Ideas about Enterprise 2.0 products and philosophies

Enterprise 2.0

What is Enterprise 2.0? There's a great deal of debate on this matter, which I consider healthy... by definition it is the next stage of enterprise software, however there aren't terribly many reproducible success stories yet... and frankly, you're better off studying the failures of Enterprise 2.0 before trying to reproduce any of its successes.

I do not believe Enterprise 2.0 is limited to clones of Facebook... nor do I believe it is merely the adoption of Web 2.0 philosophies to the enterprise. Those definitions miss several fundamental points:

Enterprise 2.0 is an emerging social and technical movement towards helping your business practices evolve. At its heart, its goals are to empower the right kind of change by connecting decision makers to information, to services and to people.

On this page, you will find many of my blog posts specific to Enterprise 2.0: what it is, where it is going, and how you can get there.

Oracle Open World

UPDATE: Oracle Open World is almost upon us! I will be giving 3 talks this year... there was some confusion about Sunday, but this schedule is now final:

UGF9799 Displaying Enterprise Content in Oracle WebCenter Sites
Sunday, 9/22, 8:00 - 9:00 @ Moscone West - 3018

With the latest version of Oracle WebCenter, you can easily surface documents and Web content stored in Oracle WebCenter Content in Oracle WebCenter Sites. There are many integration options, from single images and rendered HTML to an entire Website. Attend this session to learn how to use them and which option is right for you.

UGF9900 - The Top 10 Web App Vulnerabilities and Securing Them with Oracle ADF
Sunday 9/22, 11:45 - 12:45 @ Moscone West room 2003

Cross-site scripting, SQL injection, and request forgery are just some of the major vulnerabilities every Web application developer needs to know about. Attend this session to learn about the Open Web Application Security Project (OWASP) Top 10 security vulnerabilities and how to avoid them by using Oracle Application Development Framework (Oracle ADF) and other Oracle technologies.

CON6876 - Displaying Enterprise Content in Oracle WebCenter Sites
Tuesday 9/24, 15:45 - 16:45 @ Moscone West room 2012

An encore performance of my Sunday talk of the same name...

The first and third ones I will be presenting with Tony Field from Function1, and giving a demo of the new WebCenter Sites/Content integration that was recently released with WebCenter 11.1.1.8. I'm very excited about the 11.1.1.8 release, and will be blogging my overview of it after Open World... when all the dust settles!

2011 Blog Year-In-Review!

I'm continuing my tradition of doing my blog year-in-review in late April... mainly because I started my blog six years ago on April 29th. But, also in the hopes it would stand out more, since everybody else has a fiscal-blog-year-end on December 31st!

In the 2011/2012 time frame I had 204,514 page views, which is a 12% increase over the previous year! Woah... surprised to see that spike, considering I've been feeling guilty about not posting enough these days... altho a lot of that was because my post on how Steve Jobs couldn't program a computer was on the front page of Hacker News for a few days! The top posts from 2011 are as follows:

  1. Oracle Acquires FatWire! And people are curious as to what will happen next...
  2. Oracle Mix Jumped The Shark: a rant against how some folks rigged the Mix system to con their way into getting Open World Sessions. Uncool.
  3. WebCenter Performance Tuning: a case study in WebCenter Content tuning
  4. WebCenter 11g PatchSet5: some useful downloads and links
  5. One WebCenter To Rule Them All: some coverage of the rebranding that occurred at OpenWorld 2011
  6. Collaborate 2011 Presentations: always good stuff there ;-)
  7. Mashup Standards: JSON-P Versus CORS! My opinions on why JSON-P is superior, and an add-on to my popular jQuery Plugin to better support mashups
  8. PowerPoint Tips From South Park: the title says it all...
  9. More On FatWire: additional analysis and predictions
  10. Multilingual UCM: some info on how to support multiple languages with UCM

This year I should have time to add more tutorials... there's some nifty stuff coming out in the next version of WebCenter that could change how people do enterprise integrations. Stay tuned...

FatWire Tutorial for Site Studio Developers

Oracle recently acquired FatWire, and renamed it WebCenter Sites. It is a "web experience management" toolkit, which is similar to Oracle's existing Site Studio product -- a part of Oracle UCM, now called WebCenter Content.

After using Site Studio for years, I got pretty accustomed to it's terminology and toolkits... so looking at FatWire was initially intimidating because it was just so dang different. But, after using it for several months, I've come to the conclusion that a lot of the fundamentals are pretty similar. Pretty much everything Site Studio does is built in to FatWire, and FatWire has a few nifty extras as well.

So, for IOUG Collaborate this year, I put my insights together into a presentation: Crash Course in FatWire for Site Studio Developers:

It's not a replacement for actual training... but it does cover all the major low-level assets, and how they fit together to form a site. If you know a thing or two about Site Studio, this should help you get over the initial "fear of the unknown!"

Mashup Standards Part 3: JSONP versus CORS

In part 1 of this post, I covered the JSON-P "standard" for mashups. Not so much a standard per se, but a sneaky way to share JSON code between servers by wrapping them in a 'callback' function... For example, if we have our raw JSON data at this URL:

http://example.com/data.js

A direct access would return the raw data dump in JSON format:

{ foo: "FOO", bar: "BAR" }

However, a JSON-P call would return a JavaScript file, that calls a 'callback' function with the raw data:

callback({ foo: "FOO", bar: "BAR" });

Since this is pure JavaScript, we can use it to bypass the "Same-Origin Policy" for AJAX... A typical AJAX call uses the XmlHttpRequest object, which only allows calls back to the originating server... which, of course, means true mashups are impossible. JSON-P is one of the (many) ways around this limitation.

Since JSON-P is something of a hack, many developers started looking for a more secure standard for sharing JSON and XML resources between web sites. They came up with Cross-Origin Resource Sharing, or CORS for short. Enabling CORS is as simple as passing this HTTP header in your XML/JSON resources:

Access-Control-Allow-Origin: *

Then, any website on the planet would be able to access your XML/JSON resources using the standard XmlHttpRequest object for AJAX. Despite the fact that I like where CORS is going, and see it as the future, I just cannot recommend CORS at this point.

Security

Since CORS is built on top of the XmlHttpRequest object, it has much nicer error handling. If the server is down, you can recover from the error and display a message to the user immediately. If you use JSON-P, you can't access the HTTP error code... so you have to roll-your-own error handling. Also, since CORS is a standard, it's pretty easy to just put a HTTP header in all your responses to enable it.

My big problem with CORS comes from the fact that it just doesn't seem that well supported yet... Only modern browsers understand it, and cross-domain authentication seems to be a bit broken everywhere. If you wanted to get secure or personalized JSON on a mashup, your back-end applications will need to also set this HTTP header:

Access-Control-Allow-Credentials: true

And, in theory, the AJAX request will pass along your credentials, and get back personalized data. The 1.7 jQuery plug-ins works well with JSON-P and authentication, but chokes badly on CORS. Also, keep in mind that authenticated CORS is a royal pain in Internet Explorer. Your end users will have to lower their security setting for the entire mashup application in order to make authenticated requests.

Now, JSON-P isn't great with security, either. Whereas CORS is too restrictive, JSON-P is too permissive. If you enable JSON-P, then you pass auth credentials to the back-end server with every request. This may not be a concern for public content, but if an evil web site can trick you into going to their mashup instead of your normal mashup, they can steal information with your credentials. This is call Cross-Site Request Forgery, and is a a general security problem with Web 2.0 applications... and JSON-P is one more way to take advantage of any security holes you may have.

Performance

In addition, the whole CORS process seems a bit 'chatty.' Whereas JSON-P requires one HTTP request to get secure data, CORS requires three requests. For example, assume we had two CORS enabled applications (app1 and app2) and we'd like to blend the data together on a mashup. Here's the process for connecting to app1 via CORS and AJAX:

  1. Pre-Flight Request: round-trip from client browser to app1 as a HTTP 'OPTIONS' request, to see if CORS is enabled between mashup and app1
  2. Request: if CORS is enabled, the browser then sends a request to app1, which sends back an 'access denied' response.
  3. Authenticated Request: if cross-origin authentication is enabled, data is sent a third time, along with the proper auth headers, and hopefully a real response comes back!

That's three HTTP requests for CORS compared to one by JSON-P. Also, there's a lot of magic in step 3: will it send back all the auth headers? What about cookies? There are ways to speed up the process, including a whole ton of good ideas for CORS extensions, but these appear to be currently unpopular.

Conclusion: Use JSON-P With Seatbelts

If all you care about is public content, then CORS will work fine. Also, it's a 5-minute configuration setting on your web server... so it's a breeze to turn on and let your users create mashups at their leisure. If you don't create the mashups yourself, this is sufficient.

However... if you wish to do anything remotely interesting or complex, JSON-P has much more power, and fewer restrictions. But, for security reasons, on the server side I'd recommend a few safety features:

  • Validate the HTTP_REFERER: only allow JSON-P requests from trusted mashup servers, to minimize request forgery.
  • Make JSON-P requests read-only: don't allow create/modify/delete through JSON-P.

But wait, isn't it easy to spoof the HTTP referrer? Yes, an evil client can spoof the value of the referrer, but not an evil server. In order for an evil mashup to spoof the referer, he'd have to trick the innocent user to download and run a signed Applet , or something similar. This is a typical trojan horse attack, and if you fall for it, you got bigger problems that fancy AJAX attack vectors... DNS rebinding is much more dangerous, and is possible with any AJAX application: regardless of JSON-P or CORS support.

Links and Free Downloads

For those of you interested in Oracle WebCenter, I created a CrossDomainJson component that enables both CORS and JSON-P, and it includes some sample code and documentation for how to use it. It currently works with WebCenter Content, but I might expand it to include WebCenter Spaces, if I see any interest.

Meet Me in Toronto on Thursday!

For those of you in the Toronto area, I'll be presenting at the AIIM/Oracle Social Business Seminar this Thursday! Its at Ruth's Chris Steakhouse, 145 Richmond Street West, Toronto, ON. The agenda is as follows:

  • 10:00 a.m: How Social Business Is Driving Innovation, Presented by: John Mancini, AIIM
  • 11:00 a.m: Solving the Innovation Challenge with Oracle WebCenter, Presented by: Howard Beader, Oracle
  • 12:00 noon: Lunch and Networking, Table Discussions on Case Study Challenges
  • 1:00 p.m: Strategies for Success Case Study, Presented by Bex Huff, Bezzotech
  • 1:45 p.m: Final Remarks

Space is limited, so register now for a seat!

Mashup Standards Part 2: Cross-Origin Resource Sharing (CORS)

In my previous post, I was talking about the JSON-P standard for mashups. It's very handy, but more of a "convention" than a true standard... Nevertheless, it's very popular, including support in jQuery and Twitter. In this post I'm going to discuss what some consider to be the modern alternative to JSON-P: Cross-Origin Resource Sharing, or CORS for short.

Lets say you had two applications, running at app1.example.com and app2.example.com. They both support AJAX requests, but of course, they are limited to the "Same-Origin Policy." This means app1 can make AJAX requests to app1, but not to app2. Let's further assume that you'd like to make a mashup of these two app at mashup.example.com.

No problem! In order to enable cross-origin AJAX, you simply need to make sure app1 and app2 send back AJAX requests with this HTTP header:

Access-Control-Allow-Origin: http://mashup.example.com

This is easily done, by adding one line to the Apache httpd.conf file on app1 and app2:

Header set Access-Control-Allow-Origin http://mashup.example.com

DONE! Now, with standard AJAX calls you can host a HTML page on mashup.example.com and connect to app1> and app2 using nothing but JavaScript! There are about a half dozen additional Cross-origin HTTP header that you can set... including what methods are allowed (GET/POST), how long to cache the data, and how to deal with credentials in the request... naturally, not all browsers support all headers, so your mileage may vary!

Not to mention, because the XmlHttpObject is used, CORS has much better error handling than JSON-P. If there's an error accessing a file, you can catch that error, and warn the end user. Contract that with JSON-P, where there's no built-in way to know when you can't access a file. You can build your own error handling, but there's no standard.

Nevertheless, I still prefer JSON-P for mashups. Why? Well, it boils down to two things: performance, and security. I'll be covering the specifics in part 3 of this port.

Open World 2011: WebCenter Presentations

I gave two presentations at Oracle Open World this month... one on Integrating WebCenter Content: Five Tips to Try, and Five Traps to Avoid! I broke it down into the big sections: contribution, consumption, metadata, security, and integrations. Special thanks to IOUG for sponsoring this talk!

My second talk was a case study based on a big project that completed recently, integrating WebLogic Portal, UCM, E-Business Suite, Autonomy IDOL, and a whole bunch of other stuff to make a global e-commerce web site. The client is in a highly regulated industry, and I was unable to get permission to use their name... but if you're curious about the details ping me!


If I missed you at Open World, I hope to see you at IOUG Collaborate 2012!

Running WebCenter Portal Pre-Built VM on Mac OSX

The WebCenter Portal team has put together a VirtualBox virtual machine to showcase the WebCenter Portal product. You can download it from Oracle. It's a big one: clocking in at 30 GB, so pack a lunch before downloading it.

The install instructions are pretty good for Windows and Linux clients... but if you're on a Mac (like me), it's missing one important tip. The file REAVDD-HOL-WC.ovf contains the information needed to import the files into a VirtualBox VM... but if you're running the free version of VirtualBox, it chokes on the import every time. The culprit is this line:

<SharedFolders> <SharedFolder name="Host" hostPath="D:\TEMP\Host" writable="false" autoMount="true"/> </SharedFolders>

If you're on Windows, and have a D drive, this works fine... but if you're on a Mac (and probably Linux), this will break the import. The fix? Use this XML instead:

<SharedFolders/>

And re-do the import... you'll need to re-set-up sharing once it's running. But at least now it will have a valid path!

NOTE: This is just meant to be a sandbox for testing integrations, and the like. It's not meant to be placed into a production environment... but, like all demo code, I'm sure I'l find it floating around in production eventually... and have to make it work.

WebCenter Mobile: PhoneGap and ADF Together at Last!

I was always a bit little skeptical about the initial mobile offerings for UCM and WebCenter. They never impressed me, because I felt strongly that these apps were fundamentally flawed in their design...

Why? Because they focused on being Mobile Applications instead of Mobile Web. The first time I held an iPhone, I noticed that it was running a browser that supported HTML5. The first Android was the same. This was at a time where HTML5 support was rare on desktop browsers, and few developers knew how to use it. Nevertheless, I predicted years ago that it would be the future... HTML5 was so powerful, that Flash and native mobile apps were unnecessary for 95% of applications. Many clients asked my advice on mobile apps, and my answer was always the same: "Skip native apps, and focus on the mobile web!"

This week, Oracle announced their next generation of the ADF Mobile toolkit... and (as I predicted) they are going the same route! Native code is no longer the focus: previously, you would create an ADF component, and it would be compiled down into native iOS or Android controls. No more! The next version will compile to HTML5 and be rendered in the mobile browser!

How can this be? With a technology called PhoneGap. It allows you to create your application in nothing but HTML5, render it in a browser, and still access native functionality (camera, location, files) with JavaScript functions. It's basically a wrapper around the built-in HTML5 browser, plus a plug-in library, which together give you an extremely powerful development environment. The next generation of ADF Mobile will be an ADF wrapper around PhoneGap, plus a few extra goodies (that I'm not allowed to talk about yet!). They call these hybrid applications because they are mostly HTML5, with a tiny bit of native code mixed in.

Well, what about those candy-coated user interfaces? How do I get those? The same way as always: mobile JavaScript toolkits. There are several available that can make very attractive interfaces, that render in any smartphone:

If you prefer to roll-your-own UI, I'd recommend Zepto as a minimalist framework instead...

What's next for the web, then? I believe that mobile application development will be the biggest driver for the adoption of HTML5 browsers. Yes, probably only 10% of mobile phones are HTML5-enabled smart phones... but people cycle through cell phones every 2 years. Compared that to the enterprise, some of which stubbornly refuse to upgrade from IE6!

I'd bet 90% of Americans will have a HTML5 mobile phone, before 90% of them are off IE6! Sad, but true... but good news for mobile developers!

UPDATE: Dang it! Just as soon as I blog about this, Adobe goes and purchases PhoneGap! What does this mean for Oracle? Tough to say... it's probably a good thing, since most of PhoneGap is open source. The only piece that's not Open Source is their nifty build engine. But, since Oracle already owns their own build engines (jDeveloper and Eclipse plugin), this is not a stumbling block.

UPDATE 2: It appears that Adobe has done "The Right Thing" and is submitting PhoneGap to the Apache group, and re-branding it as Project Callback. This will hep cement it as "the standard" toolkit for mobile app development.

Oracle Open World!

Open World is barely a month away! I'll be heading there early for some Oracle ACE briefings and the like... I'm normally a "broadcast only" Twitter user, but when I'm at conferences I check it all the time, and tweet with location services on. If you want to meet up, just message me!

@bex

I have a couple of sessions this year... unfortunately they are all on Thursday! Dang it! I was hoping to leave the conference early -- since Michelle and I are having our first kid, and her due date is a few weeks after Open World. Alas, the scheduling gods were not with me:

  • Session: 10843
    • Creating a Global E-Commerce Site with Oracle E-Business Suite and Oracle Fusion Middleware
    • Thursday, 12:00 PM, Intercontinental - Intercontinental Ballroom B
  • Session: 9539
    • Integrating ECM into Your Enterprise: 5 Techniques to Try and 5 Traps to Avoid
    • Thursday, 03:00 PM, Intercontinental - Telegraph Hill

I know picking Open World sessions can be a bit of a baffling ordeal... so if you're pressed for time, I'll suggest a few tips. If you want to see WebCenter based content, check out the WebCenter partner sessions. Lots of good stuff there. If you're curious about non-WebCenter products but don't know where to start, I'd recommend the Oracle ACE sessions over just about everything else. ACE sessions are a good bet: speakers are usually very knowledgeable, very passionate, and very excited to share what they know. Translation: minimal marketing fluff. You don't get the title "Oracle ACE" by being a self-promoting fool!

Well... at least most of the time Oracle ACE's aren't self-promoting fools... there are exceptions.

Has Oracle MIX "Suggest-A-Session" Jumped the Shark???

Jump The Shark: (verb) a term to describe a moment when something that was once great has reached a point where it will now decline in quality and popularity.

Oracle MIX is a social software app to connect people in the Oracle universe. It was launched back in 2007 by The Apps Lab so people could network and stay connected during (and after) Open World. It was at the time the largest JRuby on Rails site out there. It's a decent site, and you Oracle monkeys should check it out...

I believe in 2008, they decided to try something new: allow the community to "suggest a session" for Open World. They had ten slots at Open World, and everybody was encouraged to submit a session for consideration, and vote on what they liked. The ten sessions with the most votes would get to present at Open World.

This was also a great idea... It was the ideal place for sessions outside the mainstream to get a voice at Open World... technology that might be too "bleeding edge" for a general audience, but is the bread-and-butter of geeks who only hit one conference per year. Social software, mashups, open source, installing Oracle on a Roomba... you get the idea. If you want to do a mainstream talk about a mainstream product, then submit it through the normal channels to the Open World committee... If your session isn't picked, then it probably wasn't good enough.

This model worked fine in 2008, 2009, and 2010... but I think something went really REALLY haywire this year...

MIX, being an open community, allowed people to take the voting data and mash it up in interesting ways... Greg Rahn over at Structured Data did exactly this, and presented his data analysis of the votes. Just looking at the data I saw a lot of anomalies, but to me the smoking gun is this:

  • Number of users who voted for exactly one author: 828
  • Number of users who voted for ALL sessions by EXACTLY one author: 826

Well, that ain't right... once you dig further, you see what probably happened: the Oracle MIX community has been invaded by a spammer...

Specifically... somebody out there has a mailing list with a few hundred people, and contacted them all asking for votes. Probably repeatedly. I don't know about others in the MIX community, but I personally got three such emails begging for votes... One of them was so shady it probably violated Oracle's Single-Sign-On policy. The line between self-promotion and SPAM is fuzzy... but it was clearly crossed by a lot of people this year.

I know what you're thinking... must be sour grapes, eh? But no, I did not submit a MIX session. Oracle was kind enough to approve both of my Open World presentations this year, so I thought the gracious thing to do would be to leave the MIX sessions for the community... so I'm very disappointed in the behavior of these people.

The rules as-is are broken... based on Greg's data, 200 people at Microsoft could all vote for sessions like "Reason #6734 Why Microsoft Rocks and Oracle People are Big Fat Stupid Heads"... and they'd win every slot.

All communities have this problem... once they become popular, they become valuable. Once they become valuable, some people try to extract more value than their fare share. Many large sites implement some form of moderation or karma points to keep cheating to a minimum... I think it's about time MIX did the same. I have a few ideas for "guidelines":

  1. promotion via tweets and blogs is allowed and encouraged
  2. mass communication via emails or social networks will be considered "social spam," and grounds for disqualification
  3. "down-voting" like Digg should be enabled to further prevent spammers from carpet-bombing their way to the top
  4. sessions should be outside of mainstream Oracle talks: sessions similar to ones given at Open World are discouraged
  5. a maximum of two talks can be submitted on behalf of an individual, organization, or community group
  6. a maximum of one talk can be selected on behalf of an individual, organization, or community group

Of course, this isn't perfect... the top 10 slots could still go to people with 1000 employees, and therefore 1000 reliable votes! Probably the ideal situation is to randomly select some Oracle ACEs to be the judges every year, based on community input. Not ideal, but really hard to rig...

So... how many of you feel like you were "spammed" this year?

UPDATE: Oracle is soliciting opinions for what worked and what didn't this year. If you have an opinion about what should be fixed, please leave a comment on their blog or contact Tim Bonnemann directly.

Presentations From Collaborate 2011

In case you weren't able to make it to IOUG Collaborate last month, you can feel free to peruse my presentations in the privacy of your own home ;-)

My first one was on UCM implementation patterns... or in general, what customizations/integrations are common for UCM, and how do we do them? That was pretty well attended:

I also presented on the Top 10 Security Vulnerabilities in web applications. This is my own take on the popular OWASP Top Ten presentations on the same subject. Many thanks to the OWASP people for compiling the top ten, and getting the word out about security:

In addition to these two, I gave presentations on managing a multi-language web site, and a fourth one on the next generation of Oracle Collaboration Tools, also known as Oracle Fusion UX Applications. Oracle was kind enough to give me a sneak peek at Fusion UX, and I was quite impressed, and volunteered to help spread the word.

Enjoy!

Countdown to IOUG Collaborate 2011

It's less than one week away!

I'm giving 4 presentations at Collaborate 2011 this year, but by some cruel, cruel, cruel twist of fate, all four of my presentations are on Wednesday... Seriously, like back-to-back starting at 8am. Yeesh! I apologize in advance if I bump into you on Wednesday and then run away... I won't have much time to chat with this schedule:

  • 8:00am: Implementation Patterns for Oracle Universal Content Management
  • 9:15am: Fusion Applications User Experience: Transforming Work into Insight
  • 10:30am: Top 10 Security Vulnerabilities in Web Applications
  • 1:00pm: Creating and Maintaining an International Web Site

Talk about variety! I'll start you off with some general UCM information, then show off the next generation of hyper-connected Oracle collaboration tools, followed with a reality check about how evil hackers read your email, and wind down the day with practical tips about managing a ginormous global web site.

If you'd like to meet up and talk tech, come on over to the Bezzotech booth! We're at booth 850, which is just in front of the big Oracle demo pods... we'll have videos of the software we'll be launching soon ;-)

If you want to meet up, follow me (@bex) on Twitter. I'll be sharing my location frequently...

How-To Component Samples for Oracle UCM 11g

Finally!

For those of you who don't know, the HowToComponents are a collection of "basic-advanced" customizations to Oracle UCM/ECM. They are very small samples that show off how to plug-in custom Java code. Everything from custom IdocScript, custom security checks, custom services, and Java filters. I originally made them about 10 years ago (while working at Stellent) to help people kick-start projects that needed to build upon them to make more advanced customizations.

A lot of things changed over the years... luckily, the HowToComponents still (mostly) work! I was mainly surprised that a 10-year old Yahoo web service still reliably delivers stock quotes... Mostly we just recompiled and repackaged them, with a few changes...

First, a new security feature in 11g requires a token to be present in every we request. So, we needed to add this code on pretty much all of the web forms:

<input type="hidden" name="idcToken" value="<$idcToken$>"/>

Also, the code for adding new items to the menus changed quite a bit... look at the resources CoreMenuItems and CoreMenuItemRelationships in each component for some sample code.

Also, the DynamicPrefix component no longer uses the validateStandard filter event to change the Content ID upon check-in... that's because in 11g you have to use the new event preComputeDocName. You can still use validateStandard for most metadata alteration/validation... but the dDocName is special and needs to be treated differently.

FYI, to compile these components for 11g, be sure to use the correct To compile, the libraries are here:

<Fusion-Middleware-Home>/Oracle_ECM1/ucm/idc/jlib/idcserver.jar

These components are only "semi-official." The folks I know at Oracle didn't have time to polish these up for 11g, so we at Bezzotech decided to step up and do it ourselves. The code is licensed as Apache 2.0 code... which in short means: do whatever you want, except blame us for what you did!

You may download the HowToComponents from the Bezzotech Library page. You can download previous versions (7.5/10gr3) of the HowToComponents from the Oracle UCM Samples page.

Enjoy!

Jeopardy, Watson, and Why Artificial Intelligence is Still Pointless

I'm generally considered a "cynic" when it comes to the value of Artificial Intelligence in general (and the Semantic Web nonsense in particular). This tends to get me into heated disagreements with people who have careers in the field... or those who cling to Jetsons-type fantasies of having Rosie the Robot doing their dishes.

I frequently respond, "you already have a robot that washes dishes. It's named Maytag."

The most recent breakthrough in the field is the highly impressive computer named "Watson," which after several years, and millions of dollars of R&D, was able to beat Ken Jennings at Jeopardy... or to be more accurate, the computer was faster than a human at clicking the buzzer when it came to answering questions that were from previous episodes of Jeopardy.

Interesting? Of course! Practical in any measurable way? No...

Let me be clear: the human language "fact mining" technology in Watson is impressive. And many have discussed the possibility that it could be used by doctors or lawyers or hedge-fund managers who need to react quickly to find the "right" answer. Well, I got a couple of monkey wrenches for ya:

  1. There is rarely "one right answer" in medicine for why you have a tummy-ache.
  2. Other than patient history, there is no study that says greater access to information would yield to better patient health... and a great number that have found the exact opposite. Like the explosion of unnecessary surgery since the invention of MRIs.
  3. If a lawyer or hedge fund manager ever used Watson to uncover "the truth," it wouldn't take long for somebody else to make software to game the system, making it practically worthless without massive human intervention (not unlike Google's losing battle against SEO Spammers)

I could go on and on... or I could just point out that after IBM's Deep Blue 2 defeated Kasparov at chess, IBM shut down the program, denying Kasparov the rematch he wanted. Why? Well, Deep Blue 2 was incredibly expensive to build and maintain... and other than good PR for IBM's hardware, the machine had practically no value.

Why does it have no value? Because with a laptop and $50 worth of software, just about any experienced chess player could beat Deep Blue, or it's rival Hydra. These machines just did brute-force analysis, and didn't have a "hint" about what strategy would be optimal. Somebody who knew what he was doing -- aided with a very small shell script -- could beat any supercomputer on the planet. Which is kind of the point I've been trying to make all along:

Artificial Intelligence isn't impossible, its just impractical. Deeply, deeply, deeply impractical...

The point is not that human minds are better than robots. It's just that until my Roomba has some petty cash to spend -- and a desire for something other than electricity -- the economy will be driven by human needs. Whereas it would be cool to have a general-purpose supercomputer that looks like a human and does your dishes, or beats the pants off of you at Jeopardy, it's always going to be more cost-effective to create single-purpose machines that increase human ability to meet human needs...

So... what kinds of tools would these be? Let's talk medicine: what kinds of software would actually improve human health? It seems pretty obvious: keep patient history in a secure, portable repository... and have your doctors read it!! Or perhaps a big database of drugs, and how they interact with other drugs, to ensure no side-effects? Or, perhaps a database of standard medical processes and procedures that have scientifically proven their efficacy? Or maybe slap an RFID chip in the leg to be amputated to avoid hospital error? Any of those would cost a heck of a lot less money than the Watson project and yield immediate benefits...

Watson is -- quite frankly -- a solution in search of a problem...

Putting Enterprise 2.0 To Work

There's always been a lot of buzz around the concept of Enterprise 2.0... We know all about the features, but what are the benefits? What are people actually doing with it, and how successful are these projects? Should you be concerned about the potential risks?

Andy MacMillan -- Oracle VP and collaborator on my second book -- will be presenting a free webinar about Putting Enterprise 2.0 to work, along with Doug Miles of AIIM:

When: Jan 26, 2011 2:00 PM - 3:00 PM EST
Where: Online!

They'll be presenting AIIM's latest market research on the subject... I'm hoping to see some hard numbers about who is doing what, what works, and why...

Don't forget to register for the conference!

Creating and Maintaining an Internationalized Web Site

It's alive! I put together this presentation to help folks who might have questions about how to create and maintain a website in multiple languages, and multiple countries. Big surprise: it depends!!! This presentation gives you some warnings, and a lot of questions you need to ask in order to get started.

I talked through a bunch of problems and risks, and how to mitigate them... I also covered a few ways to help cut the costs of translation, including the crowd-sourcing approach with Lingotek's software. I came across those guys a few months back, and thought that it was a pretty good idea: engage your employees, partners, and the rest of your community to help you select what items to translate, and actually do the translation. We recently made an integration with the UCM system: send Bezzotech an email if you want to learn more...

Open World: 3 Weeks Away!

As mentioned by Jake, Oracle Open World is nearly upon us! As usual, the hordes will descend upon Moscone Center in San Francisco September 19-23. I'll be there on the 16th to get a pre-briefing with Oracle along with the other Oracle ACEs. I'll only be giving one talk this year, but I hope you'll be able to make it!

Creating and Maintaining Internationalized Web Sites (S315784)
Time: Sunday, Sept 19, 3pm
Location: Moscone West L2 room 2007

There aren't many published best practices on doing this kind of thing with Site Studio... and it's kind of a tricky problem. Every company has a different need for localized web sites, and they almost alway have different needs when it comes to keeping them up to date (not to mention budgeting for translation!) There are several add-on tools that can help you keep your site updated, and I plan on going through a few.

UPDATE: my presentation is now online for your consideration... be sure to "like" it on slideshare.

Who Will Oracle Buy Next?

I came across a post last week trying to figure out what company will Oracle acquire next? The author posted a few options and was taking a poll. I can't tell if this is an exercise in the wisdom of crowds or just an attempt for the author to know what stock to purchase next... but the analysis was still interesting.

UPDATE: The poll got about 1250 responses, and most folks predicted that Oracle might just "play it safe." You can view the full results on the author's web site.

I also liked their chart that showed all the companies Oracle acquired since Peoplesoft as blobs on a timeline... it was interesting to see Stellent as a respectably large blob on the chart.

The potential targets are listed below -- some much more likely than others:

  • Teradata
  • Informatica
  • TIBCO
  • Computer Associates
  • Sungard
  • Infor
  • Research in Motion
  • Juniper Networks
  • F5 Networks
  • Brocade
  • VMware
  • EMC
  • Salesforce.com
  • Allscripts

I've heard rumors for years about who Oracle might acquire... most of which never come to pass. But, amongst the author's picks, I think Teradata and TIBCO are the most likely. Acquiring F5 might also make sense, and I wouldn't be surprised considering the new integrations F5 is making with Oracle Fusion Middleware... Allscripts would also make sense, if the price was right.

Then there were the crazy ideas... Oracle acquiring Computer Associates would be a longshot -- CA has been coasting on past glories for so long their products ain't exactly cutting edge anymore. Same with Sunguard: Oracle culture is clearly geared towards being a software company, not a services company... so nuts to that.

So what do you think? Leave a comment, or take the poll...

Recent comments