Extreme programming (XP) distilled

Michael A. Cusumano in "Communications of the ACM", October 2007

Key XP practices:

• Planning around user stories
  
• Small releases of functionality
• System or project metaphor
• Simple design
• Continuous testing (or test-driven design)
• Refactoring
• Pair programming
• Collective product (code)
• Ownership
• Continuous integration
• Minimal overtime
• On-site customer representative
• Design (coding) standards

World Cup Draw / Sorteio do Mundial

After yesterday's World Cup 2010 draw, we have the following qualifying group in Asia (group 3): North Korea, Jordan, Turkmenistan, South Korea.

Maybe the Plan includes cleats...

/ This post is bilingual: English (U.S.) and Portuguese (Portugal) /

Depois do sorteio de ontem para o Mundial de 2010, temos o seguinte grupo de qualificação na Ásia (grupo 3): Coreia do Norte, Jordânia, Turquemenistão e Coreia do Sul.

Talvez o Plano inclua chuteiras...

On RFID - part 5 (final)

(and last, but not least... In my opinion the best of all the talks I attended at the conference)

Closing session

The speaker of the closing session was Sanjay Sarma from MIT.

He started by presenting a RFID system's functional stack of today, composed of the following layers: tags, readers, middleware, real-time business processes and ERP (Enterprise Resources Planning). Each company has such a system. When it wants to cooperate with a partner company, it uses EPCIS.

Next he discussed what to do when preparing for tomorrow. There are several topics: security, different types of tags, different data acquisition means, new data types, new real-time business processes, new database requirements, new business processes and new exchange mechanisms.

Low-cost RFID is a constant struggle where you can choose, at best, two of the following: cost, range, functionality.

Regarding security, we have requirements for tag authentication, reader authentication and protection from eavesdropping. The latter two require encryption. Cheap and secure tags are, at least, 5 years away, because we need a new class of technologies, like: digital fingerprinting of integrated circuit on tag, read/write fingerprint at manufacturing and verification on demand.

Sensors need power, so new research is looking for power scavenged from vibrations.

Actuators will also be possible, i.e. tags that change state (1 bit) on their code. This can be a cheap communication medium for remote control.

Beyond passive RFID we'll takes to mapping the space with location/identification technologies like: wifi, cellular, wimax - all will live together. We'll have inexpensive radars.
Reading will expand soon, as Application Specific Readers (ASR) emerge, that are cheaper than today's generic-purpose readers, because they take out the stuff you don't need.
Also interesting is the possibility separating the power and signal from the reading process. For instance, a light bulb could power tags and a centralized reader would read the signals.

Concerning health issues, all studies so far have not shown any influence of RFID radiation on pharmaceuticals and other sensitive products.

The RFID system functional stack will have to extended for real-time business processes.
The middleware layer will deal with device management and will be able to detect events: "what", "when" and "where" (literal).
The business process layer the "where" will have to be enriched with additional context, to be meaningful to business and the "why" will also be important, to trigger actions.
The ERP layer will need a new data model, one that takes into account that mistakes are a part of RFID data. Databases will need to be self-healing i.e. correct themselves using basic models of behavior and of the physical world (e.g. "one missing read doesn't mean much in a warehouse stacked with products..."). Databases will also have to act more like streams and less like batches to handle the voluminous data.

RFID will enable new business processes but it's important that the "tail not wag the dog" meaning that business needs should drive RFID and not the other way around...

RFID will enable dynamic, real-time, reactive systems with the ability of just-in-time focus. Discovery will have to accept high-level commands like "Where has this object been?" and "Who damaged it?" with lots of inter company logic. This ability to "touch the physical world" will allow for the invention of new business processes.

In his final remark, Mr. Sarma recommended that "don't paint yourself into a corner" meaning don't limit your future options. As an analogy, he said that we compare the Internet of 2005 with the Internet of today!


Closing speech of the Portuguese Presidency

Bráz Costa from IAPMEI in representation of the Portuguese Minister of Economy and Innovation, talked about the European paradox: good research but bad economic valuation of knowledge. The current Portuguese strategy follows four axis: create knowledge and companies, qualify to manage, grow by innovation and export.

Carlos Zorrinho from the Portuguese Government technological plan urged Portuguese companies to "make excellence a normal state" using their knowledge, technology and innovation, sparked by creativity, with the goal of economic valuation through problem identification and solution building. The goal is a exports-driven economy.

Afterword

This concludes my report on the “On RFID – The next step to the Internet of Things” conference and exhibition that was held at Lisbon, Portugal on the 15^th and 16^th of November 2007.
I would like to publicly thank the organization for giving me the opportunity to participate in the conference. I would also like to congratulate them on a job well-done!

On RFID - part 4

Day two

Governance of Resources
Bernard Benhamou from the Political Science Institute of Paris presented a "European governance perspective on the ONS". As ONS relies on DNS, the US governance dominance of DNS raises sovereignty issues for other countries. Mr. Benhamou would prefer a multi-lateral, democratic alternative. Mr. Lathia, from the audience, added that the DNS root is comparable to atomic weapons: just having them causes tensions.

Chris Adcock from EPCglobal presented a user-driven perspective to standardization. First he characterized EPCglobal has a neutral, not-for-profit organization with a board of governors composed of 19 individuals representing multiple companies, 9 nationalities (recently including China) and about 100 work groups on standards. The current key challenge of EPCglobal is driving adoption and implementation. EPCglobal's view is that standards govern interfaces, not implementations. EPC standards can be classified in three categories: physical object exchange (air interface protocols), infrastructure (reader protocol, reader management, filtering & collection) and (ALE) and data exchange (enables discovery and sharing of business information, with security authorization, authentication and entitlement mechanisms). The exchange data are EPC events that contain: what, where (location), when (time), why (business process step). ONS is a look-up service and a directory of EPC manager members. Many ONS can coexist as long as they interoperate (entails some redundancy and additional costs). Answering an audience question, he stated that EPCIS doesn't require ONS.

Kiritkumar Lathia from ICT Standards Board and Nokia-Siemens networks presented "Data governance - building trust". In his opinion the fundamental problem is whom to trust in RFID data governance and the common sense solution is that proportionality is needed. The issue is complicated by cultural differences: regional (USA "let the market decide!" vs Europe/Asia "government as caretaker/protector"), generational (young people are less concerned and more willing to use) and conceptual (e.g. privacy in anglo-saxon "My home is my castle" and continental Germany in 1983 "The individual has the right to disclose or not his/her data". In Mr. Lathia's opinion, we standards for simpler, consistent and transparent data manipulation; the disclose policy is a successful approach in applications like Facebook (ex. share this data with everyone/friends/...). As a final note, Mr. Lathia added that all these issues are relevant not just because of RFID, as all information and communication technology means more data sharing and capture issues.

Walter Weigel from ETSI presented a view on "Standards - Europe and beyond". Beyond its success stories - GSM, 3G, DECT, DUB, TETRA - ETSI is expanding its surround services with a center for testing and interoperability and several PlugTests, e.g. 2nd RFID PlugTest in 2008. Mr. Weigel stated emphatically that ETSI is a must consult body, as ESO compliance is required for mentioning technologies in European directives.

Barcode's 30th anniversary
In a short ceremony, a representative of GS1 celebrated the 30th anniversary of the barcode, stating its key features as being simplicity and low-cost. According to estimates, 6% of current product prices is saved by barcodes.

Mobilizing Ideas
Carlos Zorrinho from the Portuguese Government technological plan started the session highlighting the relationship between ideas, economic growth and jobs.

Then Alves Marques introduced the session talking about the importance of lighthouse projects to know where the technology is going and how to materialize the return-on-investment (ROI). In his view, we only really learn by doing.

The first idea was presented by Elena Siri from Instituto Tumori, Milan, Italy and focused on "Blood transfusion". The project's main concerns are patient safety and the auditing of blood transfusion processes. The goals are traceability, monitoring and timely and complete communication. The first results are promising and the project will be extended to hospitals soon.

Markus Kuhn from IML Fraunhofer, Germany, presented "Components labeling for the automotive industry" with the idea of reusing spare parts in new cars. The component's lifecycle would span production, maintenance, disassembly, reconditioning, re-use. Barcodes are not suitable for this application because their resistance is insufficient. The main challenges are: part identification standard for automotive industry; universal database for different OEMs and suppliers; finding suitable tags for the application.

Octávio Lopes from IBERLOG, Portugal, presented HubNet's new logistic concepts. The idea is to make savings in traffic, inventory and delivery time with Hubs - automatic warehouses - where goods can find their way to where they are needed.

Finally, Miguel Ferrinho from Grupo Portucel Soporcel, Portugal, presented WSCOPPI (Wood Supply Chain Optimization of Pulp and Paper Industry) with the goals of automation and optimization to provide traceability from forest to final product with interoperability. A prototype will be developed, for instance, to clarify the different requirements in RFID for tree identification and RFID for wood traceability.


Closing session

(to be continued)

On RFID - part 3

Parallel sessions - Track 2 - Technology Innovation - Applied innovation

The parallel sessions were divided in 3 tracks: 2 for market drive and 1 for technology innovation. I chose to attend the technology track. The first session from this track was chaired by Fernando Videira from Vodafone and the second was chaired by Luís Magalhães from UMIC.

The first speaker of the session was Anthony Furness from AIM-UK with "RFID a blessing or curse for SMEs?". First, Mr. Furness stated the importance of SMEs (Small and Medium Enterprises - micro < style="font-weight: bold;">Michahelles from ETH Zurich who talked about "Opportunities for fighting counterfeit products". These products span multiple categories - auto-parts, pharmaceutical, aeroplane-parts, luxury goods - and currently account for 2% of international trade (USD 176M). 2/3 are produced in China. The goal of fighting counterfeit is to increase the risk profile of counterfeit players and destroy their business model. RFID technology is promising in this aspect as it gives each item a name and allows it to be tracked through the licit distribution channels. The approaches under study are: unique serial numbering, track-and-trace plausability checks (e.g. same item seen at the same time in two places), smarter tags (e.g. tamper-evident) and reliance on object specific features (e.g. like in Euro bills). Mr. Michahelles mentioned the SToP and BRIDGE projects, funded by the EU, who contribute to this fight. One of the ideas is to empower the end-user to give feedback when spotting counterfeit products. This approach is interesting, but can't be applied for all products, as sometimes consumers are not allies to providers, as they benefit from prestigious products at low prices.

Next was a presentation by Kaj Nummila from VTT about the Indisputable Key project, that deals with tracking in the forest industry: from forest to wood use (excluding paper production). They develop different kinds of tags and readers for different uses (e.g. live tree tagging). At the architecture level, they leverage the GS1 RFID and barcode standards and use a publish-subscribe event bus with papiNET and Stanford messaging technologies.

The following speaker was Alexander Zeier from Hasso Plattner Institute in Germany, who is sponsored by SAP. The talk was about "Integrating RFID data in Enterprise Business Systems". The overall idea is that better quality data can lead to better decisions. RFID enables Real World Awareness (RWA) in business processes: the ability to sense, connect, respond. This can increase automation, improve information and processes, and finally, bring business innovation. Real world examples are: smart supermarket shelves, aircraft preventive maintenance and air-ducts maintenance. However, this also brings a data avalanche e.g. according to estimates, if Walmart used item level tagging then 7 TeraBytes of data would be generated every hour. The new proposed paradigm is management by exception and insight: understanding context through a personalized dashboard; gaining insight through an analysis console; taking action through control console.

The final presentation of the session was made by Jason Burke from SAS, a pharmaceutical company. The title was "Right drug, right dose, right patient". SAS aims to tackle the medical errors problem, as it is estimated to cause more deaths than breast cancer and AIDS. So RFID for e-Pedigree (tracking) ensures the right drug is administered. For risk mitigation strategies, Mr. Bruke presented some recommendations: select appropriate technology to assure privacy; be transparent regarding RFID practices to consumers and patients; allow opt-out choices for personal information; engage consortiums of health providers to follow best practices; educate providers and patients. Finally, regarding governance models, Mr. Burke says they should focus on sensitive information without constraining innovation.


Parallel sessions - Track 2 - Technology Innovation - Future paths for innovation

The first speaker of the session was Klaus Rischmuller from ST Electronics, France. He made an excellent overview presentation of tag electronics: "Developing chips and solutions in a complex environment". The laws dictating tag evolution are: Standards (GS1, ISO), Moore's law (microelectronics), Hertz (antennas can't get much smaller than they are now) and Joule's law (limited computing with very limited energy). Tags can be more than just IDs: they can tell a "story". For this, the initial identity should be stored permanently but there should be code, protocol and data for the "story" part. There are four classes of RFID applications: 1 - simple, cheap labels; 2 - large rewritable memory with security; 3 - battery assisted; 4 - sensor and additional processing.

The next presentation was by Werner John from IZN Fraunhofer, Germany, about "Requirements of common european platform for complex RFID applications". He presented a RFID case-study at Deutsche Post. The main idea is of tags having a display with a visual representation of their internal state, readable by humans. This display is very interesting for system migration, evolution and as a fallback procedures when electronic reading is not possible. At the end of his presentation, Mr. John stressed the need for a RFID engineer certification, i.e. people with the right skills mix to develop and implement RFID-based systems.

The next presentation was by Gerd Wolfram from CERP (and from Metro Group). The title was a "Future roadmap for research projects". Mr. Wolfram presented CERP's RFID reference model that structures and describes the different RFID application areas. It is CERP's view that the application determines the technology. So within each application field, CERP work groups performed: state-of-the-art survey, vision statement, gap analysis and identified research needs. The results are 20 major research needs classified in three categories: urgent (1-3 years), mid-term (3-5 years) and long-term (> 5 years). CERP's RFID reference model is a good starting point for any RFID solutions overview and is freely accessible at their web site.

The final presentation was by Ovidiu Vermesan from SINTEF in Norway. The title was "Smart systems on tags" and presented a technology roadmap towards ubiquitous systems: from simple but extensible protocols to more complex protocols. He presented Intellisense RFID, a project that aims to abstract tag type and reader type using multi-frequency antennas, to overcome the current fragmentation of RFID technologies and to achieve unified systems. Tags have a "personality": they sense, actuate, identify, interact, interface and communicate. Their technical features are: small size, ultra low power, low cost, invisible, and autonomous. The approaches to the overall system can be: centralized (EPC-like), decentralized (smart-tag-centered) or something in between, to achieve a more efficient network infrastructure. Finally, Mr. Vermesan presented a very thorough challenges list: environment independent tags (metal, liquids); smart tag networking (tag-2-tag); advanced power supplies (fuel cells, polymer batteries); real-time localization and tracking; data security (energy efficient encryption technology); higher frequencies (enhanced positioning resolution, smaller antennas, compact mobile readers); low power, large capacity memories; communication protocols technologies (low power, bandwidth efficiency); printable electronics (polymer electronics). In the questions and answers, Mr. Vermesan mentioned his opinion that the mobile phone with integrated reader can be an entry point from the ad-hoc network into the wireless network. One final note: this presentation had very good figures, that elegantly conveyed the ideas.


Day two

(to be continued)

On RFID - part 2

Security and privacy: Does Europe need new rules for RFID?

This session had two initial presentations and a panel discussion.

Kathryn Ratté from the US Federal Trade Commission (FTC) was invited to make a presentation of the US approach to security and privacy in RFID, as the FTC is responsible for consumer protection and law enforcement in the private uses of data. They have an internal RFID group since June 2004. They try to prevent consumer harm by helping consumers help themselves through information and education, but also make sure businesses keep their promises to customers and support industry self-regulation initiatives to create meaningful accountability mechanisms. They recognize there isn't a single solution suitable for all cases, so they do a company assessment and risk analysis for each case.

Reinhard Posch from the ENISA (European Network and Information Security Agency) presented his view on the subject. He identified security, supply chain and asset tracking as the main RFID applications. He regards tag cloning as the main security threat for RFID applications and mentioned signature-generating tags as a possible solution. Other technical challenges for RFID are system scalability (billions of tags) and the management of access rights to data. He also briefly mentioned other challenges for RFID: environmental and health issues.

Next started the panel discussion moderated by the journalist Vasco Trigo. The participants were David Hoffman from Intel, Peter Hustinx from EDPS, Michael Donohue from OECD, Emilie Barrau from BEUC, Kathryn Ratté from the US FTC and Reinhard Posch from ENISA.

After attending the hour-long discussion, my notes are the following:

• Surveys show that consumers have privacy and security concerns. Privacy trade-offs for consumers require information, but we have to find a clear way to state the issues. Opting out of RFID won't be a real option in many cases, as some applications will be mandatory (e.g. passport) and others won't have alternatives;
• Privacy doesn't mean the same accross the world, but there are some shared principles;
• Another inconvenient truth (reference to Al Gore's global warming alert movie) is that RFID is the infrastructure for worldwide surveillance;
• However, RFID is a suite of technologies and not all of them affect privacy. At this moment, it is important to avoid creating generic rules that can hinder potentially useful applications (e.g. upfront consent vs unconscious patient in hospital);
• Change is unavoidable in 5 year time frame. Technology misuse will happen but it won't stop technology adoption. We need reasonable solutions proportional to risk, so we need to make privacy impact assessment and to leverage PET (privacy enhancing technologies);
• People would prefer to build the security in the technology from start, but this isn't completely possible because not all problems can be anticipated;
• Regulation can act now to require minimum tag capabities, like tag kill. Only later will the problems be truly assessed and then the existing mechanisms can be used to implement solutions;
• The main distinguishing feature of RFID compared to existing technologies is the invisibility of tags and the possibility of covert reading. This is what might make current legislation obsolete.

Parallel sessions - track 2 - Technology innovation - applied innovation

(to be continued)

Thir-T-Shirt

On RFID

Foreword

The “On RFID – The next step to the Internet of Things” conference and exhibition was held at Lisbon, Portugal on the 15^th and 16^th of November 2007.

The conference was organized by Link Consulting, UMIC and IAPMEI and was integrated in the Portuguese Presidency of the Council of the EU. The conference was a follow-up to a previous conference held on June 2007 in Germany.

I was fortunate to attend the event, including all plenary sessions and the technology innovation parallel sessions. Overall it was a very good conference and very well organized (with the exception of some occasional sound system issues). For my personal interest I would have liked more in-depth technical presentations, but it was still a worthwhile attendance.

Next I’ll share some of my notes with you about presentations I found interesting. Like all selections, I’m sure I left out some important things, but hopefully not too many. I also left out the speaker's professional titles, as I want to write in a more informal style and I don’t have accurate information for everyone.

Day one

Opening session

In his welcome address, Alves Marques greeted all the attendants and underlined the great public interest and participation in the conference and outlined the programme.

The Portuguese Secretary of State, Manuel Heitor, made the opening address structured around the relationships of RFID with people, knowledge and ideas as key to building a common RFID framework.
The European Commissioner Viviane Reding addressed the audience through a recorded video, mentioning the potential impact of RFID in all aspects of human life and stressing the importance of cooperation within Europe and with global partners as one country alone cannot solve all the problems, including the privacy and security issues.

Ten Hompel from IML Fraunhofer, Germany, relayed a message from the German government that mentioned the importance of preserving European interest in regard to the management of RFID data, and the necessary attention to SMEs’ (Small, Medium Enterprises) RFID adoption barriers, as SMEs are play a very important role in European innovation.

Next Mr. Hompel started his personal message with some suggestions for RFID: disseminate information and best practices; take a light approach to regulation, trusting in self-regulation; solutions are application-specific, as they always involve trade-offs.

Mr. Hompel continued with a very interesting analogy from the Physics world of the past century, comparing the two opposing approaches to understanding the Atom: Bohr’s classic physics and Einstein’s relativity. He also mentioned Heisenberg’s uncertainty principle. Then he used the analogy to give his opinion on the correct approach to SCM (Supply Chain Management) systems: “Do not try to predict the unpredictable”; Production and logistics are non-deterministic and the only way to cope with this reality is using a service-oriented approach and letting service-chains come up in real-time. This approach also benefits from an agent based-approach to modeling complex, real-time systems. In my view however there has to be a special attention to exception handling and disaster scenarios in these more loosely coupled systems.

Security and Privacy: Does Europe need new rules for RFID?

(to be continued)

Paranoid Android

Is the title of a Radiohead song from the album "OK Computer". I though of this title following the announcement of Open Handset Alliance and Android from Google and its partners. I'll explain why later in this post.

Android is a strategic move by Google, anticipating the trend of increasing mobile phone Internet access. Google is trying to break the gridlock imposed by wireless network operators who have a closed service approach to mobile phone applications and like to tightly control the software. If you never tried developing mobile applications you don't know how difficult it is; especially in regard to deploying your applications. Imagine what it would be like if your PC and files were not managed by you, but by a third party taking into account his interests and not yours, like charging you absurd amounts of money for copying some bytes to your device.

With Android, Google is creating an open and quality mobile application development platform. This will make a difference!

The only unfortunate aspect of the initiative is the branching from Java specifications, doing some adaptations and meshing of existing open-source technologies. I guess this is an unavoidable necessity, as the Java Micro Edition environments have been mired in multiple incompatible flavors, leading to a scattered development experience.

So, why should Android be paranoid? I'll cite another lyric, now from Nirvana's Kurt Cobain: "Just becauce your paranoid, doesn't mean they're not after you" - in this case, at least, Microsoft (of course) and the wireless network operators (new business opponents).

I sincerely wish Android success in liberating mobile developers but I also hope we don't switch from one gridlock (wireless network operators) to a new one (Google's). Let's keep the platform open and the competition fair. Or putting it another way, let's cross our fingers and hope for "no-evil" on this one too!

My view of (South) Korea / A minha visão da Coreia (do Sul)

This is an European's perspective after a one-week visit to Seoul.

More people

Walking in the streets and subways of Seoul is an intense experience. You see lots of people walking around, busy.
More than in Europe, and more than in America (New York).

More work

The pace is impressive: people walk faster, talk faster and work faster.
They also have an unrelenting commitment to work that is almost-fanatical.
You clearly see a country where its most outstanding natural resource is its people!

More technology

The average technology threshold for a Korean is clearly higher than a European's.
A good example are the mobile phones. I rented a phone and I was amazed the by sheer amount of useful features crammed inside such tiny devices. Much more than in Europe and USA, and people are more technology savvy.
Also, the hotel's broadband Internet connection was very impressive.

A different language

Not better or worse, just different. I learned a few phrases (thanks to a phrase-book from Lonely Planet and audio lessons from SurvivalPhrases.com) and I began to understand the patterns of written language.
I expected koreans to be better english speakers than I found out them to be, but they have lots of interest and I think the next generation will improve greatly.

A scarred country

I visited the border between South and North Korea, and I was touched by the historic singularity of it. It isn't a natural border, like a mountain or something. It is political. A couple of kilometers further north, the living conditions are so different.
In last decades in Europe, we've seen borders thin into merely conceptual lines. It very disturbing to see a military borderline, with people on both sides, willing to use force on each other if needs be.
I hope God's plan to Korea gives both sides a solid path to national reconciliation. In my lifetime, I would very much like to visit Korea again, and find it reunited and going strong!


/ This post is bilingual: English (U.S.) and Portuguese (Portugal) /

Esta é a perspectiva de um Europeu depois de uma visita de uma semana a Seul.

Mais pessoas

Andar nas ruas e metro de Seul é uma experiência intensa. Vêem-se muitas pessoas a passar, ocupadas.
Mais do que na Europa, e mais do que na América (Nova Iorque).

Mais trabalho

O ritmo é impressionante: as pessoas andam mais depressa, falam mais depressa e trabalham mais depressa.
Têm também uma dedicação enorme ao trabalho, que chega a ser quase fanática.
Vê-se claramente um país onde o seu principal recurso natural é o seu povo!

Mais tecnologia

O limite médio de tolerância à tecnologia de um Coreano é claramente superior ao de um Europeu.
Um bom exemplo são os telefones móveis. Aluguei um telefone e fiquei espantado com a enorme quantidade de funcionalidades úteis contidas em aparelhos tão pequenos. Muito mais do que na Europa, e as pessoas sabem usar a tecnologia.
A ligação Internet de banda larga do hotel era também impressionante.

Uma linguagem diferente

Não melhor ou pior, apenas diferente. Aprendi umas poucas frases (graças a um livro do Lonely Planet e lições audio de SurvivalPhrases.com) e comecei a compreender os padrões da linguagem escrita.
Esperava que os Coreanos fossem melhores falantes de inglês do que eram na realidade, mas eles têm muito interesse e penso que a próxima geração vai melhorar grandemente.

Um país com uma cicatriz

Visitei a fronteira entre a Coreia do Sul e do Norte, e fui tocado pela sua singularidade histórica. Não é uma fronteira natural, como uma montanha ou outra. É política. A poucos quilómetros para norte, as condições de vida são muito diferentes.
Nas últimas décadas da Europa, vimos as fronteiras encolher para linhas meramente conceptuais. É muito perturbador ver uma fronteira militar, com pessoas de ambos os lados, prontos a usar a força se for necessário.
Espero que o plano de Deus para a Coreia dê a ambos os lados um caminho sólido para a reconciliação nacional. Ainda durante a minha vida, gostaria muito de voltar a visitar a Coreia e de encontrá-la reunida e bem!

NWeSP 2007 review - day two

Day two of the conference started with a key note, presented by Kaori Yoshida and Mario Koeppen: "The Gestalt of Web Services". A very interesting presentation of visual aspects of web design. Unfortunately it was mostly off-topic for this conference. Maybe not if there was a standard visual representation for a set of web services and "aesthetic" metrics to "see" if the services looked good or bad (ex. too many dependencies)...

Hridesh Rajan working in Iowa State university, USA, presented the paper "How to Trust Web Services Monitor Executing in an Untrusted Environment?". It was one of the most interesting papers of the whole conference. It proposes adding hardware-based trust verification capabilities to SOA, using TPM - Trusted Platform Module - embedded in the servers' microprocessors (ex. Intel's). Only the trust monitors are bound to the server hardware TPM but not the services executing on that machine. This is an interesting approach to build a TCB - Trusted Computing Base - in a distributed system. However, there has to be a hardware registry of the servers, and a trusted procedure for the distribution of public keys when new servers are added to the infrastructure.

Another very good paper was presented by Gottfried Vossen, from Germany: "Web Service Discovery - Reality Check 2.0". The paper discusses the real world use of Web Service registries, like UDDI. The main conclusion is that UDDI may be interesting in a closed world inside an organization (especially in a single vendor environment - SAP, Microsoft, IBM, ...), but in the Internet, service discovery is mostly a human-centered process: people find out about the service and link directly to its contracts. The Universal Business Registry vision might never come true.
On a side-note, the paper also does a good Web 2.0 overview, highlighting its main principles and differences to Web 1.0.

The paper "ATHENE - An Approach for Modeling Semantic Web Processes over User-friendly and Editable Ontology Models" by Nishant Singh from India, presents a well structured approach to semantic description of services, using a user-driven process, with a three layer model. The users are developers and/or domain experts. The tiers are Meta2-model (object, types and relations), Meta-model (using OWL) and Model. There are also some user-interface abstractions - like notebook - to help the users edit the ontology.

Next, I presented my work "Core mechanisms for Web Services extensions" (in case you don't remember, I'm Miguel Pardal from Portugal's Instituto Superior Técnico). I described the core mechanisms necessary to build Web Services extensions, regardless of the underlying platform. I also mentioned the on-going work to build an extensions engine integrated in a three-layered application framework. In the Q&A, I talked about general-purpose extensions (ones that add some specific funcionality or a WS-standard implementation) and customization extensions (ones that add features to an existing capabilities). A good analogy for WS-extensions are Mozilla Firefox's extensions.


The next presentation was "A Framework for the Requirements Analysis of Service-oriented Workflows" by Jochen Muller, from Germany's University of Kaiserslautern. The paper presents a workflow definition where it is a service and is composed of (stateless) services. The methodology distinguishes between process design and enactment stages of the workflow. The workflows can be long-running, with some instances taking years. The system is focused in the e-Government domain, particularly, in the gov-to-gov interactions. In my opinion, this proposal would benefit from having an explicit account for versioning, in order to have different version workflows running side-by-side.

The final presented paper was "On The Use of Ontology Reconciliation Techniques in SOA" by Patricio de Alencar Silva, from Brazil. This work is about the Semantic Web and its automatic service discovery and binding. The paper acknowledges the fact that semantic heterogeneity is not a computational problem, but a philosophical one. It presents the existing approaches to brigde concept definitions gaps between different organizations and application domains using ontology-based techniques.

NWeSP 2007 review - day one

I'm now going to present some highlights from NWeSP 2007, the 3rd International Conference on Next Generation Web Services Practices, held in Chung-Ang University, Seoul, South Korea, from October 29 to 31 , 2007.


In the opening session, Dr. Nikolay Shilov from Russia, presented the talk "Combining logics of Knowledge, Time and Actions for reasoning about Intelligent Agents". It was about the different approaches to knowledge: formal concepts analysis (FCA), description logic (DL) and other logics of knowledge. The first two are suitable to represent static facts about objects and their relations. The latter deal with uncertain and evolving environment acquisition. Dr. Shilov argues that these are the most suitable to build Semantic Web Services.
It was a good talk. My main criticism is that the present results are too distant from current Web Services applications.

The first presented paper was "A Simple Approach to Optimize Web Services Performance" by Tanakorn Wichaiwong from Thailand, about the performance improvements of using FTP transport for Web Services (WS-FTP) in an Intranet environment comparing to HTTP. Security issues were not analysed.

The next presentation was "Transforming valid XML documents into RDF via RDF schema" by Thuy Pham from Korea, about the conversion of XML-DTD data structures to RDF format, more suitable for Semantic Web, where the information is represented in triples: subject, predicate and object.

Next was "First approach to Design a Web Service Honeypot: WS-pot" by Hugo Gonzalez from Mexico. Hugo described his system that applies the honeypot approach to web services security: simulate a service and attract attackers to record how they try to compromise the service or the server machine. Promising work, especially if the real-world attacks data will be related to the effectiveness of security mechanisms provided by the WS security standards.

The next two papers were presented by Dimitru Roman, working in Austria.
The first one was "On describing and ranking services based on non-functional properties" about a description and automatic binding mechanism for Semantic Web Services. The presented work was tested with lab application. It is a gradual phased-approach to Web Services, that might be an interesting approach. Check http://www.wsmo.org/ for more information. In my view, the greatest problem is that it assumes uniform knowledge (ontology) between the cooperating organizations, which is difficult to achieve in real-world applications.
The second one was "A CTR-based Approach to Service Composition Patterns" describes the use of CTR - Concurrent Transaction Logic (only atomicity property) - to implement different workflow patterns. This paper is based on the patterns catalogue available at http://www.workflowpatterns.com/.

Next "The WINGS of jCOLIBRI: A CBR Architecture for Semantic Web Services" was video-presented by Juan A. Recio-Garcia, from Spain. CBR stands for Case-Based Reasoning and proposes a client-server binding architecture based on a history of previous interactions (cases), finding similarities with current invocation and performing some minor adjustments. The authors find limitations in their proposal that they will attempt to solve using planning techniques.

The final presentation of the first conference day was "A Framework for Measuring Performance in Service-Oriented Architecture" by Si Won Choi, from Korea. It was a very good paper about Web Service performance metrics. The main benefit of the proposed metrics is their practical measurement procedure. The metrics were obtained with a statistics collector and a performance monitor for a hotel reservations web service, built on top of the Apache ServiceMix ESB.

The most interesting poster was "Aspect Mining for Dynamic Service Orchestration" by Hao Yang, as it presented a practical application of AO4BPEL, an aspect-oriented extension for BPEL.

Fun and study / Diversão e estudo

"In Portugal, the education policy of the last decades has been moving in the wrong direction. Instead of going from entertainment to education, it has gone from education to entertainment. Instead of promoting fun toys and games that (discreetly) also teach and develop abilities; it has promoted fun study, where what matters is trying, not achieving, with a loss of responsibility and individual commitment, whose negative effects we feel today in the lack of excellence in work."

~ Joana

/ This post is bilingual: English (U.S.) and Portuguese (Portugal) /

"Em Portugal, a política de educação das últimas décadas foi na direcção errada. Em vez de se ir da diversão para a educação, foi-se da educação para a diversão. Ou seja, em vez de se promoverem brinquedos e jogos divertidos que (discretamente) também ensinam e desenvolvem capacidades; promoveu-se o estudo divertido, onde o que interessa é o tentar e não o conseguir, com perda de responsabilidade e de empenho pessoal, cujos efeitos negativos se sentem hoje na falta de excelência no trabalho."

~ Joana

In line / Na linha

I've been in life's line for long enough to know it's not a straight... / Estou na linha da vida há tempo suficiente para saber que não é uma recta...

Useless

Someone special sent me this: / Alguém especial enviou-me isto:


In love's math, the unit(y) is infinity... / Na matemática do amor, a unidade é o infinito...

Why publishing matters?

Some of you might ask: why so much trouble finding about conferences or journals? Can't I just do my job, get my degree and get on with life? Do I really need to write a paper about what I'm doing?

In my experience, publishing is more important than it seems at a first glance. Why? Mainly for two reasons:

1 - When you write down your ideas and work in paper form - with concise, well-written text, and full referencing - you are forced to summarize your ideas and to look at what other people are working on. It makes on focus on what you do better or differently. It makes you distill what you did.

2 - When you share your work with an interested audience, you get feedback from other people that can reason about what you're doing. This enables you to anticipate the criticisms your work will face, and do something about it before it's finished.

Conference posters are more suitable for on-going work, as they maximize the feedback from more diverse people. Conference paper presentations are usually attended by fewer, less diverse people, but the feedback is more focused.

Never forget to make your contacts visible! Sometimes the feedback comes after the conference.

You can also keep a publications page, so that people may easily find your work on the web. However, there must be a disclaimer.

Sharing International Conferences with Google Calendar

Following my paper search, I identified international conferences on subjects relevant to my research. These are potential submission targets. Papers are excellent deliverables that can also work as a research milestones.

I use a public Google calendar to share this information with anyone who is interested. The address is the following: International Computer Science Conferences

If you want to cooperate in keeping this calendar up-to-date, please let me know.

a person is Bourne

How is it that Jason Bourne has so much personality without having an identity?

Indeed the human heart holds a mystery...

Searching digital libraries

I'm currently looking for research papers on the top scientific digital libraries. For computer science, they are ACM's and IEEE's. Also interesting are Google Scholar and CiteSeer.

My search strategy was to build a table where the rows are the search terms (ex. RFID, Auto-ID, ...) and the columns are the libraries or search engines (ex. ACM, IEEE, Google Scholar, CiteSeer, ...).

I then went through all the table cells, doing the searches and looking at the results.I read the paper's titles and abstracts and selected those more relevant for my current interests. This can be very time consuming. For a 4x4 table, I downloaded a total of 200 papers.

For all downloaded papers, I also stored bibliographic information, preferably in BibTeX format, or at least, the paper's URL location. This will be very handy when I'm writing my own papers.

I'll take note of the date when the search was performed. Then, when I want to update the search, I can then specify that I only want papers published after my last search (this option is usually available as an advanced search parameter).

Another interesting information to retrieve is to identify which conferences are more relevant to my current work, as these can be good publication targets. I put them in my Google conference calendar to keep track of the submission dates.

Big Picture day

At this stage of my PhD work I want to keep an open mind to new ideas, however I don't want to lose my focus...

How can I cope with both these seemingly contradictory goals?

I've tried several things in the past, but now I'm trying to have a "Big Picture day" in the week. I use this work day to keep track of the cool and interesting science and technology stuff out there: I read papers, news, mails, web sites, etc.
If I make a new connection with my work, I'll write it down and look it up later.
In the remaining days of the week I refrain from looking at stuff, to avoid distraction.

Back to work: PhD Prologue

I'm coming back to work after a fantastic holiday with the people I love the most.

Now I've got my "batteries" fully recharged to start a new challenge: my PhD.

Before I enroll in the actual course, I'm doing something I named PhD prologue. I've been doing it since January 2007, but now it's focusing and intensifying.

During this prologue I spoke with several researchers and senior colleagues, looking for interesting subjects for my PhD.

I'm currently directing my preliminary research to the Internet of Things, that aims to leverage the power of the Internet and of the upcoming RFID technology.

RFID stands for "Radio Frequency IDentification" and is a technology that allows contact-less reading of data tags or sensors. In a world where each object is not only classified (with a bar code), but also identified (with a RFID tag), imagine the new problems (and opportunities) that are coming just around the corner...

The goals of the PhD prologue are:
1 – Delineate the research area
2 – Identify the players (industry and academia)
3 – Identify the main problems to address

I intend to write about these in a position paper. Then, the PhD can start!

Web clipping / Recortes da Web

For my professional web searches I find it useful to use a web clipping application to let me focus on the topic I'm researching without worrying about losing the references.
For this task I've used EverNote, but recently I've switched to using Google Notebook. It would be even more useful if it could also be used with PDF documents (and Word, and ...).

/ This post is bilingual: English (U.S.) and Portuguese (Portugal) /

Para as minhas pesquisas profissionais na Web é-me muito útil ter uma aplicação de recortes web (web clipping) que permite deixar-me manter a atenção no assunto que estou a pesquisar sem me preocupar em ter que guardar as referências na hora.
Para esta tarefa já usei o EverNote, mas recentemente mudei para o Google Notebook, que seria ainda mais útil se pudesse também ser usado em documentos PDF (e Word, e ...).

Prison Break 3

My favorite TV show at the moment is Prison Break. For those who have never seen it, I highly recommend it! It's a story of two brothers in extreme situations, with a great storyline, deep multi-dimensional characters and a pinch of conspiracy.

Recently I've finished watching season 2 and I have some predictions for season 3:

(warning: possible spoilers)

1 - In the first shows, Scofield will be missing to heighten the tension

2 - Lincoln will go inside the prison to rescue Michael

3 - Sarah will have to cope with the murder of Mr. Kim, but will ultimately work from the outside to rescue Michael legally

4 - Mahone and Scofield will be allies inside the Sona jail

5 - Kellerman is not dead. He has been rescued by the ex-president Caroline, in hope of him help her get back to a top spot.

6 - T-Bag will go inside the Sona prison to keep watch on Scofield for the Company

7 - Sucre will go inside the Sona prison to find out what happened to Maricruz

8 - The Company wants Scofield inside Sona prison because someone there - they don't know exactly who - that has a secret that can seriously compromise the Company, and they want Michael to break out and release the secret. All previous attempts to infiltrate the prison have failed miserably.

Now we just have to wait and see if I got it right! ;-)


/ This post is bilingual: English (U.S.) and Portuguese (Portugal) /


A minha série de televisão preferida do momento é o Prison Break. Para quem nunca via, recomendo vivamente! É uma história de dois irmãos em situações extremas, com uma grande história, personagens multi-dimensionais e uma pitada de conspiração.

Recentemente terminei de ver a segunda temporada e tenho as minhas previsões para a terceira temporada:

(aviso: possíveis revelações antecipadas)

1 - Nos primeiros episódios, o Scofield não vai aparecer para aumentar a tensão e a expectativa sobre o que aconteceu

2 - O Lincoln vai entrar na prisão para salvar o Michael

3 - A Sarah vai ter que lidar com o homícidio do Sr. Kim, mas vai superar e trabalhar por fora para libertar o Michael de forma legal

4 - Mahone e Scofield serão aliados dentro da prisão de Sona

5 - O Kellerman não morreu. Ele foi salvo pela ex-presidente Caroline, na esperança de ter a ajuda dele para recuperar uma posição importante.

6 - O T-Bag vai entrar na prisão para vigiar o Scofield a mando da Companhia

7 - O Sucre vai entrar na prisão para descobrir o que aconteceu à Maricruz

8 - A Companhia quer o Scofield dentro da prisão Sona porque existe alguém - eles não sabem exactamente quem - que tem um segredo que pode comprometer seriamente a Companhia, e eles querem que o Michael fuja da prisão para libertar o segredo. Todas as tentativas anteriores de infiltrar a prisão falharam miseravelmente.

Agora só temos que esperar e ver se eu acertei ou não!

Goals before contents

Before you produce contents to present your ideas, define the goals of what you want to achieve.

How to organize learning resources

Organize the learning resources using the following guidelines:

Start with what is simple and end with what is complex;
Start with what is concrete and end with what is abstract;
Start with what students already know and end with what they don't know.

The rule of 3-tells

I've used the following rule while writing my MSc thesis:

"
Tell what you'll tell,
Tell,
Tell what you've told,
In a paragraph, section or chapter.
"

Offline Web Applications: Google Gears

Google has just released Gears.

http://code.google.com/apis/gears/

Google Gears consists of three modules that address the core challenges in making web applications work offline.

LocalServer - Cache and serve application resources (HTML, JavaScript, images, etc.) locally
Database - Store data locally in a fully-searchable relational database
WorkerPool - Make your web applications more responsive by performing resource-intensive operations asynchronously

I haven't tried it yet, but as I mentioned in an earlier blog post, this approach makes sense according to the recent trends in web applications, like Google Calendar and Google Docs. These kinds of applications will surely benefit from local storage.

+

No Senhor pus a minha esperança, a seu lado não temerei; O Senhor é minha força, Ele é a minha salvação!

/ This post is bilingual: Portuguese (Portugal) and English (U.S.) /

In the Lord I have put my hope, by his side I shall not fear; The Lord is my strength, He is my salvation!

The World is Flat

I've just finished reading "The World is Flat" by Thomas Friedman.
I highly recommend it, as it (finally) puts globalization in a constructive perspective and is a very entertaining read.

BPEL in a workflow perspective

BPEL stands for Business Process Execution Language
It is a standard, originally proposed by Microsoft and IBM, that is orchestration-based, meaning that the business process is represented by a graph, whose vertices are activities and edges are control and data flows, allowing for the composition of web services.

In a "workflow" system perspective, you can say that BPEL is the "flow", whereas the composed web services are the "work", meaning that the bulk of the processing is done by the web services (ex. complex algorithms, database accesses, etc.) while BPEL is more suited to do web service invocations.

+

Tudo está onde deve estar e vai para onde deve ir: o lugar assinalado por uma Sabedoria que (os Céus sejam louvados) não é a nossa!

/ This post is bilingual: Portuguese (Portugal) and English (U.S.) /

Everything is where it should be and goes where it should go: a place signaled by a Wisdom that (Heaven be praised) is not ours!

In software development, "think global, act local"

"Think global, act local" is a management motto for multinational corporations used very often in the 1980s.

One of these days I was explaining some students how to start working on a project and I told them this sentence.

The logic is: you have to think about the project as a whole taking all requirements into account - hence, "think global" - but when developing, you must break up the large problem in smaller problems and they work on each one, one at a time, testing and consolidating - "think local".

Schema management in Web Services

A Web Service is specified by a WSDL contract that defines types using XML Schema.

For basic services - like Hello World, Calculators, etc - it is sufficient to have a single, embedded schema in your contract.
However, for useful, real-world, services you need to take schema management into consideration, otherwise you end up with lots of replicated data structures. You should have, at least, the following indirection levels:

WSDL operations
depends on
XSD operations input and output
depends on
XSD domain entities

The domain entities should be shared in meta-data repository, to avoid uncontrolled replication.
For controlled replication, you can use data catalogs, that work as a schema cache, not as a schema copy.

Message Queues in 1 minute

Message queues are a communications model between multiple parties: one-to-one, one-to-many or many-to-many.

A queue is a first-in first-out data structure.

Message brokers are servers that assure the following properties for messages: they don't get lost; they are persistent; they are delivered in order.

Message queues enable asynchronous communication, because the sender doesn't have to wait for the receiver, as they connect to each other through the message brokers.

New knowledge work tools

Knowledge work systems (KWS) are information systems that extend people's capabilities for doing non-repetitive tasks. You can find more information about information systems on the Laudon book. A great read!

Concerning KWSs, a friend suggested I try the following tools:

Freemind (multi-platform) is an application for drawing mind-maps. Great for meeting notes.

For helping in web-based searches, with full referencing, try DevonThink (Mac) or EverNote (Windows).

For a new take on text editors, check Textmate (Mac).

I've been looking for a "Web Clipboard" (copy-paste). Wouldn't it be useful to share information with this known paradigm while chatting with a colleague on a messenger application. Do you know any tool like this that is out there? Leave a link on the comments. Thanks!

Office 2007 vs The Google Revolution

Last week I tested the new Microsoft Office 2007. It is the first major upgrade in the world's most used office work system. I think it is clearly a step forward in user interfaces. However, the relearning will be expensive and frustrating for most users. Also, I think that the new document formats can very well be a costly mistake for Microsoft, because much of Office's dominance has to do with "doc" and "xls" file formats being de facto standards.

I can sum up my impression of Office 2007 as "cool, but slightly off-target". Why off-target? Because the actual problem people face nowadays when they work in documents, has more to do with sharing and collaborating, than finding sophisticated features.

Enter Google Docs & Spreadsheets, with collaborate, sync and "always" available. In many ways, Google is revolutionizing the way people work and communicate.

The revolution started with GMail and its awesome 2 Gigabytes of free storage, at a time where equivalent services offered 1000 times less, just around 2 Megabytes. Then Google Earth created a global view of earth like no other computer application before it. Then more applications followed: Google pages (100 Mb), Google Calendar, Google Docs & Spreadsheets. With Google Docs & Spreadsheets you can create and easily share documents with specific users or with everybody. You can also simultaneously edit the document.

The concept is great, and makes way for the Desktop of the future. However, I think, before it can become a reality, something new on the client-side will have to appear. Something between a web browser and a Java applet container, that keeps the simplicity of web development, adds persistent local storage and built-in AJAX-like primitives.

However, there is a dark side to Google (and all similar web applications from other companies): remember, you don't know where your data is being stored. Assume that everything you do with Google can be read by someone else. About Google (and all other similar web applications), I quote Scott McNealy:

"You have zero privacy. Get over it."

The Law of the Instrument

"Give a small boy a hammer,
and he will find that everything
he encounters needs pounding."

Abraham Kaplan

From a fortune cookie...

"Trust is earned by many deeds."