Category Archives: web authoring

mvn cloudtools:deploy

I love this. Write your Java EE app; then deploy to up to 20 virtual servers like this:

mvn cloudtools:deploy

The servers are Amazon EC2 instances, charged by the hour.

The tool comes from Chris Richardson, author of POJOs in Action. It combines a Groovy framework called EC2Deploy with appropriate Amazon virtual machine images and a Maven plugin. He calls the combination Cloud Tools. More on EC2Deploy here. The Cloud Tools home page is here. Open source under the Apache License 2.0.

Great for testing, could be good for live deployment too, especially now that you can get proper support from Amazon.

See also Jeff Barr’s Amazon Web Services Blog.

Giving up on the mobile web

Mowser, a start-up which provides a service that makes web sites mobile-friendly, is giving up. Founder Russell Beattie says:

I don’t actually believe in the “Mobile Web” anymore … anyone currently developing sites using XHTML-MP markup, no Javascript, geared towards cellular connections and two inch screens are simply wasting their time.

His point is that devices are adapting to enable browsing of the full web, making attempts to adapt the web to devices rather pointless. Which is pretty much what I said six months ago.

This isn’t absolute. As a mobile web user, I’ve appreciated mobile versions of sites like Google or the BBC. It soon becomes frustrating though, because so many sites are not designed to work well on mobile browsers, and never will be. Fix the mobile browser, and you get the lot.

Technorati tags: ,

Amazon Elastic Compute Cloud gets persistent storage

An annoying feature of Amazon EC2, a service which provides virtual servers on demand, is that server instances have no persistent storage. Any data written to the virtual hard drive disappears when the instance shuts down. Developers have needed to store data elsewhere, such as in Amazon’s S3 storage service.

Amazon has now announced persistent storage. These are virtual hard drives that you can attach to EC2 instances. Another enhancement since the initial launch is static IP numbers. Early tester (and reseller) Thorsten von Eicken is enthusiastic:

The feature that really makes the storage volumes sizzle is the ability to snapshot them to S3 and then create new volumes from the snapshots. The snapshots are great for durability: once a snapshot is taken it is stored in S3 with all the reliability attributes of S3, namely redundant storage in multiple availability zones. This essentially solves the whole backup issue with one simple API call.

It’s an excellent feature which arguably should have been there from the start.

Incidentally, I don’t know why people keep comparing Amazon’s web services with Google’s App Engine. OK, they are both cloud services. But Amazon is providing infrastructure services; Google is offering an application runtime. They hardly compete at all. Google and Amazon compete in other ways: Amazon marketplace vs Google Base and Google Checkout, for example.

Technorati tags: , , ,

Microsoft’s live maps upgrade is a downgrade in the UK – developers are fuming

Microsoft’s latest upgrade to Live Maps has some interesting new features, including more detailed 3D city views, labels in bird’s eye view, GeoRSS feeds, and more:

As always the changes visible in the user interface only scratch the surface of the dozens of improvements across the application tiers including Geocoding enhancements, browser compatibility (Safari and IE8), parsing improvements, reverse geocoding, printing improvements and tons more. We are also releasing an upgrade of our Map Control to version 6.1 for developers.

Unfortunately for UK developers, there’s another change. In December 2007 Microsoft acquired Multimap, and the latest update now redirects maps.live.com to Multimap, if your region settings are UK (or, possibly, elsewhere in Europe). You can see the difference if you force the region to US with an url argument: http://maps.live.com/?mkt=en-us.

The Multimap maps have fewer features and include advertising. For example, there is no 3D view in Multimap:

Here’s the real Live Maps version (note the extra features):

It looks like the photography is the same; but developers are not happy. Check out the comments to the announcement, for example:

I loved Live maps, but i’m off to Google maps if multimap doesn’t get removed and we go back to the nice clean good interface and all the features we’ve come to love.

Multimap is awful.

or

I never thought I’d have to say this, but for UK users Live Maps is now complete TRASH. Why on Earth did you replace Live Maps with Multimap??? Multimap uses technology that hasn’t changed for years, the maps are awful, the page is full of clutter, and it doesn’t even use smooth zooming – it just reloads the page every time you zoom in because it’s all static image based.

Add to that the fact that the road maps all use images scanned straight out of the PAPER atlas, not the sleek, computer-friendly road map style that Live Maps uses.

It’s a shame, as I’d been meaning to blog about how impressive Live maps and Virtual Earth looked in some of the demos as Mix08. That said, Microsoft can fix this easily by removing the redirect.

This is an integration issue. If Microsoft-Yahoo becomes a reality, I wonder what other such issues will cause developers to fret?

Thanks to Ian Blackburn for the link.

UPDATE: Live Maps is back. As of yesterday, Multimap is no longer being used even in the UK. Looks like Microsoft listened; I’m impressed.

Google App Engine: how much will you pay for freedom?

Google is offering to host your web apps for free:

You can create an account and publish an application that people can use right away at no charge, and with no obligation. An application on a free account can use up to 500MB of storage and up to 5 million page views a month.

What’s an application? It’s a runtime for Python apps (only Python code will run) and includes the Django web framework. There is a structured datastore which on the briefest of looks has echoes of Amazon’s SimpleDB and Microsoft’s SQL Server Data Services. Welcome to GQL – the Google Query Language. You can send email through Google’s servers (hmm, hope some work is being done to foil the spammers). You can use Google Accounts as an identity service – this is a big one, since it helps Google to meld your online identity with its services.

So what’s the business model? Google says:

During this preview period, only free accounts are available. In the near future, you will be able to purchase additional computing resources at competitive market prices. Free accounts will continue to be available after the preview period.

There are a few clues about what will constitute an “additional computing resource”. Clearly storage is one limit, and there is also a limit of 3 applications for free accounts. There is also a reference to bandwidth limits, the number of results you can return from a query (1000), and the length of time taken to serve a web request.

Apps communicate through HTTP or HTTPS requests. No talk of SOAP or even XML that I can see, though presumably you can use Python libraries.

Although we talk a lot about the largest applications that need to scale, this is a minority of real-world applications. Many of today’s web applications could run happily for free on Google’s new service, once ported. The economics interest me. Google is offering to subsidise our web infrastructure even further than it does already with GMail, Blogger and iGoogle gadgets. Therefore, if we choose to host our own services we have to pay for the flexibility and control that gives us, as well having to deal with scalability and security issues that Google will otherwise look after for us. In the light of generous app hosting offers like this, how much are we willing to pay for that freedom?

A real-world account of Google Adsense – and it doesn’t look good

Advertising is “the economic engine that powers the Web”, according to Microsoft’s Ray Ozzie. Google’s rapid ascendancy, enabled by advertising revenue, is the primary evidence for this. That said, Rick Strahl’s post on Google advertising highlights several problems with Google’s approach. It is about Adsense, the mechanism by which third-party sites (like this one) host Google advertising. When someone clicks an ad, Google gets paid, and an undisclosed percentage of the fee goes to the site owner.

Strahl runs a small business and uses Google both as advertiser and web site owner. He’s puzzled by the stats he’s gathered at both ends. As advertiser, he says that 30-40% of his hits come from link parking sites, plus another 10% which have no referrer, and reckons that these hits are worthless and in many cases possibly fraudulent. That’s up to 50% of wasted ad spend. Google tells him there is no way to opt out of link parking sites, other than by excluding specific sites; but since there are thousands of such sites and they change constantly, that is impractical.

At the other end, Strahl sees frequent deductions from the clicks on his own site, presumably on the basis that they are fraudulent or accidental (such as robot clicks). In fact, deductions from his site, which he controls and which has good, genuine content, appear to be far higher than those from the link parking sites which have no real content at all. In other words, Google seems happier to make deductions from what it pays to him, than from what he pays to Google.

He’s also curious about the ad bidding process, which always seems to end up charging him the maximum possible.

It’s possible that he has some of this wrong; but there is no way to audit Google’s figures:

In the end it feels like black magic. Google (and other advertisers as well to be fair) control the process so completely that if there’s any foul play either on Google’s part or for cheating publishers that contest clicks on the other end there’s almost no real way to tell that it’s happening and unless you have the time to keep very close tabs on it there’s no way to follow the money all the way through – on both ends. And who has that kind of time?

I find this unsurprising. The pay-per-click model has always seemed to me far too vulnerable to abuse, especially bearing in mind all those botnets. Who pays for any fraud? Not Google, but Google’s customers, the advertisers.

Some level of click fraud is inevitable, but Google’s willingness to let any old worthless bot-driven link parking site run Adsense ads is a disgrace. This stuff poisons the web, because it provides a financial incentive to post junk.

Advertisers can opt-out of Adsense, by disabling the “content network” for the ads they place. If enough advertisers do this, Google will take note.

Disclosure and to add a personal note: I am an Adsense publisher, though not an advertiser. I also use Blogads, which to my mind has a better business model for advertisers, since they specify exactly which sites they wish to use. In addition, I get to approve each ad, whereas with Adsense I have to take whatever comes. The snag is, Blogads is tiny in comparison to Google, which can seemingly always supply ads for my site.

Technorati tags: , ,

 

Reality strikes for Blog Friends Facebook app

Just spotted this sad note from the developers of one of the few Facebook apps I’ve enjoyed using, Blog Friends. The app combines blog aggregation with social networking, and does a good job of highlighting interesting posts you might otherwise miss:

Although it appears simple on the surface, Blog Friends is actually an unusually complex and resource-intensive application to maintain and grow …. the way that Blog Friends is currently tied into the Facebook Platform means we have been at the mercy of Facebook’s frequent modifications of their Platform specifications, and that has also been another disabling factor for us.

What is needed is a complete rewrite of Blog Friends, one that makes it properly scaleable and independent of Facebook. As you can imagine, this is a huge undertaking and unfortunately we don’t have the resource or money to do this; we have never inflicted any advertising on you our users, so we haven’t made a penny in revenue from Blog Friends.

We’re shutting down, as of today.

It’s tough to prosper without a sane business model; and it’s tough to survive on some third-party’s proprietary platform.

Proprietary platforms love developers (Ballmer’s battle cry, remember), because they add value. They are risky for developers though, because the platform owner can change the rules.

Is Bubble 2.0 going to end the same way as Bubble 1.0?

Is Google Gears safe?

I imagine that is the question most users will ask when they see this dialog:

There are a couple of things I don’t like about this dialog. First, the website is defined only by an URL. The problem is, it’s a plain http connection so there’s no SSL certificate involved, so I can’t easily check the identity of the site. This one is Google, so it’s not too difficult; but what if it is some other site? It is not particularly easy to verify the ownership of an URL; whois information is not reliable.

Second, what are the implications of my decision? If you click What is this, you get this page, which explains offline functionality but doesn’t mention security. It does mention that Gears is a beta – personally I think this should be up-front in the security warning dialog as well. Do you trust this beta software?

If you go to the Frequently Asked Questions, there is still no mention of security. Is nobody asking about it? This article is the closest I can see, but merely repeats the information in the original dialog, that Gears allows websites to write to my computer. Enquiring minds ask: where can they write data? Where can they read data? Could they install malware or execute code?

We could do with a link to this page, about the Gears security model. This tells me that Gears uses a same origin policy:

A web page with a particular scheme, host, and port can only access resources with the same scheme, host, and port.

It also says:

Google Gears data files are protected with the user’s operating system login credentials. Users with separate login names cannot access each other’s Google Gears data files, as enforced by the operating system.

The bit about “as enforced by the operating system” should be highlighted. If your users have local admin rights, as on some Windows boxes, they will be able to access files belonging to other users.

But is Gears safe? What if I’m taken in by a scam site and give it permission to use Gears?

It may not be too bad. Gears can’t write anywhere on my hard drive, only to a location in my local profile or home directory. It doesn’t use the browser cache, presumably because it isn’t reliable; it may get cleared. Still, I guess some sort of attack might be possible along the lines of: write an executable to my local resource store, then give me a link to click and run it. Gears could fill your home directory with stuff you do not want, of course, but that’s the explicit permission you give when you agree to let a site write to your computer.

This presumes that Gears does not have security bugs. There may be and probably are ways to mount attacks using Gears that I have not thought of.

Bottom line: Gears is probably fairly safe, provided that the site really is trustworthy, but it is a beta and the usual caveats apply. Check that URL carefully. Avoid Gears when used by smaller organizations that might not have sites well defended against malware. I still don’t like the dialog though; and I’m surprised that Google does not make it easier for users to examine the security issues.

This post is prompted by yesterday’s announcement of Offline access to Google Docs.

Ugly Flash: auto-play audio with no stop button

Today I was transcribing parts of an interview when the phone rang. It was a call about Dreamforce Europe, the Salesforce.com conference in early May. I navigated to the event site to check out the agenda. Suddenly there was a cacophony of noise. At first I thought my interview, which I’d paused in order to take the call, had somehow restarted; but then I realised it wasn’t that, it was a Flash video (with sound) on the Dreamforce site. I can see no pause or stop button; and the right-click menu doesn’t have one either. The problem was made worse by a bandwidth issue; the audio was breaking up, making it unintelligible.

A horrible user experience and poor web design. Audio is even more intrusive than video. Personally I dislike any audio that auto-starts when you visit a page; if there is no obvious way to stop it, other than by leaving, it is inexpressibly ugly.

Update

I received an email from Salesforce.com PR, saying that there is now both a pause and a mute button on the Flash movie. It’s true: bottom right of the panel. Well done Salesforce.com for fixing this.

BBC standardizing on Flash for web video

I’m at Qcon London listening to John O’Donovan, Chief Architect, and Kevin Hinde, Head of Software Development, both from the BBC.

They are talking about video on bbc.co.uk. Previously this has been handled through pop-up pages that give a choice between Windows Media Player and Real Media. The BBC will now be standardising on Adobe Flash video, embedded in the page rather than in a pop-up. Their research has found that embedded video has a much better click-through than the pop-up style. It also has editorial implications, because it is better integrated into the page. In due course, Flash will be the sole public format (an archive is also kept in some other format).

There is going to be increasing video on the site. Apparently the BBC is getting better at negotiating rights to video content, and we can expect lots of video from this year’s Olympics, for example.

As far as I can tell, this has nothing to do with iPlayer, the service which offers the last 7 days of broadcasting online. This is mainly about short videos of news content.

Incidentally, I’m disappointed that we are not getting more detail on the rebuilding of the web platform about which I posted earlier, though it has been mentioned in passing as a move to dynamic publishing. That was more interesting to me, and perhaps more in tune with what Qcon is about. Still, this is worthwhile as well.

Technorati tags: , , ,