Articles specific to Oracle software products, including the former Stellent product line

Open World 2009, Day 1

Open world opened officially today... but I got there early for the "soft opening," including the briefing for my fellow Oracle ACE Directors. We had a surprise Q&A visit from Thomas Kurian himself. If I had known, I would have surely had a much bigger list of questions for him! Nevertheless, I learned quite a bit about Oracle's future product strategy. I can't share what I learned until after the conference, tho... they are planning a few announcements.

We kept trying to extract some info on the future of Sun product lines... but the Oracle folks were very tight-lipped about it. The European Union has not yet approved the merger -- mainly because of MySQL -- so they can't say a thing about it yet.

Some interesting news I'd like to highlight:

  • The Social Schedule Builder for Open World: my friend Chris Bucchere integrated his popular conference schedule builder with Oracle Mix... so if you have a Mix account you can use this to organize your conference. If you find Oracle's default Schedule Builder to be too clunky, check out this one. And since it was released a full 2 days before the conference, its perfect for procrastinators.
  • Try Out Amazon Web Services For Free:provided you're at the conference, and you show up at the Fusion Middleware Lounge on Floor 3 of Moscone West. Some Amazon folks should be there to give you a quick tutorial, and let you test it our for free.
  • Oracle is giving away 400 copies of my book. If you registered for the Information Overload add on, you get an electronic copy of my latest book. Not sure if that's a good sign for book sales or not...

I'll be heading to a few more sessions and user groups today... and I'm sure I'll have some updates after the main keynote.

UPDATE: the Sunday keynote just ended... and since Oracle was nice enough to give me press credentials, I thought I should post my thoughts ASAP. They were still pretty hush-hush about what the acquisition will mean. The three big questions are:

  1. What will happen to MySQL?
  2. What will happen to Sun's hardware division?
  3. What will happen to Java?

That first question was the big one... it's probably the main reason why the EU has not yet approved of the merger. Well, Scott McNeally made the obvious point that MySQL doesn't compete with Oracle; it competes with Microsoft SQL Server. Also, Oracle acquired two other open-source databases -- Sleepy Cat and Innobase -- and has increased R&D for them. Larry Ellison himself said Oracle promises to spend more resources on MySQL than Sun does right now. Given Oracle's past history with Open Source databases, I'm prone to trust Larry on this one. They'll likely use it as a wedge to get some of Microsoft's business when a company doesn't need Oracle's performance.

Oracle also seems to be committed to expanding Sun's hardware division. IBM tried to use the tiresome "Fear, Uncertainty, and Doubt" to scare existing Sun customers to dump SPARC in favor of IBM hardware... But I don't think so. The new stuff they showed off -- like the 4 Terabyte F5100 FLASH memory array -- was really innovative stuff. McNeally said you can get 4x I/O throughput by just bolting this on to existing storage infrastructure... not to mention ultra-low power consumption, and much more compact compared to IBM's stuff. Larry even issued a challenge: if you are an IBM hardware customer, and Oracle can't make your system run TWICE as fast on Sun hardware, they will give you $10 million dollars. IBM was explicitly invited to try.

End of the day, Sun's hardware is better than IBM, IBM is Oracle's new enemy, and Larry likes to win. Ain't no way that stuff is going away...

Regarding Java, I don't think there was ever a question there... Oracle is heavily invested in Java, and is a big contributor. They are going to keep that thing going as long as they can. James Gosling himself was up on stage, saying he looked forward to the acquisition... because then he'd finally be working for a software company!


Overall, I think that was a really good way to soothe Sun customers, Open Source advocates, the EU, and Java Bunnies everywhere.

Oracle Open World, 2009

I'm off to Open World! I came early this year, because Oracle is doing the ACE Director briefing on Friday. That's always a bit tense for me: sneak previews on cool technology that I'm not allowed to blog about! Alas, I'll survive... It will be nice to see all the other Oracle ACEs again, like Sten, Lonneke and Chris. I already bumped into Jason Jones at the airport.

For the first time, I'm not presenting anything this year. I had planned a few talks on security and Site Studio 10gr4, but this summer was busier than normal, and I couldn't put them together in time for the deadline. Kind of a bummer, but no big deal: I'll just present them at Collaborate 2010, or the local Minnesota Stellent Users' Group.

I don't know what I'll be able to share after my briefing today, but I'll do what I can. Also, if you are heading to Open World, and you'd like to meet up, send me an email!

Site Studio Performance Tuning: Now Posted

In case you missed my talk last month... IOUG has posted the full video of my Site Studio Performance Tuning Webcast. This was an hour long talk containing tips and tricks for making your web sites faster. Only half of it is specific to Site Studio or Oracle UCM: I also share tips on making general HTML pages faster, which should apply no matter what kind of system you use.

As usual... my presentation is available for download from Slideshare, if you'd like a copy... Although this one lacks the panache of the video version.

PS: sorry that its in WMV format... I had no control over that...

The Deep, Dark, Secret Origin Of Oracle UCM's Security Model

On a recent blog post about Oracle UCM -- Should Oracle Be On Your Web Content Management Short List? -- CMS Watch analyst Kas Thomas commented that he thought Oracle's security model was a bit spooky. He admitted that this may be because he didn't know enough about it: his concern stemmed from an overly stern warning in Oracle's documentation.

Alan Baer from Oracle soothed his fears and said that the documentation needed a bit of work... The documentation mentioned that changing the security model might cause data loss, which is in no way true. It should say that changing the security model might cause the perception of data loss, when in fact the repository is perfectly fine... the problem is that when you make some kinds of changes to the security model, you'll need to update the security settings of all your users so they can access their content.

Nevertheless, I thought it might be a good idea to explain why Oracle UCM's security model is how it is...

Back in the mid 1990s when UCM was first designed, it had a very basic security model. It was the first web-based content management system, so we were initially happy just to get stuff online! But immediately after that first milestone, the team had to make a tough decision on how to design the security model. We needed to get it right, because we would probably be stuck with it for a long time.

  1. Should it be a clone of other content management systems, which had access-control lists?
  2. Should it be a clone of the unix file permissions, with directory and file based ownership?
  3. Or, should it be something completely different?

As with many things, the dev team went with door number 3...

Unix file permissions were simply not flexible enough to manage documents that were "owned" by multiple people and teams. The directory model was compelling, but we needed something more.

Access Control Lists (ACLs) are certainly powerful and flexible, because you store who (Bob, Joe) gets what rights (read, delete) to which documents. The ACLs are set by the content contributors when they submit content. However, ACLs are horribly slow and impossible to administer. For example, I as an administrator have very little control over how you as a user set up your access control lists. Let's say some kinds of content are so important that I want Bob to always have access, but Joe never gets access. If Bob gets to set the ACLs on check-in, then there's a risk he gives Joe access. It's tough to solve this problem in any real way without a bazillion rules and exceptions that are impossible to maintain or audit.

Instead, the team decided to design their security model with seven primary parts:

  • SECURITY GROUPS are like a classification of a piece of content. Think: restricted, classified, secret, top secret, etc. As Jay mentioned in the comments, these are groups of content items, and not groups of users.
  • ACCOUNTS are like the directory location of where a content item resides in a security hierarchy. Think: HR, R&D, London offices, London HR, etc. These are typically department-oriented, but its also easy to make cross-departmental task-specific accounts for special projects.
  • DOCUMENTS are required to have one and only one security group. Accounts are optional. This information is stored with the metadata of the document (title, author, creation date, etc.) in the database.
  • PERMISSIONS are rules about what kind of access is available to a document. You could have read-access-to-Top-Secret-documents, or delete-access-to-HR-documents. If the document is in an account, then the user's access is the union intersection of account and group permissions. For example, if you had read access to the Top Secret group, and read access to only the HR account, you'd be able to read Top-Secret-HR content. However, you would not see Top-Secret-R&D content.
  • ROLES are collections of security group permissions, so that they are easier to administer. For example, a contributor role would probably have read and write access to certain kinds of documents, whereas the admin role would have total control over all documents. Change the role, and you change the rights of all users with that role.
  • USERS are given roles, which grants them different kinds of access to different kinds of documents. They can also be granted account access.
  • SERVICES are defined with a hard-coded access level. So a "search" service would require "read" access to a document, otherwise it won't be displayed to the user. A "contribution" service would require that the user have "write" access to the specific group and account, otherwise you will get an access denied error.

This kind of security model has many advantages... firstly, it is easy to maintain. Just give a user a collection of roles, and say what department they are in, and then they should have access to all the content needed to do their job. It works very well with how LDAP and Active Directory grant "permissions" to users. That's why it is usually a minimal amount of effort to integrate Oracle UCM with existing identity management solutions.

Secondly, this model scales very well. It is very, very fast to determine if a user has rights to perform a specific action, even if you need to do a security check on thousands of content items. For example, when somebody searches for "documents with 'foo' in the title," all the content server needs to do is append a security clause to the query. For a "guest" user, the query becomes "documents with 'foo' in the title AND in the security group 'Public'." Simple, scalable, and fast.

There are, of course, dozens of ways to enhance this model with add-on components... The optional "Collaboration Server" add-on includes ACLs, along with the obligatory documentation on how ACLs don't scale as well as the standard security model... The optional "Need To Know" component opens up the security a bit to let people to see some parts of a content item, but not all. For example, they could see the title and date of the "Hydrogen Bomb Blueprints" document, but they would not be able to download the document. The "Records Management" component adds a whole bunch of new permissions, such a "create record" and "freeze record." I've written some even weirder customizations before... they aren't much effort, and are very solid.

I asked Sam White if he could do it all over again, would he do it the same? For the most part, he said yes. Although he'd probably change the terminology a bit -- "classification" instead of "role," "directory" instead of "account." In other words, he'd make it follow the LDAP terminology and conventions as closely as possible... so it would be even easier to administer.

I do think it is a testament to the skills of the UCM team that the security model so closely mirrors how LDAP security is organized... considering LDAP was designed over many years by an international team of highly experienced security nerds. I'm also happy when it gets the "thumbs-up" from very smart, very paranoid, federal government agencies...

Enterprise 2.0: Ignore the Fads, Follow the Trends

A few years back, Andrew McAfee "coined" the term "Enterprise 2.0." Recently, he's been criticized on the web here, here, and here, for his definition... Critics are saying his definition is outdated, unhelpful, and flawed. Some of this criticism is a tad harsh, but a lot of it is valid. McAfee responded by re-stating what E2.0 is:

Enterprise 2.0 is the use of emergent social software platforms within companies, or between companies and their partners or customers.

Kind of light on the details, eh? He continued to define related terms like "social software", "platforms", "emergent", and "free-form"... which fleshed out the definition a bit... but still, I'm left with a big question. How is any of this actually helpful??? It doesn't mention technologies... it doesn't mention purpose... it doesn't mention value. Based on this definition alone, there's not really a compelling reason for anybody to get excited about it. Luckily, because of the Web 2.0 cool-aid, anything with a 2.0 after it will generate buzz, so people latched on.

Let's contrast this with the definition of ECM by AIIM:

Enterprise Content Management (ECM) is the strategies, methods and tools used to capture, manage, store, preserve, and deliver content and documents related to organizational processes. ECM tools and strategies allow the management of an organization's unstructured information, wherever that information exists.

Its not perfect, but it should be pretty dang clear to any businessperson what problems ECM solves, and what every day tasks will be easier if it is done right. It also makes it obvious that its about strategies and methods; not just tools and technologies.

I frequently lament that anybody is trying to define what Enterprise 2.0 is, before we even know what it is. The 2.0 clearly means that it is intended for the "next generation" of enterprise software... but what is the next generation of enterprise software? If it's nothing more than enterprise social software -- which is what McAfee says -- then why on earth do we also need the term "Enterprise 2.0"? If its just blogs, wikis, and next generation collaborating tools, then we already have a term: Web 2.0. In either case, the phrase "Enterprise 2.0" is useless.

Now, if Enterprise 2.0 is truly meant to define the "next generation" of enterprise software tools, then the term will one day become useful. However, since these tools are still being envisioned and designed as we speak, a definition is still fairly useless... since we don't know what Enterprise 2.0 is yet!

If anything, the definition of "Enterprise 2.0" should reflect the trends in enterprise software, not just the fads. Ignore blogs and wikis. Shun social software. Instead, take a good, hard look at the broad trends that will have a major effect over the next 10 years. Here is a small sample:

  • The never-ending increase in computer power: storage, network bandwidth, processor speed, and cloud computing... there will soon be another tipping point like there was in the early 1990s.
  • Retiring baby boomers, who are taking a lot of institutional knowledge with them en mass.
  • The millennials, who have never known a world without the internet, and who are natives to online collaboration.
  • Globalization: more competition means you need better tools to test out innovations. Companies need to fail faster, and learn better if they are to survive.

What do all these trends mean for Enterprise 2.0 software? It's hard to say for sure... but what is clear is that more and more of the most important data and software will emerge on the "edge" of your networks. Why have a central repository at all when the average laptops are powerful enough to run their own content management systems? The average user now has tremendous power to create content, and run easy-to-install collaboration tools. The genie is out of the bottle my friends... all we can do now is try to control the damage. Identity management, enterprise search, and distributed information management can help with security and content... but for the application proliferation problem, I'd bet on enterprise mashups.

As the baby boomers retire, you can forget the idea of teaching them new software so they can share their knowledge. No way, no how, ain't going to happen. Instead, you need a new system for capturing "people" knowledge as effortlessly as possible. My idea is to just rip-off Robert Scoble. He made a name for himself with nothing more sophisticated than a camcorder and some editing software. You want knowledge from technophobes? Why not engage them in one-on-one taped interviews? Low tech people-oriented solutions are frequently the best option for capturing content and context, although you will need something like an enterprise YouTube for consumption.

As the millennials enter the work force -- what some people call the "gamer generation" -- what will their needs be? The obvious solution is that they want something like Facebook for the enterprise. News flash: there already is Facebook for the enterprise... it's called Facebook. More compelling is the idea that employee management and business process management will evolve into enterprise simulation software. Something like "SimCity Enterprise Version". Software like this will need to be seeded with a ton of historical data, information about your processes and employees, and information about the current market. Then, you can run a simulation on the "what if" scenarios in a world of interdependent agents. This may seem far-fetched, but there is a lot of software out there right now that solves one specific piece of this puzzle... it's just that nobody has put all the pieces together yet.

We don't need another word for Enterprise Social Software... nor do we need to ride the coattails of Web 2.0 to sell the same old application with a Wiki bolted on. However, we do need to be aware that the enterprise will change a lot in the next 10 years: and not because of fads, but because of trends.

Web Form Tip: Add Excel-Like Calculation To Input Fields

When I'm filling out web forms -- especially ones with financial data -- I find myself frequently missing the ability to use Excel-like math syntax. For example, you could type this into an Excel field:

= 111 + 222

And the moment you moved to another cell, it would calculate the answer, and place 333 in the cell for you. This is extremely handy, but alas, very few web sites allow this feature. So much power in web browsers, and yet this little touch of usability is relatively absent. It reminds me of the scene from Futurama, where Phillip J. Fry and Bender the surly robot are trying to hammer out their monthly budget:

    BENDER: Now to figure out how much money I'm raking in off those twerps!  
                (Scribbles out some numbers with a pencil and paper) 
                Awwwwww, I need a calculator.
    FRY:    You are a calculator!
    BENDER: I mean a good calculator.

In an effort to help make web sites more like "good" calculators, I'd suggest adding some simple JavaScript to turn any number field into an Excel-calculator field. It's pretty simple, really... just capture the "onBlur" and "onKeyPress" events. If the user moves to a new field or hits "return", the code evaluates if the cell begins with a "=" character. You can try it out in the fields below... The relevant source code follows.

Value 1

Value 2

Value 3

	// create the always useful 'trim' function
	function trim(str) {
		return str.replace(/^\s+|\s+$/g,"");

        // check to make sure the JS code is 'safe'
        function isMathProblem(str) {
                return ! str.match(/[a-z,A-Z]/);

	// check to see if the 'return' key is pressed
	function isReturnKeyPressed(e) {
		var isReturn = false;
		var characterCode = 0
			characterCode = e.keyCode;
		else if(e.which) 
			characterCode = e.which;
		if (characterCode == 13)
			isReturn = true;
		return isReturn;
	// evaluate the math, if it starts with a '=', ignore errors
	function doExcelMath(field, e) {
		if (typeof e != "undefined" && !isReturnKeyPressed(e))

		var val = trim(field.value);
		if (val.charAt(0) == '=' && isMathProblem(val)) {
			val = val.substring(1);
			try {
				val = eval(val);
				field.value = val;
			catch (ignore) {
<form name="excel-webform" method="get" action="#">
<b>Value 1</b> <input type="text" name="value1" onBlur="doExcelMath(this)" onKeyPress="doExcelMath(this, event)"></input><br />
<b>Value 2</b> <input type="text" name="value2" onBlur="doExcelMath(this)" onKeyPress="doExcelMath(this, event)"></input><br />
<b>Value 3</b> <input type="text" name="value3" onBlur="doExcelMath(this)" onKeyPress="doExcelMath(this, event)"></input><br />

If this doesn't catch on, I might have to make a Greasemonkey script instead to cram this code into every web site I use...

NOTE: it can be risky to allow a user to call the JavaScript 'eval' function on arbitrary input data. They could accidentally munge up their page, or insert cookies into their browser. In most cases this will not lead to a successful cross-site-scripting attack... but depending on what you keep in your cookies, you should run some penetration tests to make sure nothing bad can happen.

Webcast: Site Studio Performance Tuning

UPDATE: My presentation on Site Studio Performance Tuning is now posted online.

It will be hosted by the Independent Oracle Users Group (IOUG) I'm going to be talking about general web site performance challenges; some of which will probably surprise you. I'll also cover what kinds of hardware and software that will speed things up, as well as little-known Site Studio features that you can take advantage of.

If you can't make it, don't worry! We'll be posting it IOUG archived webcasts page as well.

Quote of the Day

"... the problem with object-oriented languages is they’ve got all this implicit environment that they carry around with them. You wanted a banana but what you got was a gorilla holding a banana AND the entire jungle." -- Joe Armstrong

Ahhh... them Lisp bigots never change! Until they turn into Erlang bigots... but the guy has a valid point.

Folks who write Ruby and Python based web frameworks kind of understand the "banana problem" and work very hard to overcome it. They use principles like late binding, code injection, Don't Repeat Yourself, etc... But a lot of Java frameworks for web sites seem to not care about the banana problem at all... which leads to these kinds of layers:

  1. Database table
  2. XML Schema definition of table
  3. Auto generated Java objects with attributes matching table columns
  4. EJB Business Object Interchange Layer
  5. EJB Business objects
  6. GUI Interchange Layer
  7. HTML Scripting Form
  8. Finished HTML Page

That's pretty much like saying... "Well, as long as we dragged the entire Jungle along with us, we might as well make you swing from every tree before we give you a banana!"

Oh, and watch out for the Gorilla...

Inventor of Oracle UCM Named "Oracle Innovator"

This is nice to see... my former boss Sam White was named an "Oracle Innovator:"

That's pretty cool... only 23 people in all of Oracle are "innovators," which is pretty impressive considering the company probably has 100,000 employees. That's like the top 0.02%!

I personally thought this product was innovative because of how Sam took a very holistic view of the problem. Way back in the 1990's he saw how people were misusing Java as an "applet" platform... when it was really excellent at being a server. He invented this component plug-in architecture that was way ahead of its time. Only in the past few years have people recognized this model and labeled it as the "Inversion of Control" pattern... but few still understand its power. Not to mention that the entire system was based on web services, before there was even a word for it!

Sam also eschewed "object oriented programming" in favor of "data-driven programming," which was also against the grain. People sometimes look at me sideways when I bash object oriented philosophy... but once you work a lot with "pure" objects you see what a maintenance mess it can be. In addition, Alan Kay -- the inventor of object oriented programming -- also agrees that the currently philosophy is not what he intended and easily leads people into the weeds.

Congratulations, Sam!

Blog, or Blorphan?

Blogs, Wikis, and other Web 2.0 goodies have an important place in a broader enterprise content management strategy... but some caution is advised. As I mentioned in last year's talk "Enterprise 2.0: How You Will Fail," I think it might be more important to focus on the practical realities.

The free-flow of information is great and all, but does it translate into actual productivity? Or are you just creating faddish tools that will eventually be abandoned by users, after the novelty wears off?

Let's take blogs for example... Technorati's State Of The Blogosphere 2008 report claims that there are 133 million blogs in the world... Sounds great so far... but only 7.4 million (5.6%) of these blogs posted an article in the last 4 months! A mere 1.5 million (1.1%) posted an article within the last week, and about 900,000 posted in the last day (0.68%).

If these numbers are reflective of what you would find in a corporate blogging initiative, the outlook is fairly bleak. Assume you have a large push to get your employees blogging, and you succeed in getting 1000 bloggers in your company. If these statistics hold, that means that only 6 blogs out of 1000 will have useful, up-to-date information! Another 50 may have useful information, but it could be up to 4 months old... and possibly stale.

The rest of them could very well languish as "blorphans." One or two posts initially... but then only updated when the author is bored. In general, these posts will be tiny gems of knowledge strewn about your enterprise; usually outdated, and frequently without context.

So much for using blogs to measure the "pulse" of your company!

If you start a corporate blogging initiative, please do no attempt it without a strategy for giving people the tools and encouragement they need to keep going:

  • Have lots of helpful info on how to blog, perhaps coupled with a training program.
  • Give incentives for blogging... not monetary, but have public rankings of hot topics, hot bloggers, most linked content, most forwarded content, and the like.
  • Have a "blog for blogs," where people can exchange tips on blogging, and teach each other on the benefits of blogging.
  • Have a "president's club" for bloggers, elected by their peers, for bloggers that genuinely helped them. This could be for the best tips and trick, best breaking news, or the best analysis.
  • Use blogging tools that are easy to use, and which allow people to track their popularity, and how people tag their blog.
  • Rate improvement in blogging skills on yearly employee review forms, and be sure to give them time to blog.

Most people agree that public blogs help companies by making them more "transparent." Even if customers love your products, they will always have the fear that you might "go away" and not be able to help them in the future. Blogs from real people with real passion can help your customers feel more connected to the "pulse" of your company... even if that "pulse" is filled with stale information.

However... for internal people, the best way to keep everybody up-to-date is likely a more formal knowledge sharing process. Or you can just stick to rumors an innuendo, since company rumors are 80% correct anyway...

New Site:

For a long time, folks have been asking for a SourceForge-like site for Oracle consultants where they could share free code snippets. I've been trying to get one of these going for a while... but I knew it would be nothing without Oracle branding and an internal push. Well, Oracle recently announced this site:

You need to be either an Oracle employee, or an OTN member in order to use it. It's backed with Subversion (yay!), so you'll need hat to contribute. The number of projects is still fairly small at the moment... and it doesn't have a category for Oracle UCM yet. However, once it does, I'm sure we could get the number of projects there up to 20 or so ;-)

HTML 5 Versus Flash/Flex

There's been some chatter lately about how the next version of HTML 5 might make Flash irrelevant. And not only Flash, but also Adobe Flex, Microsoft Silverlight, and Oracle JavaFX might similarly become useless.

This is because the latest version of HTML has a lot of features that were previously confined to advanced animation plug-ins... the three I like the most are:

  • The <audio> and <video> elements, which allow for embedding rich media directly into the browser; the #1 use case of Flash.
  • The <canvas> element, which allows for images and vector-graphics to be directly rendered with JavaScript, which allows simple animations; the #2 use case of Flash.
  • Offline data storage so your users can keep a 5Mb database offline, manipulate data, and re-sync the data later; an uncommon use case, but vital for rich internet application that you can use on an airplane.

These features have been necessary for a long time... and even though HTML 5 is not yet a finished standard, most of it is already supported in major browsers: Firefox 3, Internet Explorer 8, and Safari 4. This means that you can create a HTML 5 application right now! Probably the most famous HTML 5 application out there is Google Wave for email, which we are all just dying to try out!

I feel that this kind of competition will be healthy... I'd wager that 90% of what people currently use Flash for could just as easily be done in HTML 5. Also, by being standards compliant, you'll have fewer concerns about vendor lock-in. What happens if Adobe gets into trouble, then is bought out by Computer Associates? No more Flash for you!

However, there is still a problem... currently HTML 5 compliant browsers are only 60% of the market... I know quite a few enterprises that are still on IE 6, fer crying out loud... Flash has the distinct advantage of working on older browsers, and has about a 95% market penetration. Although, last year at this time only 5% of users had a HTML 5 compliant browser, so maybe by May 2010 HTML 5 will be as popular as Flash?

Hard to say...

UPDATE 1: Well, it's now May 2010, so I redid the numbers... and according to the browser numbers from W3Schools about 75% of the market is using HTML5 compliant browsers. Now that Google has dropped support for IE6, I'd wager this number will be close to 95% in May 2011...

This question came up recently in the content management universe... a few weeks back EMC/Documentum unveiled their latest UI at the Gartner conference on Portals and Collaboration... and it was a pretty slick Flex-based UI. A daring move... However, slick UIs don't need Flex. Billy and I got a demo from Jason Bright about Media Beacon's latest app. It was very flashy, and uses pure HTML, CSS, and JavaScript. As Jason told CMS Watch:

"Flex, like ActiveX, Silverlight, and Java Applets before them are, in a sense, replacements to the browser. Each replaces the web browser in a proprietary way. While I love Flex as a technology, I do not think it is a good strategic decision to throw out the traditional browser for a new client-server model no matter how attractive"

The problem boils down to this: there are millions of people dedicated to making the web better; but only one small part of Adobe is dedicated to making Flash better. The same holds true for Silverlight and JavaFX.

If I were writing a one-off rich internet application, I might choose something like Flex, because Flex development time is half what it would be for a similar HTML/CSS/JavaScript app. There are so many browser bugs, and oddities in JavaScript, that its always a long slog to debug it. With the possible exception of the Google Web Toolkit, there really are no good ways to easily design a flashy HTML/CSS/JavaScript application... whereas designing application with Flex is relatively simple.

But... if I were making an application for resell, or one that I intended to have other people maintain, I'd be more hesitant to use anything but web standards. HTML 5 is right around the corner; product development cycles are long; and HTML 5 browsers could reach 90% market saturation in 12 months.

All things considered, the best option now is HTML 5...

UPDATE 2: in case you have been living in a cave, and missed the launch of Apple's new iPad, you might have missed the fact that the iPad will not support Flash or Flex. I'm uncertain whether this new device will really take the world by storm, but if it does, it will be one more reason to switch to an HTML 5 code base.

UPDATE 3: it appears that Steve Jobs has gone on records about why the iPad and iPod will NEVER support Flash. Steve-o brings up a few more reasons I did not cover here: Flash is a power hog, it doesn't support "touch" interfaces, and it crashes a lot. Steve Jobs ends with a plea: Adobe should use its brainpower to make a cross-platform IDE for HTML5, and stop trying to cram Flash down our throats. If they don't, then the "next Adobe" certainly will...

Joel on Platform Vendors

A while back I blogged about the lack of Oracle UCM "vertical applications". A vertical application is an add-on to an existing product or platform, but one that is industry specific. A lot of Oracle UCM consultants have created very general add-ons, and have sold them along with their services.

On occasion, Oracle implements one of these general features, and the add-on product becomes obsolete. Unsellable... and this can cause some grumpiness... but it doesn't have to be this way.

Joel on Software has recently had a similar rant about people who make add-ons to platforms... but in this case, he's referring to the iPhone. Similar to Oracle UCM, the iPhone is a platform... so you'll get some folks who just "fill the gaps," and others who create entirely new markets. A lot of gap-fillers had their profits crushed when the new iPhone OS rendered their add-ons obsolete. Some quotes:

A good platform always has opportunities for applications that aren’t just gap-fillers. These are the kind of application that the vendor is unlikely ever to consider a core feature, usually because it’s vertical — it’s not something everyone is going to want. There is exactly zero chance that Apple is ever going to add a feature to the iPhone for dentists. Zero.

Or, more succinctly, as Dave Winer once said:

Sometimes developers choose a niche that’s either directly in the path of the vendor, or even worse, on the roadmap of the vendor. In those cases, they don’t really deserve our sympathy.

Yes... If you make a general add-on to Oracle UCM, you have a wider possible audience... but that doesn't mean you'll be able to sell to it all! You'll have a tiny bit of market penetration, and then one day Oracle will just write a clone of what you did.

When it comes to add-ons to platforms, verticals are almost always more profitable. The market might be smaller, but it is much easier to highlight the need to your market, and the competition is less. If you make something good, odds are you'll be able to sell it for a looooong time.

Oracle Glassfish Now Supports Jython and DJango

Oracle -- as you know -- plans on purchasing Sun and all their Java-licious technology. This includes the open source Glassfish application server, which is a free competitor to Weblogic, which Oracle obtained in the Sun BEA acquisition... and they both competed with OC4J, which was Oracle's application server prior to 2008.

I -- along with everybody else -- am very curious to see how all this plays out... It certainly appears that OC4J has lost favor, and Weblogic stole the show... but now Oracle "owns" an open-source alternative to Weblogic as well. So which one should you choose? Naturally, this depends a lot on what out-of-the-box features and integrations you need... But if I were a developer creating a new application from scratch, I'd probably go with Glassfish. Besides being open source, they will soon have built-in support for JRuby/Rails and Jython/DJango web frameworks. To me, that says the people behind Glassfish really "get it" when it comes to delivering web frameworks that make developers more productive...

According to Vivek Pandey's blog, the latest preview release of Glassfish v3:

  1. Provides GlassFish v3 connector and deployer as OSGi module. Which means that deployment of a Python application will trigger Jython Container code.
  2. Wire up the HTTP request and response at very low level by implementing a GrizzlyAdapter, hence resulting in better runtime performance and scalability using grizzly scalable NIO framework.
  3. WSGI (Web Services Gateway Interface) is a Python standard to wire a Web Server to Python web frameworks such as Django or TurboGears etc. Jython Container implements WSGI interface and so it would be pretty easy to add support for various Python web frameworks. Currently, we have Django and we will have others such as TuroboGears, Pylons etc.
  4. Currently Jython Container is available thru GlassFish v3 Update Tool. In the future it may appear with GlassFish v3 core distribution.

His blog also has step-by-step instructions about how to enable Jython and DJango... with luck, this will be rolled into the final release, so these steps will be easier.

I'm also curious to see what Jake and the AppsLabs boys might think about Glassfish... those guys are building some of Oracle's most "social" applications, and they are big JRuby/Rails fans. I'm more of a Python/DJango guy myself. I've said many times that if I were to rewrite the Oracle Content Server from scratch, I'd probably have picked DJango as the core framework... But DJango in a Java container??? That's even better! Quick coding, easy modifications, plus the reliability of Java.

But that's just for my needs... others may prefer the "Weblogic way" for different reasons.

Blog Silence...

Sorry for the lack of blogging, folks... Last week was IOUG Collaborate, and I was usually indisposed. For those who didn't make it, you can check out my presentation on Slideshare. I gave my talk on A Pragmatic Strategy for Oracle ECM, as well as my Top 10 Ways To Integrate With Oracle ECM.

Billy put up some of his talks as well. The How To Be A Rock Star with ECM talk was well received... although the slides don't quite capture the whole presentation.

Overall, I was pleased with the turnout... I was kind of bummed out that there wasn't a bigger Oracle ACE presence there. I saw Dan Norris a few times, but there wasn't an 'official' ACE briefing. Oh well... I guess I'll need to wait for Oracle Open World in the fall. With all the new Sun customers and partners, that place is going to be chaos.

Time For The IOUG 2009 Conference!

If you are attending the IOUG Collaborate conference this year, you might want to check out my talks:

These are both repeats of the ones I gave at Open World 2008 a few months back... although the "Top 10 Ways" have changed a little bit since the introduction of the RIDC connector... I'm planning on something completely different for Oracle Open World this year. ;-)

I'm also doing a book signing after my "Pragmatic Strategy" talk... It will be at 2:30pm on Monday, at the bookstore. The bookstore is in the middle of level 2, outside the entrance to the exhibit hall. If you'd like a signature for either book, swing on by!

Unfortunately, there aren't any plans for the Oracle ACEs to get together... although I'm pretty sure that Dan Norris and others will be attending.

Oracle Buys Sun: Insert your own "Java Garbage Collector" Pun

In case you haven't heard, Oracle bought Sun... after being teased by IBM, and watching its stock price plummet, Oracle began talks with Sun last Thursday about possible acquisition...

If you were surprised, don't feel bad... Neither IBM nor Microsoft had a clue this was going to happen.

First thoughts... holy crap! Oracle sure saved Sun from becoming a part of the IBM beast... and now Oracle (more or less) owns Java, and has access to all those developers who maintain it. This is win-win for them both, in my opinion. Sun gets most of their revenue from hardware, which Oracle avoided doing for decades, so overall there's not much overlap in product offerings -- unlike last year's BEA acquisition.

The hardware-software blend is a compelling story... Imagine getting all your Oracle applications and databases pre-installed on a hardware appliance! Not bad... You could even get one of them data centers in a box, slap a bunch of Coherence nodes on each, and have a plug-and-play "cloud computer" of your very own.

Second thoughts... how the heck is the software integration plan going to work? Sun helps direct a lot of open source projects... including JRuby, Open Office, and the MySQL database... not to mention the OpenSSO identity management solution, and the GlassFish portal/enterprise service bus/web stack. The last two are award winning open-source competitors to existing Oracle Fusion Middleware products. Oracle now owns at least 5 portals, and at least 4 identity management solutions... unlike past acquisitions, existing Oracle product lines are going to have to justify themselves against free competitors. I can foresee a lot of uneasy conversations along the lines of:

So, Product Manager Bob... I notice that your team costs the company a lot of money, but your product line isn't even as profitable as the stuff we give away for free... Can you help me out with the logic here?

There are a lot of open source developers shaking in their boots over this... but I'm being cautiously optimistic. Oracle can't "kill" MySQL: there are too many "forked" versions of MySQL already, any one could thrive if Oracle tried to cripple the major player. Likely they will simply try to profit from those who choose to use a bargain brand database. Case in point, Oracle could sell them their InnoDB product, which allows MySQL to actually perform transactions.

Middleware is the big question mark... but with a huge injection of open source developers, products, and ideas, I'm again cautiously optimistic that -- after an inevitable shake-up -- the Middleware offerings would improve tremendously.

And Open World 2009 is going to be a lot more crowded...

Scripting Oracle UCM With Jython

Sometimes when I'm working on a big-ish project, I need to quickly whip out a script to alter items in the content server. The old-school way to do this would be to use the IdcCommand application... other folks might prefer a Java application written with the J2EE connectors in the Content Integration Suite (CIS), or maybe even SOAP... but my preference would be to do it all in a scripting language. In particular, Jython.

Jython is a Java implementation of the Python programming language... which is my favorite language these days. Jython did stagnate for may years, stuck on Python 2.2, and more than a little buggy... but the project is alive and kicking and just released version Jython 2.5 beta 3, which I recommend you use. I'd wager that the Jython project was revived partly because of envy about the rise of Ruby and JRuby. Whatever the reason, I'm always happy to have new code to play with.

You can invoke any Java libraries in Jython, so naturally you could use SOAP or CIS to make administrative scripts. However, I think the majority of people would prefer a new-ish Java connector for Oracle UCM: the Remote IntraDoc Client (RIDC). In contrast with both CIS and SOAP, the RIDC connector is very lightweight, very fast, and very simple to use. There's no WSDL or J2EE bloat at all; RIDC is just a "Plain Old Java Object" wrapper around UCM web services... so it's very easy to embed in a Java application.

To get started, download the most recent version of the Content Integration Suite from Oracle. This ZIP file contains two folders: one for the new RIDC connector, and one for the standard CIS connector. I'd suggest you take a look at the "ridc-developer-guide.pdf" before you go any further. The samples and JavaDocs are also very useful, but you can peruse them later.

Next, download Jython 2.5b3, and run the installer.

Next, make a folder to contain your UCM Jython scripts. Copy the "jython" launcher file from its install directory to this directory. On Windows, this file is named "jython.bat". Also copy the RIDC library "oracle-ridc-client-10g.jar" to this folder.

Next, edit your copy of the Jython launcher file to make sure the Java classpath includes the RIDC library. You can set this near where they set JAVA_HOME at the top. On Windows, you would edit "jython.bat" and add this:

        set CLASSPATH=%CLASSPATH%;D:\FOOBAR\oracle-ridc-client-10g.jar

On Unix, your would edit the "jython" text file, and add something like this:


That's it! Now just run "jython" on the command line, and you'll get an interactive shell where you can load Java classes, and use them. Loading them is fairly similar to how you load libraries in Python. For example, the script below will load the RIDC libraries, connect to the content server, run a search, and dump out the results:

# import the Oracle UCM libraries into Python from oracle.stellent.ridc import IdcClientManager from oracle.stellent.ridc import IdcContext # create the manager and client objects manager = IdcClientManager() client = manager.createClient("idc://localhost:4444") userContext = IdcContext("sysadmin", "idc") # prepare to run a search binder = client.createBinder() binder.putLocal("IdcService", "GET_SEARCH_RESULTS") binder.putLocal("QueryText", "") binder.putLocal("ResultCount", "20") # get the response response = client.sendRequest(userContext, binder) responseBinder = response.getResponseAsBinder() # dump out the response data localData = responseBinder.getLocalData() print("LocalData:") for key in localData: print(key + " = " + localData.get(key)) for name in responseBinder.getResultSetNames(): print("\nResult Set '" + str(name) + "':") rset = responseBinder.getResultSet(name) fields = rset.getFields() rows = rset.getRows() for rowItem in rows: for fieldItem in fields: print ("\t" + str(fieldItem.getName()) + " = " + str(rowItem.get(fieldItem.getName()))) print("\t----------------")

Remember: whitespace is relevant in Python, so watch your indentations...

You can easily expand on this to create scripts to run archives, batch update metadata fields, resubmit items to the indexer, or run them through a converter to generate PDFs or HTML. Also, there are multiple ways you can set up the security if you don't want to send the password with every request, or if you want to use SSL instead of clear-text sockets. See the RIDC documentation for examples.


Real-World ECM Success Stories

On my recent book tour, I presented some real-world examples of successful UCM strategies. It included some tips and warnings that Andy and I used to help us write the book... and shared some hard return-on-investment numbers from existing UCM clients. I uploaded the presentation to Slideshare, for those of you who were interested... or the lazy can just view it below:

I spent some time talking about the basics... what problems does ECM solve? What causes initiatives to fail? How do you define and measure success? And what are some tips for ensuring success? This is more strategy than technical, so hopefully everybody on your ECM team will get something useful out of it.

The hard numbers for cost savings came from the Survive or Thrive With UCM talks that Oracle has been touting recently. There's a lot of good information in those webcasts, which I won't repeat here. I'll just strongly encourage you to check them out.

Naturally... the people who had the best success to report were those who were the most disciplined in taking metrics. How much less paper are we printing? How much time is saved because the process is now automated? How much easier is it for employees / customers / partners to find the information they need? How much faster can you deploy new web sites? How much faster can you perform comprehensive audits? How much extra revenue can we credit to the system? How can you prove value to your boss?

If you don't ask the hard questions, and make measurements before and after, it will be difficult to ever quantify success...

Oracle Enterprise 2.0 Podcast, Parts 1, 2, and 3

Last week Bob Rhubart interviewed Billy Cripe, Vince Salvato and myself about Enterprise 2.0. Bob will be releasing it in three chunks, which you can download with the links below:

  • PART ONE: we began by discussing the importance of "social media," both in and out of the enterprise. We also touched on the importance of a Web 2.0 infrastructure to enable the "right kind" of collaboration. I spent a tiny bit of time discussing the importance of social search, in contrast to typical enterprise search, but not in the depth that I would have liked...
  • PART TWO: this talk was more about collaboration. Bob begins with the question, isn't Enterprise 2.0 just "anarchyware?" Meaning, it might do too good of a job at "flattening" the corporate structure, that it might lead to poor decisions and chaos. We dealt with how you can avoid anarchy, sometimes with a slow adoption that your corporate culture can tolerate, and sometimes by putting extra seat belts in these systems. The best enterprise 2.0 architectures should be natural extensions of systems that allow effective committee-based decisions... believe it or not, there are several good ways a big committee can make decisions, although it takes a bit of discipline. I also challenged Friedman's assertion that "The World Is Flat" with a rant about how The World Is Spiky. Random collaboration is pretty much just noise; true innovation will only occur when you get the right people to collaborate...
  • PART THREE: finally, we get talking about the digital natives: the latest generation of workers versus the baby boomers. The former will love the latest E 2.0 systems, because they will help them expand their influence, whereas the latter will hate changing their habits and sharing their knowledge so close to retirement... which is a shame, because that is exactly what businesses need. Luckily, systems like Facebook and Twitter are becoming so fun, that there's still hope to bring similar systems into the enterprise. We also discuss why should architects care at all about enterprise 2.0?

It was fun to put these together... and thanks a lot to Bob for editing all of our ramblings into easy to follow chunks! Feel free to comment on these podcasts below...

Recent comments