EXCEPTION::QUERY

A Blog About Database Products and Technology.

December 2006

A sad note: on December 23, Douglas J. Reilly, who blogged for Dr. Dobb's Portal on Database and Mobility topics, lost his long and heroic battle with cancer. We join with the large community of friends and colleagues who mourn his passing.

Doug was a first-generation microcomputer guy -- an Atari 8-bit early adopter who branched out quickly into Microsoft and eventually into mobile and pocket PC development. As owner of Access Microsystems, Inc., his most recent work was in Visual C++, Borland Delphi and the .NET Framework (C# and Visual Basic .NET). Also a prolific wordsmith, Doug authored the book Programming Microsoft Web Forms, numerous articles published in Dr. Dobb’s Journal and Software Development magazine, and was a much-read blogger on CMP's sites, and in other forums. A complete obituary will be posted on www.ddj.com shortly.

Posted by John Jainschigg at 03:32 PM  Permalink |

Yesterday, Solid Information Technology Corp. released solidDB for MySQL, a combo of MySQL on the front end, and Solid's solidDB Storage Engine on the back. On the TM1 benchmark, an opensource benchmark simulating transaction loads on a mobile phone carrier location database, Solid evidently posts more than twice the transactions per second than competitor InnoDB.than twice the transactions per second in the TM1 Benchmark for a database with 1 million rows.

The product will be licensed under the same dual-license model as MySQL -- users can choose a GNU General Public License or a proprietary license. It's available on Linux and Microsoft Windows today, with other MySQL-supported systems planned. For more info click here.

Posted by John Jainschigg at 02:22 PM  Permalink |

Late last week, news came down that ECMA (European Computer Manufacturers Association) had approved Microsoft's Open XML -- now slated to become the document format underlying Office 2007 -- as an international standard, a step viewed as putting Open XML on the fast track for ISO approval. In the process, ECMA auditors are said to have made significant changes in the standard, and produced over 6,000 pages of documentation, aimed at helping developers obtain consistent results, even when using only portions of the technology.

That's not a bad thing. It means that ... Well, that Office apps will follow an XML document standard, most of which will be well-documented, and, after all, it's XML -- so you load a document and puzzle over it and eventually, some of it swims into focus, right? And this standard -- or most of it -- won't move around so much that third-party solution and integration providers can't get a handle on it and build things of some lasting value.

It does not, however, mean that a single XML document standard now exists. Indeed, some pundits (who should probably know better) seem to have confused MS Open XML with OpenDocument, the low-level document representation used by Sun's OpenOffice, and actively championed by folks like Sun and IBM. IBM (the sole dissenting voice) voted against ratification of Open XML, calling OpenDocument a "vastly superior" technology. Said Bob Sutor, vice president for open source and standards for IBM, in his blog: "It (OpenDocument) is an example of a real open standard versus a vendor-dictated spec that documents proprietary products via XML. ... ODF is about the future, Open XML is about the past. We voted for the future."

In the short term, however, pundits seem to concur that the ratification may have given Microsoft back its PR edge with enterprises and federal/state/local government offices worried about lock-in to proprietary products; and wonder if this may ultimately contribute to stemming the current tide of "cutting up rough and moving to Linux" in those precincts.

Posted by John Jainschigg at 01:49 PM  Permalink |

Widely reported today: MySpace has teamed with Sentinel Tech Holding Corp., creators of the Sentry system for "voluntary" ID authentication and background checking, to implement, within 30 days, a solution that automatically screens MySpace profiles to determine if page-owners are convicted sex offenders. According to the release, MySpace employees will then "delete their profiles." Says CEO John Cardillo, the company is also looking at image-analysis software and other means whereby sex offenders using MySpace can be recognized, even if they don't use their real names in registering.

By now, all the computer people reading this are laughing ("Ha, ha, ha! They'll just use false ID, assumed names, fake photos, etc.") -- except presumably those who:

• Have actually been victimized, or know someone who has.
• Are involved in police and legal casework and forensics, so see what sometimes happens to the unwary/unlucky.
• Work in the field of authentication, so grasp materially how difficult it is to provide adequate technical solutions to these social problems.
• Have enough experience with large online communities to have seen how deep stone-cold weirdness runs in the American middle class.
• Are actively involved in computer dating and other socializing, or
• Have children who go online.

Those folks aren't laughing. Hopefully, however, if they understand computing, they'll follow that this great PR move by MySpace will not, in fact, increase anyone's security. That it indeed may winnow out a tiny minority of lazy dangerous people for ... I dunno ... a week? Until somebody figures out, packages and posts the right combination of anonymous email hosts, proxies and other "best-practice" tools (all probably legal) to allow anyone to circumvent this protection. The smart, motivated dangerous folks, of course, will find out everything they need to know via Google, and be back on MySpace within a couple hours.

Pollyanna-ish aside: I note that the vast majority of folks online are pillars of their communities, and pose no risk to anyone. I also note that just because a person spends time at "Furry-only BDSM" clubs in Second Life, it doesn't necessarily mean you don't want to marry them. Of course, the proposed solution will not provide background checks of such depth, either ... yet.

But "yet" is the operant word, here. Sentinel's main product (not the system discussed above) is Sentry, which is (according to their website at sentryweb.com) a quick way of checking your name/SS# against public info sources, and returning ... well, presumably returning a link to a report detailing your real (first) name, real city of residence, real age, and prior convictions.

Sentry is marketed to online service providers (e.g., people who run dating sites) on the one hand, and to consumers of these services, on the other. The drift is that Sentry wants online services to provide links and APIs facilitating queries of their system by users, and ways of posting returned reports in online profiles so that other users can access them. They then want users to voluntarily ask for their own reports, and post results.

This makes me yearn for the bad old days when "nobody on the Internet knew you were a dog." The privacy issues alone are mind-boggling: it's trivial to design bots to capture these profiles and work a variety of public-records sources (including, most obviously, the services worked to produce them in the first place) to rebuild whole records or, failing that, to acquire enough surround information to demographically slot the user in ways that Yohimbe-extract and "size optimization system" vendors will find appealing. But heck ... there are lots of ways to steal identities and expose folks to spam that aren't nearly so laborious to implement.

The real, Orwellian deal, here, is that Sentinel has figured out a way to harness social pressure and paranoia to induce people to compromise their own privacy, "voluntarily." This is an order of magnitude weirder than simply putting public records online and, say, charging $35 for a identity-check -- though the latter service, now available for close on a decade on the 'Net and trivially accessible for years before that to folks in the know -- clearly does much damage. Still, that's "calling party pays" -- and the person doing the checking pretty much has to signal their intentions (i.e., "What's your exact street address? Is there a hyphen in that?"), or wait a decent interval after first meeting in order to accumulate the necessary input data in normal, friendly discourse.

This Sentry thing is scarier. It must provide a legal shield to the service provider, who can then (as so many already do) blithely profit by creating/hosting environments that pump up the social and sexual volume well past the point where people start getting stupid. On the other hand, it also engenders huge pressure on people to certify and reveal information about themselves as early as possible -- not even as early as possible in a specific relationship, but as early as possible in ones involvement with an online community of interest.

Why? Because once you start chatting or emailing with someone, it very quickly starts feeling rude to say "Well, I'd love to meet you for coffee, and we could do that Tuesday if you'll just certify yourself with Sentry in the meantime." This is not, therefore, how it's going to work in many cases. Instead, people are going to certify themselves right off the bat, because they think it's expected (which it increasingly will be), and they're going to make the information public immediately, so that creepy dialogue won't interrupt the later flow of all the relationships they hope to engage in.

I have great sympathy for people's fears. But if this is pointing towards the endgame, I have to say: Just say no. Don't let your kids use MySpace. Don't date online if you're stupid. Don't date at all if you have no tolerance for risk. And don't help create "safe zones" for multibillion-dollar corporations under the guise of individual empowerment.

I have delayed mention of this last point because these issues of risk and privacy affect men and women equally in large respect. But to conclude, I want to add that part of the paranoid dynamic making such "solutions" seem acceptable is anti-male prejudice; and that pressure to self-certify via such means will inevitably fall disproportonately on men. And that's unfair -- particularly since most of the nice guys of my acquaintance have, at one time or another, burned mental calories wondering how to better signal their good intentions in social and public situations. As a big man, living in a big city, I've often wished for a way to signal unambiguously to those who might feel threatened by my proximity that I'm a nice, law-abiding guy. So now I have one, right? But it's not quite the unalloyed blessing that I expected.

Posted by John Jainschigg at 08:30 AM  Permalink |