Friday, December 15, 2006

An open letter to the WTO and Pascal Lamy

I have worked in the United Nations to create a free and open stack of technology that will help level the playing field for the world. My employer, Adobe Systems, even spent a considerable amount of time and effort implementing some of the standards from UN/CEFACT using PDF and LiveCycle as the platform. The UN eDocs project allows people to simplify the process of creating the paperwork that must accompany goods in trade. The net results is that more people are given access to the trade infrastructure meaning they now have new chances to participate on a level playing field. Just imagine a world where anyone wanting to ship anything internationally had to pay $100,000 to buy a software program to communicate with the trade network? This should never be allowed to happen but it has in some places. One of the reasons I am excited about Apollo it the possibility it will lower more technology barriers to benefit humanity.

During this process, all of us in UN/CEFACT were aware that our work was needed because time has run out for some people who are being affected by the disparity in global trade created by technical barriers to entering the global trade network. The results are seen in the news - people starving, countries at war over resources and people denied the basic necessities of life.

Like any large committee, UN/CEFACT had hiccups and work had to be kick started a few times. As a Vice Chair, when this happened, I reminded the people involved that time was of the essence given the people who we are working for have no other options. Most ot eh time they complied and found a solution.

The World Trade Organization (WTO) has had a mandate to do similar world for all aspects of trade to create a fair and equal playing field for all people to prosper under. Unfortunately, the Doha talks have stalled and there is no schedule to resume certain talks that need to happen. The WTO has got to act now. Every day they delay means another day people live in poverty. I am upset by this and have written a direct letter to the Director General, Pascal Lamy. M. Lamy is going to hold a direct chat in December and I will attend and be say what needs to be said. Here is a copy of that Letter:

************************
M. Lamy:

Thank you for making yourself available to citizens like myself. We understand you have a very busy schedule and are grateful for your time to listen to our point of views. Please consider the following question and statement as two of my top concerns. If you can fix this, I have all I want for Christmas.

Question:

I too worked in a chair position for a UN body (UN/CEFACT 2004-2006) and found that talks can often break down. I immediately got everyone back to the table to resume dialog and did not let the process stall. I did this because every day, people are subjected to unfair economic discrimination. My question to you is "what are you going to do to force the talks to resume"?

Now my statement:

Every day the stalled Doha Liberalization talks fail to happen, people die as a direct and indirect result of economic disparities. They die M. Lamy. Men, women, children. They die!! I will invite you and those who sit within the WTO to remind themselves who they really work for. They work for people who do not know they exist. They work for people who do not even understand the system they have set up. They work for those who are too weak and too underprivileged to help themselves. You work for those people who are at most risk to die as a result of your failure to conclude these important talks and implement the policies.

You have a heavy burden on your shoulders and I do not envy you. Sometimes, the bureaucratic path fails when procedures are followed to rigorously and complacency follows. After all, no one in your family or mine will die and paying a few more dollars for gas and groceries is probably acceptable for both of us. But it is not!

PLEASE! Stand up and make a difference. Take control and remind those who need to work that there are consequences of their failure to work. Remind them who they work for and that they have a chance to save lives, both metaphorically and in reality. Lead them well, facilitate the process and make a difference.

I worked for the UN to help these people too. It is a thankless job and not many understand the frank reality of the world of commerce. If you ever need help, issue a call to action and I will be there.

Duane Nickull

Thursday, December 07, 2006

Screenshots: Apollo Extensions for Flex Builder

We’re one step closer!! Today I got the chance to try out some great pre-release technology from Adobe. The Apollo Extensions for Flex Builder is a small installer that adds Apollo Application capabilities directly into Flex Builder. I tested the build on the Mac.

CAVEAT: Nothing you see here may eventually make it into a GMC build. This is just a heads up. I suspect some of you might want to jump on the first Apollo Public Beta when it is available.

For those of you who do not yet know Apollo, Apollo is an internal working name for a technology that takes Flex Applications outside the browser. You can also incorporate HTML alongside your SWF’s to build standalone applications that can interact with local system resources. Apollo applications are built using MXML, the declarative programming framework and language used by Adobe Flex.

Before doing this, there were several manual steps one had to go through in the Flex Builder in order to create an Apollo Application including importing the ApplicationWindow *.swc to the Flex Builder Environment and changing the namespaces manually in order to get Flex Builder to compile the MXML into an Apollo Application.

The install of the extensions is really simple. The 20 MB download for Mac extracts into the installer. Double clicking on it opens up the install dialog. On the third screen I recommend just hitting “next” and using the default location. Note that you must have Flex Builder installed prior to installing the Apollo Extensions.



A post mortem on the directory reveals a wealth of Apollo wizardry installed during the process. Just look at all the Apollo goodies I now have!

When I launch the Flex Builder and start a new project, I have the option of creating a new Apollo Project.
When selected, the option automatically imports the required libraries and sets up the stub project with the default skeleton code. The MXML looks as follows:

Additionally, under the components browser, there is a new category called Apollo with some extra goodies in it for Apollo Developers. You can use these in addition to the stock Flex components to mix and match and build your application.

I quickly whipped up a UBL (Universal Business Language) application as a standalone app to work with UBL. No – it is not finished yet but it shows the real power of Apollo. The real magic happens when you hit the run button. Instead of the Flex Application building a SWF experience inside an HTML page, it launches a standalone application. The screen shot below show the small application I built on the Mac OSX (intel).


This technology is going to change a lot. The application above took less than 15 minutes to create the GUI for. Others have built some really cool applications like the Ascension MP3 player (screen shot below).

This application, written by Apollo guru Mike Chambers, can load a local itunes library file and songs referenced on it, has several visualizers and controls for the audio files and can also search on the web for photos from Flickr based on the metadata in the audio files. I loaded up one of my own songs from Mix2r.com and the Ascension application read my name on the ID3 tags and searched Flickr and found this photo.

This is yet only the beginning of what is possible.

Monday, November 27, 2006

Anne 2.0 joins Redmonk: today's significant event

You may think this is a funny title from a guy who is stuck in a city with 40 cm of snow and no drinking water (a temporary streak of bad luck for the otherwise "good luck city" Vancouver, BC). Nevertheless, I will explain why I think it is significant for the industry.

Redmonk is an analyst firm that "gets it". They are not just a group of suits who you can give money to in order to justify a point of view of have them endorse some bad idea like SOA 2.0. In fact, I am not sure I have ever seen any of them in suits. They are one of the few analyst firms I know that actually will tell you your idea is full of "it" if is bad. At a recent Adobe conference, I witnessed a senior Redmonk analyst sitting across the table from one of our executives deliver a very pointed stream of thought about a technology subject he felt passionate about. Some (not all) other analyst firms would have just been the typical "yes men" and caressed a square peg into a round hole. Redmonk is not like that. Redmonk tells you straight up where you are doing good and where you can do better. CAVEAT: Yes - I know James, Steven and Cote just as friends too. I think that despite a personal friendship though, my opinions are objective.

Today I was shown some rather great news that gave me the same sort of "stoke" factor as being at Whistler in 1 meter of fresh powder listening to the newest Pennywise CD (well maybe not quite that much). Anne Zelanka has joined forces with Redmonk. Anne has a great following in the technology space and to my knowledge has the distinction of being the first ever blogger (as opposed to anaylyst/press) invited by Adobe to attend the MAX conference. Nevertheless, a following is moot unless there is some substance to back it up and in Anne's blog, Anne 2.0, there is a lot of good substance.

So what does this mean for the established analyst industry? Could it just be that they have a stronger and more formidable competitor. Perhaps but to me I see Redmonk as opening a new sector, perhaps something like an open knowledge/intelligence transfer sector or community. They are a part of an evolving ecosystem that is responsible for intelligence and knowledge transfer on a mass scale to all companies and individuals (not just large enterprise clients although Redmonk has some of those). They fill a unique and valuable niche in the marketplace to be a little more cutting edge, a lot more candid, a huge amount more open and present the knowledge back in a package that is accessible to more than just large multi-national corporations. They have a lot of what the rappers call "street cred" (credibility on the street with the average IT worker or gang members in the case of rappers). Maybe Redmonk should make a rap CD on Mix2r.com?

However you package this news up, one thing is for sure - Redmonk will be on every analyst company's radar after today.

Friday, November 24, 2006

Great LiveCycle Resources

I just came across this site
http://livecycleportal.org/. As far as I know, this is not published by Adobe yet is by far one of the best resources available for LiveCycle Developers. There is also a Google Group set up for LiveCycle Developers. I would encourage anyone interested in LiveCycle to join and contribute to the conversations. The group may be reached at http://groups-beta.google.com/group/livecycle?hl=en.

I have been asked numerous times about LiveCycle 8 given the excitement about the first truly SOA platform coming from Adobe. I cannot answer this question but would encourage people to check the Adobe Enterprise Developer Site at http://www.adobe.com/enterprise/developer/

Other than that, please post questions on this blog and I'll always try to get you an answer from inside Adobe.

peace!

Thursday, November 16, 2006

Webinar: Getting to know Apollo

For those who contacted me on the last entry wanting to know more about Apollo, there is a scheduled session to reveal the basics and more. It runs Nov 28 and you can register for it here.

I also got asked why this is truly revolutionary. Part of this is because it frees Flex and Flash developers from the limitations of running in a browser. The security model prevents scripts from executing in a browser that would potentially jeopardize the clients system. This means that every aspect of interaction between a Flash RIA running in a browser and a local resource has to be explicitly permissed. The Apollo Application Window replaces the browser and allows the RIA to interact with local resources as any other application would.

The distribution model is interesting and will likely be discussed during this call. The runtime environment model is similar to Java. In that model, the Java Virtual Machine (JVM) supports the runtime environment and maps the java functionality to the lower level operating system and platform, freeing developers from having to write code to target each platform. The motto of write once, run everywhere is appealing to developers.

More on Apollo later - I am going to test the M2 build today.

Wednesday, November 15, 2006

Adobe Apollo Groundswell!

I am an evangelist! I evangelize things. How did I become an evangelist? Simple - I declared "I am an evangelist" and went forth and evangelized. So what do I evangelize about? A lot of things but nothing that I am not excited about. Today I want to talk about Apollo.

Apollo is the code name for a cross-operating system runtime being developed by Adobe that allows developers to leverage their existing web development skills (Flash, Flex, HTML, JavaScript, Ajax) to build and deploy Rich Internet Applications (RIAs) to the desktop. The possibilities and results are truly amazing. I compiled my first Apollo application while Mike Chambers was doing his talk at MAX. The process is fairly easy, especially if you are familiar with Flex Builder. When you set up your Flex project, all you have to do is import an extra *.swc file for the Application Window and use it in your project. There are some minor tweaks that need to be done now such as manually adding a new namespace but for the most part, the Application Window is the big item. It hosts the flash application but unlike the Flash Player which acts as a sandbox to run flash apps within a browser, the Application Window runs the flash applications as standalone apps with access to system resources. Give the power of Flex is you can rapidly build applications, these two technologies are going to be the cornerstone of new app development in the next decade (me thinks).

So how many people are getting stoked on this stuff? 4-5 months ago I did a search on google for "Adobe Apollo" and got 3,500 hits or thereabouts. Today it is at 196,000 - http://www.google.com/search?hl=en&q=%22adobe+%2B+apollo%22&btnG=Google+Search

Tschuss!

Tuesday, November 07, 2006

Web 2.0:: FAST re-born?

I am attending the talk on search produced from FAST, the search engine company out to tackle Google. As first I was a bit skeptical but Bjorn Olstad is a smart guy and started making sense. I'm going to give FAST a try and start doing my searches on it.

Interestingly enough, it raises a question brought up in the previous session I attended. How do I transfer my content from Google to Fast? I have a google start page made with quite an impressive array of widgets and information. This is my normal dashboard when I get online. The first things I want to see are Adobe's current stock price, weather reports, news from /., CNET, BBC, the Onion's RSS feed and a bunch of other stuff. How easy is it for me to transfer this information from Google to Fast? Has Google created an unfair market for Search based on adding so many periferal bits? Probably no but it is something I want to be conscious of in the future.

Fast - here I come. Send me some results. The Fast guys are smart, think I'll have some beers with them later. I also want to talk to them about how Adobe might work with them.

FTI ( /. means "Slashdot" for those who didn't get it)

Confused over Mozilla and AVM?

Hey y'all. So here I am at Web 2.0 and I am getting tons of people coming up to me stating some pretty wierd interpretations of our announcement today. For the record, the official announcement is here:

http://www.adobe.com/aboutadobe/pressroom/pressreleases/200611/110706Mozilla.html

Please read this carefully to avoid the top 5 misperceptions:

1. We are donating Flash to open source. This is not true. We contributed source code for the ActionScript Virtual Machine (AVM) to the Mozilla Foundation. AVM is the scripting language engine which interprets Actionscript during runtime. It is a very advanced and well thought out software application but like any other can benefit from new fresh contributions.
2. We have not donated the Flash Player to open source. Note that several /.ers think we are. It is also not true. FP != AVM.
3. We did not purchase Mozilla. One girl told me and several others ina hallway we did. I won't even get into this one....
4. We control the project in Mozilla caled Tamarin. No we don't - in fact giving the code to Mozilla is just the opposite.
5. We are not making flash director open source.

Folks - please read the release carefully....

Thanks

Hello from Web 2.0 2006 in San Francisco


I am at the Web 2.0 conference today. I have been treated like royalty today thanks to the huge announcement today that Adobe donated source code for the ActionScript Virtual machine (AVM - the code behind Flash) to Mozilla. The renewed and invigorated commitment to open source software has made us hugely popular with the crowds here. As an opportunist, I will be honest and state that I will accept any offers of free drinks on behalf of Adobe ;-)

A great session was put together to examine the subject of impact of SaaS and other W2P0 paradigms on Small Business. Google, Etelos, Soho and Microsoft were panel members. Some concerns that SMB’s voiced were the lack of good software use models (trials etc) are in contravention of the needs of SMB’s. Despite being standing room only, the session was pretty active. Danny from Etelos is a smart guy with a funny sense of humour (note the Canadian Spelling - I do this to poke fun at his USA accent and spelling mistakes WRT the queen's english. maybe he'll comment back ;-)



I pointed out during the discussion that Adobe has made huge strides in the area of SaaS to recognize that not all PDF users will pay $500 for a copy of acrobat if they think they will only ever need to make 5-10 PDF’s. We also offer the functionality of Acrobat Connect (formerly Breeze) and Adobe LiveCycle Policy Server as a Service. The question posed back was – when will Photoshop be a service? Interesting idea. There are a few good ideas that came out of this during the ensuing conversations:

1. Would someone make a web service to compile MXML into Flash files (*.SWF)?
2. Will our Web Service for PDF be extended to accept pure XML input and what format will that input be? Perhaps PxDF – an XML version of PDF?
3. What services will Adobe offer that can be used in Mashups? Currently, we enable many other companies to expose their services in a way they can be consumed.

The main conclusions drawn from this session are that ecosystems are good for services and there has to be trust in the service provider. SMB’s also need to know they are not locked in when using SaaS models.

Friday, October 27, 2006

Beyond MAX is Apollo - First Mac OSX Application

Well here I am, back home from MAX 2006. The event was killer! Tagged with the Marketing slogan "Beyond Boundaries", it turned out to be so pulling that we never made it "Beyond the Hotel". So what was the biggest pull? The LiveCycle Birds of a Feather was cool (yes - my boss John H. will shoot me when he gets the bill for the beers I bought for everyone) but Apollo was my favorite. Being on the inside at Adobe is cool. Really really cool. I get first dibs on new technology and get to whip up samples to test. Watching Mike Chambers at Max 2006 was inspirational. He is soft spoken and very humble while showing us potentially the coolest of the cool.

Apollo is an internal code name for an application framework that uses flash yet does not require a browser to render like Flex Applications or Flash (*.swf) files. Apollo applications use a parent container as a frame that will eventually be able to Apollo Code Sample

The MXML file above can be compiled alongside an "application.xml" file that declares the pieces to the application. In this case, it is simple and there are only two files. The end result is the *.air file which renders in Flash but skinned as a complete application.



Flex 2 is cool but sorry - I think Apollo is gonna be *way* cooler. If you are coming to Web 2.0, stop by the Adobe booth to say Hi and I'll give you a quick demo of Apollo.

Wednesday, October 25, 2006

Grabbing XMP Data with XPAAJ

During Max 2006, I am helping out Gunar Penekis with a talk on XMP and demonstrating our XMP SDK toolkit written in C. The Adobe SDK uses James Clarke's Expat Parser and has some custom classes to grab XMP and manipulate it. The samples directory also has some great examples to get anyone up and running.

However....

Being a bit more of a Java head, I felt like being productive. During Matt Butler's excellent 3 hour hands on tutorial on LiveCycle, I got inspired to write an extension to the XPAAJ sample I posted earlier for getting XMP out of a PDF document. The source code is here (sorry about the formatting - email me if you want to get the real file via dnickull (at) adobe (dot) com):

import java.io.*;
import java.util.*;
import java.awt.image.DataBuffer;
import com.adobe.pdf.*;

/* XMPExtractSample
* by Duane Nickull, Adobe Systems Inc. dnickull@adobe.com
* Copyright (c) 2006 - all rights reserved
*
* Use this at your own risk and don't whine to me if it doesn't work.
* You will need to have XPAAJ.jar from Adobe.com. Written and tested
* with JDK 1.5 on a mac w/osx 10.4.7
*/

public class XMPExtractSample {

public static void main(String[] args)
throws FileNotFoundException, IOException

/* Make sure we have the correct args.length() and call PDFExtract() */
{
String inPdfName;
if(args.length != 1 )
{
System.out.println("\nCommand line format: java DuanePDFClass1 pdf-file");
return;
}
else
{
inPdfName = new String(args[0]);
PDFExtract(inPdfName);
}
}
public static void PDFExtract(String inPdfName)
throws FileNotFoundException, IOException

{
System.out.println("\nOpening PDF with DuanePDFClass1...");
PDFDocument doc = null;
boolean b = false;
FileInputStream inPdfFile = new FileInputStream(inPdfName);
try {
doc = PDFFactory.openDocument(inPdfFile);
} catch (IOException e) {
System.out.println("Error opening PDF file :" + inPdfName);
System.out.println(e);
}

if(doc == null)
System.out.println("Cannot open PDF file : " + inPdfName);
else
System.out.println( "\n" + inPdfName + " was successfully opened.");

// Export the xmp metadata from the document

try {

//Call the PDFDocument object's exportXMP method.
InputStream myXMPStream = doc.exportXMP();

//Get the byte size of the InputStream object.
int numBytes = myXMPStream.available();
System.out.println("\nNumber of XMP Bytes found is " + numBytes + "\n");

// Read into a Buffered Reader Stream.
BufferedReader d = new BufferedReader(new InputStreamReader(myXMPStream));

// Iterate through the XMP object and print each line
String xmpLine;
while((xmpLine = d.readLine()) != null)
{
System.out.println(xmpLine);
}

// Find the Physical Memory Reference of the object
System.out.println("\nXMP InputStream is in physical memory at -> " + d);

//Create an array of bytes. Allocate numBytes of memory.
byte [] MDBytes = new byte[numBytes];

//Read the XMP metadata by calling the InputStream object’s read method.

myXMPStream.read(MDBytes);

} catch (IOException e){

System.out.println("it went really bad" + e );

}
System.out.println("\nXMP Extraction has finished.");
}
}

Tuesday, October 24, 2006

LiveCycle Tracks at Max are busy


Okay - who would have believed this a few weeks ago. The LiveCycle tracks at max are filling up. The photo above is from Sanga's LiveCycle 8: What's coming talk this AM. Despite a late start due to the general session running over, the talk filled up. The lunch hall was filled to boot!

have to run and prepare for two back to back talks - first one I have to build our new XMP SDK 4.0 in xCode on the Mac to demonstrate the functionality. My C skills are a bit rusty. Later, Christoph Rooms and I are doing our first talk on LiveCycle Security Architecture.

MAX 2006 - Shantanu and Blue Men


During the morning keynote we were treated to a performance by the Blue Man Group. Think heavy metal music with magic tricks, art and paint. Lots of paint. Mostly blue paint.

Shantanu is giving a great keynote speech right now. He also issued a challenge to everyone here to try and solve the Semaphore puzzle on the roof of the Adobe building in San Jose. No one has solved it yet. There are several observations on this blog for anyone interested.

Shantanu also re-iterated Adobe’s aim to bring the internet to more than 1 billion people in China and India via cell phones. Kevin Lynch then kicked off a series of demos including new integration between Dreamweaver and Photoshop. As a former web head, this is a huge improvement in the workflow most webmasters go through. The workflow also includes the Spry Framework for AJAX (very cool). Spry makes AJAX easier for website designers.

More to come...

Monday, October 23, 2006

Day One from MAX 2006 (Report from a personal perspective)

Okay – I’m just going to say it and you can label me a hype – “Max is rad”! Not only is the Venetian a really cool place to have a conference but this is one of the best conferences in terms of the cool factor I have been to in a while. Yes – it has all the usually JavaOne type things like the Bean Bag chairs, Ted Patrick’s Maxup and tons of corners, ad-hoc groups and meetings but it is also something more. I think people are generally really excited about Max 2006 given it is the first time Macromedia and Adobe have joined forces to deliver the show. The complexion is something no one could have predicted. Tracks like LiveCycle, an Adobe set of technologies and servers, are in popular demand at a conference typically dominated by Cold Fusion, Flex, Flash, Firefox and Dreamweaver zealots. Matt Butler’s LiveCycle track is actually sold out!! Who would have predicted.

Candidly, Adobe culture can generally use some influence from macromedia in terms of how to have fun, but MAX is really a demonstration that the two companies have truly become one. Despite the corporate directions at the staff meetings like “have fun” which were delivered in a way that sounded akin to a declaration of war, the people here are having fun. I think this would have happened without the official direction but c’est la vie. It’s all good now that we’re unwinding.

I spent the first half of my day attending the usual Adobe mandatory meetings, doing last minute planning for the talks I am presenting and other housekeeping items, but in the afternoon I had the change to attend some tracks. My favorite was David Gassner’s Developing rich internet applications with Flex and Java. In all fairness, this was one of the few that I was able to attend given most of the others including Simon Horvath’s were completely sold out and no standing at the back was permitted. I guess it pays to plan ahead – something I might start doing one day.

David’s course is a hands on course with 25 computers in the room (2 people to a room). It is amazing to see the level of technical knowledge transplanted by David into the attendees. In the last 4 hours, I got to see people with no or little J2EE experience actually write a Flex app that called specific methods available on the app server. Simply stated, the room was full of “lights going on” moments.

Tonight is the pre-party at the Cabana’s and will be tons of fun (tons of free drink and food for all near open swimming pools with wet slippery floors has huge entertainment potential).

Word up – if you’re coming next year register early and pre-register for the sessions. Don’t wait till the last minute like me.

More later.

Thursday, October 19, 2006

Flash Player 9 for Linux arrives!

Yes - it is finally out. The beta version of Adobe Flash Player 9 for Linux is now available on Adobe Labs, at http://labs.adobe.com/technologies/flashplayer9/.

Additionally, the Flex 2.0 compiler for Linux is available. The Flash Player 9 Update Beta for Linux includes the features of Flash Player 9 Update, with the exception of full-screen mode and SSL support (SSL support is currently available in the Linux Plugin but not the Linux Standalone Player). Full-screen mode and SSL support will be available in the final release. We've also posted a Linux Beta FAQ on the Flash Player wiki on Adobe Labs.

Now you can develop and test on your Linux machine. Use the free Adobe Flex 2 SDK , which includes the command-line compiler to develop and deploy Flex-based applications entirely on Linux machines. Flex Data Services is also supported on Linux. More info here on the Flex 2 for Linux wiki on Adobe Labs.

And, because this will be the next question now that we've satisfied your beta player needs: the Adobe Flash Player team is working on support for 64-bit platforms as part of our ongoing commitment to the cross-platform compatibility of Adobe Flash Player. We have not announced timing or release dates.

Known Issues - Linux
* Full-screen mode is not available for the Linux player yet. This feature will be implemented for the final release.
* SSL support is not available in the Linux Standalone Player. This feature will be implemented for the final release.
* Express Install is an unsupported feature due to the variety of Linux platforms, each handling the Adobe Flash Player plug-in installation in different ways.
* The plugin does not currently work in Opera browsers. We are working with Opera on these issues.
* Artifacts may appear when video initially plays.
* System fonts may appear differently between Linux distributions. Formatting issues may result.
* AMF3 connections do not work over RTMP. (186958)
* Right clicking outside of Flash Player while the context menu is displayed doesn't make the context menu disappear. Workaround: Left-click to turn off the context menu. (187957)
* IME is not available (no international text input). (184489)
* Acrobat Connect Add-In installation is not working at this time. (188318)
* The Standalone Player is available in English only. (184237)

More info on system requirements and fixed issues for Mac and Win in the release notes. You should also check any detection you've built for your demo sites -- we fixed the problem where the first beta was 9.0.18.x but we had already released the Intel Mac version as 9.0.20.x. Sorry about the confusion. Now Update 1 has been bumped up to 9.0.21.x across all available platforms.

Wednesday, October 04, 2006

Adobe Looking for Canadian Students

We're looking for a University Student in Canada

Are you currently enrolled in a computer science or engineering program at a university in Canada? We're looking for volunteers to help co-ordinate events that we are planning at universities across Canada. The ideal candidate should have the following qualifications:

* Is an active member of student population with strong communication skills
* Is involved in extra-curricular university programs and / or be a member of student associations / committees
* Understands technical concepts and stays current with emerging technologies
* Proven experience and ability to create, maintain, and manage a blog
* Demonstrates good time management skills and ability to work independently
* Experience in planning and managing events is highly desirable

We're calling these positions "Adobe Ambassadors". Here's a list of expected responsibilities:

* Organizing student events that are open to all students and members of the faculty. The purpose of each event would be to educate and provide information to the attendees on Adobe’s current and emerging technologies. A budget will be provided to pay for costs associated with the event. One event per study term is expected, and the Ambassador will be responsible for all stages of planning and managing the event with collaboration from the Adobe Enterprise and Developer team.
* The Ambassador will be given opportunities to present at the planned events, sometimes in conjunction with Adobe technical evangelists.
* Become an Ambassador for Adobe’s products within the student body and provide valued feedback to the Adobe on how students and faculty use their technology in studies, and the user experience of using Adobe technology.
* The Ambassador will work closely with the school’s student organization and be responsible for preparing and aid in advertising for any Adobe on-campus events.
* The Adobe Ambassador will be the conduit of information between the university’s student population and Adobe. Regular on-going communication and feedback on the program in general is expected.
* The Adobe Ambassador will maintain a blog, and will publish information on Adobe technologies, news and articles, information regarding upcoming events, and more.

The positions are currently open and available to students at the following universities in Canada. They are not available at any other university. We'll be expanding the program in the future, but we're limiting it to the following schools: University of British Columbia, Simon Frasier University, BC Institute of Technology (BCIT), University of Western Ontario, Waterloo University, University of Ottawa, Queen's University, University of Toronto, McMaster University and McGill University.

If you have any questions about the position, please post them in this blog. If you would like to apply, please send your resume to adoberep@adobe.com.

Friday, September 29, 2006

Adobe Acrobat 8: One upgrade you won't want to skip!!

Acrobat will release yet another version this year bring the number of major releases to 8. Many people, including myself, start to wonder “what can be done in version 8 to warrant another major release?” with great skepticism. After all, don’t most people just use acrobat for making PDF’s? Well hold on to your seats! This release is major. Acrobat 8 is by far the largest single functional gain I have ever seen in any product release from one version to the next.



For starters – take a look at the welcome screen. The first two, “Create PDF” and “Combine Files” are not that compelling and have been done before, but the other six are very noteworthy. First – being able to “start a meeting” is something that seems foreign to Acrobat, but makes as much sense here as it does in Mac OS/X and Win 32. Think about it. You write documents to capture thoughts and share them with others. Why not have a live meeting (aka video phones of the future) to go over the ideas? When you click “Start meeting”, the menus give you options to connect to another group of people. You can screen share documents and presentations, set up a virtual meeting URL to communicate anytime, anywhere, set up a conference on the fly and much more with no software downloads for other participants. The meeting is given via a complimentary 90 day trial to Acrobat Connect (formerly the software known as Macromedia Breeze). Note – be sure to register your trial of purchased copy of Acrobat 8. You will get an email that provides free services as part of the package.



Another immensely cool thing is how Acrobat 8 integrates with Adobe LiveCycle Policy Server. Adobe has fully embraced the Software as a Service (SaaS) model (very web 2.0-ish). The hosted policy server allows you to place default policies on all documents you create. This gives you great control over the documents. You can revoke a document after distribution (Policy Server works with a new model of “persistent policy protection”). You can also audit and track who has read your document. No more “suspecting” your colleagues haven’t read your important documents – now you can tell for sure.

Another really cool feature is the ability to make any document into an electronic PDF form. This is far easier than in previous versions of Acrobat. There are automated wizards to help you make a form based on an existing form, existing document or from scratch.

Long and short – this is a killer upgrade. If you skipped 6 or 7, you will want to go right to Acrobat 8 Pro. It established Adobe as a serious player in the whole “web 2.0” movement (note that we still don’t know what “web 2.0” really means, but think it is cool).

Monday, September 18, 2006

Semaphore - earlier analysis is wrong (read this)

Earlier, a group of us reported seeing two unique concurrent streams coming from Semaphore. Apparently, this was not an accurate observation. Semaphore's broadcast is via Flash and when you load up the simulcast page, it sends your browser a flash object (*.swf) file within an HTML page. If you open another one, it should send you the same Flash object but may start playing it from a different reference point. If you take the time to analyze both streams, you will note that they are in fact the same.

This may also poke holes in the theory that Semaphore uses two or more rounds of encryption. It may be true but more likely that the rounds are linear rather than non-linear and generated on the fly.

Another topic that no one has mentioned before is the rotation of the glyphs. Some of them rotate clockwise and some rotate counter clockwise. Sometimes some go each way. I would be interested in any theories arising out of this.

Friday, September 15, 2006

What is he smoking?

I guess this is going to be my most political blog entry ever. I normally try to abstain from such but today I saw something that really got me angry. Before I repeat it, I want to clarify a few things.

1. I despise terrorism and enything done by those who would willingly kill a civilian to achieve some political or military objective.

2. I count Americans as a lot of my closest and dearest friends. I would do anything to help them. The USA is a great country.

3. 9/11 (both of them), the Oklahoma bombing and other attacks on the USA are despicable and need to be dealt with firmly.

I guess where you can see this is going. Today I saw a quote form a Bush speech:

Growing animated, President Bush said, "It's unacceptable to think that there's any kind of comparison between the behavior of the United States of America and the action of Islamic extremists who kill innocent women and children to achieve an objective."

http://www.forbes.com/entrepreneurs/feeds/ap/2006/09/15/ap3021182.html

Well guess what? Bombing Bagdad and killing an estimated 100,000 people including women and children IS killing innocent people to achieve an objective. Using weapons which to not discriminate against civilians (like "cluster bombs") is exactly that. The people who died probably don't feel any better knowing they were killed by either side.

I don't have all the answers and don't claim to know how to deal with Islamic terrorists, but I will speak out when I see blatant lies. Justifying murder with Morals doesn't negate the end result. Iraq had NOTHING to do with 9/11 nor was it going to pose any threat to the USA. Frankly, I am a lot more worried about the situation in Iran and North Korea right now than I ever was about Iraq.

End of rant....

Monday, September 11, 2006

Flex Builder 2.0 on Mac OSX - First Looks!!

(File this under "You heard it here first")

One advantage to being a technical evangelist for a large company is that I get first access to new technologies. Last week, while on an analyst tour in the UK, I got access to the pre-release version of Flex Builder for Mac OSX. (Note to self: I think I just admitted to being a geek). D’oh!!!

Installation is easy, in typical Mac style. All I had to do was unzip the file and double click on the app. The installer did the rest. Flex Builder 2.0 places an icon on both your desktop and toolbar on the Mac. Launching it is quicker than on my old PC (for comparison sake, I have a Macbook Pro (intel duo core chipset) running 2 GB RAM and OSX 10.4.7+). In fact, with Finder, Desktop, Word, Excel, PPT, FireFox, Safari, entourage, Acrobat Pro, System Profiler, Preview and my Cisco VPN client running, Flex Builder launches in 4 seconds from click to completion.

The first screens are largely the same as on Windows:



I wanted to try out the Hello World Application I wrote for my talks in the UK last week to see if any bugs were encountered before getting into more complex applications using E4X and other AS3 features. I used the Wizard to create a project in no time and it flawlessly set up the project and first main.mxml file.



Switching to the Design view worked perfectly too. I was able to quickly add a Panel, Text area and Button all within seconds. I decided to test out the text functionality so I switched the alignment to centre and changed the text size. No issues.



Code completion via Eclipse worked well too.



One minor glitch happened when I became lazy and decided to go to my PPT to cut and paste the syntax for the behavior on the button. When I searched the task bar for Flex Builder 2, it was advertised but as “Java”.



Of course, this is not a major issue as it was immediately clear to me what was going on. I had made a mistake on the syntax and saved the document. When I fixed the syntax and saved it a second time, the message disappeared (this was a pre-release bug in the PC version). I ran the program and it executed without a problem and only one minor nit. On a PC, when you run the program, it opens your browser and brings it to the front of the desktop so you can see your project (*.swf file within an HTML envelope) execute. On the Mac, I had to manually switch to the browser to see it. In fact, I had hit the run button twice not knowing that it had actually run the first time.

My early observations are very enthusiastic. My gut feeling is that it runs better on a Mac (certainly faster than the similarly equipped PC I was using). Hats off to the Flex Mac team!!! Stay tuned for more.

Friday, September 08, 2006

MAX 2006 is gonna be really cool!

There are some pretty cool new things coming out from LiveCycle at MAX this year that should be of great interest to Macromedia fans. This is not simply a rehash of existing stuff. In fact, some of the debuts will be the first time anyone outside Adobe has access to the technology. I wanted to blog as the LC track coordinator to make sure you are aware of what you might see and also to prepare you to chose the tracks.

First – the new Adobe Policy Server will be unveiled. For the first time ever, the Policy Server will be able to policy protect Word and CATIA (cad format) documents. We will also be discussing our future plans for supporting other file formats. We are very eager to seek developer and business input to our product roadmap.

Second – Matt Butler will be presenting a 3 hour session on LC including a 30 minute panel session to allow developers to directly access members of the team and other key people. Matt is a “rock star” in the LiveCycle development and this presents and unparalleled opportunity to enter into direct dialog with him. Not an opportunity to be missed.

Third – the new LC platform incorporating the core tenets of SOA will be unveiled. Most of the content on the future of the platform and its embedded registry runtime environment will be explored in great detail as well as a deep look at the service container architecture and deployment models. This will be very interesting to Macromedia fans to see where technologies like Cold Fusion and Flex might fit in.

Additionally, there will be hands on session to enhance your core skills at LiveCycle. These include working with the various API’s and GUI’s. Over 75% of this content has never been taught before. Other luminaries like Ben Forta will also be on hand to teach courses and meet.

In short, MAX presents and unparalleled opportunity to see how Adobe and Macromedia are doing in their everyday life now that the marriage and honeymoon are over.

Friday, September 01, 2006

Using Adobe's XPAAJ.jar via Line Command on Mac OSX (Intel chipset)

For those of you who have been not using the XPAAJ.jar library only because you are Mac based, you may want to read this post. While the library does not claim to be supported on Mac, I did manage to get it to work but had to re-tweak a few things in the sample code and also study my Unix-Java Command line syntax. The tweaked code is at the bottom.

Adobe's XPAAJ:

XPAAJ is an API library from Adobe for PDF documents. The acronym means Adobe® XML/PDF Access API for Java™ (XPAAJ). It can now be downloaded freely from the Adobe Developer Network at http://www.adobe.com/devnet/livecycle/downloads/xpaaj.html. Once you download the zip, unzip it to a directory where you will work on it. The directory structure will be as follows:

Xpaaj_sdk
|
|-- xpaaj.jar
|---/samples
|---/docs

Open a terminal and navigate to the /xpaaj_sdk/samples/command-line/ConsoleSample/ directory. There you will see some sample classes and a test.pdf file. I did not have luck with all the sample files so I opened PDFExtract and modified it a bit.

For the record, my java –version is:
java version "1.5.0_06"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-112)
Java HotSpot(TM) Client VM (build 1.5.0_06-64, mixed mode, sharing)
Mac is OSX 10.4.7 on the MacBook Pro.

If you want to run some samples, I recommend cutting and pasting the text at the end of this blog and saving it as the file “DuanePDFClass1.java” on your hard drive. One thing you also might want to consider is to also copy the xpaaj.jar file to the ~/ConsoleSample directory to make it easier to use to compile and run the DuanePDFClass1 class since you can simply cut and paste the line commands below.

From that directory, compile the sample by typing in the following:

javac -classpath ./XPAAJ.jar DuanePDFClass1.java

It should compile. Try typing ls –la to make sure that the resulting class file exists and that it is executable. To run it, type:

java -classpath ./xpaaj.jar: DuanePDFClass1 test.pdf

test.pdf is the argument for the test file that it will open, tell you a few tings about and save. You should see the following appear in your line command window:

duane-nickulls-computer:~/code/xpaaj_sdk/samples/command-line/ConsoleSample nickull$ java -classpath ./xpaaj.jar: DuanePDFClass1 test.pdf

Opening PDF with DuanePDFClass1...
test.pdf was successfully opened.
PDF version = %PDF-1.5
Number of pages = 1

Saving document ...
Document was saved to file : test_saved_by_DuanePDFClass1.pdf

Execution of DuanePDFClass1 has finished.

Anyhow, that is all for now. I will be demonstrating this during the Adobe Developer Week in London, UK next Wednesday. Here is the classfile text (use at your own risk, no guarantees blah blah blah....):

import java.io.*;
import java.util.*;
import java.awt.image.DataBuffer;
import com.adobe.pdf.*;

public class DuanePDFClass1 {

public static void main(String[] args)
throws FileNotFoundException, IOException
{
String inPdfName;
if(args.length != 1 )
{
System.out.println("\nCommand line format: java DuanePDFClass1 pdf-file");
return;
}
else
{
inPdfName = new String(args[0]);
PDFExtract(inPdfName);
}
}

public static void PDFExtract(String inPdfName)
throws FileNotFoundException, IOException
{
System.out.println("\nOpening PDF with DuanePDFClass1...");
PDFDocument doc = null;
boolean b = false;
FileInputStream inPdfFile = new FileInputStream(inPdfName);
try {
doc = PDFFactory.openDocument(inPdfFile);
} catch (IOException e) {
System.out.println("Error opening PDF file :" + inPdfName);
System.out.println(e);
}
if(doc == null)
System.out.println("Cannot open PDF file : " + inPdfName);
else
System.out.println( inPdfName + " was successfully opened.");


/* Try some methods here */
System.out.println ("PDF version = " + doc.getVersion());

System.out.println ("Number of pages = " + doc.getNumberOfPages());



/*Save PDF to file*/
System.out.println ("\nSaving document ... ");
int j = inPdfName.lastIndexOf(".");
String outPdfName = inPdfName.substring(0, j) + "_saved_by_DuanePDFClass1" + ".pdf";
InputStream inputStream;
inputStream = doc.save();
b = false;
try {
b = saveFile(inputStream, outPdfName);
} catch (Exception e) {
System.out.println("Error saving PDF file.");
System.out.println(e);
}
if(b == true)
System.out.println ("Document was saved to file : " + outPdfName);
else
System.out.println("Document was not saved to file.");

System.out.println("\nExecution of DuanePDFClass1 has finished.");
}

/**
method to save InputStream to a file.
*/
public static boolean saveFile(InputStream is, String filePath)
throws Exception
{
boolean retVal=false;
byte[] buffer = new byte[10240];
FileOutputStream outStream = null;
try
{
outStream = new FileOutputStream(filePath);
int len=0;
while (true)
{
len = is.read(buffer);
if (len == -1)
break;
outStream.write(buffer, 0, len);
}
outStream.close();
retVal = true;
}
catch (IOException io)
{
System.out.println("Writing the array of bytes into the file "
+ filePath + " failed.");
throw new Exception(
"Writing the array of bytes into the file "+ filePath +
" failed in saveFile");
}
return retVal;
}
/* TODO: add some more methods here?? */
}

Wednesday, August 30, 2006

The Emperor, his attire and a Genius

David Chappell has had a long history of stating the obvious. It sounds like an easy task but it is not when an industry tends to embrace FUD rather than fact. His ability to cut to the chase and put things in context really made me a big fan (something that does not come easily).

David’s latest post exposes a few similarities with a popular activity a decade or so ago and SOA. In 1996, everything was an “Object” and if you didn’t make your IT infrastructure into objects, you were doomed. Well, its’ ten years later and many are claiming the same thing with SOA and services. Zapthink’s book also puts this into perspective (good reading – I encourage you to take a look).

Rather than repeat David’s article, I whole heartedly encourage you to read it. It should stimulate some thinking on SOA. Some of my thoughts follow.

Rather than pitch “reuse”, I like to think of “re-purpose” as the goal of SOA. Reuse means you simply use something again where re-purposing it has far stronger business connotations. Juxtaposing reuse with repurpose, I prefer the latter for accuracy’s sake but want to clarify that I did infer the meaning in David’s Opiniari.

David asks a very pragmatic question – “If an organization reuses only one in five of its services, why is it building the other four?”. Do you like my new services / clothes? What do you mean I am naked?

There is of course the business driver of isolation. Using a service as an action boundary that cleanly separates two systems or pieces of functionality does make it easier to maintain those two pieces. The service isolates the functionality behind it and the consumer on the other side of it in a concept called Managed Transparency, a core component of Chris Kurt’s Web Services Architecture book. As long as a new piece of functionality replaces the existing one AND supports the service interface, you should be able to replace it or amalgamate it with another system without ripple effects on the other side of the service. Many business people have touted this as a win scenario to me. David and I are not alone, other great thinkers like the brains from Redmonk also see this pattern.


I think David’s article can be summarized in one sentence – “Think about what you are doing before doing it”. Like the carpenter’s axiom “measure twice cut once”, IT shops have to start looking at the layers above and below [ pick one: {objects || services || web services || API’s || whatever_we_call_it_tomorrow }]. Some of this starts with business process analysis. If a corporate analyzes their processes and discovers several use the same functionality (like single sign on), that is often a good candidate for “re-purposing” and might make a great service. Others, such as finding a specific telephone number for an employee’s cell phone, are probably too specialized and easy to solve via other means and would not be ideally suited for building into a service. A more generalized service to find any employee’s phone number of “number-type” might be a better consideration.

To those of you who are panicking to make everything a service, heed David’s words about the object craze. Slow down, think about what you are doing. To those of you who are advocating everything should be a service, look in the mirror to make sure you not naked.

Ciao!

Friday, August 25, 2006

San Jose Semaphore Solution Theory

After reviewing the posts from Jo, Kelly, Ben and Joann, I think I have a theory that might solve the cryptogram. The critical piece of information is that there is no repeatable pattern of both glyphs and alpha-numeric content that are synchronized (other than short term repeats) and repeated and that two people can observe totally different streams simultaneously. If two people are seeing different broadcasts, then there must be a dynamic key. There are also mechanisms that can force a pattern to break (reloading a web page or a plane flying overhead).

Here is the theory:

Assuming the 16 by 16 grid concept is legitimate, each repeatable block of string-integer points at a coordinate. However, that coordinate is only a partial solution. The glyphs modify the partial solution by stating a path that the solver should take on the grid from that place. I suspect that the glyphs point in sequential order to a path that you would map. For example, if the sequence Kilo 02 is stated with the glyphs - - / \, you might go the grid position of k2, then go one square to the left or right, another square to the left or right, one square immediately to the right and above and another move to the right and below. That would land you on the correct answer.

This theory is supported by Kelly’s observation that “While both listening, we each got completely different combinations of letters, glyphs, etc”. This probably indicates that the observable signals are computer generated and random and combine two or more keys with the cyphertext. This would be a good cryptographic technique because it avoids anyone seeing patterns and/or potentially introduces patterns that might mislead someone trying to solve it. Given Ben pointed out that the creators have cryptographic experience, I suspect they would not use linear keys (too easy to break).

The questions to test this theory:

Given the glyphs are ambiguous as to direction, I suspect that there is another key in the voice or music tones. For example, if the woman’s voice “sings” the number, perhaps that signals that all horizontal moves and left to right, rather than right to left. The tones might also come into play. If the tone is higher than the previous tone, the vertical moves are from bottom to top, if lower than previous, top to bottom.

Also the question remains as to the characters in the grid itself. Is it simply the alphabet repeated over and over? Is it the ASCII table? There might be two grids as well. One with the alphabet vertically laid out and one with it horizontal.

So far I have put about 5 hours into solving this (perhaps a bit more given I think about it sometimes). I suspect that it could not be this easy given the statement that it should take about two years to solve. Either that or Ben, Joann, Kelly, Jo and myself are a good team.

I probably won’t have time to test the theory this week given I have to write several presentations for Adobe Developer Days (Yes - I am Adobe's security technical evangelist) in London the week after next, but I’ll try to map this out and test the theory.

Tuesday, August 22, 2006

Patterns for solving the Adobe San Jose Semaphore cryptograph

After putting this down for a few days to work on a new session on Adobe’s Security Architecture for the upcoming Max 2006 show, I came back to the Semaphore Website and observed some patterns. This time, I have the benefit of actually being able to both see the semaphore as well as hearing the codes. For each 7.2 second change, I noted the position of each of the four glyphs and the string-integer code. There is a repeated pattern of both the visual and audio clues synchronized. The following characters are used to denote the glyph’s position: | - vertical; \ top left to bottom right; / bottom left to top right and – for horizontal.

-| \ - K02
\ --- M 14
-/// L09
\|// O10
|\\/ B01
-||| K8
-/-/ C10
\\|/ E2
/|-- N11
\//\ G8
|/|/ K2 (note that even though K2 repeats, glyphs are different)
/\\/ M14
|--| L (5 or 9 – was not sure)
//-/ O10
- ||| B1
|//\ K8
|-\| C10
/|/| N11
/--- G8
--/| K2
\||| M14
-\\\ L9
\-\| O10
|//\ B01
---- K08
-\|\ C10
\/-\ E2
/-|| N11
\\\/ G8
|\-\ K2
///\ M14
|||- L9
/\|\ O10
---- B1 (note the glyphs repeat but not the alpha-numeric)
|\\/ K8
||/- C10
/-\- E02
/||| G8
-|\- K02 (First in sequence of compelte repeat. Duplicate with first entry.)

From here is repeated the entire cycle over. Given it started repeating a third time in a row, I got an idea. Perhaps it repeats a certain section of the code specific to each client. Some aspect of the interaction between the client and the server for Semaphore “seeds” the semaphore to produce a specific set of codes. Being in the mood to test, I hit “reload” and low and behold, the alpha numerics were the same but the glyphs were different. CAVEAT: I did not go through the entire cycle to verify it.

Hypothesis:

If Semaphore reacts to it’s environment, it might use some unique aspect of web based interactions to seed the pattern to avoid pattern detection between multiple clients. Maybe this hypothesis is too nerdy and over-analytical but I would be very interested in the abilities of others to see this. I also would be interested to see if the real world live Semaphore is synchronized with the simulcast. If someone could go in front of the Adobe building with a laptop connected ot the internet and visually verify whether or not the Semaphore’s glyphs are the same as on their laptop screen, it would be useful information.

Anyone else get the same patterns online?

Wednesday, August 16, 2006

Semaphore's mystery: Background on Cypher Creation

So as Adobe's Technical Evangelist for Security , I should probably share some background to you Semaphore solvers. One of the things that seems more than likely is that the cryptograph is encrypted using sequential "rounds". The concept of rounds is used in most modern cryptographic techniques such as AES. In my earlier post explaining how to build AES cyphertext using Rinjdael's key algorithms, the process is explained. For those of you who don't want to understand the gobblety gook on that blog entry, here are the basics.

The first round takes your normal text and renders it as cypher text using a "key". An example of this might be to take the phrase

"I have solved the San Jose Semaphore"

and encrypt it by moving all the letters forward (+) 8 values on the ASC II text table using the digital reference as a guide. The resulting text would be now encrypted as:

"Q(pi~m(|wt~ml(}pm([i%20(Rw|m([muixpwzm"

You could now employ a second "round" whereby each cypher text character is substituted for another using some lookup table or algorithm. In fact, in many second rounds, the key for the first round is actually encrypted as part of the cypher. An example could be to take the string above and transpose the case from lower case to upper case or substitute characters on a querty keyboard two spaces to the left of the keys needed to re-create the text.

The advantage of using two rounds is an exponential gain in complexity for those trying to solve the equation. Adobe uses AES in most of its' Livecycle products which uses 4 separate rounds of encryption resulting in so many combinations that it is physically impossible to crack the code using a brute force method. In fact, assuming you could build a machine that could crack one DES key every second by brute force, it would take a billion trillion years to crack AES at the 128 bit strength. That is why I scoffed in my earlier blog entry on some people who were under a mistaken impression they could circumvent Adobe's PDF encryption techniques using Gmail. The idea is preposterous!!!

The linear substituion demonstrated above is of course is a very poor encryption algorithm. For starters, it is linear so any patterns that are used in the original text are present in the cyphertext. For example, all spaces in the original text are displayed as "(" characters. This leads to easy recognition of patterns for things like double characters in words (example:" two "t"'s in "pattern").

A much better approach is called "non-linear substitution" whereby each character is substituted with its’ cipher text character using a dynamic map rather than a static linear map (such as Shift+8 characters on the ASCII chart). There are many ways to build this that avoid patterns being recognized from the original text and even introduce confusing patterns to those who want to crack the cipher. In the Semaphore broadcast, the tone of the woman's voice could be a key that acts as a "shift" and the tone could act as an offset on a chromatic scale. A great example of this might be to create a 16 by 16 grid and have multiple allowances of the assessors for each cipher substitute. The chart could look like this:


Now imagine you wanted to substitute the same phrase "I have solved the San Jose Semaphore". You could take it into the first cypher round and transmit it as a tied hash (ignoring space characters for now):

Alpha 9
Delta 13
Lima 7
Lima 2
Delta 9
Oscar 15
Kilo 15
Foxtrot 10
Juliet 8
Kilo 5
...etc...

Notice that patterns that may have existed before can be dissolved. For example, the "e" in have and the "e" in solved can be keyed to two completed different coordinates (both Kilo 5 and Oscar 15 correspond with "e"). I have additionally introduced what appears to be a pattern by using two Lima coordinates side by side.

The text above is very similar to what comes out of Semaphore if you listen to the live broadcast. I mapped the above grid to the broadcast from Semaphore earlier today and found there are now some astounding patterns present. By "astounding", I really mean statistically abnormal. Here is what I decrypted:

Lhsvezh vbdktppbtk vbdktppbtk lbpelsxhsllbpelsxhilhbl tnfddnnhbl tnfddln

Note that the repetition of the characters "vbdktppbtk" is statistically abnormal and probably deserves more attention. I am not 100% sure this map is correct as I was on a conference call during the time and may have misheard a character or two but this is substantially accurate.

So what should the table contain? If Semaphore is in fact a 16 by 16 grid for one round of encryption, it probably doesn't just contain A-Z repeated. Extended ASCII itself has 255 characters which is one shy of 16 times 16 (256). Could that be the answer? If someone cares to take the ASCII table and overlay it on the grid and map out some of the broadcast, I would love to see the results although I suspect the results are going to be in cyhper still. One thing that *could* be gained by such an exercise is to find out the finite length of the broadcast. If you think I should do it, please leave a comment on this blog.

So what are the second rounds? I picked up my guitar last night and played the notes as they are broadcast and found a lot of them are middle "C". Perhaps the offset on the chromatic scale from C is a second round key? What part does the airplane detection play? Why are the patterns broadcast at exactly 7.2 seconds apart? Why am I writing on this?

More to ponder.... Back to the drawing board.

I think I'm getting hooked on this project.

More Semaphore clues - cracking the Adobe Semaphore Cryptograph

In response to a questions I received from a woman on my earlier blog entry, I have made an incorrect statement (although I did say it was a guess). Joann asked if "semaphore's discs spun faster when an airplane flew overhead". I replied it was probably coincidental however have since been corrected.

Siri (no last name) who worked on the project internally at Adobe emailed me and stated " I saw in the last blog you were discussing the reactions of the semaphore when planes flew by - there actually is an antenna on the roof that registers when a plane goes by and causes the semaphores to spin wildly". I stand corrected. The only thing that comes to mind is what does it have to do with the cryptogram? Theories anyone?

Stay tuned for another blog post with some new theories on the subject.

Ciao!

Tuesday, August 15, 2006

Semaphore Solution? A 16 by 16 grid?

After thinking about cracking the Semaphore cryptograph a bit more, I noticed that the string-integer codes both use values that seem to range from 1-16. No numeric value I have encountered is over 16 and neither are the letters using a=1, b=2 etc.

This may imply a 16 by 16 grid. The changes in tones of the voice could be markers for new words or other punctuation, case etc. The lighted glyphs could eassily be used to demark a 16 * 16 grid too, given each of the four glyphs can indicate 4 positions (vertical, horizontal, slanted right, slanted left). This is consistent with the Semaphore flaggin system. I would presume that this gives each of the four glyphs the ability to communicate either A-P or 1-16. How does this sync up with the broadcast message?

I have made a 16 * 16 grid and used letters of the alphabet laid out in a number of ways on the grid to reference the targets but the message is still cypher text. Perhaps there is a dual stage to the encryption. This leaves the tones of the music and the ladies voice to use as clues. The tones that begin each segment seem to be rather limited to only a few notes as does the ladies voice.

More later. Anyone have any theories?

Adobe LiveCycle 8 gets SOA right

A lot of vendors are claiming to be “SOA compliant”; whatever that means. Unless you have made such a claim within the context of an established metric, such as the OASIS Reference M odel for SOA or IBM’s Big Red Book of SOA Patterns, such claims are largely hollow. At a recent Syscon event in New York, my colleagues and I howled in laughter as we overheard someone talking about how with their company’s offerings, within 3 years many people might be able to do SOA, AJAX and ESB together. So before I make ay claims, I want to quantify a few things about SOA.

The OASIS Reference Model for SOA, a well scrutinized committee specification, provides the context for the rest of this blog entry. The RM alone is not sufficient to make the claim I have in the title, so I will augment it a bit. For SOA to be done right, a ubiquitous set of protocols must exist to facilitate the widest possible range of service bindings as possible with the minimal set of complexity. Once a large group of services exist using a common set of protocols and/or standards, a virtual bus exists where services may be consumed by consumers supporting the set of protocols and standards. This is what is often called a “service bus”. Additionally, a common processing model and a common set of invocation patterns aid the virtual bus in providing consumers an easy onramp to use the services on the bus.

Adobe LiveCycle has matured a lot in version 7.0+ and lots of SOA-ish behavior is present in the current version, but some real breakthroughs are coming in LiveCycle 8 as it gets a specification for service developers to use to create such a bus. This is partly due to SOA in general maturing and Adobe’s vigilance in keeping atop the standards around SOA and Web Services.

For starters, simple tasks like standard naming conventions for services across the entire platform are part of the core design specifications. This makes is far easier for developers to intuitively find services via the service registry. The service registry itself is a major step forward from LiveCycle 7. Event though LC7 employed a service registry, it was likely under-optimized for use within the platform and largely tasked with form management functions in LC 7. In LC 8, the core service registry is a central resource that can be used by the entire platform for registering and referencing services.

In LC8, Services are layered more consistently. Rather than each component simply determining its’ own level of abstraction for an API, the unified service designs classify services into different layers. The lowest layer is the native API’s for a component (such as a Java Interface) and connectors bridge the gaps to map the endpoints from various wire protocols to the underlying interfaces. Managed transparency is present and the interfaces are also agnostic to the wire protocols used by consumers to deliver their requests to the service container.

LiveCycle 8 will be previewed at the MAX Conference this year in Las Vegas by Matt Butler. I look forward to attending the talk and finding out more. It should be a pivotal moment in the life cycle of Adobe LiveCycle as the SOA story continues to mature.

Semaphore - Clues to cracking the Cypher: is Slashdot smart enough?

For those of you who love a challenge, Adobe has sponsored a whopper. The Semaphore art project in San Jose is where art meets technology. Four large round glyphs rotate their position every 7.2 seconds while a simultaneous low power radio broadcast emits a coded message. Artist Ben Rubin’s mind shred’s message seems to follow a pattern. Each broadcast segment contains an audible analog tone, an audible analog pattern, followed by a string-integer hash. Several items vary during the broadcast including the tone of the woman’s voice as she speaks the integers. The tones also change.

Here is a pattern:

Tone, dot pattern, click(ping), string, integer, ping

Here are some general observations that might help those trying to decode it. I also want to state that while I do work for Adobe, I have in no way had any internal knowledge of this project nor do I have any keys to the answer.

Background:

Semaphore is an ancient flag based signaling system. A person holds two flags and uses one rotational angle to act as a key while using a second flag to indicate a specific value. The comparison to the rotating glyphs cannot be ignored.

1. What is the significance of the glyphs changing position every 7.2 seconds? This could be a key or it could be incidental to the entire exercise. I would suspect that due to its’ precise timing, it is a key.

2. Ben Rubin’s education should probably be factored in. There are no details of him ever studying cryptographic techniques. Accordingly, I would presume the cypher’s key to be less complex than Rinjdael’s (AES) et al. I did find his master’s thesis entitled “Constraint based cinematic editing” which may be a clue into his mind.

3.What possible significance does the tone of the woman’s voice have? It seems to speak in two tones – one about one octave higher than the other. It this significant of some kind of logic gate?

4. What are the string-integer pairs. Here is an example:
India 02
Kilo 08
Echo 06
Delta 01
Charlie 05
Mike 03
Mike 14
Echo 06
Delta 04
Delta 04 (note repeat)
India 02
Kilo 08
Echo 06
Delta 01
Charlie 05
Mike 03
India 02
Delta 15
Delta 04
Mike 14
Alpha 10
Delta 04
Delta 04
Alpha 10
Charlie 16
Delta 15
India 02
Delta 15
Delta 04
Mike 14
Alpha 10
Delta 04
Delta 04
Alpha 10
Charlie 16
Delta 15
Delta 01
Pumpkin 02 ??
Kilo 03
November 04
Charlie 11
Charlie 16
Lima 03
Echo 06
…..

Note the pattern repeats certain characters (Delta 04’s seem popular). There are alsio patterns of repetition that seem to repeat above a statistically normal basis. Based on this I would aver that the answer is a value of text. The same values suggest double letter combinations in the resulting text (example = Challenge has two “ll”’s)

While the Semaphore Flag code uses only 9 positions, note that the numeric values scale much higher. Could this be a revision of the code based on some key (7.2) to reflect the glyphs ability to provide a more precise rotational index? I did not encounter any numeric value over 16 while listening.

The Semaphore art uses the NATO phonetic alphabet.

A: Alpha
B: Bravo
C: Charlie
D: Delta
E: Echo
F: Foxtrot
G: Golf
H: Hotel
I: India
J: Juliet
K: Kilo
L: Lima
M: Mike
N: November
O: Oscar
P: Papa
Q: Quebec
R: Romeo
S: Sierra
T: Tango
U: Uniform
V: Victor
W: Whiskey
X: X-ray
Y: Yankee
Z: Zulu

Note that “Pumpkin” is not actually part of the phonetic alphabet. Perhaps I heard it wrong.

Good luck - anyone with Theories, please post them back to this blog. Maybe we can get lucky....

Tuesday, July 25, 2006

Finally - a standard for Service Oriented Architecture (SOA)

After almost 14 months of intense work, over 6000 messages posted to hundreds of threads, 6 face to face meetings and 34 conference calls by over 225 members and observers from approximately 89 different companies, the first true public standard to describe SOA now exists. The OASIS SOA RM TC closed a final ballot with a successful majority vote to unanimously approve the current draft as an official OASIS Reference Model for SOA Committee Specification.

The Reference Model is not itself Architecture, it is more like a template to guide archtiects. Unlike most definitions of SOA which rely on specific examples, the SOA RM is also entirely abstract and not tied to any one technology family or specifications. Those architecting SOA or BPM as the governance layer over top of SOA will probably find it the most useful as it points out the entities and patterns required to allows SOA to work and support the governance layer.

Some general notes on the RM:

Web Services: Although it is not tied directly to any standards, it is highly optimized for use with WS-*, the web services set of standards, protocols and technologies.

Business Process Management: In order to facilitate BPM as a layer over SOA, there are certain minimal things yoour SOA should have. The RM describes these in an abstract manner - architects can decide on the best way to implement the patterns.

Architectural Patterns: The RM for SOA is essentailly a large set of reusable patterns. By itself, the RM illustrates what makes SOA different from other architectural paradigms and provides the patterns to help illustrate the concepts.

Architecture: Although the RM is itself not architecture, there is a sub TC now working on building a Reference Architecture.

This standard should help clear up some of the perceived FUD in the Tech sector regarding SOA.

Friday, July 14, 2006

Try Adobe LiveCycle Policy Server online.

I guess this is a great follow up to my last post pondering whether or not the theft of Coca Cola recipes was preventable. Adobe has now offered the Adobe LiveCycle Policy Server as a service. Aside from trendsetting by offering software as a service (SAAS), this provides an excellent opportunity for anyone to test drive the functionality without having to download, install and configure the Policy Server.

The service is easy to use and can be used with Acrobat 6 or 7 although 7 offers higher security by utilizing the AES encryption standard in 128 bit cyher strength.

The Protected PDF service is now available as a public beta (users need to create a free trial account). You can access it either via the Create Adobe PDF Online service https://createpdf.adobe.com or directly via https://policy.adobe.com/spdf/login.do

Policy Server protects PDF documents and will not allow them to be rendered unless the policies declared by the document owners have been satisfied. Even then, APS might not allow certain types of interactions with the documents such a printing or copying parts of the document.

What I like doing is also using it as a tool to see how many people actually read the stuff they ask you for. Any PDF document can be audited to see who actually read it, for how long and what other actions they took.

Wouldn't it be fun to ask someone to summarize a document you sent them when you know for a fact they haven't read it? Oops - now my prankster side is emerging.

Wednesday, July 12, 2006

Another preventable theft of IPR? Maybe.

In my position as a technical evangelist, I often get opinions flying at me left, right and centre (note "correct" spelling of "centre") of issues. One recent issue that blew me away was in response to a news bit about how the FBI allegedly stopped an espionage ring from stealing a secret Coca-Cola recipe and selling it to rival Pepsi.

Given I usually talk about how using Adobe LiveCycle Policy Server could have prevented such things, many people were eager to come up to me and express that I should write about this. I am hesitant to make any such claims for a number of reasons. First - if you are dealing with people who have access to information and they are really intent on betraying your organization and leaking the information outside, there is little you can do to stop them. Employing some advanced information assurance technology like Adobe Policy Server or Microsoft’s Rights Management Server will do little to thwart someone with a pen, paper and access to the recipe or a digital camera. Secondly, if you can render something once, you can capture it and re-serialize it to distribute electronically later. The side channel art of deception is also commonly referred to as "Social Engineering".

People looking at Policy Server need to be very clear on their expectations. Policy server can do a number of very important things to protect digital property. Looking at the scenario at Coca-Cola, I would have recommended the following:

  1. Any recipe document should have been policy protected and available only to a very small list of people who were supposed to have access to it. I would also place a large watermark on the document so each of them know that if they release the document it can be traced back to them.

  2. I would audit the list of people who have access rights and immediately suspend rights to anyone who no longer needs to have the information.

  3. When the document is stored, it would always be encrypted using the AES 128 bit cipher.

  4. I would regularly audit the trail of document interactions to see if there are any patterns that would indicate a problem such as an employee repeatedly rendering it and trying things like Printing, Control-Printscreen, Cutting and Pasting etc. If these patterns persevere, it could be indicative of a problem.

  5. In the event that the recipe did leak out, I would immediately make that document non-render able.

  6. Each document involved in the process would have it's entire process model documented and would be immediately deprecated and non-render able once it is no longer required.

In short, no matter what security system you put in effect, someone can and will find a way around. What Applications like Policy Server do is make it more difficult for people to do front channel attacks, often drawing more attention to themselves as they have to develop side channel tactics.

On a side note, no one has yet claimed the $500.00 I offered if this Adobe Policy Server protected document could be rendered. It is still up for grabs if anyone thinks they can defeat Policy Server. The cash is sitting here – waiting for you.

Monday, July 10, 2006

Johnny Rotten, Artificial Intelligence and LiveCycle

My new photo, taken by Matt Mackenzie, has caused a stir in the tech community, but in my own true fashion, I really don’t care. So What!! The concern seems to be that I have a striking similarity to Johnny Lydon a.k.a. Johnny Rotten of Sex Pistols and P.I.L. fame. Of course - as a punk musician, the Pistols were one of my all time favorite bands and a major influence. In fact, my new band, F.L.U., is heavily influenced by a sound created by the Pistols. I also find that P.I.L was imenseley more musically interesting than the Pistols. Therefore, I find any comparison to Johnny a major compliment and there are some similarities:

1. Neither of us is complacent. If something is broken - do something about it.
2. Both of us are musicians who write and perform politically driven music.
3. We both push the boundaries. No society advances without someone constantly provoking it. People hate it but it needs to be done.
4. I guess there may be a slight resemblance between my picture and some from his site but you judge. I personally thought I was more like Billy Idol from Gen-X. Met the guy once - we do look alike.



Do we look alike? !!! Or do I look more like this:



So what the hell does this have to do with artificial intelligence and Adobe LiveCycle. Artificial Intelligence is a huge waste of time and will never work. What is promising is the concept of Computational Intelligence or getting computers to aspects of mimic intelligence based on our expectations. There are two very important and almost always neglected aspects of CI. One is the lack of context. Context is everything, especially for inference. Look at the Sex Pistols putting out Never Mind the Bullocks made a lot of people at the time very upset for a number of reasons. It was insulting to the queen of England and talked about real things we all think. Keep in mind this perspective, the Queen of England once hated Rock and Roll, but has since knighted several rock musicians. In the context of rock’s invention, it was not accepted however over time, it became an acceptable art form (WFT that really means). Looking back now, the Pistols got an entire generation to sit up and say "something’s not working here and were pissed". In the right context, I would nominate Johnny and the boys for giving an entire generation the message that they better think for themselves and things can be changed. It changed my life. When I had the chance to work for the United Nations and be disruptive and tell people who were full of crap that they were full of crap. I did it and I am proud of that.

The point is that Context is everything and most approaches to artificial intelligence seem to be rather static than dynamic. Most of the AI research to date in the field of Ontologies and semantics seems to take a hard coded approach. This is not how humans think.

To add to the problem, there is one other important thing that humans do well that computers cannot do as well. This is excellently summed up in David Luckham who I consider a genius in every sense of the word. Definitely on par with Johnny. Simply stated, it is the ability to detect two events, recognize the context in which they occur and understand the causality relationship between them For example, if you came home and saw that your spouses car was gone, that is one event. If you then saw a guy carrying a TV around the corner, that in itself is another event. Now put the two events together and the causality may point to a situation where they are stealing your TV because the house is empty and they helped themselves. Easy for a human, not so easy for a programmer to capture this model in a generalized sense so it can be reused over multiple examples.

To make Computational Intelligence work, one would require a model for Complex Event Programing, an inference engine using something like the Blackboard patterns with a hypothesis limiter on it to negate the exponential hypothesis problem, a context ontology to layer over top of whatever semantic reasoning one might employ, and a large enough source of events that be used to feed it all. The latter is very important since event isolation would lead to an incomplete set of events to mine for the inference component and probably miss key things.

This is where Adobe LiveCycle enters. LiveCycle, as a platform, has several key places where events are captured and stored in a manner that they can be audited later. The next generation of the LiveCycle platform and the blades that plug into it carry a much more complex series of audit trails than the last version.

Here is a hypothetical situation where a phishing attack is starting. A mass email goes out and tells customers of a bank to use their forms to change their password because of a security breach. If you use LiveCycle Forms, served from a LiveCycle Form Manager, you will generate an auditable event each time one of your customers grabs the form. If your customers account is then accesses and a transfer form is filled out, that will also generate a second event. You now have two events that have a relationship to one thing - the unique account. This should be a relatively easy pattern to catch if you are using LiveCycle as a platform over your IT infrastructure. If you were to use multiple disparate technologies, it could also be caught however this may take more hard work to account for different Document models and mine the events at the same level of granularity.

LiveCycle Policy Server will be able to make events accessible in the LC 8 release and via the SDK, some events are available now. This should be useful to companies who are serious about thwarting criminal behaviour linked to people using their IT infrastructure.

Back to Johnny Rotten now. Things have to change in the world. The pistols and PIL changed me and now I am feeding back change into the world. People need to start thinking about this stuff and start finding ways to fix it. Come to think of it, I guess I am not too changed from my previous punk days. The picture on the left was taken in July of 2006 ;-)