PlanetDay

Excellent news: Apache Sling has just graduated from the Apache incubator and is now a top-level project. ASF Board member and Sling committer Bertrand Delacretaz announced the news on the Sling mailing list:

Congratulations! The graduation is well deserved.

This year's Jazoon conference is to take place next week in Zurich, Switzerland. Some of the presentations will given by speakers from Day. Hope to see you there:

Thomas Mueller: Testing Zen

Technical short talk, Tuesday, 2009-06-23, 16:30

Test driven development not only improves code quality, it also let's you refactor or replace legacy source code with little risk. Testing also saves time because the earlier a problem is found, the faster and easier it can be corrected.

Unfortunately writing tests is boring. There are many possible use cases that should be tested. Writing tests for every feature is a lot of work, and manually writing tests for all possible combinations is almost impossible.

However with fuzz testing (randomized testing), you don't need to write much, and still get very good results. This talk explains how a typical randomized test looks like, and how to combine it with other techniques such as unit tests, integration tests, and measuring code coverage.

Automated unit tests should run quickly. Many applications use a database, and in many cases this database is the bottleneck when running tests. This talk shows how an embedded in-memory Java database speeds up your tests, and can speed up development as well.

Thomas Mueller: Java Persistence Frameworks

Technical short talk, Wednesday, 2009-06-24, 16:00

In Java, there are many ways to access relational databases. Today, there are almost as many persistence frameworks as there are web frameworks.

Some frameworks are based on a standardized interface like JDO and JPA, some have their own API. Some just simplify using JDBC and SQL. Most frameworks need XML configuration, but not all of them. Some provide a string based query language similar to SQL, while some newer ones don't.

Todays main technologies are:

- SQL using and the JDBC API
- JPA (specially Hibernate, JPOX, OpenJPA)
- Apache iBATIS
- JDO (JPOX)
- Apache Cayenne
- Apache Commons DBUtils

We list the market share of each technology, and discuss the key differences.

Last year a whole new breed of persistence frameworks appeared: Frameworks with a fluent API and an integrated DSL (domain specific language); frameworks that don't need strings for dynamic queries. This new technology was strongly influenced by Microsoft's LINQ. Those frameworks support compile-time type-checking, auto-complete in the IDE, and protect against code injection. They better bridge the "object-relational impedance mismatch" than older frameworks, but they are not ready for prime time yet.

SQL injection is the biggest server-side security vulnerability today. SQL injection is a subset of code injection. Unfortunately, most persistence frameworks don't protect against code injection. The talk gives examples how to inject code and how to protect against it.

Michael Marth: Scalable Agile Web Development: REST meets JCR meets OSGI

Technical long talk, Thursday, 2009-06-25, 13:30

This session is a very hands-on lab that shows how a real web application is developed from scratch in a very agile fashion leveraging a heavy-weight enterprise ready back-end yet allowing for unprecedented agility in development in building rest-style web applications. Thinking of a classic j2ee stack this may sound like a contradiction.

Agility of development begins with the amount of tooling and setup we need to get started, so expect to see the entire walk-through from installation of the server software to the development of a complete application within the time constraints of the session.

Agenda:
(1) Web architecture, think outside the box.
(2) Meet: apache sling.
(3) Building a real-life webapp from scratch.

Michael Dürig and Michael Marth: Building RESTful Web Applications with Scala for Sling

Jazoon Cutting-Edge, Thursday, 2009-06-25, 16:00

In this session we demonstrate how to build RESTful web applications for the Sling framework using the Scala programming language.

Apache Sling is a web application framework which eases development of content centric applications. Sling is based on REST principles and uses a JCR content repository (JSR-170/JSR-283) for storage. Based on the JSR 223 specification (Scripting for the Java Platform) it integrates various scripting languages as OSGi bundles.

Scala is a scalable programming language for the JVM which is fully interoperable with Java. It is designed to express common programming patterns in a concise, elegant, and type safe way. Scala smoothly bridges the gap between object oriented and functional paradigms. Despite being strongly typed, Scala has the touch and feel of a genuine scripting language. It has the ability to infer types of expressions rather than relying on the programmer to explicitly declare them. Scala thus combines the best of the two worlds: flexible scripting and strong tool support e.g. documentation, safe refactoring and fail fast compilation. Its flexible syntax lets programmers easily define their own internal DSLs, effectively extending the language without leaving it.

In our session, we show how to take advantage of Scala to create RESTful web applications with Sling. We use its DSL capability and support for XML literals to create type safe web site templates. In contrast to conventional web site template mechanisms (e.g. JSP), we do not rely on a preprocessor but rather use pure Scala code.

Session outline:
- Short introduction to Apache Sling. Just enough to get everyone started.
- Short overview of Scala and its relevant features.
- Demonstration of how Scala can be used with Sling to create RESTful web applications.
- Q&A

Salvatore Incandela, committer of the Spring extension for JCR, left a comment on a previous post on dev.day.com where he announces the release of version 0.9. Since many of Day's customers and partners use Spring (and JCR), I am happy to know that the extension is actively maintained.

(thanks for the pointer, Salvatore)

Reading "Content Integration Standards -- CMIS, JSR-170, JSR-283" I stumbled over the quote

Apparently, there is some confusion around what nodes and properties are in a Java Content Repository. Let's shed some light on this:

First of all, there are two specific node types defined in JSR-170: files and folders. These are node types that behave as you would expect it from a file system. For example, the node type "file" has specific properties for the creation date and the binary stream.

If your content is nothing but files and folders (for example because your application is document management) you would use these node types. As such, in Java Content Repositories files, folders and document management-type applications are special cases of a more generic case.

This more generic case are node types that have different properties than the ones described above. In the most flexible case "unstructured node type" the node can accomodate for any string, date, binary, boolean, etc property. One node could for example have two binary stream properties (thumbnail and full-length). This covers exactly the use case web content management where content is stored on a fine-granular model. The fine-granular model enables the presentation layer to do things like displaying an article in teaser format.

In summary the situation is like this:

1. Files and folders are special node types in JCR.

2. On a modelling level DM is a special case of WCM (I recognize that on a application requirements level DM and WCM diverge).

As a consequence I would rewrite the quote from above as:

The Jackrabbit Wiki has a list of JCR applications that are either in the content management or the document management domain. As a side-note: JCR is flexible enough to provide infrastructure for completely different application domains as well, here is a list of some of them.

Renaud Richardet (who won a price in last year's JCR cup) has posted a very slick repository explorer to the Sling Jira. It is based on JQuery and has the usual explorer features like CRUD for nodes and properties. However, what is really neat: the actual code is about 100 lines of Javascript (including blank lines).

In case you want to check it: copy the files into /apps/sling and make sure that the mime types of the html files are correct (e.g. by fixing the property using CRX Explorer :). Then point your browser to http://localhost:7402/apps/sling/servlet/default/explorer.esp (the port depends on your installation, of course).

Last week the first requirements workshop of the IKS project (Interactive Knowledege Stack) has taken place. Bertrand has described the project's setup and goals in a previous post, but in a nutshell:

The purpose of this workshop was to identify CMS use cases out of this high-level goal. The project consortium consists of academic institutions and commercial CMS vendors that contribute to open source CMSs like Day or the companies contributing to Midgard or OpenCMS. However, for this task (and the public discussion to follow in the future) the project's consortium members were joined by numerous representatives of various open source content management systems. For example, there were John Norman of Sakai, Jahia's Stephane Croissier, Justin Cormack of squiz, one of the original Joomla founders Johan Janssens, Plone's Raphael Ritz, and Arne Blankerts of fCMS to name only a few (here's the complete list). It is rare to see that much CMS competence in one room.

The Salzburg Research team did a fantastic job at moderating the various thoughts and ideas about use cases and requirements. As a consequence there are now a number of projects already on the way:

• A semantic search engine proposed by Bertrand. Amongst other things this search engine will be helpful to benchmark the data generated by our CMSs

• A common ontology for CMSs

• Henry Bergius has suggested to implement a semantically enhanced rich text editor (and will lead the project). Think "insert person" instead of "insert link".

I was also impressed by the demos shown by SRDC. A semantically enhanced search engine was demonstrated to find documents containing the text "Angela Merkel" when being queried "German Chancellor". DKFI showed a newsroom type application where search facets where generated out of the news item's extracted information.

If you are interested in following this project sign up to the IKS community mailing list. The discussions on use cases or requirements are still in full swing so your voice will be heard.

More impressions about the workshop have been blogged by Bertrand, Stephane Croissier, Henry Bergius has Quaiku'ed the workshop, the Twitter hashtag is #iks-project and Salzburg Research has written about it here.

On the CQ5 tour stop in Milan I had the pleasure to talk about CMIS and JCR for the first time since I am serving as the official JCR / CMIS Liaison.

This brought the opportunity to compare and differentiate the two efforts for with a unique legitimacy. There seems to be a desire to discuss the relationship between CMIS and JCR similar to the desire to discuss JCR and WebDAV or, more recently, JCR and Atom. So far, JCR and CMIS have been compared in what I would call "a less educated fashion" for example in the CMIS v0.5 spec draft. Most of those comparisons have been corrected in the meantime.

Feel free to view the entire slideshow here, but here are the main points:

API vs. Protocol

JCR specifies an API (Application Programming Interface) while CMIS specifies two protocol bindings. Much like the Servlet API in Java and the HTTP protocol are complementary this is also the case for JCR and CMIS. Similar arguments have been made for Atom and WebDAV. JCR and CMIS are complimetary in this aspect.

Focused Model vs. Generally Applicable Model

JCR specifies a very general model based Node and Properties that lends itself to the implementation of specific domain models. On the hand, CMIS specifies such a specific domain model for document management.

The CMIS domain model can easily be implemented in a JCR model (see next point). Some people could say that if one were to implement CMIS from scratch a JCR repository would be the ideal starting point as it provides the perfect infrastructure to do that.

I think it is one of the most important assets of CMIS that it exposes the domain model of document management. It will be helpful in further standard discussions to have an established consensus on the domain model amongst the document management vendors.

Every JCR repository is a CMIS repository

Based on this type of compatibility between CMIS and JCR Apache Chemistry (currently in incubation) implements CMIS on top of JCR (amongst other things). This turns every JCR compliant repository into a CMIS compliant repository without any development effort. Even better news are that Chemistry gets bootstrapped with numerous existing JCR repositories and connectors. These repositories can thus expose CMIS right from the start.

Interop vs. Infrastructure

Something that I learned during the years of specifying JCR: There is always a tension in a specification to address both "interop" and "infrastructure" needs. Interop enables different repositories to be compatible on some level, whereas infrastructure provides users with a platform to build upon.

There were tendencies in the JCR expert group to support users of the API in a way that they could build real-life applications. Hence, the infrastructure aspect was always a very important aspect. Because of that, the least common denominator aspects that come with "interop" were only a part of the equation.

For CMIS, offering general purpose infrastructure is a stated non-goal. CMIS is only concerned with "interop".

Consequently, JCR is very successful with the number of users and applications built on top of JCR, while I believe that it is the goal of CMIS to be very successful with number of implementations.

In terms of perception I think CMIS reduces the expectation on JCR to be a least common denominator interop spec. I welcome that because both specification efforts will be able to evolve in a more agile fashion when they focus on "interop" and "infrastructure" needs respectively.

In summary, I am very excited to have a specification both on the protocol and on the API level addressing the needs of a more open standards based content management landscape.

You might be aware that we are running a public instance of CRX (Day's JSR-170 compliant repository) at http://jcr.day.com (the login is admin/admin). As of today there is also the CMIS interface (Atom binding) to that repository publicly available at http://cmis.day.com. The underlying code is the version from the CMIS plugfest, but expect frequent updates. Feedback is appreciated (either as a comment on this post or to mmarth (at) day (dot) com).

Bringing Back the Fun - Reloaded

Apache Sling brings back the fun to Java developers and makes the life of a web developer much easier. It combines current state of the art technologies and methods like OSGi, REST, scripting, and JCR.

The main focus of Sling deals with the important task of bringing your content into the web and providing a plattform to manage/update the content in a REST style.

Sling is built into OSGi bundles and therefore benefits from all advantages of OSGi. On the development side a scripting layer (using Apache BSF) allows to use any scripting language with Sling (of course you can use plain old Java, too). And on top of this, Sling helps in developing an application in a RESTful way.

As the first web framework dedicated to JSR-170 Java Content Repositories, Sling makes it very simple to implement simple applications, while providing an enterprise-level framework for more complex applications. Underneath the covers Apache Jackrabbit is used for the repository implementation.

Download the new release, Apache Sling 5, today and give it a try!

Apache Sling currently comes in four flavors:

• A standalone application (a jar containing everything to get started with Sling)

• A web application (just drop this into your favorite web container)

• The full source package (interested in reading the source?)

• Maven Artifacts (available through the Apache Incubator Repository)

For more information, please visit the Apache Sling web site at http://incubator.apache.org/sling
or go directly to the download site at
http://incubator.apache.org/sling/site/downloads.cgi

The Apache Sling Community

Along the way of implementing a Trackback feature on Apache Sling I stumbled across a few details that I would like to share. Maybe, it saves other Sling dabblers a minute or two.

Trackback is a specification developed by SixApart for pings commenting or referring across different websites. Wikipedia defines it like this:

Trackbacks work via http POSTs and require a specific response. For the latter reason Sling's DefaultPostServlet cannot be used, but a custom servlet must be implemented (this has the implicit benefit that further custom logic like sping detection can easily be placed in the servlet).

A good starting point for looking up how to implement your own Sling servlet is the test servlets in the Launchpad. The Maven plugin and annotation make it easy to specify for which node types, selectors, or extensions the servlet shall be invoked, e.g.:

/** Example/test Sling Servlet registered with two selectors
 * 
 * @scr.component immediate="true" metatype="no"
 * @scr.service interface="javax.servlet.Servlet"
 * 
 * @scr.property name="service.description" value="Default Query Servlet"
 * @scr.property name="service.vendor" value="The Apache Software Foundation"
 * 
 * Register this servlet for the default resource type and two selectors:
 * @scr.property name="sling.servlet.resourceTypes"
 *               value="sling/servlet/default"
 *               
 * @scr.property name="sling.servlet.selectors"
 *               values.1 = "TEST_SEL_1"
 *               values.2 = "TEST_SEL_2"
 *                
 * @scr.property name="sling.servlet.extensions"
 *               value = "txt"
*/

So, that is the easy part. However, here are the above-mentioned gotchas you should be aware of:

• For registering the servlet for the node type nt:unstrutured the corresponding annotation's value must be nt/unstructured (well, this is obvious from the example above, but I did not see it right away).

• When the method is POST extensions are ignored. Selectors work though.

• However, POSTs to mynode.myselector will not work. You need to POST to mynode.myselector.html (no matter what mime type you return). Therefore, you might want make sure that you explicitly set the response type: e.g. response.setContentType("text/xml")

• Last, if the Sling instance you happen to use is a CQ5 author system be aware that the default ACLs do not grant read access for anonymous users. Therefore, you need to add credentials to your POST in that case.

Two noteworthy new items in the blogosphere:

1. The Jackalope project (a JCR implementation for PHP) I mentioned previously is now up to three team members - see their announcement and the enhanced project description on the Liip blog.

2. Aaron Zeckoski of the Sakai project has written a beginner's introduction to Apache Sling that takes a different approach than usual - rather than the RAD aspects of Sling it focuses on OSGi.

Just a quick announcement: I have added the mailing list of the Apache Chemistry project to the dev.day.com discussion groups (there is also the CMIS technical committee list). The Chemistry project proposal can be read here.

Here's a post-weekend round-up of content-centric news:

David Nuescheler has been awarded as "Star Spec Lead" for his work JSR-170 and JSR-283. He joins this year's other two Star Spec leads Ed Burns of Sun and Mike Milikich of Motorola.

The JBoss DNA project has released version 0.4. I wrote a bit about DNA before, but was not aware that they are implementing their own (level 2 compliant) JCR implementation. Moreover, the federated approach they take looks interesting to me.

Julian Wraith has posted experimental code to hook up the Tridion CMS with Day's CRX - essentially making it possible to use JCR as another storage option in Tridion next to file system and RDBMS.

More on last week's CMIS plugfest: Serge Huber, CTO of Jahia, has shared his impressions on day 1 and day 2 as well as posted videos of the CMIS client presentations.

Day 2 of the CMIS plugfest just ended. As I blogged about yesterday we tried to connect as many client implementations with as many server implementations as we can. The results are displayed in the matrix below: "C" means being able to connect, "R" able to read, "W" able to write, and "W+S" write and search.

So, all in all we have tested 31 client/server combinations, most ATOM-based and 4 with SOAP. All tests were based on the spec version 0.6.1. I am quite happy with these results, especially because many servers and clients were updated to the latest spec version (or even implemented from scratch!) during the plug fest. Cedric Huesler has compiled a collection of screenshots of CMIS clients in action (all experimental and subject to changes):

Also, today the Apache Chemistry project (Apache's CMIS implementation) has been accepted in the ASF's Incubator. Congratulations!

Day 1 of the CMIS plugfest is just getting into the beer-oriented phase. But before I leave I would like to share some basics of what we are up to:

Today's participants are: Berry van Halderen (Hippo), Cedric Huesler(Day), Dave Caruana (Alfresco), David Nuescheler (Day), Dominique Pfister (Day), Florent Guillaume (Nuxeo), Florian Mueller (OpenText), Jens Huebel (OpenText), Martin Hermes (SAP), Paul Goetz (SAP), Serge Huber (Jahia), Ugo Cei (SourceSense), Volker John (Saperion), and me.

By now all clients and servers are running on version 0.6(.1) of the CMIS spec. For the Atom binding we have as clients:

• the Javascript client from the Apache Chemistry project

• the Java client from the Apache Chemistry project

• Alfresco

• SAP

• Shane Johnson's Flex-based CMIS Explorer

• the CMIS Explorer portlet from Sourcesense

Servers with Atom bindings are:

• Day CRX

• Nuxeo

• OpenText

• Alfresco

That gives us 28 combinations to have fun with already. On top of that we have SOAP-based clients from OpenText and SAP (and the same list of servers).

We are checking which client can read from, write to and query which server (and tweaking both ends to make things work). Results tomorrow... :)

For getting live updates as we progress look for #plugfest on Twitter

more pictures here

There is an exciting JCR project going on in the PHP world: Christian Stocker of Liip is busy on project Jackalope which aims to make available a Jackrabbit repository from PHP.

First tweets about the project start appeared only 3 weeks ago so I am surprised that there is already a Getting Started tutorial.

Make sure to have a look at the file test.php. Nice, isn't it?

In software engineering, modularity often leads to hard choices when it comes to to how big or small things should be. In a JCR content repository, the question is how granular should my content be?. A more granular structure contains more information, but too much granularity might slow things down.

Inside a JCR node, we can create a simple or complex hierachy of content atoms and metadata. But how far should we go? Should we think in terms of files, mini-databases, or simple name-value pairs?

JCR beginners often have a hard time figuring out the best content models for their problem, so we thought we'd share some of our experience here.

Starting with this post, we will explain some of the cq5 content structures. Without going into theoretical details - just by describing and explaining those structures.

Today, we'll have a look at the cq5 tags, used as semi-structured metadata, mostly for content pages. In cq5, tags like stockphotography/animals/birds can be added to content pages. Tags belong to namespaces (stockphotography in our example), and can be arranged hierarchically within their namespace.

cq5 tags - user view

Looking at the tags from the cq5 site admin console, we see a simple tree of concepts, grouped in namespaces (Marketing) and categories (Interest). Each tag has a unique TagID, visible in the first column on the right, that will later be used to connect content with those tags.

Nothing surprising here, except maybe the fact that our tags live in a hierarchical space, as opposed to a flat one. This creates simple namespaces for our tags, allowing several "worlds" of tags to be combined without conflicts.

How are we going to store this in JCR? In cq5, the tags are stored as a tree of JCR nodes, with a structure similar to the above one, using the cq:Tag node type. The content model simply reflects the reality of the tags and their natural organization.

The cq:Tag node type

Here's the definition of the cq:Tag node type in CQ5.2:

The tag node is required to have a sling:resourceType property with a default value of tagging/tag. That property is used by the Sling rendering system to select the appropriate components to render the tags, in the cq5 site admin console for example.

The node can contain nt:base child nodes which have the cq:Tag type by default. The cq:Tag node can also contain any number of additional ("residual" in JCRspeak) properties, single or multi-valued.

The cq:Tag node type also uses the mix:title mixin, which defines two optional String properties, jcr:title and jcr:description. The jcr:title property is used to allow tags to be renamed without changing their identifier. The cq5 user interface displays the jcr:title value, which can change over time, but it's the path of the cq:Tag node that is used as the tag identifier.

There's no specific node type for tag namespaces: a cq:Tag node that doesn't have a cq:Tag parent is considered as being a namespace. In cq5, tag definitions are stored under /etc/tags, and that node is not a cq:Tag, so cq:Tag child nodes like /etc/tags/marketing define tag namespaces.

At Day we like to keep things open whenever possible: the cq:Tag node type is not designed to put strong constraints on the content, and that's inline with David's model rule #1:

Data First, Structure Later. Maybe

We haven't reached the maybe stage yet. The cq:Tag node type is clearly here to help, not to restrict what we can do.

Tags content model

Switching to the CRX Explorer, we notice that the tree structure under /etc/tags simply maps the namespace/category/tag structure of our tags. Nothing surprising again, and that's a good thing. Obvious content structures will help others understand what we're doing.

Looking at the properties of the /etc/tags/stockphotography/animals/baby_animals node, we see that the TagId property that's visible in the cq5 site admin console is not explicitely stored in the content - it is simply defined by the storage path of the tag node under /etc/tags, to avoid redundant information.

Don't you love the Principle of Least Surprise?

At this point you're probably thinking that all this is quite obvious - and you're right! The beauty of a JCR content repository is that you can in most cases store information without any structural transformations. Tags are items grouped in namespaces and categories, so a tree of namespace/category/tag nodes makes perfect sense, and is largely self-explaining.

Tagging content

To tag content, we simply add a multi-value tags property to the jcr:content nodes of cq5 pages, or to other pieces of content. A page might have:

cq:tags = 
[
	marketing:interest/business,
	marketing:interest/investor,
	marketing:interest/services
]

if it was tagged with the business, investor, services tags of the interest category of the marketing namespace.

We don't use JCR references, but simply store paths in properties, as this gives us more flexibility when restructuring things. It's hard to say what will happen to those tags, and to the very concept of tagging, over the expected lifetime of our product, so we accept potentially dangling references (and cope with them at the application level) to gain content agility.

Coda

That's it for now! We hope to write more about our content models in the near future, to help our readers see how simple JCR content models can be - and should be.

As usual, feedback is very welcome - let us know if this information is useful to you!

This year the number one Java conference in Germany, the JAX 09, is great as always. With nearly the same number of attendees it's crowded in the positive sense - although you have to go to a session in time to get a good seat. I've seen a lot of highlights today - but first was my own presentation about JCR, OSGi, Scripting and REST - which presented the great Apache Sling web framework. Apache Sling uses Apache Felix as the OSGi framework and Apache Jackrabbit for the content repository. My session was very well attended, more than I expected, and while preparing the talk I noticed that I actually have more presentation material for JCR/Jackrabbit and OSGi/Felix than for Sling itself; although Sling is of course the topic of the session. I think this shows that Sling is really a very clever framework, leveraging existing stuff and combining it in a productive way - this goes hand in hand with the great keynote tonight from Neal Ford - now, I can't summarize it for you, but one of the key points was: don't make things more complex than they should be (just because somethings that it makes sense or is cool). Look around and make use if available stuff - even if that doesn't look cool for your developers. Most of the time is spent on accidental complexicy which in the end causes projects to fail.

I'm in the software world for over 20 years now and Neal is spot on with his message; i've seen a lot of projects fail because of this or because of one (or more) of the anti-patterns Neal mentioned. Unfortunately I missed the sessions from Neal's collegue Ted Neward which I enjoyed last year, but I saw an interesting session about the tools in Spring IDE for Spring, OSGi and Spring DM - now this looks pretty cool to me; I'm not in favour of using Spring as I think that there are more lightweight :) solutions when it comes to OSGi - but on the other hand giving the fact that everyone and his dog knows Spring and given such good tooling with Spring IDE, it's really hard to advocate something else. With the upcomming OSGi blueprint specification this will also have an impact on OSGi. And in the light of Neal's talk, what could possible reasons be to not use this stuff? It would be great if the tooling would work with any OSGi framework and not just the Spring server.

But these are just excerpts from the day - and it's just the first day; I'm looking forward to tomorrow when the OSGi day takes place! During the breaks I'm trying to finish some stuff for the upcomming Sling release - we hope to get it out in the next weeks. So stay tuned.

It's been three months since I started working with the IKS project team, where Day is involved as an industrial partner among an impressive group of both academic and industrial teams.

The goal of this integrating project, partly funded by the European Commission, is to create an open source technology platform for semantically enhanced content management systems.

Now what's that? There are many ways to semantically enhance content management systems, including many scenarios that would be easy to explain to users but are still hard to implement today. Finding similarities between blocks of text written in different languages, for example, is an obvious use case that's next to impossible to implement reliably today for arbitrary content. Would that be useful? You bet - but only if the signal to noise ratio is on par with what you get from Google searches today, sufficiently good for the human user to do the final selection.

That's only one example, and talking to users of our products leads to a number of scenarios where semantics would help. Suggesting tags based on content? Some CMSes already do that, but is that good enough to be useful? Rarely. Tagging images automatically based on their content or graphical features? Now that would be cool, and that's probably possible today, but not yet as a mainstream feature.

After spending a few days with the IKS partners during two project meetings, I think creating a framework that allows semantic algorithms to be plugged in, and provides a simple RESTFul interface to its features, would be very valuable. We're planning to work for four years on IKS, and during that time semantic algorithms will improve, so whatever we create needs to allow new and improved tools to be plugged in.

In my opinion, CMS vendors will not change a significant part of their technology stack just to get semantic features - so it is important for IKS to provide tools that can be interfaced with existing software. In our discussions with IKS project members, we have mentioned Apache Solr as an excellent example of making the power of Lucene available to the programming masses, through a simple HTTP interface.

Whatever tools IKS makes available should in my opinion provide simple HTTP/JSON or HTTP/XML interfaces to their services, based on REST principles, to allow them to be used from any programming language and technology stack. Integrating semantic features in Lucene or Solr would be the best, of course, but that doesn't seem too easy to do now, so we might want to first create some prototypes and then look at possible synergies.

Those first three months working (part-time) for the IKS project have been very interesting for me, and I have a good feeling about the group. To put it simply (and half jokingly), the academic partners seem to have really nice semantic tools but don't really know what to do with them, and we industrial partners have needs in this area but don't know how to design and implement the required features. We just have to mix both together to create great things!

With thirteen project partners, we'll all need to push hard for concrete things to emerge quickly. Judging from our first meetings and workshops, the will is there to create something, and if that can help people be less scared of "semantic features", by making those more accessible, the project will be a success.

One important thing on which we have agreed early on, is to work in an open source way right from the start, and make some noise about our results as soon as we have something concrete to play with. Incubating parts of the IKS stack at the Apache Software Foundation might be the best way to grow a community both inside and outside of the IKS team - I hope that happens as soon as we identify the components for which that would make sense.

Looking forward to all of that. For now, my immediate goals are to learn more about Linked Data techniques and tools, and to find out how far Apache UIMA could help in extracting semantic information from arbitrary content. We'll have more about IKS here as the work progresses.

Can I re-tweet on a blog? Hmm, let's try:

Congratulations, guys!

CMS analyst Janus Boye has blogged about the expected lifetime of a CMS installation, i.e. for how long an installed CMS can be expected to be in production. His guess is a lifetime of 3 years. On the blog's comments Janus and I got into a discussion about the accuracy of that guess where he asked Day to publish actual real data about this topic.

I like this idea because publishing this data provides a benefit to our potential new customers: a reliable indicator (without any hand-waving or gut feelings) of the CMS's lifetime that can be used in business plans.

The data

The data I have used is taken from Day's support contracts. Only customer data from outside ouf Europe was used (simply because it was available to me). This selection is likely to bias the results towards shorter lifetimes as Day's oldest customers are based in Europe. The basic assumption is that the life time of the CMS is equivalent to the duration of the support contract. The used end point of each contract period is the date up to which the contract is paid for as of today.

You might argue that there could be customers that have a contract but do not actually use the product anymore, which could in fact be the case (I do not know of any). On the other hand, I am aware of customers that still use the product and have terminated their support contract. Therefore, in order to reduce selection bias I did not remove any data points due to this particular consideration.

Each customer was counted once for each product he purchased, i.e. a customer that has two distinct support contracts for CRX and CQ was sampled twice. I discarded all OEM contracts because they are of their different nature (they would skew the result towards longer lifetimes). Finally, I also dropped a data point where the support contract was cancelled because the customer went out-of-business alltogether.

I believe that this data set is reasonably unbiased to provide meaningful results with respect to the question of the lifetime of a customer's CQ/CRX installation.

The Method

Luckily for Day, the data is what is called "right censored". That means that it is unknown for how long an existing support contract will go on - actually the majority of the available data points are right censored.

The scientific discipline that is concerned with analyzing data of this kind is called "survival analysis". One is interested in the survival function which maps a set of events onto time. The survival function is a property of a random variable, i.e. it needs to be estimated (in the statistical sense of the word).

One well know estimator for the survival function is the Kaplan-Meier estimator (which is non-parametric, i.e. there are no underlying assumptions about the distribution of the data). In a nutshell:

The Kaplan-Meier estimate of the survival function, S_hat(t), corresponds to the non-parametric MLE estimate of S(t). The resulting estimate is a step function that has jumps at observed event times, t_i. In general, it is assumed the t_i are ordered: 0 < t₁ < t₂ < · · · < t_D. If the number of individuals with an observed event time t_i is d_i, and the number of individuals at risk (ie, who have not experienced the event) at a time before t_i is Y_i, then the Kaplan-Meier estimate of the survival function and its estimated variance is given by:

The quantity of interest is the mean survival time (and its respective estimate) which is given by:

Because S(t) may not converge to zero, the estimate may diverge. Therefore the integral is only taken up to a finite number. A reasonable choice of is the largest observed or censored time.

Results

Resisting a geek's urge to implement the estimator myself I used the freely available R to calculate the results. Here is a plot of the Kaplan-Meier estimate for the survival function with 95% confidence bounds (time is in days):

And finally, the estimated value for the mean survival time, i.e. the estimated lifetime of a Day CMS installation is: 2453 days with a standard deviation of 154 days. That's about 6.7 years. Mind you, this result is likely to be lower than if the whole customer base had been analyzed.

Based on my professional activities, I have been faced to explain the advantages of Resource Oriented Architectures (ROA) to a number of customers. Some of them with technical, but most with business background. Granted, you don’t want to provide the link to Roy’s dissertation to a business person… nor tell them, what great infrastructure we have to implement the architecture. Personally, I came to a conclusion, which I am glad to share here. This article tries to elaborate what the number one business driver for ROA is, IMHO.

Back at BEA eWorld 2002, BEA co-founder/CEO Alfred Chuang had somebody to steal his car during his keynote. The car was found again - courtesy to a car-locating-system, which communicated with registered cars via the latest technology hype of the coming era: web services. The car was hot, the show was fun, but one big question remained: what difference made the web services? To make this story short: none. Because the same could have been achieved with any other RPC-based technology. From the viewpoint of the business – in this case the car owner – web services did not add any specific value, so business can remain essentially agnostic about the current communications fashions in IT. IT is simply perceived as a cost center.

With almost 3 decades in IT, I have seen many of those fashions come and go: bare-boned socket connections, DCE (yes, I do mean distributed computing environment), transaction monitors, CORBA, component models such as EJBs and DCOM, WebServices... Have any of these evolutionary RPC-steps made us, information systems developers, more efficient? Not much comes to my mind. It generally was rather an exercise to move bytes from A to B in the hypest fashion.

Even corporate intranet projects were driven by rather weird, heavyweight technologies like portal/portlets or "document-driven collaboration solutions". In particular, they appeared overly complex in comparison to that system that has been growing at light speed for 15 years now: the WWW. Moreover, it has exactly the qualities we’ve been looking for in enterprises: scalability, flexibility, reliability, speed. In 2009, the prime time for the "Enterprise Web" seems to come, thanks to progresses in web oriented middleware technologies and standards, but also owing to a common gut feeling that WS* have somehow failed to fulfil their promises.

So, what's the ROA advantage?

Many will happily cry: Web 2.0 support! I won’t. Sure, information exchange can improve with blogs and wikis, thereby smoothing the biggest nightmare of the information age, I mean the tons of emails that flood our mailboxes every day.

But I think that ad-hoc information generation is rather the exception than the rule in the enterprise. The typical enterprise is highly process-driven, hopefully by well-defined ones, but more often than not by ones that have been defined informally. Many of these processes, even the well defined, are not well implemented: they lack access to related information, either intentionally (too costly to access data on different systems) or un-intentionally (process designers have been unaware of other relevant information). Both reasons may have their origins in one of RPC’s major deficiencies: services still are not really loosely enough coupled and they lack a truly overall addressing scheme.

It is primarily the latter where I see the biggest advantage of ROA, and that advantage has a name: URI, the Uniform Resource Identifier. With it, we are able to give any chunk of information a unique identity and a location - on an enterprise wide level. The "chunks" can be anything, from small to large, from a database record to an image in some DMS, from pure data encapsulations to function-only resources. Consequently, we give process designers the opportunity to integrate any relevant information into their "process space". And vice-versa, the process’ output will be as easy available to others, no matter where else in the enterprise the consumer resides.

Thus, Resource Oriented Architectures promote an enterprise addressing scheme that is truly re-usable. Instead of building, like in RPC-based architectures, thousands of point-to-point, tightly-coupled connections between systems, business analysts are asked consume information out of large, business-oriented classification trees, and store their outcomes back into some specific position into this tree.

Consider an old-fashioned cash withdrawal at a teller’s window. This process consumes base information about you, your account, the teller, and may require viewing an image containing the scan of your signature for verifying your identity. Each of these information fragments might come from different systems, i.e. different information silos, but the addressing/classification scheme acts as glue here.

On the other end, the process produces information about your withdrawal, which might include the data (time, amount, …), and perhaps a physical receipt you had to sign. These artefacts can be stored in a well defined place in the information tree, e.g. at //mybank/privateCustomers/4711/accounts/checking/transactions/20090510-1/details, and .../20090510-1/receipt respectively.

As you may have noticed, I have not mentioned IT in the description above. REST comes with inherent concepts that help the enterprise to run its business simpler and with more transparency.

The concept of an overall addressing scheme that makes information directly available via uniform resource identifiers, comes as a direct advantage to businesses.

Of course, the engine that empowers this uniform access has to come from IT. But unlike its RPC-style predecessors, this is not something that happens under the covers in some obscure manner; the introduction of ROA impacts directly on how businesses and their knowledge workers will operate.

This is the main message we have to carry on to the management and business levels of companies. Still noteworthy though that the technical implementation of ROA can happen on relatively simple and low priced infrastructure. The same time, we can simplify our SW stack by leaving alone many unnecessary SW layers. This might be considered a side effect; however, it improves the Return-On-Investment of ROA, a "hard" argument, which will be paid much attention these days.

Bertrand Delacretaz's talk on open source tools at the OpenExpo (mentioned previously) is now available as a video.

The slidedeck can be downloaded here.

Our partners eForce have just come out with a new JCR-focused developer portal called JCRDEV. The covered topics include Apache Sling as well as JCR-based CMSs. The site itself is built on Sling.

Alongside the web site there is also a Twitter account to follow and a LinkedIn group to join.

The CMIS Technical Committee's mailing list has been added to dev.day.com's discussion groups. Check it out here. The list is, of course, searchable.

Along with the release of CQ5.2 we have released an update of CRX, which is now available in version 1.4.2. Apart from bug fixes there are improvements are in the areas Quickstart, virtual repository as well as search. Also, CRX is now optionally supported on Amazon EC2 virtual machines. Please see the release notes for full details.

Here's the download of the Developer Edition and the Documentation Pack.

As you all know, CQ5 supports tagging and taxonomies and both side by side. Taxonomies are great, because they allow multi-dimensional classification of content, but sometimes there are things that do not fit into the taxonomy. And this is where it comes handy that you can just type and add a new tag to the standard tag namespace folksonomy. Using this feedback from the folksonomy you and enhance and improve your taxonomy. But what happens if you do not start with a neatly organized taxonomy, but with a wild-west folksonomy that has been created by numerous authors and you want to bring order into the chaos?

Actually, you are in a very good position. Starting with data first, gives you the ability to come up with a meaningful taxonomy that is relevant to your content in the first shot. Using a folksonomy as a starting point to create a taxonomy is what I (and others) call "Folksonomy Mining". As an illustration how to use my Folksonomy Mining technique, I will be using the folksonomy created by the last.fm community.

1. Start with a folksonomy of viable size in a well-defined domain. You need at least 1000 tagged items and the domain should not be all-encompassing like "web pages on the internet". The last.fm folksonomy is certainly the right size and with music we have a domain model that is restricted enough.

2. Get 100 most popular tags out of the folksonomy. With CQ5 tagging you have the "count" column that says you how popular a tag is. With last.fm, there is an API method for that. (100 tags)

3. Remove obvious duplicates. "favorite", "favorites", "favourites" and "favourite" for instance need to be merged.

4. Create dimensions for groups of similar tags. Examples that I can find in the last.fm folksonomy are: time (60s, 70s, 80s, 90s, 00s), origin (american, australian, british), mood (ambient, atmospheric, chillout), vocals (female vocalists, male vocalists, instrumental), ownership (albums i own, seen live), origin (soundtrack, covers, live, remix), season (christmas, summer), preference (amazing, awesome, beautiful)

5. There is usually low co-occurrence between different items in the same dimension.

6. For more complex dimensions such as genre (rock, pop, country, folk) you might want to create sub-and super-categories. For example rock-metal-death metal-brutal death metal (yes, this is part of the top 100)

7. There is usually high co-occurrence between super- and sub-categories. And the super-category usually has more entries than the sub-category.

8. Fill in "holes" in the taxonomy. For instance the time dimension: add 30s, 40s, 50s. In the season dimension add: spring, fall, winter

9. For categories with many sub-categories add grouping categories where they become helpful, for instance in the origin dimension it might help to add american, european, asian, african to group origins.

10. There will be a number of tags to remain uncategorized, just leave them this way, and leave the folksonomy open, so that new tags can be added over time

With these ten simple rules you have managed to grow trees out of the tag cloud, added structure where needed that can be re-used in query builders and other places of the system.

Dear CMIS community,

As per the "official invitiation" ;) email below we are hosting an CMIS PlugFest in Basel. Since this is not constrained by OASIS TC membership we would like to make this as open as possible and invite other interested parties as well. Come along, bring your CMIS implementation and see if it interoperates with others.

Please let me know if you intend to join us (david(at)day.com). If you have not been to Basel before see Roy Fielding's "Visitor's Guide to Basel".

Regards,
David

---------- Forwarded message ----------

From: David Nuescheler
Date: Sun, Apr 5, 2009 at 12:58 PM
Subject: Official Open CMIS PlugFest Invitation April 29-30 in Basel, Switzerland
To: "cmis@lists.oasis-open.org"

Dear TC Members,

Please find below the "official" invitation to the frequently disussed CMIS Plug Fest at the Day offices in Basel, Switzerland in April.

We would like to invite all CMIS TC members and other interested parties to an open PlugFest at our Offices in Basel Switzerland. (http://is.gd/qPs0)

Agenda:
---
April 29-2009
9-17h Setup and Connectivity Setup, Smoke Tests
19h- CMIS Dinner

April 30-2009
9-16h Actual Testing and compliance reporting
16h-17h Wrap-up, Next steps
---

We will provide wireless access to the Internet and we will also have inbound HTTP access through a reverse proxy ready for people to do remote testing to our servers.

For people who would like to check in remotely, we will use the following webex conference.

---< CMIS Plugfest >----------------------------------------------------------

Monday, April 29, 2009, 9h00 CET, 03:00 am EST, 12:00 am PST
Meeting Number: 709 533 911 (Password: day)
https://day.webex.com/day/j.php?ED=119801362&UID=0&PW=50b835524b&RT=MiMyMg%3D%3D
Dial-in: USA +1 (718) 354 1382
More Dial-in numbers:
https://day.webex.com/day/globalcallin.php?serviceType=MC&ED=110021337&tollFree=1

--------------------------------------------------------------------------------------

For planning purposes it would be great if you could let me know (either on this list or directly) by the beginning of next week if you plan to attend and if you have any further questions please feel free to ask.

regards,

david

Today, our CQ5 Digital Asset Management and CQ5 Social Collaboration become available with the launch of CQ 5.2. This is a great day for me, because my two products that I have been working on for the last one and a half years are going to market.

Both with CQ DAM 5.2 and CQ Social Collaboration 5.2 I have been standing on the shoulders of giants, which have enabled me to implement a bold vision of Digital Asset Management and Social Collaboration integrated into Web Content Management in such a short time, following our CQ5.1 release last November. These giants are our developer team and our product marketing team who have a done a marvelous job on getting this product to countless demos, POCs, beta projects, press and analyst briefings and who have implemented one cool feature after the other.

But standing on the shoulders of giants also means reusing a great platform to build upon. We did not have to think a single second about clustering, backup, scaling, permissions, LDAP integration, workflow, development environment, because all this is at some level provided out of the box by CRX (and its underlying Apache Jackrabbit and Apache Sling foundations) and the CQ5 Platform we share with CQ5 Web Content Management.

I would like to take the opportunity to shed the light on two smaller features, one in CQ5 DAM and one in Social Collaboration that we typically do not include in demos, but that offer a huge potential for everyone who sees our products as a platform to realize his own ideas.

Feature number one is the workflow launcher we are using especially for CQ5 DAM. This workflow launcher will listen for repository events at a certain part of your content repository, for example the DAM bulk upload hot zone or a Sharepoint repository we are monitoring through our connectors. Once a new file is being created here, we launch the workflow that will take care of the actual processing. For the end user this means: more flexibility in creating complex workflow-driven processing solutions for digital assets. And it means a reduction of magic, because everything that will happen to your assets is visible (in the Workflow Models tab) and the reason why it happens is visible in the workflow launcher tab. Not attempting to do magic and to appear as magician should be a goal for every software engineer.

The second feature is even less graphic (guess why we are not demoing it), but it is one of the small pieces that makes Social Collaboration so great. We call it the 'Feed Importer', but it actually does a lot more. The idea of the feed importer is to poll a remote resource at a specified interval, to parse it and to create nodes in the content repository that represent the content of the remote resource. We are using this at two places right now - for subscribing to remote iCalendar files just like you do in Apple's iCal or Google Calendar and in the blog, where you can aggregate existing blogs in one 'planet blog' that for instance contains all bloggers of the JCR community. This auto-blogging-feature has been in the blog since Advanced Collaboration 1.1, but with Social Collaboration 5.2 there is a proper and powerful API that can be used in customer projects as well. Needless to say, in order to implement a new parser & importer all you have to do is implement one OSGi component and I expect it to be not too long till we see Twitter-mashups on CQ5-powered websites that are using the Feed Importer.

So thank you very much for all the help with the 5.2 release and I am looking forward to see many CQ5-powered community websites and public asset repositories soon.

I am very pleased to announce that JSR-283 has reached the proposed final draft stage. The specification is now available for download.

The most notable change from the public review stage is a very exciting one: the specification has been reorganized into two separate parts:

• the repository model and

• its Java bindings.

This should allow for much simpler consumption and implementation of the spec in other language environments.

The notable extensions of JSR-283 from JCR 1.0 have been discussed previously, see InfoQ for a summary. My personal favourites are.

As next steps we will implement the RI (reference implementation) and the TCK (Technology Compatibility Kit) in the open as part of the Apache Jackrabbit project.

Please send any comments to jsr-283-comments@jcp.org

One of the many totally cool features in CQ5.2 SocialCollab is that you can optionally run it in "Fully Social Mode". In this mode a number of social tweaks are performed in the underlying content infrastructure. For example:

• In Fully Social Mode workflow tasks come to your inbox as "invitations"

• all paragraphs are restricted to a maximum of 140 characters

• there is an additional field "relationship status" in your user profile page

Not conviced, yet? Have a look at the screencast.

Update: check this post's publication date before you click ...

ApacheCon EU 09 is history, but there's a second chance to see and hear Betrtrand Delacretaz' talk "Open Source Collaboration Tools are Good For You!": Bertrand will be at the OpenExpo in Berne this week. For the meantime, here are the ApacheCon talk slide decks of Day's engineers:

About a week ago we started the CMS Vendor Meme. It's time for a little roundup on how the meme got around:

The amount of responses that were published since last week completely blew me away. So far, the vendors that have responded are (in chronological order):

Magnolia, Alfresco, Jahia, Escenic, GX, CoreMedia, Infopark, dotCMS, Midgard, Vignette, Nuxeo, OpenText, EPiServer, Sitecore, Interwoven, Alterian, Hippo, Ektron, Knowledge Tree, and ez Systems

Also, the meme received quite some attention from CMS users and analysts: on Twitter look for hash tags #cmsmeme and #realitycheck. In the blogosphere Irina Guseva picked it up first, Jon Marks brilliantly commented on the meme as it evolved (here, here and here), Julian Wraith kept an eye on the scores (also correcting the scores of the vendors that did not add up correctly) and commented on individual responses, Bertrand Delacretaz suggested the ID and Juerg Stuker blogged about it in German. Make sure you also check out the discussions: in some of the blog post's comments Kas Thomas, the author of the original list, showed up. And, finally, if you are the type of person that enjoys extensive stats: Cedric Huesler has collected all sorts of data about the answers and compiled this spreadheet.

This has been a thoroughly enjoyable excercise so far, but I believe that there is real value in it as well. As Kas Thomas wrote: the responses reveal the vendor's DNA.

Oh, almost forgot. 9c56d0fcf93175d70e1c9b9d188167cf

Update: added Ektron to the list - thanks Kas for the hint. (30/03/09).

Update: synched the list with Jon's and added Knowledge Tree and ez Systems (07/04/09).

The Apache Software Foundation (ASF) celebrates its tenth birthday today. On March 25 in 1999 Roy Fielding signed the foundation's incorporation papers. Happy birthday!

A lot of successful and industry-changing software has been developed within the ASF in the last 10 years: see here for some of the ASF's highlights and the very well written "How the ASF works" page.

Day has strong relations with the ASF: we heavily contribute to and base our products upon the projects Jackrabbit and Sling. Moreover, many of Day's employees are involved in other Apache projects or serve in other ASF functions (see here for more information about Day's open source activities).

Therefore, I was more than happy to take this opportunity for an interview with Roy Fielding and Bertrand Delacretaz where they share some of their insights about the ASF's past and future. Day's Chief Scientist Roy is co-founder of the ASF and its former chairman. Roy also wrote the Apache License 2.0. Currently, he is V.P. for the Apache http server project. Bertrand (Senior Software Developer at Day) is a member of the Apache Software Foundation and an active committer on the Sling and Tika projects. He is also committer but currently inactive on the Cocoon, FOP, and Solr projects. Bertrand is also on the ASF's board of directors.

Roy Fielding

Founding the Apache Software Fondation was extraordinary for an open source project at that time (in 1999). The history pages of the ASF describe the reasons for founding the ASF as a kind of defensive act to protect individuals against legal threats. Was this the only reason or were there other ideas involved?

There were several reasons for incorporating. Although the Apache Group had been successful operating as a group of individuals, it was becoming increasingly difficult to deal with the outside world without a formal legal entity. We wanted to protect the Apache brand name against abuse by other organizations. People wanted to donate money to the project, but we had no way to accept it other than as individual income. Some of us wanted to organize a conference, which later became ApacheCon '98, but the liability issues required that it be produced by one of the companies that employed some of our volunteers. Most of all, it was the fact that we couldn't make non-technical decisions quickly: we actually started to discuss incorporation in September 1996, two and a half years before I signed those final papers.

The final straw came in 1998, when folks at IBM contacted the Apache Group in private to investigate contributing as part of the team of developers (IBM's first exposure to open source development). Before we could talk, however, IBM demanded that each of us sign a non-disclosure agreement, which is standard practice for any large public company. It would have been easy to do so if we were a legal entity, but instead we had to obtain written signatures from every single person in the core group, located all over the world.

An aspect that sets the ASF apart from many open source efforts is the invention of "incubation of projects" and, even more revolutionary, the "retirement of projects". What was the background of coming up with these concepts? Were there concrete projects that triggered this idea?

The Apache way of developing software is ideal for collaborations among developers regardless of their individual employers. Once we had incorporated and formalized the licensing agreements, the ASF grew very quickly as new projects were proposed. At first, the board created projects that covered entire areas, such as Java (later renamed Apache Jakarta), XML, and Perl. The Jakarta project, in particular, attracted hundreds of developers that wanted to contribute their own libraries and applications to Apache, and so each project started to act like the board and created sub-projects of their own.

However, there is more to the Apache way of development than just starting a project and letting the developers run wild. We have learned over the years that each team must be organized for peer review and formally vote on all releases, which requires some cultural learning on the part of new developers. Likewise, we need to ensure that we have sufficient legal paperwork for any software that is licensed to the foundation for further development, since copyright laws are applicable for seventy years (or more), far beyond the normal memory of any project. The early projects grew so fast, however, that it was impossible for the experienced Apache developers to keep track of the growth and mentor new volunteers.

The Incubator was the board's way of adjusting the organization to that rapid growth: by forcing all new projects to learn about the Apache way of development and actively engage ASF members as new project mentors, we found a way to grow the organization at the same rate that we were growing projects and volunteers. Of course, there are also many negatives to that approach: it can often seem to new projects that Apache is dominated by bureaucracy and process, since much of that process is only needed when conflicts emerge.

You wrote the Apache License 2.0. One key feature of the license is its commercial friendliness. Was that an explicit design decision of yours or is it a by-product of other design considerations you had in mind?

Apache has always used a commercial-friendly license, since we were founded by a diverse group of individuals from both academia and industry. Many of us had prior experience with the BSD license, which does not place restrictions on other software distributed with the product. Furthermore, since one of our original goals was to enable standards-based interoperability on the Web, we encouraged the other software-producing organizations to use our code instead of their own (often buggy and nonstandard) implementations.

This openness to collaboration among developers, no matter why they are interested in participating, is one of the key virtues that make Apache projects both fun and educational. Our licensing goal was to ensure that the final work product would be usable and redistributable by anyone, for any purpose, but without any warrantee. That is why we used a variant of the BSD license for the first five years.

The 2.0 license came about as an attempt to clarify both what the license grants under copyright law and what the contributors had agreed to grant under both copyright and patent laws. We wanted to protect ourselves and our users against deliberate contribution of works under "submarine patents" or other license that were more restrictive than our own. We also wanted to enable compatibility with GPL-based free software by providing an innovative way to acknowledge the original developers (if they so desired) without exceeding the restrictions in the GPL.

Ultimately, we measure the success of our license by how many organizations and individuals can safely redistribute our software without entangling the Apache developers in lawsuits. So far, we've been 100% successful.

Looking back at the ASF's history: what surprises you the most? What did you least expect to happen?

I think what has been most surprising is the ability of Apache projects to persist and evolve as the individual volunteers change their interests and move on to other things. In every way, Apache is entirely dependent on the imagination and effort of individuals. We are often working on problems that are only indirectly perceived by everyone else, and each is only working on Apache part-time.

We've had at least six different technical leaders within the HTTP server project over the past fourteen years, each of whom led the group in implementing massive improvements to the software in relatively short periods of time and then moved on to other problems within or outside the ASF. We have designed an organization that is able to make use of the vast numbers of volunteers on the Internet, and yet remain cohesive enough to retain its unique project culture and freedom to innovate.

I think what I least expected to happen is that I would still be involved in the project after all these years. I have been less involved in the code than I was in the past, but I still managed to fix a few issues this year and look forward to trying out a massive redesign in the coming year.

Over the years I've stretched into the various roles of just being one of the hackers to becoming the standards cop, from resolving technical conflicts into codifying the voting rules, from people management into project historian, and from release manager into semi-retirement status (only to come back again). To incorporate the ASF, I had to become familiar with corporate law and learn to communicate with corporate lawyers, create bylaws and a board to enforce them, learn how to be a Chairman, and teach a bunch of techies how to use the organization to make non-technical decisions in a business-like manner, preferably without turning the foundation into another work environment. The 2.0 licensing work required an understanding of copyright and patent law, starting Apache Jackrabbit meant learning how to be a mentor for contributors (and co-workers) new to Apache, and becoming chair of my old HTTP server project has been a challenge to motivate the revival of a project that had become complacent and overburdened by its own success. I am proud of each of those roles, though there is plenty of work still left to do.

Staying involved in Apache has proven to be the most consistent educational experience of my career -- I learn something new every week, especially when new volunteers enter the project and add their own perspectives and experience.

ASF's software has been integrated in endless commercial offerings. How should interested companies give back to the ASF? Day's approach of paying wages for open source developers is only one way. Straight payments, sponsoring events, but also opening patents or evangelizing the open source idea come to my mind. What is your thoughts on this?

First, I always encourage companies in our industry to hire the developers on Apache projects. How could they possibly go wrong in hiring a person who develops software for fun and has already proven their ability to produce peer-reviewed quality software as part of a self-selecting and meritocratic team?

However, there are many other ways to directly contribute to the Apache Software Foundation that are explained on the ASF website. The ASF is a nonprofit US corporation (IRS 501(c)(3) charity), so individual donations are often tax-deductible. In addition, we have a corporate sponsorship program that contributes the bulk of funds needed to run our Internet infrastructure and the other non-sexy parts of running a major foundation.

In terms of evangelizing open source, I actually encourage folks to do that within other organizations, such as OSI or the EFF, rather than at Apache. I think what Apache does best is to lead by example rather than by publicity or marketing. We do that by producing collaborative software development projects in a safe and consistent fashion, by producing software that is better than any single person or company could produce on its own, and to do all that while having fun.

Bertrand Delacretaz

Thanks for your questions. Please let me note that the answers below are my personal opinion, and do not necessarily represent an "official" position of the ASF. Nobody voted +1 on those yet ;-)

Bertrand, like most of Day's engineers you are a long time Apache committer. Currently, you are most active in the Apache Sling project. What would you say in how far the "Apache way" of software development influences development within Day in terms of process and product.

The Apache Way is very present in our development team's way of working, at Day. We use similar collaboration tools internally as in our Apache projects (source code control, issue trackers, mailing lists, wikis, continuous integration, etc.), decision-making principles are similar (including the "+1 / +0 / -1" way of voting), and in general all the necessary project information is available in self service mode for our developers. No need to run around the office to find out who wrote a particular piece of code or why it is needed - all this info is available in the "central knowledge base" that these collaboration tools manage without much intervention on our part. Among other benefits, this allows us to work efficiently from anywhere and at any time. We can also make much better use of face-to-face meetings, when they happen, without needing to first exchange that basic day-to-day information which is flowing automatically all the time.

You are one of the nine members of the board of directors and that job probably gets you to look at many aspects of Apache projects. What are the common struggles for projects and what are the upcoming challenges for the ASF as a whole?

I would say that, as a general rule, the ASF's projects have many more successes than struggles. Most of our projects are doing very good, thanks to a very good understanding, among developers and users, of what it takes for their communities to thrive. The overall well-being of our projects has improved in the last few years,in my opinion, thanks to developers getting more familiar with the open source way of working. That's remarkable, considering people who collaborate in our projects often come from different cultural backgrounds, speak different languages and usually meet only rarely, if ever. That would usually be a recipe for failures, but our communities work very well!

There are challenges related to our growth, and to the fact that the foundation has grown into a federation of projects that don't always know each other very well. It is the members and the board's duty to make sure our values are actively promoted in all of the ASF's projects, and until now that works quite well. But staying true to our values despite with the kind of growth that we're experiencing does require constant vigilance and regular adjustments to the way we communicate and share those values.

The ASF has grown from 200 committers to about 2000 (acording to the Wednesday's State of the Feather at ApacheCon). Do you expect this trend of rather strong growth to continue? What would you consider the limits of organizational scalability of the foundation - if there are any?

The trend will certainly continue, and the federated way in which the ASF is structured makes it possible to grow to larger numbers. The board of directors currently reviews about 20-30 project reports every month, to keep the oversight, and that works as we do trust our projects, try not to interfere with them unless really needed, and ask them for reports on specific topics (mostly community and development events, and issues that might require board attention). The members of the foundation (about 300 of them) do a very good job in keeping an eye on things at all levels and raising alarms when needed, which is not very often.

We are making some minor organizational changes, like hiring outside help for administrative tasks, to cope with this growth, but from a structural point of view the ASF is ready to grow more. As long as we have enough active members that we can trust, and sustainable mechanisms to allow the board of directors to keep the oversight as we have now, we should be fine.

There are some Apache projects that collaborate with Google's summer of code program. Do further plans exist within the ASF to assist in the education of the young about open source development?

We don't have specific plans, as far as I know, but the people who lead the Summer of Code effort in the ASF are members of the Press Relations Committee, who is also tasked with outreach in general. I have talked to many of our members and committers who are willing to help youngsters get on board and understand our way of working, so we can probably expect more activity in this area in the future.

Projecting your views of the ASF into the future, say, 5-10 years: what do you think will change, what will stay the same?

The ASF projects are mostly about web infrastructure, and I don't see that changing soon. Like developers in the last few years, I think more companies will learn how to collaborate efficiently with the ASF, while respecting our basic principles, and that will help them and us work together in a sustainable way in the long term.

The Apache Way is here to stay, even though tools will evolve; distributed source code control is probably the next important thing that will happen in our toolset, and although that will change some aspects of how we work, I don't expect a revolution.

It is impossible to say exactly how the ASF will look in ten years, but I'm quite convinced that we will stay true to our basic principles, and continue to be a successful neutral ground for people and companies to collaborate on creating great software, often with a global impact.

All this looks like a bright future, and the amount of dedication that I see in so many volunteers involved in the ASF gives me every reason to be optimistic about it.

Today's Link Of The Day is Joerg Hoh's excellent Communique blog "Things on a content management system - Tips and tricks for Day Communique".

In his latest post Joerg publishes a little Perl script to help determine average response times (and provide a visual indicator of the system's performance status).

Although the blog started only recently there is already a good number of performance-related posts. All of them are worth the read since they clearly reflect Joerg's first hand experiences in tuning CQ (so do his hands-on sys mgmt topics like: how to lock out the users).

@davidnuescheler you might want to check out Joerg's take on your 5 rules for performance tuning.

In the last weeks the "7 things about me"-meme has been all over the blogosphere (here are some random examples.). In case you missed it, here's how it works: a blogger reveals 7 previously unknown things about himself. That permits him to "tag" other bloggers, i.e. to publicly challenge them to reveal 7 things as well. If the tagged blogger accepts the challenge he:

1. blogs about the 7 things he wants to reveal,

2. provides a backlink to the blogger that tagged him,

3. and tags some other bloggers he wants to challenge.

It is in this great tradition that we herewith introduce: the

"CMS Vendor" Meme

Tadaa!

The rules:

• A CMS vendor is challenged to honestly answer all items on the "Reality checklist for vendors" suggested by CMSWatch's Kas Thomas (aka the "we-get-it checklist for vendors").

• If possible the vendor has supply screenshots, links or other means to make it easy to verify the answers.

• The answers also need to be supplied in a short form of one to three stars (denoting "no", "sort-of", "yes").

• Answering all questions on his blog allows the vendor tag some other WCMS vendors.

• A tagged vendor should provide a link back to the blog that tagged him.

So here we go:

1. Our software comes with an installer program.

Sure, one double click: installed. One folder removed: uninstalled. There are no strings attached. (see the screencast here)

2. Installing or uninstalling our software does not require a reboot of your machine.

Of course not. Installing is one double-click only, no reboot needed.

3. You can choose your locale and language at install time, and never have to see English again after that.

Well, there is really no install time.. But after that, you change the language in the preferences.

Hmm. Not perfect. Will settle for "sort-of".

4. Eval versions of the latest edition(s) of our software are always available for download from the company website.

CRX (our content infrastructure platform upon which our WCM, DAM, and Social Collaboration application are built) is available for free download by developers for non-production use. Our CQ WCM, DAM, and Social Collaboration applications are available upon request under an eval license. 2 stars only.

5. Our WCM software comes with a fully templated "sample web site" and sample workflows, which work out-of-the-box.

Yes

6. We ship a tutorial.

Yes, it is part of the help files.

7. You can raise a support issue via a button, link, or menu command in our administrative interface.

Ermhh.... Good idea :). Well, in CRX there is a direct link to the mailing list where support is provided. But I'll settle for 1 star.

8. All help files and documentation for the product are laid down as part of the install.

Yep.

9. We run our entire company website using the latest version of our own WCMproducts.

Of course (we updated www.day.com to CQ5 on the day of the release). dev.day.com is running on CRX and Sling at the moment (will be running on CQ SocialCollab when that's released)

10. Our salespeople understand how our products work.

As part of our product launch process, no product goes GA without our internal Sales, Consulting, and Support staff having downloaded, installed, and trained on the new product capabilities.

I know this for sure because I did parts of the training.

11. Our software does what we say it does.

;)

12. We don't charge extra for our SDK.

There is no extra charge for CQDE (our IDE for CQ development). For lower level JCR development anyone can download our Eclipse plugin. Finally, CQ5 is built upon Sling which is open source, hence the APIs are free and open.

13. Our licensing model is simple enough for a 5-year-old to understand.

Make it a nine year old, but we are working on it... however, it is much easier than the usual industry level enterprise pricing... A "sort-of".

14. We have one price sheet for all customers.

Same pricelist, different currencies though.

15. Our top executives are on Skype, Twitter, or some similar channel, and: Feel free to contact them directly at any time.

Absolutely, all email addresses are on the web. The addresses also work as Jabber/GTalk addresses. Moreover, there is:

David Nuescheler (CTO): Slideshare, Xing, LinkedIn, david.nuescheler on Skype

Roy Fielding (Chief Scientist): Slideshare, @fielding on Twitter, Blog, LinkedIn

Kevin Cochrane (CMO): @kevinc2003 on Twitter, LinkedIn, kevinvcochrane on Skype, YIM: kevinvcochrane, Facebook: kevinc2003

So our final score is:

 

And we are tagging: OpenText, Coremedia, Interwoven, Vignette (where's your blog?), Fatwire (where's your blog?), Nuxeo, Magnolia and Tridion (where's your blog?)

Come on, guys. Don't be shy.

Update: adding the meme ID 9c56d0fcf93175d70e1c9b9d188167cf suggested by Bertrand. Google is our friend.

How many times do you setup a server software? Once! ... hmm.. wait. On my laptop, on the dev server, the load testing setup, live servers. We think that task such as install, updates, backup, setup cluster should be easy, so you can do it anytime you need it (and you will be surprised how many time that is, once it's just a few clicks). In the unlikely event that you need to recover from a total disaster - such as a data loss or hardware defect - we added a few more tweaks to help you out. But what do I write here.. just watch the screencast for yourself....

Update: the screencast is valid for CQ5 and CRX, so if you want to give those features a quick try download CRX.

It was only yesterday evening that I became aware of the "140 Characters Webapp Challenge" - just when it was closed. The challenge consisted of, well, writing a web app with a 140 characters code base (140 characters is the limit imposed on Twitter's status updates).

I could not resist giving it a try anyway. Naturally, using Sling. So here's the result: a micro-Twitter app that lets you update your status and displays the last status update in 136 characters (so there is even some space left for commenting the code):

<form method="POST"><input type="hidden" name=":redirect" value="t.html"><input name="w"><input type="submit"></form><%=currentNode.w%>

(the line needs to be put in /apps/t/html.esp and there needs to be an unstructured node at /content/t. The generated html is not for purists.).

If you can beat that (or have another funky sub-140 characters Sling app): tweet the code to @daysoftware or leave a comment with a link.

(from Geek and Poke)

This year's ApacheCon EU will take place in Amsterdam in two weeks. If you are there, check out the talks given by Day's engineers:

Bertrand Delacretaz: Rapid JCR applications development with Sling: Apache Sling is a scriptable applications layer, built on the Apache Felix OSGi framework, that provides a RESTful interface to a JCR content repository. In this talk, we'll see how Sling enables rapid development of JCR-based content applications, by leveraging the JSR 223 scripting framework along with the rich set of OSGi components provided by Sling. We will create a simple application from scratch in a few minutes, and explain a more complex multimedia application that does a lot with few lines of code. This talk will help you get started with Sling and understand how the different components fit together.

Open Source Collaboration Tools are Good For You!: What are the core requirements for a set of team collaboration tools? Looking at how ASF project communities collaborate online, we have identified four core drivers that help these projects succeed. We will show how the collaboration tools used by the ASF can allow any project team to move from an "ask around the office" collaboration model to our efficient "distributed self service information" model, while focusing on those core drivers to avoid being distracted by the tools themselves. Our analysis will help you estimate the effort and expected benefits of such a move.

Tales from the OSGi trenches: In this talk we share our experience with the Apache Felix OSGi framework, used for a major rewrite of Day's family of content management products. After more than two years working with OSGi, the impact on our products, developers, customers and service people is very high, in a positive way. OSGi is no silver bullet either. The extreme modularization and dynamic service deployment features of OSGi make our products much more robust and maintainable, but the costs associated with changing people's way of thinking about code and modules, and with testing and debugging highly dynamic systems, must not be underestimated. Based on real-life code samples, we will show how OSGi is used at several levels in our products, from low-level interactions with the framework to very simple creation of (compiled or scripted) services. We will also present some of the automated testing techniques used in our project. Sharing our experience will help you decide if OSGi is for you, and more importantly at which level you should use it.

Regarding OSGI: If you use OSGi and have some (positive or negative) feedback to share Bertrand is eager to hear from you.

Carsten Ziegeler: Embrace OSGi - A Developer's Quickstart: The first choice for highly modular, dynamic, and extensible applications is the OSGi technology. However the theory sounds very tempting but what about the real world? Starting with the basics of OSGi this session is focused on practical examples, tools, and procedures for a rapid adaption of OSGi in own projects. Learn how to avoid the typical traps and how to use the advantages of OSGi.

Meet Carsten at the Portals Meetup.

Felix Meschberger: Scripting your Java Application with BSF 3.0: One very important functionality of modern extensible applications is support for developping such extensions in any scripting languages. Many scripting languages available today provide some sort of Java integration but each integration is different making it very difficult for the vendor of the application to support more than one scripting language. Enter the Java Script API as defined in JSR-223. This API provides support for standardized integration of scripting languages in Java applications. Bindings already exist for a number fo scripting languages such as Groovy, JavaScript, Python, Ruby, Tcl. This session will show how easy it is to add scripting support to a Java application using the Java Scripting API and thus support whatever scripting language the user of the application likes to use. Practical demonstrations using Apache BSF 3.0 as the Java Scripting API implementation and Apache Sling as a Java application to be scripted will show how easy it is to add scripting support and to add scripting languages quickly and at runtime without even restarting the application.

Jukka Zitting: Content storage with Apache Jackrabbit: Hierarchical database or a transactional file system? Apache Jackrabbit combines some of the best features of relational databases and traditional file systems to implement a flexible high level storage solution for a wide range of applications. Jackrabbit, a fully conforming implementation of the Content Repository for Java Technology API (JCR), comes packed with features like full text search, versioning, and transactions. Built-in HTTP mappings with WebDAV extensions make content stored in Jackrabbit easily accessible in network environments. This presentation introduces you to the key concepts of JCR and shows how to use Apache Jackrabbit and related projects to build various types of content applications like wiki and blog engines, email archives or image galleries. Special emphasis is placed on a data-first approach to content design that helps make your applications extensible with little or no extra code.

Here's a useless nice to look at visualization of the Apache Jackrabbit svn commits. It was generated using "code_swarm". The dots denote committed files and the names are the developers' login names:

The Quicktime rendition looks best, but here's also a Flash version and an avi. Be warned if you are in an office: there is music (creative commons track from SuperNova)

Here's some Sling news highlights from the last weeks:

There have been two interesting contributions in the authentication and authorization area:

• Rory Douglas contributed code for OpenID-based authentication in Sling.

• Eric Norman has written a bundle that allows users management like:

  These custom SlingPostOperations are provided:
  1. createUser
  2. createGroup
  3. changePassword
  4. updateAuthorizable
  5. deleteAuthorizable
  

It would be cool to see them combined such that users logged in through OpenID became repository-based users on the fly (rather than be known as a technical user to the repository).

Notable news from the "Give them enough rope" department include:

• Support for scripting in the Scala language has been added.

• Now that Groovy 1.6 has been released the Groovy script engine has been added to the default collection of bundles that get installed with Sling.

Last, but not least I was delighted to see that Sling and JCR are being taught in a university course in Grenoble (thanks to @keepthebyte for the tip).

Day's Chief Scientist Roy Fielding will speak at the SofTech 2009 conference in Milan (26 March). In this context Roy has been interviewed by Alessandro Giacchino about REST, SOA, JCR, and content management.

The Italian version of the interview has been published in the ToolNews magazine (here's a PDF of the article). Find the English version below (as a teaser: the interview contains the first definition of the term "SOA" that I can grok).

First of all, you contributed to the HTTP, REST and URI definition. What did take you to Day Software, a small swiss company working on Content Management solutions? Are you still working on the Java Content Repository or are you working on new "concept/project"?

Day Software has a much more international breadth and perspective than most companies. I met David Nuescheler, Day's CTO, in December 2001, when he was first exploring the idea of a standard Java API for content repositories and wanted my advice on the JSR process. After talking over dinner, it was clear to both of us that we shared a vision of how the Web architecture could be utilized by software and the role that standards development can play in establishing future infrastructure.

The REST architectural style is about making use of standard data formats and an "everything is a resource" conceptual view in order to tie together network-based applications into a reusable system of long-term resources.

Content management software is about managing the content of standard data formats and an "everything is content" conceptual view to tie together all of the content generated by an enterprise into a reusable system of long-term assets.

It is, in fact, exactly the same problem space with only a minor change in terminology and a realization that the software is content too. A content management system is an ideal RESTful application development environment if it remains true to the architecture of the Web.

I helped David with the process associated with starting and evangelizing the Java Content Repository (JCR) API in its first two years, but the technical work of JCR has been accomplished by David's work and that of our outstanding developers in Basel. My role has been to grease the gears and make it possible for Day to expand that work into open development projects at the Apache Software Foundation.

My current work is split between representing Day at various conferences/meetings around the world and developing the next generation of Web standards. I am currently revising the standard for HTTP within the IETF and am chair of the Apache HTTP server project, an important component not just for all of our customers but for the entire Web. I am also working on a longer-term project to create a new protocol that may eventually replace HTTP.

According to some analysts, instead of booming on the market, and evolving to 2.0, SOA seems to be in and "hold" position, slowing down all development and investment on it. Do you agree on this? If yes, why do you consider this happened? If no, what do you think will be the next drivers? Do you see any relations between SOA and Cloud Computing?

"SOA" has become all things to all people, and thus has no useful definition other than "stuff that you can access on servers." I don't think there has been any reduction in services. If anything, I find that there has been a huge move by companies onto outsourced services such as Gmail, Salesforce, and Amazon. I expect that trend to continue.

What has been moved to a "hold" position is the antiquated architecture of tightly coupled services that was promoted as "Web Services" (in spite of the fact that it had nothing to do with the Web) and SOAP. I think customers finally reached the end of their tolerance for software pixie dust frameworks that did not interoperate across multiple vendors. The architectures were insufficiently constrained for interoperability and reuse.

Cloud computing is another term that is often being misused. In my opinion, it means "outsourcing your data centers." There is significant value in doing so for many customers that do not want to be in the business of managing servers, power, etc. It also represents a significant challenge to enterprise software developers, since we need to incorporate secured access, remote deployment, and high-availability management into the core software architecture.

That is why Day's products have an emphasis on easy installation and automatic clustering support: we see the cloud computing environment to be the dominant platform for our customers, whether that "cloud" be in the form of a third-party, like Amazon Web Services, or an internally managed network like those currently being used by some of our larger customers.

Most of your project have been around Java and Open Source. Now, it happens that one of the best supporter of REST is Microsoft, while you are working for a company that "uses" Open Source, but sells commercial products. How do you consider will be moving in the future borders between this two totally different models to go to the market?

Day Software doesn't just "use" open source. We actively create and participate in the major infrastructure projects that are important to our customers. For example, Apache Jackrabbit, Apache Sling, and Apache Felix are major components of CQ5 (our flagship product for web content management). Likewise, Apache HTTP Server and Apache APR are used by all of our customers, often without knowing it, and our active participation in these communities allows us to leverage the experience and brainpower of hundreds of developers.

We develop our open source products under the banner of the Apache Software Foundation, rather than hosting our own open source projects, because we have found that a richer community of software developers can be formed around a nonprofit foundation like Apache. It allows everyone, even some of our competitors in the content management industry, to participate on an equal footing and ensures that the software won't be subject to any single company's moods. In turn, a larger community means more bugs are found and fixed quickly, more features are added by others, and more leverage is obtained for our commercial products that depend on open source.

The only software that Day has not open sourced is our application software, which is often highly integrated with specific customer needs. In addition to paying our salaries and supporting all of those open source infrastructure costs, keeping the application software private allows us to incorporate third-party products, such as components that integrate with legacy data sources and professionally designed user interface modules.

Microsoft has a quite different model. Microsoft gains much of its platform sales based on developer mindshare: their primary revenue stream is a proprietary infrastructure platform and the only way they can keep people buying that platform is to encourage developers to program for it. Microsoft's recent interest in REST is therefore just a reaction to where they see the developers moving -- it is a reaction to having lost the mindshare associated with Web Services.

What do you think about "Web 2.0", considering it in terms of Social Networking and new Client paradigms (Ajax, Silverlight), where all become "content" for informations, transactions and relations. Is it ready to fill its promises or should we wait for Web 3.0, 4.0 and so on? What will be "the next big thing"?

Web 2.0 is just a marketing phrase for the second wave in venture capital funding. I think that has clearly ended, at least within the Silicon Valley environment. The funny thing about these version numbers is that the "2.0" paradigms (AJAX, javascript, CSS, etc.) are all technologies invented back in 1997. It has only been the sad state of browser software that held back those advances for so long, and it only took one big company (Google, via Google Maps) to turn that around.

The Web architecture is currently on version 3.2, rapidly moving to 3.3, and my work is on 4.0. The biggest changes in the coming year will be in the nature of authentication systems and security, both of which haven't been improved significantly since 1995.

Did I miss the "right" question? Which one should you consider that it had to be?

I need to keep something in reserve for my presentation. See you in Milan.