March 2007 Archives

We made a major decision this week that I'm, personally, very happy about. The Boomer
web site is moving completely to Drupal
. Currently, our site uses a CMS called Magnolia
, which is an excellent product, but the needs of our web site are drifting out of sync with the features provided. Magnolia provides good content management, workflow, and document management, but our site is growing in the direction of community building rather than publications. We're already using parts of Drupal for part of the Boomer Extranet service for our top-tier clients
. We've got another offering coming soon that will make Drupal an excellent fit for us and it just doesn't make sense to maintain two platforms anymore.

Since we're still developing business plans and this product is not officially announced, that's about all I can say for now about the community part of the web site. However, I would like to discuss some of the issues I'm going to be dealing with in moving away from Magnolia to Drupal. Most of this involves handling the publication aspects we do deal with in Magnolia that need special consideration when moving to Drupal.

For example, we have a reference library of articles related to topics specific to the accounting profession. We provide these articles to our premium site members, but provide only stubs to the articles to the public. Therefore, I need a way to store these articles, categorize them, and associate downloadable documents with them. I also need a way to secure access so that only the teaser and tags are available for marketing purposes while the rest are avaialble only to the premium subscribers.

Since this is a big issue to cope with and one that Drupal doesn't directly deal with (though I considered a possible solution in an earlier post
), I've created a Drupal Group
to deal with the topic of document management
. I hope to find others interested in the topic to create better solutions in Drupal for this problem. Anyway, if you're interested, please join
the discussion.

Cheers.

There's an old saying that goes, "If it ain't broke, don't fix it." Scott Adams once made the comment regarding how engineers think, "If it ain't broke, it doesn't have enough features." I think the latter thinking must have applied when Google released their latest Google Notebook
improvements this week.

I've become a major fan of this tool over time, but the new look is clunky and cluttered. I liked how sleek the interface was before, but now there's a bunch of extra shadows and rounded corners and borders that really serve no purpose but to distract me from my note taking. The notes also don't collapse very well anymore. I've also found some bugs in the search.

Bah. I hope they fix this soon.

I was going through my daily news reads today and came across this one
on Newsbusters
. It caught my attention because it was about O'Reilly ETech
, which was a conference I had considered attending this year. There's usually at least a few interesting things that come up each year and thought it would be educational. However, when I found out one of the speakers stayed home
because she was receiving death threats on her blog
and in other blogs, that's just freaky.

I don't know Kathy Sierra and I don't particularly care for the Head First series of books by O'Reilly, but what kind of a pathetic human being makes death threats? I hope the person or persons who perpetrated these death threats
are caught and prosecuted. It's illegal and the Internet must not provide any protection from this kind of behavior.

Cheers.

Okay, in my last post I posted a blog from Microsoft Word 2007 straight into my blog using the blog API that the latest version of Word supports. I've known I could do this from Google Docs for a bit now, but I hadn't gotten it to work. The reason I hadn't gotten it to work was the same reason that I had trouble getting Microsoft Word to work, the Blog API for Drupal doesn't really work unless the Blog module is turned on. Normally, I blog on my site using the "Story" module rather than the Blog module. However, once I turned on the Blog module, I was able to create Story nodes from Word and now from Google.

Google Documents killer features include the following:

• Easy to use. Anybody can figure this thing out. Login, create a document, edit the document, save. Done.
  
• Easy to share. You can share your document with anyone who has an email address. They can then login, edit your document, and save.
• Easy to compare. After you have edited your document or others have too, you can see every change that has been made by clicking on the Revisions tab. Again, super-easy.
• Spreadsheets too. Many of these same features are available in the Spreadsheets as well as the documents.
  

It's not so great in that some of the editing tools provided are a little too simple. There are no custom styles. There are only three kinds of headings. Tables are difficult to use. Bulleted and numbered lists can't be formatted (outlines are very difficult). You can change fonts, text color, font size, and some other aspects, but there's no way to use styles to make this consistent.

Finally, the worst part is that some of the HTML generated is not clean¿i.e., it actually includes things like font tags and uses line breaks heavily rather than paragraphs. The new Word publisher made my blog entry completely clean. I didn't really use any formatting so it wasn't a complete test, but it was still much cleaner than I've come to expect from Word.

Anyway, I'm using Google Docs heavily at home, especially for collaboration on my pro bono projects. At work, once Word is in place with SharePoint and the other tools to back it up, I think that will be the collaboration location of choice there. We'll see and I'll keep you posted.

Cheers.

Well, if you are reading this, I have successfully created a blog post from Microsoft Word 2007. I've played with Office 2007 beta, but really didn't get much mileage out. Now that I'm using 2007 and only 2007, I'm finding a number of things I like, a lot.

The fact that Word is used to render HTML within Outlook is pretty stupid, but most of the other new features I've seen are actually pretty nice. The ribbon bars are much more straightforward than the menu/toolbar system ever was. The new "webish" look of the interface makes me feel much more at home. Now, am I going to trade in my Mac and my Linux box to switch to Vista. Nope. I work in Office for the organization, collaboration, and communication stuff, but as a developer, Vista doesn't offer me much of anything. I don't even care that much for using Outlook to post to lists¿I do anyway, but I still don't care for it.

However, anyone who thinks that Vista is going away because of the UACs or the bugs or the lack of any notable interface improvements (i.e., the user interface is prettier, but that's it), I think you're wrong. The only reason Vista is going to hurt itself is the price. That won't stop Boomer Consulting from upgrading over the next year, though. I doubt it will stop many businesses. Vista is still going to be a force to be reckoned with for years to come, like it or not.

For the past few months or so I've been dinking around with CAS
and OpenID
and a few other protocols for web single sign-on
. The reason for this is primarily because at work we run a multi-platform web site. For the main content portion of our web site we've been using Magnolia
and for the community side of the site we've been using Drupal
.

It's kind of an odd setup, but it works. The structure might change in the near future, but that's a different story. We've got a few other products and services that we're also building. However, we don't really want members to login multiple times whenever accessing a different segment of the web site. This is where single sign-on comes in.

For the initial revision of the work I created a homebrew solution of single sign-on. It's immature, it doesn't really handle some of the security concerns it really ought to, and it's maintained only be me. Needless to say, this was a quick and dirty rather than ideal solution. The plan all along was to create a tool that could provide a single sign-on service in a standard way so that we didn't have to do much, if any, of the maintenance.

My research led me to conclude that CAS (Central Authentication Service), created by Yale, is really the best solution available. There are several others out there including Cosign, Crowd, OpenSSO, and others. CAS is the most widely supported of these schemes and it implements a very robust, simple, and functional protocol.

The major drawback to CAS, for me, is that it is written in Java. This isn't a terrible issue at work since we already use a J2EE server to support Magnolia. Yet, my experience with J2EE servers (even the ones that are just servlet containers) has led me to believe that they tend to be more difficult maintain than Apache with CGI or FastCGI add ons. Furthermore, I have some interest in using CAS on my own web site, but don't have the means to host a J2EE server without changing how I host my site (and I'm very happy with DreamHost
).

Therefore, I decided to see how difficult an implementation of the CAS server protocol would be in a different language. It was not difficult. The protocol requires fewer than 10 HTTP request/responses to be implemented and the processing required to build those actions is straightforward. Viola, we have CAS+.

CAS+ implements the complete CAS 2.0 protocol. As far as I can tell (without asking as I haven't contacted anyone in the CAS realm), the CAS 3.0 protocol does not exist or does not differ from the core of CAS 2.0 in that it consists only of aspect-oriented hooks to extend CAS+.

My plans branch further in that I want CAS+ to be a more general solution to this problem than CAS is. CAS is meant for use in a totally secure environment, whereas I'm willing to sacrifice a few things for additional flexibility. I've implemented CAS+ in Jifty
and am using CAS+ as a test bed for the work I'm doing with Jesse Vincent on the "virtual-models" branch of that product. Finally, I am thinking of building CAS+ into a more general authentication solution. There's no reason why it couldn't also support some of the other SSO protocols that exist and I would love for it to be an authentication source and sink for distributed authentication protocols like OpenID.

Okay, so that was kind of a meandering way to introduce CAS+. If you're at all interested, feel free to check out the Subversion repository where it's hosted. This is the only project resource I currently have for accessing anything about it. If you want help with it, you can use the Jifty developers mailing list (see Jifty.org
for information) or see me, zostay, in "#jifty" of the freenode IRC server.

Here are the important links:

• Via Subversion: //svn.jifty.org/svn/jifty.org/CASPlus/trunk
• Brows the Web: //svn.jifty.org/jifty.org/CASPlus/trunk