Glenn's Web Factory

Saturday, November 26, 2005

They use computers!

Walk, don't run! right over to and play some of their exciting videogames. Armed with the power-slogan "We use computers... to make video games!" you know you are in for some excitement from screen 1!

All their art work is created by award winning artists! And the theme music is so awesome, you'll be thrilled to know they offer them all as MP3 downloads! Hello IPod!!! My personal music fav is the theme from 50k Racewalker!

Thursday, November 24, 2005

More Lessons from the Sony Fiasco - Source Code Origin Transparency

Many of us have watched in subdued horror as the Sony BMG DRM drama plays out. Since the October 31 discovery that Sony had released music audio CDs with a rootkit installed (spyware which annoys paying customers in attempts to keep them honest while having no effect on experienced music pirates or anyone who has tape) we've seen Sony compound their mistakes in providing damaging removal software (don't install this!) and attempts to ignore, deny or downplay the seriousness of their offenses. (For the sarcastic among you, get your I "heart" rootkit tShirts here!)

The public outcry (and class action complaints!) seems to be getting through to some degree, but now another discovery that the software contained on the discs appear to contain open source software that is used in violation of its license. Sony purchased this software from a third-party called First4Internet) who has declined comment about the matter) but that code clearly contains code fragments from the LAME open source project. This raises lots of questions of accountability and it will be interesting to see who is held responsible for this violation.

But regardless, it emphasizes the need for companies who purchase software to heavily scrutinize the code origins to ensure compliance by all applicable licenses and regulations. Corporate software purchasers should demand absolute transparency to all code used for an application and obtain a signed statement attesting to it.

With the tremendous amount of available source code on the Internet, developers are increasingly depending on code, libraries or components developed by others. In turn, these libraries or components may depend on other components and so on. With the endless array of licensing options available, each with their own rules for use or extension, a fair amount of scrutiny is required to determine just how "owned" a software product is, and under just what conditions it may be legal to be used, modified, distributed or sold.

For example, Yokohama (my company's flagship product) incorporates a small handful of "third-party" components to enhance it's functionality:
  • TinyMCE - An excellent rich text editing component produced by Moxiecode Systems AB. Nature of use: "linked library". License: LGPL.
  • FileUpload and DBCP from the Apache Jakarta Commons project for handling file submissions via the web and database pooling. Nature of use: "linked library". License: Apache
  • Matt Kruse's Calendar Popup for easy entry of dates. Nature of use: "linked library". License: Custom (Allows free use, must retain original header)
  • Walter Zorn's DHTML Tooltips for enhanced tooltips. Nature of use: "linked library". License: LGPL.
The nature of "linked library" usage means the code has not been copied and pasted into your own application, but is left in whole on it's own and linked to via a script call (for javascript libraries) or via a CLASSPATH (for java libraries). For each of these libraries, this allows for full distribution with commercial products and does not impose their licenses upon your proprietary applications which link to them.

That is the full disclosure of our software's included third-party code. I recommend every ISV to create a similar list for their clients (it wouldn't necessarily have to be published on the web). Furthermore, I strongly recommend companies who purchase software to demand such a list and require a signed statement as to the accuracy of the list.

I believe such precautions would go a long way towards limiting the liability for companies who might otherwise find themselves in Sony's shoes.


Sunday, November 20, 2005


Well, it's time for me to jump on this blog bandwagon! Something I've been meaning to do for some time now - but haven't as it has seemed hard to justify the time investment.

But I hope I can give something of use to this community in the form of ideas and solutions and observations to issues that are encountered by enterprise web developers and small companies with a strong emphasis on development for the web.

Much of what I discuss will likely have a Java focus, but I try to watch closely the goings on of other frameworks such as Ruby on Rails, Zope, or PHP offerings - and I think many of the interesting problems are language agnostic.

Additionally, I hope this blog will be of interest to non-programmers who have a strong interest in trends of web applications and creating "best-of-breed" solutions for their sites or for their clients' sites.

Here at my company (bluejava) we challenge every status quo notion of this business and try to improve upon it. So far, I believe we have succeeded in handling many complex problems better than I have seen them managed before - and I look forward to sharing these methodologies with others and opening them up for comment and discussion.

Feel free to email or comment here with any questions or comments about web development in the enterprise, and I will do my best to get to them - perhaps answering them in this public forum for the benefit and scrutiny of others.

Thanks for reading, and here's to a better web experience!