charity of my choice for the Vienna City Marathon 2015. Whether you want to help a good cause or just motivate me to complete my first marathon, please donate now to keep those packages coming:


    Raising funds for CARE and supporting children in need is an extra motivation to finish, if not an obligation to the charity team and to you, my dear friends, whom I trust to generously contribute to the #Run4CARE charity run.

    All donations will go directly to CARE in support of the “Packages for Children in Need” campaign. CARE is a leading humanitarian organization fighting global poverty, providing disaster relief and supporting sustainable development projects. When crises or natural disasters force families to flee their homes, CARE is on site and provides emergency relief.

  3. Encouraging others to join in.
    Lastly, I hope that others will join in, too. Running is an excellent way to improve physical fitness and also to refresh your mind. There is nothing like an early morning round in the park to start the day. I can do this, and so can you!

Related information


CARE Österreich has been awarded the OSGS quality seal for charities. Donations can be made by credit card and bank transfer.

Update: The Wien Energie half marathon mid March turns out to be a good test race, so I will run there first before I attempt a full marathon next month.

Labels: ,

Friday, January 2, 2015

 

The 1 c Nikon battery fix

Nikon cameras have suffered from various battery related issues, caused by problems with the lens mount or firmware bugs.

Recently my Nikon D300S, which had been a reliable companion and worked well under adverse conditions, started showing the dead battery syndrome quite frequently, and of course at the most inopportune times while shooting events. Cleaning the lens mount, replacing the battery and applying the long overdue firmware upgrade showed no noticeable improvement.

The problem seems to be with the battery compartment door. With frequent battery replacements, the door wears out and no longer applies enough pressure on the battery to ensure reliable contact. Fortunately there is a simple fix, and it doesn't cost more than 1 c (and a drop of glue).

The solution: Nikon Li-ion battery pack with 1 c coin glued to the bottom

Disclaimer: The Euro cent had the perfect thickness for my camera. Depending on wear and tear of your camera, alternate spacers such as a cardboard stripe may be more suitable.

Labels:

Thursday, October 2, 2014

 

How an internship turned into a twenty-five year journey



When I applied for an internship at IBM, least I expected was a long-term career at Big Blue.
 
My first summer job involved porting a commercial application from IBM System/36 to IBM AS/400 using RPG and the command language (QWRKSPLF, anyone?), copying and labelling the 8” release master floppy disks for another product and passing the quality assurance leader’s fierce interrogation on database normalization up to the fifth normal form.

At the end of the two month cycle, I had a job offer in the mail to work in IBM’s Information Systems AD/M group, passed the interview and was ready to start the new academic year as a part time employee.
 


Today I celebrate a milestone in my career, my quarter century anniversary. Working at IBM has been an exciting, instructional, challenging, rewarding and sometimes crazy experience. I have been an application developer, course instructor, product tester, customer support engineer, infrastructure architect and corporate webmaster (aka webworm), team leader, manager, and enterprise architect.

I still have a copy of the original job offer, the small blue employee handbook which outlined the company believes and policies, the internal “facebook” booklet and an office cupboard filled with books, papers and various memorabilia, from conferences badges to award certificates and my first patent plaque.


What’s more important than the “stuff” are the connections with the many smart, dedicated and supportive people whom I met and had the pleasure to work with over the years, locally and around the world. 

Thank you to all my colleagues and friends who have made my first twenty-five years special!

Labels: ,

Tuesday, September 9, 2014

 

Vienna DevOps & Security and System Architects Group meetup summary - Sept 9, 2014

Some twenty developers and security experts gathered at the Stockwork Coworking Space for today´s joint Vienna DevOps & Security and System Architects Group meetup http://meetu.ps/2v2DGg.

Best practices for AWS Security

Philipp Krenn (@xeraa) nicely explained the fundamental risks of AWS services:
Starting services on AWS is easy. So is stopping.

Recent incidents show that a compromised infrastructure can cause more than short disruptions. Several companies went out of business when not only their online services but also data stores and backups were gone:
(Some) recommendation for using AWS services:
  • Lock away the root account. Never use this account for service or action authentication, ever.
  • Create an IAM user with a password policy for every service or action to limit damage in case an API key gets compromised.
  • Use groups to manage permissions.
  • Use two-factor authentication (2FA) using Google Authenticator.
  • Never commit your credentials to a source code repository.
  • Enable IP restrictions to limit who can manage your services even with an API key.
  • Enable Cloudtrail to trace which user triggered an event using which API key.
Other cloud security providers may offer different security features

The (fancy!) slides are available here: https://speakerdeck.com/xeraa/i-am-what-iam-for-devops-vienna

ISO 27001 - Goals of ISO 27001, relation to similar standards, implementation scenarios

Roman Kellner, Chief Happiness Officer :-) at @xtradesoft, gave an overview of the ISO 27001 and related standards:
  • ISO 27001:2013 Information Security Management System (ISMS) Requirements
  • ISO 27002:2013 Code of Practice
  • ISO 31000 Risk Management
Information security management is not limited to computer security; it is equally relevant for paper documents, human knowledge, etc.

The structure of ISO 27001 looks somewhat similar to ISO 9001 Quality Assurance, including the monitoring and continuous improvement loop of Plan-Do-Check-Act (PDCA).

For a successful implementation and certification, the ISO 27001 efforts must be supported and driven by the company leadership

The third talk about Splunk unfortunately had to be postponed.

Labels: , , , ,

Monday, September 1, 2014

 

Removing thumbnails from JPEG images

JPEG images downloaded from a digital camera often contain thumbnails in the EXIF metadata, which Windows 7 appears to use for the thumbnails shown in folders.

Unfortunately not every image editor also updates the thumbnails. As a result, changes to images are only visible on the full image, not on the thumbnail preview.


That's where the marvelous ExifTool library and command-line application by Phil Harvey come into play. This one-liner removes the thumbnail image and related size information, and sets the file modification timestamp to the capture timestamp:

exiftool -if "$exif:IFD1:XResolution" "-filemodifydate<datetimeoriginal" -ext jpg -IFD1:all= %*

Combined with Matt Ginzton's CmdUtils, the full batch script for Windows removes image backup copies before and after processing:

@echo off
if exist *.JPG_original recycle -f *.JPG_original
exiftool -if "$exif:IFD1:XResolution" "-filemodifydate<datetimeoriginal" -ext jpg -IFD1:all= %*
if exist *.JPG_original recycle -f *.JPG_original

Labels:

Wednesday, July 2, 2014

 

My first summer job and what's the deal with those magnetic ledger cards

Thirty years ago, on July 2, 1984, I started my first summer job in the accounting department of Gebrüder Ulmer, a hardware retailer and wholesale firm.

The little I remember from those days are fixed working hours from 8–12 and 14–18, with sufficient time for a lunch break at home, handwritten memos, a plethora of documents arriving every few hours that needed to be stamped, sorted, numbered, processed and forwarded to the next department or stored in the archive, and the mix of historic and then-modern business machines.

My responsibilities were mostly sorting and archiving documents, and typing letters on an ancient mechanical Underwood typewriter.
The most advanced device was “the accounting machine”, most likely a Philips P354 Visible Records Computer or similar. Accounting information was stored on large Magnetic Ledger Cards, with transactions getting recorded on a magnetic stripe as well as printed on the card, so one could easily access the information without a computer. Transactions were recorded on individual customer and supplier account cards, and the totals got transferred to the general ledger cards automatically at the end.

The accounting system was eventually re-implemented on an IBM System/36 minicomputer, and later ported to the IBM AS/400. As a teenager who proudly owned a Commodore 64, these big irons were quite impressive and a motivation to know more about business computing, data modelling and programming languages. (I still have a copy of the COBOL 78 manual, just in case.)

In the thirty years since my first summer job, there have been tremendous changes. No longer do most of us work fixed working hours, rarely do we exchange handwritten memos, and data processing usually means instantaneously and electronically, not in paper batches.

I am grateful for what I learned during my first summer job and during my professional career since, and looking forward to the next big shifts ahead.


Photo courtesy of The Centre for Computing History - Computer Museum, http://www.computinghistory.org.uk/det/505/philips-p354-visible-records-computer/

Labels: ,

Saturday, May 24, 2014

 

Happy Birthday, www.ibm.com!

When the World Wide Web was created 25 years ago few people probably realized how much change this would bring, not only to the academic community where this started but to the world at large.

Twenty years ago, IBM published the first homepage on www.ibm.com. The initial site on May 24, 1994 had only a few pages of content and an audio greeting by then-CEO and Chairman Lou Gerstner. (That was the time when most homepages greeted visitors with “Welcome to the Internet”.) Among the things Gerstner said, in retrospective the most important statement was “We are committed to the Internet, and we are excited about providing information to the Internet community”.

Back then I was happily coding System/370 mainframe applications and just had my first encounter with the now defunct Trojan Room Coffee Machine at the University of Cambridge. SNA and Token Ring were our preferred network technologies, and access to the Internet required special permission and signing an NSFnet Acceptable Use Policy document outlining the rules for commercial activities on international networks. Soon much of our business would become e-business.

Only a few years later was I invited to join the www.ibm.com team, a very fine, special team. At a time when business was mainly local, we were already globally integrated, collaborating electronically through an internal IRC network (Alister, remember our daily "gma, hay?" routine) and eventually the predecessor of IBM Sametime.

Last week the creators of the first homepage and some who worked in Corporate Internet Programs in the early days came together in New York City for an unofficial “motherserver meeting” to celebrate the anniversary. I missed the party, but the pictures brought back memories of the good times (and yes, occasionally bad times) we had running the IBM Website.

Happy Birthday, www.ibm.com!

Labels: ,

Friday, August 30, 2013

 

ViennaJS meetup: Veganizer, Enterprise Software Development, Responsiveview, Web components

This month’s ViennaJS meetup brought together a bunch of awesome people with awesome talks at the new location Sektor 5: Twitter hashtag: #viennajs

Labels: , ,

Wednesday, December 12, 2012

 

IT security beyond computers and smartphones

IT security is not just about computers and smartphones any more. Your smart TV may be allow attackers to get access to sensitive information and control the device, as security start-up ReVuln demonstrates for Samsung's Smart TV.

Once simple stand-alone receivers, TV sets, set top boxes and digital recorders are full featured computers and connect to home networks for downloading program guides and software updates, sharing pictures and videos and enabling social media integration.

Read more about recently discovered security flaws in home entertainment equipment on The Register.

Labels: ,

Thursday, August 9, 2012

 

Cambodia revisited

One year has passed since I left Phnom Penh after my IBM Corporate Service Corps assignment in Cambodia had ended.

In the following months, I wrote articles about the CSC experience for our local employee magazine and for our corporate social responsibility site. A professional writer covered the story for the THINK! Magazin. Our company internal Global Web Services newsletter featured another article. This one happened to find its way to my client HRINC, where it got published on their company website as well.

In February, another #ibmcsc team visited Cambodia and worked with a different group of clients, mostly educational institutions. During their preparation I had the pleasure to share some of our team’s experiences, including recommendations for sight-seeing, dining and entertainment.

Writing and talking with colleagues, friends and family about the trip always brings back fond memories of the great time spent in Cambodia with the “Tissabamokah” team, our hosts and the various people we met during our stay.

I occasionally hear from my friends at HRINC about life and work, and follow the updates from the Cambodia Retirement Village (CRV) project.

The IBM team has stayed in loose contact also. We didn’t manage to arrange our first annual reunion that we had talked about before we left, and we never completed our team video. Somewhere that raw footage is waiting to be edited and cut, maybe for another anniversary.

If you ever have an opportunity to spend some time on a voluntary assignment, whether as a company sponsored activity or with a volunteer organization like Australian Business Volunteers (ABV), go for it, and if you don’t, try harder to find one.

Looking back a year later, I wouldn’t say that one month abroad made me a completely different person, but I certainly learned a few things about myself too. What made the most lasting impression on me was the Khmer people’s positive and cheerful attitude, which I admire and often miss.

Related links:

Labels: , ,

Thursday, July 5, 2012

 

Moving on: new job, same company

Starting new job today, and I am excited about it!

Some fifteen years (or seventy web years) ago I started working on the IBM Web presence as webmaster in Corporate Internet Programs and Enterprise Web Management. During that time, and later as Web effectiveness manager in IBM Inside Sales, I had the pleasure to work with many great people around the world. I learned a lot about business and technology. I had the opportunity to travel to various places and attend and speak at international conferences. It's been a lot of fun and a great learning experience, and I look back fondly on the many things we achieved together.

Now the time has come to move on. Effective immediately, I am joining the IBM Global Business Services organization in Austria, leading the Enterprise Architecture team in Application Innovation Services.

I am very much looking forward to this new opportunity in a different area of the business, in a more technical capacity, working with local customers, and I am honored to join an amazingly skilled and experienced team.

Tuesday, January 31, 2012

 

Google Browser Size: Is your content visible?

Have you ever wondered how much of your carefully designed Web page is actually visible to the people coming to your site?

Then take a look at Google Browser Size, an amazingly simple and effective tool for Web designers to see what percentage of users sees which content, like this:


Of course we all know to place important content towards the top, above the fold, we have seen the heatmaps from eye tracking studies, and we all test at different screen sizes, right? Google Browser Size, already launched back in December 2009, just makes the testing easier and brings this home with shocking immediacy (Mike Moran at Biznology).

The visualization is based on browser window sizes of people who visit Google, not on actual browser window sizes used when accessing a particular site. Depending on how closely your audience matches the average Google visitor, results may vary.

One caveat: As mentioned on the Browser Size website, the tool works best on web pages with a fixed layout aligned to the left. The visualization can be misleading for liquid or reactive pages that adjust to the available screen width, we well as centered pages.

Labels: , , ,

Wednesday, November 30, 2011

 

Velocity Europe 2011 conference report

Web companies, big and small, face the same challenges. Our pages must be fast, our infrastructure must scale up (and down) efficiently, and our sites and services must be reliable … without burning out the team.
Velocity Europe conference Website

Three years after its inception in California O’Reilly’s Velocity Web Performance and Operations Conference finally made it to Europe. Some 500 people, web developers, architects, system administrators, hackers, designers, artists, got together at Velocity Europe in Berlin on November 8 and 9 to learn about the latest developments in web performance optimization and managing web infrastructure, exchange ideas and meet vendors in the exhibition hall.

Velocity Europe was well organized and run. There were power strips everywhere and a dedicated wireless network for the participants, although the latter barely handled the load when everyone was hogging for bandwidth. Seeing bytes trickling in slowly at a performance conference was not without irony. Some things never change: Getting connected sometimes requires patience and endurance. Back in the days I was volunteering at the W3C conferences preparation involved running cables and configuring the “Internet access room”, only then contention for network resources meant waiting for an available computer.

As expected for a techie conference, about the only people wearing jackets and ties were the AV operators, food was plentiful and good, and the sponsors handed out T-shirts, caps, and other give-aways. Plenary sessions were recorded and streamed live, and #velocityconf on Twitter also has a good collection of facts and memorable quotes for those who couldn’t attend in person.


Steve Souders and John Allspaw led through two busy days packed with plenary sessions, lighting talks and two parallel tracks on Web performance and Web operations. While bits and bytes certainly mattered to the speakers and the audience, the focus was clearly on improving the Web experience for users and the business aspects of fast and well-managed Web sites.

The conference started with a controversial talk about building a career in Web operations by Theo Schlossnagle, and I couldn’t agree more with many of his observations, from suggesting discipline and patience (and recommending martial arts to develop those virtues), learning from mistakes, developing with operations in mind to seeing security not as a feature but a mentality, a state of mind. Along the same lines, Jon Jenkins later talked about the importance of dev ops velocity, why it’s important to iterate fast, deploy fast, and learn from mistakes quickly, mentioning the OODA loop. Some of the Amazon.com deployment stats are just mind-boggling: 11.6 seconds mean time between deployments, and over 1,000 deployments in a single hour to thousands of hosts.

Joshua Bixby addressed the relationship between faster mobile sites and business KPIs. Details of the tests conducted and the short-term and long-term effects on visitor behaviour are also available in his recent blog post about a controlled performance degradation experiment conducted by Strangeloop. Another interesting observation was the strong preference of customers for the full Web sites over mobile versions and native apps: One retailer in the U. S. found that of the online revenue growth for that company was driven by the full site. 35% of the visitors on their mobile site clicked through to the full site immediately, 24% left on page 1, another 40% left after page 1, and only 1% bought something.

Performance also matters at Betfair, one of the world’s largest betting providers. Doing cool stuff is important too, but according to Tim Morrow’s performance pyramid of needs that’s not where you start:

  1. It works.
  2. It’s fast.
  3. It’s useful. (I personally have a slight preference for useful over fast.)
  4. It’s cool.

Jeffrey Veen of Hotwired, Adaptive Path, TypeKit fame kicked off the second day with an inspiring talk on designing for disaster, working through crises and doing the impossible. I liked the fancy status boards on the walls, and the “CODE YELLOW” mode, the openness and the clear roles when something bad happens. And something bad will happen, as John Allspaw pointed out: “You will reach the point of compensation exhausted, systems, networks, staff, and budgets.” A helpful technique for planning changes is to write down the assumptions, expectated outcomes and potential failures individually, and then consolide results as a group and look for discrepancies. If things still go wrong, Michael Brunton-Spall and Lisa van Gelder suggested to stay calm, isolate failing components, and reduce functionality to the core. Having mechanisms in place to easily switch on and off optional features is helpful, down to “page pressing” to produce static copies of the most frequently requested content to handle peak loads.

Several talks covered scripting performance and optimization techniques. Javascript is already getting really fast, as David Mandelin pointed out, running everything from physics engines to an H.264 decoder at 30 fps, as long as we avoid sparse arrays and the slow eval statements and with blocks. Using proven libraries is generally a good idea and results in less code and good cross-browser compatibility, but Aaron Peters made the point that using jQuery (or your favorite JavaScript library) for everything may not be best solution, and accessing the DOM directly when it’s simple and straightforward can be a better choice. Besides that, don’t load scripts if the page doesn’t need them – not that anyone would ever do that, right? – and then do waterfall chart analysis, time and again. Mathias Bynens added various techniques for reducing the number of accesses to the DOM, function calls and lookups with ready-to-use code snippets for common tasks.

For better mobile UI performance, Estelle Weyl suggested inlining CSS and JS on the first page, using data: URLs and extracting and saving resources in LocalStorage. Power Saving Mode (PSM) for Wi-fi and Radio Resource Control (RRC) for cellular are intended to increase battery life but have the potential to degrade perceived application performance as subsequent requests will have to wait for the network reconnection. Jon Jenkins explained the split browser architecture of Amazon Silk, which can use proxy servers on Amazon EC2 for compression, caching and predictive loading to overcome some of these performance hogs.

IBM’s Patrick Mueller showed WEINRE (WEb INspector REmote) for mobile testing, a component of the PhoneGap project.

Google has been a strong advocate for a faster Web experience and long offered tools for measuring and improving performance. The Apache module mod_pagespeed will do much of the heavy lifting to optimize web performance, from inlining small CSS files to compressing images and moving metadata to headers. Andrew Oates also revealed Google’s latest enhancements to Page Speed Online, and gave away the secret parameter to access the new Critical Path Explorer component. Day 2 ended with an awesome talk by Bradley Heilbrun about what it takes to run the platform that serves “funny cat videos and dogs on skateboards”. Bradley had been the first ops guy at YouTube, which once started with five Apache boxes hosted at Rackspace. They have a few more boxes now.

With lots of useful information, real world experiences and ideas we can apply to our Websites, three books signed by the authors and conference chairs, High Performance Web Sites and Even Faster Web Sites, and Web Operations: Keeping the Data On Time, stickers, caps and cars for the kids, Velocity Europe worked great for me. The next Velocity will be held in Santa Clara, California in June next year, and hopefully there will be another Velocity Europe again.

Related links

Photo credit: O´Reilly

Labels: , , , , ,








Page tools



Archives