Usability - Productivity - Business - The web - Singapore & Twins

By Date: March 2011

IE6 must die!

This is not a battle cry of a Microsoft hater. It is an official Microsoft campaign. While Microsoft's Internet Explorer 9 is a neat piece of software, it doesn't run on Windows XP, Mac or Linux. So my version of the upgrade banner links to something more widely available. Of course that choice isn't without alternatives (from Europe too). May IE6 rest in peace.

Posted by on 28 March 2011 | Comments (1) | categories: Software

Facebook for pre-Teenagers?

Interesting Homework assignment for a P5 student (that is age 10-12 max) in my son's class:
Facebook homework
  1. Could Facebook help you in your studies? How?
  2. Could Facebook provide a platform for you to manage your time? How?
  3. Could Facebook be dangerous? Why or why not?
So far my reply is still in "awaiting moderation" while others have appeared. So I repeat it here:
The Facebook Terms of service under section 4.5 clearly state:
" You will not use Facebook if you are under 13."
Since P5 students are ALL below 13 I find it very inappropriate to make Facebook the subject of homework other than explaining the reasons why there is an age limit and what are the ramifications of violating the "terms of service" (e.g. in opposite to violating a law). I know that the age stated on a P5 student's birth certificate often vastly differs from his "facebook age", but what students do in their pastime is one thing, what is subject of their studies another.
I'm curious if my original comment will appear there.
Update: The comment is now visible, kudos to the teacher for accepting publicly visible critique.

Posted by on 27 March 2011 | Comments (1) | categories: Singapore

Comparing document changes

From time to time I have the need to compare the documents of two databases for changes:
  • Before I clean-up a Domino configuration I create a backup copy (File - Application - New Copy). Once I'm done I generate the report of changes made - reliably without missing a field
  • We suspect data was altered by a rookie user. Using a backup copy all the changes made need to be highlighted
  • Suspecting that a replication went awry I want to compare two instances of one database on different servers
For these use cases I wrote a class that allows me to blend out certain fields or documents based on certain forms. The code is a rough cut and you might need to adjust it to specific needs. Anyway enjoy:
Public Class CompareEnging
    Sub New (sServer As String, sDB As String, tServer As String, tDB As String )
    Public Property Set reportOnlyChangedFields As Boolean
    Public Property Set eMailResults As Boolean
    Public Sub addExcludedForm (formName As String )
    Public Sub addExcludedField (fieldName As String )
    Private Function fixTextforHTML (orgText As String ) As String
    Public Function report
    Sub reportNewDocuments (targetDB As NotesDatabase )
    Sub compareTargetDoc (tDoc As NotesDocument )
    Sub compareSourceDoc (sDoc As NotesDocument, tDB As NotesDatabase )
    Function documentSingleDoc (doc As NotesDocument, txtStatus As String )
    Public Sub compareTwoDocuments (sDoc As NotesDocument, tDoc As NotesDocument )

End Class

Function ReplaceSubstring (sourcestr As String, fromstr As String, tostr As String ) As String
Download the Full Source code. As usual - YMMV

Posted by on 27 March 2011 | Comments (2) | categories: Show-N-Tell Thursday

Debug your Internet

Working Internet connections are invisible. The fun starts when things are broken or somewhat broken. Then we wonder: is DHCP and NAT working, does the DNS do what it should, are all service ports open etc. Berkeley University's ICSI provides the Netalyzr tool to have a closer look at your connection. So make yourself familiar and run Netalyzr. The test results for my Starhub MaxOnline Express (16 GB in my dreams) were quite revealing:
Netanalyzer results for MaxOnline Express
So Starhub is meddling with the DNS, doesn't get Proxy right, filters content (mandated by the government for a handful internet sites), provides a slow DNS and needs a lesson on caching and buffering. I wonder how Singtel would fare.

Posted by on 27 March 2011 | Comments (5) | categories: Singapore Technology

Before they are gone: How IPv4 addresses work

In a discussion around IP addresses and routing I had to draw pictures how IPv4 addresses work. When dealing with client, typically DHCP is used, that automagically puts the right numbers into the right place. However server addresses tend to be static (this is a beginner level entry, so static DHCP addresses and dynamic DNS are out of scope) and need to bet setup properly. When looking at an IP address is consists of 4 numbers from 0 to 255 each. In reality that are actually not numbers, but bit pattern of 8 bits each. With 8 bits you can get to decimal 255:
The bit pattern of 197
The bit pattern of 127
The IP address is reserved for your local computer (your home), hence the old joke " There is no place like" (Red shoes not required). Now you will find 3 of these numbers:
  1. The IP address: that is the number for your computer. Typically you have (if connected) 2 of them: and the one you got from the DHCP server.
  2. The netmask: it helps the IP stack to distinguish between "local" calls and "long distance calls" (more below)
  3. The default gateway: The operator for long distance calls
So one could "understand" and IP address as a 4x8 punch card where the 1 stands for a punched hole while the 0 stands for a closed one. Some samples:

Read more

Posted by on 19 March 2011 | Comments (0) | categories: Software

What happens when you blame Domino for not working and I review your setup?

And I find: borked DNS, wrong IP entries, messed up replication settings, broken cluster setups. And I don't find: a proper disk setup, activity trends, Domino Domain Monitoring, DCT and network management. Well then I go through a little metamorphosis

Read more

Posted by on 19 March 2011 | Comments (6) | categories: After hours

How fragmented are your Domino Server Drives on Windows - Help needed!

Disk fragmentation has been discussed here more than once and defragmentation is part of the ideal Notes upgrade and the Upgrade Cheat Sheet. In a comment Nico57 points out that the disk allocation scheme of Domino is a huge contributor, especially when compact -c is part of your database hygiene routines.
The irony of compact: your inner structures in the NSF will be squeaky clean, but the content will be (after a while) splattered over your disk like pimples on a teenager's face. The least you can do is to point all temp locations at least onto a different partition. So I had a chat with the engineering team and they are interested to learn about the magnitude of the problem. So I need your help. We like to know how fragmented your NSF on your Windows servers really are. This is what I want you to do:
  1. Download a copy of Sysinternals Contig.exe from Microsoft Technet and make it accessible from your Windows server (Copy it there, put it on a network drive you can reach, you know what you are doing)
  2. Open a command prompt on your server and type [Wherever-contig-is]\contig -a -s [Path-to-Domino-data-directory]\*.nsf > fragmentation.txt If you have database or directory links you have to repeat the process but then you need >> fragmentation.txt. This will list out the files and their fragmentation. Don't forget the -a parameter that tells contig to list only and not to actually defrag
  3. Find the database with the most fragments as well as the average number of fragments (that number is at the very end of a run). I would like to know these figures
  4. Head over to the Entry form and let me know. There are only 2 numeric values mandatory (and the selection of two dropdowns), the rest is strictly optional. Leave an eMail address if it is OK to contact you with a question or two.
  5. Leave a comment here (optional) if you have a question or would like to share special procedures or experiences.
Your contribution is really appreciated!

Posted by on 14 March 2011 | Comments (9) | categories: Show-N-Tell Thursday

Tuning out of eMail conversations

I'm practising inbox zero for a while now. Doing that I realised a few very bad eMail habits getting in my way: mixing To: and CC: and Reply all. So what's wrong:
  • To and CC have very clear intentions. Recipients are in the To field, because the sender expects a reaction: a reply or an action taken. CC (originally Carbon Ccopy, now more used as "Just in Case Copy") addresses recipients who should know about the content, but no reply or action is expected (still one is free to reply or act). I frequently see these principles violated. Senders are coming back to me asking "Why didn't you reply" while I was only in CC or I find my name in the To field and there is nothing to be done by me. I'm very tempted to start to ignore mis-labelled messages
  • CC lists get longer and longer. Once you have been added to an email conversation is is almost impossible to get off it. Reply to All is too pervasive (and I'm partly guilty there too). The proponents argue, that once taken of such a conversation it is very hard to get back on and information gets lost to the individuals (that's why IBM Connections Activities makes so much more sense - also available in a LotusLive Activities flavour)
In Activities there is a possibility to "tune out" of an activity. You are still a member but it doesn't show up on your dashboard. Even if your are tuned out, new action items will show up in your ToDo list, so information doesn't get lost. I'm very tempted to add such a feature to my Notes client. A view, a form, some script would do:
Tuning out of eMail
How much actionable items would I miss then?

Posted by on 10 March 2011 | Comments (0) | categories: Show-N-Tell Thursday

Who has access to your certifier?

Domains and Certifiers are the most commonly confused items in Notes and Domino. By habit (I wouldn't call it a best practise, it really is just a habit) they bear the same name, but they don't have to. You can have multiple totally distinct certifiers in one Domain and you can use one certifier across multiple domains - or mix both. Interestingly the same is true for Internet certifiers (mostly seen in https): You surf to the Domain amazon.com but the certifier has been created by Verisign. Now when you go and try to borrow steal get access to the root certificate, containing the private key of Verisign's certificates you are up against some Fort Knox style security. Rightfully so. With access to the root certificate you can compromise the whole chain of security. The same is true for the cert.id that is used to create servers, users and organisational units for use in Domino Domain(s). When reviewing how secure these are kept I regularly find ignorance in holy union with incompetence. Quite often hired hands have boxes with floppies (less in these days) or memory sticks with all ids and certifiers on it and an open list of passwords. Contractors never change, contractors never have their own motives, contractors are always honest, never underpaid (the actually guy/girl, not the outsourcing fees) and from outmost integrity. Also they never make mistakes. And then you wake up. The whole pyramid of digital certificates, non-repudiation and authenticity crumbles without your PKI insufficiently protected. A security expert once stated it very clearly: " If you can not with 100% confidence confirm who ever had access to your root certifier (and might have kept a copy) since its creation, your PKI must be considered compromised". I would say, that is probably true for a lot of Notes shops. Happy recertification then!
So how does a proper and due process for certifier management look like? There are several steps involved Speak out loud every step and make sure all participants are briefed about the process and understand it:
  1. Setup a new machine with only internal network connection to your admin server and a working Notes Admin client. Make sure it is maleware free. Have a printer attached to it and install a Hex-Viewer
  2. Setup or make sure it is setup properly: the Domino Certificate Authority (Yes it is there since R6)
  3. Hook up a projector, so all participants can see what is going on
  4. Invite four to six signers (board members is a good choice) and some witnesses. Ideally have the corporate notary present
  5. Prepare envelopes and sheets of paper suitable for long term save storage (ask your notary for the right material)
  6. Create a new certifier ID in the admin client. Let one of the signers type the password, that is NOT shared with anybody
  7. Edit the certifier and configure it to hold four to six passwords (depending on the number of signers you invited), require at least 3 passwords to unlock it
  8. Let every signer add a password that should be really complex -- and long. Let them write it down first before they type it in
  9. Hand one envelope with the password to each witness and let them verify that the password actually works. Make sure they don't see any other password. If that fails back to step 6
  10. Now connect to the network and upload the new certifier to the Domino CA you configured/verified in step 2
  11. Let the envelopes be sealed and handed to the corporate notary to be stored in the designated corporate vault
  12. Open the ID in the Hex Viewer and print the hex dump. Put that in an envelope together with a pluggable storage (SD Card, USB Stick etc.) that contains a copy of the ID. If that media isn't readable anymore you can restore it from the HexDump print
  13. Let everybody sign a document that outlined what happened just now and hand that over to the notary for filing
  14. Last not least: wipe the cert file from the machine (not just delete, properly wipe) also wipe the temp files (the printer spooler stuff)
Now you have a proper cert, now it is time to create your IDVault and create your organisational certifiers. The organisational certifiers warrant the same attention and I would recommend to use them everywhere. What I'm curious about: " How do you secure your PKI?"

Posted by on 07 March 2011 | Comments (1) | categories: Show-N-Tell Thursday

Sharing HideWhen Formulas

Yes - a Notes classic development post, since XPages knows a "rendered" property (labeled as "visible") but no "hideWhen". I was asked " How can I share HideWhen formulas?". The short answer is: " You can't". The long answer: " Once you separate the label from the logic it becomes possible". Let me elaborate:
Instead of adding business logic to your hidewhen formula in the formula window itself you just enter keywords that describe the condition, something like isManager or isConfidential (Important: that are FIELD names, so no quotes). I like using "is" as prefix since the keyword describes a state of the document and based on that state information is supposed to be shown or hidden. De facto you create your domain specific language here. Now you create one computed for display (CfD) numeric field with exactly that name, so you have fields named isManager or isConfidential. That fields need to have results that are either @True or @False. To get to that result you can use anything at your disposal including profile documents or <gasp>@DBLookup or @DBColumn</gasp>. You could allow simple AND or OR statements like isDraft | !isManagerHaving done that you can start thinking about reuse.
Pack all the fields into a subform and put it at the beginning end of your form. In computation sequence fields are calculated first before HideWhen is executed, so putting them last ensures that you have the right values in them and don't need 2 recomputations. Quite often you will not use all hide conditions in all forms, so you might perform lookups that are discarded without being used. To avoid that you can use the following strategy. Add a CfD field, type text - multivalue, before the subform. Name it " HideWhenUsedHere". In its formula (which would differ from form to form) you list the HideWhen types you want to use e.g "isManager":"isDraft" (Note: you have quotes here!). On a subform you would have a CfD field HideWhen_[Name of the subform]. When you add a subform you would adjust the HideWhenUsedHere formula to look like @Trim(@Unique("isManager":"isDraft":HideWhen_[Name of the subform])). Then add to the first line of each CfD field of your hidewhen-subform: @if(@IsNotMember(@ThisName;HideWhenUsedHere);@Return(@False);""); This way your eventual longer running lookup won't execute. The @isMember executes very fast. Of course you could construct it the other way around and have a field " DoNotUseTheseHideWhenHere", then the first line would look like this: @if(@IsMember(@ThisName;DoNotUseTheseHideWhenHere);@Return(@False);"");
It is not as elegant or powerful as a SSJS library in XPages, but once you wrap your head around it provides an easy resuable way for your "business visibility rules"
As usual: YMMV

Posted by on 07 March 2011 | Comments (1) | categories: Show-N-Tell Thursday

What's your Data Definition Language?

After recent insights in data structures I was wondering what's the right format to describe data models. Its a thought almost alien to Notes developers since we " just add what we need". Nevertheless having a data model eases maintenance and documentation (which brings up the question what comes first: the application or the data model). Clarity about data models also fosters the contract first way of developing applications where agreements about interfaces and data structures are made up-front before implementation. There are a number of contestants available to choose from (with no claim to completeness):
  • SQL Data Definition Language. Basically that's all the CREATE TABLE statements you use to create your RDBMS tables and views. Advantage of SQL DDL is its closeness to RDBMS, which makes implementing the described data easy, the ability to create the definition in a simple text editor but also rich visual tools (like ERwin which was one of the first of its kind) and the capablity of other DDL (like UML) to read/write SQL DDL. The biggest drawback in a world where SQL no longer rules alone is its closeness to RDBMS and its lack of support for transmittable data (think web service, sync or two folded MVC pattern). Today I would say SQL DDL is hardly the source of your data model anymore, but an output from one of the other DDLs (most likely UML)
  • UML and its XML representation. The Unified Modeling Language is designed to do much more than describing data. Besides data one can model other structures (like components, deployments or packages), behaviours and interactions. There is a huge offering of UML tools available on the market: Rational System Architect, Visual Paradigm, DIA (or Visio ), Violet, UMlet, Altova UModel (Windows only) and many more. UML can output almost any other format including export to XML Schema. There is also a lot of literature available about this topic.
    While UML certainly covers all aspects of modelling it doesn't come without drawbacks. Working with UML does require a dedicated tool or plug-in, so it is hard to quickly getting stuff done (graphics can get in the way of execution speed). UML offers 2 ways to model data: Entity Relationship Diagrams and Object Diagrams. None of them really fit the document working style we find in web services or web 2.0 applications, so some of the XML Schema generated look a bit "hammered into shape". Furthermore I haven't seen a lot of tooling that would verify data to conformance with an UML model at runtime.
  • Eclipse EMF models. EMF has been designed mainly as a modelling framework to generate code (and thus other data definitions) out of its models. EMF data itself is stored as XML and there is an impressive list of documentation available online and in print. Nathan is a big EMF fan. One would most likely work in Eclipse to work with EMF, I haven't explored the suitability for text editing. There also are a lot of transformations available from and to EMF, which are pending my attention.
  • XML Schema (including RELAX.NG and DTD). When you are comfortable reading and writing XML, using XML Schema comes natural. While you perfectly well can write it in a plain text editor, you most likely will use at least an XML aware editor like oXygen XML, Stylus Studio, XMLSpy (which all run inside Eclipse and are Schema aware), Eclipse's base XML Editor or any other of the countless offerings. If you deal with SOA you will realise, that WSDL, the contract language of SOA, uses XML Schema in its bowels. XML Schema also can be used to validate documents on the fly without the need to first generate code out of it. I like the capability to define my own data types and to mix and match existing Schemas to fit my specific needs. Custom data types would be classes/objects in UML and are (to my knowledge) absent in SQL DDL. Since XML Schemas live at a (usually public) URL and there are a lot of <="">existing Schemas available already (diverse topics like music or eBusiness (UBL) etc) duplication of efforts can be reduced. XML Schema can be transformed to SQL (I would of course rather suggest to use PureXML, but that's a story for another day)
  • I didn't find any tool to model/verify JSON data. Since JSON is by definition schema free. However I expect, that some generic JSON schema will appear over time, the declaration driven validation is too valuable.
Looking at Notes and Domino, the XML nature of XPages, ATOM and RDF, Activity Streams and the IBM Social Business Toolkit I made XML Schema my first choice, however I'm ready to be convinced otherwise.
What is your Data Definition Language?

Posted by on 06 March 2011 | Comments (2) | categories: Show-N-Tell Thursday Software XPages

Manager vs. Engineer

Found at the OMG Ubuntu joke contest
: A man is in a hot air balloon and he realizes he is lost. He spots a man in the field below him and calls down:
Excuse me, can you help? I promised a friend I’d be somewhere half an hour ago but I’m completely lost. Can you tell me where I am?
The man replies:
You are about 30 feet above this field, you are between 40 and 42 degrees N. latitude, and between 58 and 60 W. longitude
You must be an engineer” says the balloonist.
I am!” says the man, “ How did you know?
The balloonist laughs, “ well, everything you’ve told me is correct, but I don’t understand what you are talking about and I’m still lost
Ah, you’re a manager” says the engineer
Indeed I am!” replies the balloonist, “ How could you possibly know that?
Well…” says the engineer, “ you don’t know where you are and you don’t know where you are going. You’ve made a promise you can’t keep and you expect me to solve your problem. You are in exactly the same position as you were before we met, except now somehow it’s my fault!

Posted by on 06 March 2011 | Comments (0) | categories: After hours