Continuing Intermittent Incoherency

Blatantly Mis-Quoting Sublime

May 7, 2008 – 2:02 am

Dojo, DWR, CometD, OpenRecord, and the newly accepted Psych Desktop project are all 100 for 100 on Dion’s scale because we’ve done the hard work of building a Foundation, ensuring the IP provenance of every checkin, built a community structure that gives everyone who’s significantly invested a real voice, and have made the sacrifices that ensure that Dojo Foundation projects aren’t just “open”, but that they’re trustworthy.

Dion’s right:

The license is a great starting point, but it isn’t enough.

The Dojo Foundation has open door for any web projects that want to join and will do what it takes to get their score all the way up to 100. If the projects you’re using aren’t 100 for 100 — particularly given that we make it so easy — isn’t it worth asking “why?”

By alex | Posted in Dojo Foundaton, community, licensing | Comments (0)

A Brief Personal Note

April 13, 2008 – 4:08 pm

Yesterday, April 12th, Jennifer and I were married. Our warmest thanks to everyone who attended and our sincerest regrets to everyone whom we could not invite.

Our friends and family made the day truly special.

By alex | Posted in personal | Comments (31)

App Engine: Most Of The Stuff I Want, None Of The Stuff I Don’t

April 8, 2008 – 3:51 pm

I’m not sure who or how, but I got an invite to yesterday’s Camp Fire One event at Google where they announced their new App Engine platform. The event itself was small-ish, with lots of interesting people invited (both from Google and not). I had no idea ahead of time what the announcement would be, and frankly I forgot all about the event until the day of. I’m glad I remembered (note to future self: next time, pack gloves and a hat).

As they started talking about the platform and what’s part of it (and what’s not), I couldn’t escape escape the feeling that they’d gotten it right. It is absolutely the case that for most apps, scaling requires some amount of re-architecting. Systems like Rails are built with such a dependence (intentional or not) on the features of relational data stores that they quickly hit bottlenecks because frameworks aren’t keeping developers out of the gutter. This is nearly the same lesson that the security community collectively came to when it started to beat the average developer about the head regarding the awesome power of defaults. What systems do and don’t do for you “cheaply” defines their character, and in many systems those choices aren’t made consciously, or if they are, they don’t have the benefit of a different perspective which might de-emphasize certain traits. Call it libertarian paternalism, choice architecture, or pure condescension, but whatever it is, systems and platforms today are in the explicit business of making some things easier than others.

As the presenters showed how to make an app quickly, I knew I was looking at something I hadn’t seen the likes of since Jot. We all know that Big Table is a column-oriented data-store, but since most people are still stuck on the likes of MySQL, it’s hard to appreciate how liberating it is not having to think about how adding properties to models will affect a schema. The way App Engine is constructed lets the data store layer provide something called expando models. These models give us the kind of flexibility that I’ve only ever enjoyed before inside of Jot. Want a property? Just add it. No migration, no schema version…just data finding a happy home, and as your app’s skeleton “solidifies” and you figure out which properties really do need to be faster, you can migrate that data into fixed properties with indexes and types and all that jazz. It’s like a gradual type system, only for data stores. It’s agility nirvana for application development.

Speaking of application development nirvana, they also had the good sense to start with a great language (Python) and a great webapp framework (Django) as the basis for the new system. For all the Rubyists and Java heads out there who are surely crying bloody murder, I suggest that they just try it. Seriously. Django’s template system is freaking sweet, and Python (despite it’s lambda-related warts) is close enough to being executable pseudo-code as to still hold the second place in my toolbox of languages.

There’s a lot which I’m sure others will (and have) covered about how App Engine is going to change the game for startups and players like Amazon, but I think that if someone else had launched this system it would still survive on its merits alone. The only wrinkle in the whole thing will be seeing what’s done about pricing over the long haul. It really shouldn’t be hard for Google to beat S3 on price, and I’m sure there will still be a market for EC2 for non-traditional tasks, but fundamentally I think App Engine has all the makings of something really, truly better than the current (assumed) stack.

After more than a year of mourning the effective loss of Jot as a platform, writing apps on the server just got interesting for me again, and that may be the highest praise I can offer and framework or platform.

By alex | Posted in programming, python, webdev | Comments (3)

Dojo 1.x: Industrial Strength Open Web Tech

April 3, 2008 – 6:45 pm

…just ask AOL. James Burke just pinged me to let me know that AOL Webmail has been updated with a slew of new features built using Dojo 1.0. A quick inspection of the app shows all kinds of great stuff including tons of custom widgets as well as extensive use of the Grid. To keep loading of the app quick, AOL is using custom builds to pull Dojo from a CDN and a number of application-specific layers in order to defer loading of code until it’s needed. Congrats to the AOL Mail team! It’s inspiring to see a site that does billions of page-views a month using Dojo so effectively.

Dojo 1.x is now powering the UI of the world’s largest mapping service, one of the world’s largest email services, the most useful personal information service anywhere, and the front-end of my favorite RSS reader.

The proof of Dojo 1.x’s quality really is in the pudding. Congrats again to the AOL Webmail team!

Update: Travis Vachon also just sent mail to let me know that OSAF’s Cosmo project has also released their 0.14.0 version which has also made the upgrade to Dojo 1.0. Congrats, Cosmologists!

By alex | Posted in community, dojo | Comments (0)

Dojo 1.1: Some Awesome For You App

March 30, 2008 – 1:30 pm

I could go on for a long, long time about what’s great in Dojo 1.1…but I’ll spare you most of that. James, Pete, Dylan, and the release notes can give you a strong sense of why Dojo 1.1 is the most polished, fastest, and easiest-to-use release of Dojo we’ve ever done. For the impatient, you can already start using it from the CDN without downloading anything.

I should mention a couple of Core features from 1.1 that might otherwise go overlooked, though. The first is a lack of visible change. Dojo Core and Dijit from 1.1 are fully backwards compatible with 1.0. We promised that the fundamental incompatibility between 0.4.x and 0.9.x+ was a one-time change, and Dojo 1.1 keeps that promise. We’ve already had reports during the RC cycle of people swapping out Dojo 1.1 for 1.0 without any changes to their apps. It takes dedication and discipline across the entire team to achieve that kind of API stability while still taking risks to deliver better features, reliability, and performance.

Next up, we updated the animation APIs significantly. In Dojo 1.0, we moved to a unified timing loop for animations which helped to significantly improve the performance of Dojo animations. In 1.1, we’ve again improved the performance of the animation system but have also added some great syntactic sugar to the already powerful APIs which we expose. As always, start and end coordinates for an animation can be values or functions which return calculated starting and ending positions. Now, though, you can elide away the { end: 30 } structure and just provide a value. This lets us go from:

dojo.animateProperty({
    node: "thinger",
    duration: 500,
    properties: {
        width: { end: 500 },
        height: { end: 500 }
    }
}).play();

To just:

dojo.animateProperty({
    node: "thinger",
    duration: 500,
    properties: { width: 500 , height: 500 }
}).play();

But to get even more terse, we’ll need a different API structure that doesn’t require so much explicit argument packing. Dojo 1.1 adds just such an API:

1	dojo.anim("thinger", { width: 500, height: 500 }, 500);

Note that in addition to being able to drop a lot of stuff out of the function call, dojo.anim also doesn’t require that we call .play() on its returned animation object since in the common case you’ll just want to play right away.

Next up, Dojo now has a unified dojo.xhr() function that covers a lot of bases and gives you a single entry point into the various bits of XHR goodness contained in dojo.js.

As I’ve noted elsewhere, Dojo is also now supporting querySelectorAll on the browsers that support it sanely. Dojo’s CSS engine has always been fast, and by keeping our query syntax to just what CSS provides, we’ve avoided getting ourselves into a situation where we’ll always need to be shipping such a query engine down the wire. Sooner or later, dojo.query() will become nothing more than a call into querySelectorAll plus some syntactic sugar on the returned array. Best yet, API won’t change and you can get the speedup on the browsers that support it now, knowing full-well that things will only get faster and smaller in the future. An investment in a toolkit that is pays attention to the evolution of the web is already paying dividends for Dojo users.

Lastly (for now), there have been some fun additions to the API of dojo.NodeList, the thing that’s returned out of every call to dojo.query(). dojo.attr() and dojo.anim() are now available on groups of nodes. For instance, we can make a group of elements tab-focusable on browsers that support it and then draw some attention to them:

dojo.require("dojo.NodeList-fx");
 
dojo.query("#nav > .focusable").
    attr("tabIndex", 0).
    style("border", "1px solid transparent").
    anim({
        "borderColor": { start: "yellow", end: "white" }
    });

There’s also a new empty() method on node lists which makes removing children simpler, and the instantiate() method which helps you create instances of a class for every item in the list. Lets say you want to encapsulate some behavior in a class. You could use the hotness that is dojo.behavior or you could use the traditional combination of the Dijit base classes plus the Core parser system. Or you could strike out on your own, particularly for implementing something like a microformat handling library:

// define a Card class which we can create instances of
dojo.declare("mf.Card", null, {
    constructor: function(props, node){
        this.setAddrs(dojo.query("> .adr", node));
        this.setName(dojo.query(".fn, .n", node));
        // ...
    },
    name: null,
    addrs: [],
    tels: [],
    emails: [],
    // ...
});
 
dojo.query(".vcard").instantiate(mf.Card);

Taken together, these extensions make dojo.query significantly more powerful. There’s also a growing set of extensions to node lists, such as those for easy templating of generated content via dojox.dtl. We’ve also taken care to ensure that anywhere that Dojo returns you an array of nodes, it’ll probably be handing you a dojo.NodeList. That means you can treat these arrays as regular, intrinsic Array instances, or you can use these chainable methods for added node-manipulating power.

An Aside

The team that put together Dojo 1.1 is really, truly, amazing and it shows in the end product.

When it became clear that we had a responsibility to the a11y of Dojo application, they built it and shipped solutions. While others still aren’t thinking about localization, they built it and shipped solutions to right-to-left as well as string handling (including optimizing those processes for deployment). When it became clear that the CSS file structure for building themes was too hard, they fixed it…in a 100% backwards compatible way. When Dojo was “dinged” for poor documentation, they did what they knew was the right thing and kept working on what is now the world’s best JavaScript documentation tool.

What’s most impressive to me about the Dojo team, though, is that this isn’t a centrally planned, in-house operation by a giant company. There isn’t a product road-map other than what’s decided at the Developer Day events and in the weekly IRC meetings. Dojo is the collective work of volunteers, committers, and companies that understand that building things together in a truly open project is better for everyone. Having the source of a product be available under an OSS license gives you certain rights in an instantaneous sense, but for those advantages are usually just advantages for people already “inside” of a project. To really convert on the benefits of openness, the process of developing the product needs to be just as open as the license. Open Source business models all tacitly acknowledge that most pithy of truisms: the people on a project are its greatest asset. If new people can’t join or “get in”, then the project is effectively closed, and the benefits of openness can’t be fully realized. Users win when advocates for their needs can emerge from more places, developers win when they can get involved and make a real difference, and a project benefits its community is really that: a group of people who show up because they want to make things better. I’m proud to be working with just such a dedicated group on Dojo.

During the 1.1 release cycle, Wolfram Kriesing and Nikolai Onken earned their committer stripes. They didn’t start making Dojo better because they happened to work somewhere or because their company sells Dojo…they joined the project the way most of us did: they saw a place where they could contribute and because Dojo is run as an open project, they were able to have a huge impact. Nikolai’s artwork and theme wrangling are largely responsible for Dojo 1.1 being the most attractive Dojo ever and Wolfram’s code contributions have made interfacing services with dojo.data stores easier than ever before.

We’ve got an ambitious set of improvements slated for 1.2, and I’m confident that while it always looks slightly chaotic, the advantages of working in the open with whoever shows up will continue to pay off for everyone. If you’ve been a Dojo user and have thought about contributing, there’s never been a better time to come find us on IRC or the forums and help to shape the future of the toolkit. You can be part of this amazing team too. It’s as simple as that, really.

I can’t wait to work with you to make our corner of the Open Web better.

By alex | Posted in community, dojo, openweb | Comments (3)

Progress Is N+1

March 26, 2008 – 5:32 am

Not sure how I got there, but I just stumbled over this bit of dark humor at Joel Spolsky’s expense, and in reading it I was reminded of a discussion last Friday where I voiced my frustration that as much as IE 8 looks to be a good point release, we know next to nothing about it’s intentions with regards to ship dates or auto-update deployment. I’m not talking exact dates or firm plans here, just “within the next N months” or “we’ll wait N (plus or minus 3) months to put it on Windows Update”. Knowing those things fill in the missing bits of making any plans around IE. No plan is complete without a “who”, a “how”, and a “when”. Right now we’ve got the first two bits (ish), but the third is a mystery….which means we don’t have a collective plan.

By the transitive property of IE being the monopoly market-share browser, we can clearly state that we have no idea when the Open Web will be revved. This is based solely on the IE team’s lack of commitments. This is a terrible result, and one which I think the frenzy over IE 8’s features has obscured.

Joel’s article and some of Mark’s commenters make it obvious that there’s now a gap in the expectations of some devs about what it means to be a web developer versus what it meant 4 or 5 years ago. Back then we all assumed that browsers would get better, or at least different. There was bitter complaining about how incompatible everything was and how horrid it was to have to update everything…but underlying that discontent was the assumption that the web would keep changing. Web developers have to a great extent lost this assumption and I see a lot of the acrimonious discussions about new browser features in this light. There is great fear on the part of the web development community that progress will cost something, and they’re right. So long as we’re only talking about one revision, the cost looks new and surprising, but if we were to start talking about how we’d keep revving the web, those costs could be assumed by all parties again. It’s for this reason that I posit that the most important thing about IE 8 won’t be any of its features…it’ll be that it ships soon-ish and goes out to auto-update (if that is indeed the plan, which we don’t know).

The analogies that Joel brings up about standardization are perhaps valid if you take a snapshot in time of features vs. conformance. What happens in the browser world, though, is that things where were only marginally possible with old features become the norm via new features. New tags or CSS rules get added which make what was hard simple, if less flexible. In that process, we find that we need strong agreement on the behavior of those “mainline” things, while it’s perfectly OK for browser vendors to disagree about the fringes. Those fringes, after all, are were new things should be getting developed and introduced for market testing. It’s only when new things don’t get introduced and that broad agreement isn’t forged and “full” standards conformance comes into the fore. We need 100% standards conformance for all the nit-picky corner cases when those are all we’ve got in the way of “new” platform capabilities. Joel’s view of the world doesn’t take into account healthy evolution and improvement based on real competition. Competition makes suppliers responsive to customers and gives a real path for evolution. Standards make suppliers responsive to proxy bodies who are easily distracted.

IE and all browsers are as much a platforms as applications, but browser vendors get themselves into strange positions with regards to the platform bits of their products. Since browsers are positively differentiated by their chrome and not their engines, you can think of renderers and script engines and all the things that webdevs care about as costs of doing business for a browser-producing organization. Insofar as they make money, they do it on chrome, not rendering. Of course, getting into the good graces of web developers is great for a browser maker, but getting in front of users is the only real metric of browser success and to get there one only needs a renderer that’s on par with the others. You can’t positively differentiate a browser by making it more standards compliant or even by introducing new and awesome non-standard features. Those things can have strategic value, but they can never stand on their own.

Which brings us back to IE being a platform. The bits that webdevs care about must change in order for the web to get better, and today webdevs are platform customers without a commitment from their biggest supplier to ship another version beyond the one they’re working on now. If this were any other sort of platform, this would never ever fly. Code-in-escrow would be demanded along with a roadmap, or at a minimum a commitment to an N+1 version in a reasonable time frame. But webdevs don’t have that leverage by virtue of the disintermediation that browser economics now demand.

So as webdevs, we must be canny enough to find a way to “better” which doesn’t put all of our eggs in any particular basket. Every browser that we depend on either needs an open development process or it needs to have a public plan for N+1. The goal is to ensure that the market knows that there is momentum and a vehicle+timeline for progress. When that’s not possible or available, it becomes incumbent on us to support alternate schemes to rev the web faster. Google Gears is our best hope for this right now, and at the same time as we’re encouraging browser venders to do the right thing, we should also be championing the small, brave Open Source team that is bringing us a viable Plan B. Every webdev should be building Gear-specific features into their app today, not because Gears is the only way to get something in an app, but because in lieu of a real roadmap from Microsoft, Gears is our best chance at getting great things into the fabric of the web faster. If the IE team doesn’t produce a roadmap, we’ll be staring down a long flush-out cycle to replace it with other browsers. The genius of Gears is that it can augment existing browsers instead of replacing them wholesale. Gears targets the platform/product split and gives us a platform story even when we’re neglected by the browser vendors.

Gears has an open product development process, an auto-upgrade plan, and a plan for N+1.

At this point in the webs evolution, I’m glad to see browser vendors competing and I still feel like that’s our best long-term hope. But we’ve been left at the altar before, and the IE team isn’t giving us lots of reasons to trust them as platform vendors (not as product vendors). For once, we have an open, viable Plan B.

Gears is real, bankable progress.

By alex | Posted in openweb, webdev | Comments (19)

March 20, 2008 – 1:21 am

Matthew Russell, author of ORA’s forthcoming Dojo: The Definitive Guide has a new OnLAMP post up about Dojo’s animation system which really helps to clarify what all those parameters are for and take advantage of composition of animations
Pete Higgins has an excellent article up that covers dojo.hitch(), and in general the Dojo Cookies series over at dojocampus.org is rocking hard
over on the SitePen blog, Kris Zyp covers the awesome JSONPath support that he and Dustin Machi landed for Dojo 1.1 and then follows it up by giving highlights of the new SMD format work which they’ve also been collaborating on. Exciting stuff.
over at Pragmatic Programmers, there’s a podcast with Rawld Gill, Craig Riecke, and myself wherein Rawld and Craig talk about Dojo and the great book they’re writing (I’m contributing side-bars). The quality and depth of all the forthcoming Dojo books really has me in awe. I really hadn’t thought we’d written that much code
I’m talking tomorrow at the first Bay Area Visual Ajax Group (BAVAG) meeting. Between it and the upcoming SF JS meetup there seems to be plenty of opportunities to geek out JavaScript-style in my neighborhood. Huzzah.
while at MIX a couple weeks back (more on that in another post), Joshua Allen from Channel 9 got Doug Crockford, Joseph Smarr, and me on the couch for a bit to talk about JavaScript and the future of the web. Joseph was (as always) intelligent, Doug was insightful, and I just looked a bit disoriented, babbling, and uncomfortable. Par for the course.
Dojo is lucky to have been accepted into Google’s SoC program again. It’ll be under the capable leadership of Robert Coup, who already has a plan and is working ot make this year better for students and mentors alike. If you’re a student and are thinking about participating, it would be best if you started playing with Dojo NOW. There will be a coding test for potential students this year.
Dojo 1.1 is imminent…and it’s damn good. More when we cut the release candidate.

By alex | Posted in community, dojo | Comments (1)

SitePen Launches Dojo Support Service

March 14, 2008 – 10:31 am

SitePen has been building an amazing team and today we’re bringing a little of that team to a lot more of the Dojo world.

As part of the relaunch of sitepen.com, we’ve unveiled our new support offerings (the available packages are here). For some time now SitePen has been offering consulting to firms using Dojo, and we’ve recognized that many of our clients aren’t prepared to engage us for a consulting engagement but need more than an intensive training session for their teams. In this middle area lies the need for a support product which can help capable teams get un-stuck quickly when the going gets tough. Other customers have expressed a strong desire for professional support due to their enterprise’s nascent experience with Open Source, and for them we’ve built “lightweight consulting” into the Enterprise plan to help get architectural issues addressed in addition to handling pressing fixes.

SitePen is adding this support product to our already successful application development and Dojo/DWR training businesses. Since we’re also building apps, we know how important it is to have the right person an email or phone call away. Support is a logical progression for us as a company and for Dojo as a project, and we’re committed to doing it right. Everyone we’ve assembled to provide support to our clients are committers on the projects we support (sharp tacks, all) and as we described recently at DDD the plan for SitePen’s support business is designed to help us improve the toolkit at every opportunity. Right there on the page describing the packages you can see our commitment to keeping Dojo a healthy Open Source project:

When you find an issue with Dojo, DWR, or Cometd, we…provide you with emergency bug fixes. We also commit these patches back to the relevant open source project as appropriate.

SitePen has also recently been working to help ensure that Dojo’s API documentation tool is top-notch and that the introductory material for getting started with Dojo are solid, all of which we’ll be releasing in the coming weeks alongside the release of Dojo 1.1. In all of the support team discussions, it’s been clear to me that everyone involved gets it: not only are we here to support our customers, we’re here to make Dojo and DWR better for everyone in the process. It’s the kind of positive feedback loop that only happens when you have the right people on the bus and when the whole business understands the real value of Open Source both to customers and to the community.

Speaking of making things better, we’re convinced that the last thing you need when working with our support team is a headache. The support UI has to be as easy-to-use as it is good looking, so we’ve built a custom support interface that lets customer submit tickets, check the progress of ongoing ones, and use completed tickets for reference. Check it out:

By alex | Posted in Uncategorized | Comments (2)

MIX + SxSW

March 5, 2008 – 3:14 am

I just landed in Vegas where i’ll be for the next several days at Mix ‘08. I’m looking forward to hearing more about what the IE team has in store for IE 8. I’ve got a whole stack of questions and they’ve promised a frank discussion without any pre-conditions or NDAs. This oughtta be good. If nothing else, it will tell us how far retracted the IE Cone Of Silence (TM) is. I’ve got hope, but I’ve been teased before and despite an impending Beta, there’s precious little to go on about what IE 8 really will and won’t be (or even when).

I’m not a gambler, and generally don’t like Vegas, which makes me all the more excited to be going to SxSW directly from MIX. I haven’t been in a couple of years, but Dylan has been keeping the annual Dojo Salt Lick field trip alive, and I’m excited to be able to be able to join the rest of my (mostly Silicon Valley) compatriots in stumbling around Austin under the influence of Shiner and BBQ. If you’re also going to be in Austin (at SxSW or not) and want to join us in our trip to BBQ Mecca, just RSVP and let us know how many you intend to bring and whether or not you can drive others.

Oh, and there will be an auspicious panel wherein authors of successful JavaScript libraries will all thank John for doing the work of proposing a panel and therefore ensuring that we all have an excuse to come to Austin to drink Shiner and eat BBQ. The last time I went to SxSW I hosted a panel with some of the smartest people I know and it went over like a lead brick, convincing me once and for all that SxSW is the Jerry Springer Show of technical conferences and that the point of panel discussions there is to stir shit up. It doesn’t even matter what it is…everyone else there is nursing the same mild, Shiner-induced hang-over and if they really cared about technical content…well, they would have gone to ETech.

If you’re going to either MIX or SxSW, let me know! Conferences are always more fun when you know the Hallway Track is going to rock.

Update: there’s much to say about MIX now that it’s over and IE 8 is in our hands, but apparently we’ve communicated about the Salt Lick thing very poorly. While we’d love it if you’d RSVP to rsvp at dojotoolkit dot org if you’re joining us, what you really need to know is when and where. Namely:

When?: 8pm, Sunday March 9th
Where?: The Salt Lick
18001 FM 1826
Driftwood, Texas 78619

Remember, it’s BYOB and if you RSVP we can help coordinate rides and such. Looking forward to seeing you there!

By alex | Posted in Uncategorized | Comments (3)

Keeping Up

March 1, 2008 – 12:34 am

The Dojo community is going at a clip that I can barely follow these days. Notably:

Dojo Campus: Nikolai Onken and Peter Higgins have been cranking out tutorials, screencasts, and “dojo cookies” to explain and entertain
Matthew Russell, author of the forthcoming O’Reilly Dojo book is blogging up a storm over at OnLamp
Robert Coup keeps turning up practical bits about real-world Dojo use and integration

That and a whole lot more comes over the transom via Planet Dojo. Big props to Peter for keeping on top of things an adding new feeds to the Planet as they emerge.

Update: One more for the pile! Tony Issakov’s Dojo Findings blog is worth a read/add, particularly as he’s digging into Dojo+Jaxer

By alex | Posted in community, dojo | Comments (1)

Clean Licensing: Why You Should Care (If You Don’t Already)

February 19, 2008 – 3:17 pm

I’ve written before about the importance of clean licensing to an Open Source project, but one of the things I didn’t cleanly outline is the case for clean licensing from the point of users. Understanding why clean licensing is valuable to users helps to further cement why it’s valuable to projects, and why well-run projects have such a hard job when it comes to building the inclusive, “lets try anything” spirit that it takes to succeed while watching out for the interests of their users down the road.

Put bluntly, it boils down to risk. What are the odds that someone contributing to the project I’m using will decide later that they’ve changed their mind about giving away their hard work for free, particularly if the project becomes super-successful? And what is the project doing to mitigate that risk?

It’s worth remembering that the projects themselves don’t often have much to fear when it comes to “unclean” contributions and are entirely unlikely to change their basic terms of distribution (unless all the code is copyright one person or legal entity), which leads many projects to take an approach of “looks good to me…” when it comes to accepting patches. Most OSS projects don’t have any money, and suing an OSS project is a political nightmare. All of this means that the risk of choosing poorly is often externalized by projects. That is to say, they make it users’ problem; you got the code for free and now you’re whining? (but of course you are…you’re still “paying” for the code in other ways) Lastly, if the project us under the GPL, there isn’t any real risk so long as the project has a public record of where patches came from (i.e., public source control that anyone can inspect).

So already we’ve got some big warning signs that we can look for to determine if a project is looking out for my best interests as a user:

Is the source control system open? Is the entire version history of the project represented by what’s in source control?
Are you using it under the terms of a GPL-ish license?
If so:
- Can you view the history of the project’s source control?
If not, you still need to care about public source control; but also:
- Are patches attributed in checkin notices?
- Are there other policies in place to ensure that patches are “clean”?
Is the entire code-based copyright a single person or company? If so:
- How is the community “bought in” and what kind of say do they have in licensing policy?
- Is that person/company insisting that patent rights also be transfered to them along with copyright?

At this point anyone familiar with even the basics of the licensing of OSS JavaScript toolkits will note with wry amusement that I’m describing a set of criteria that cast Dojo Foundation projects in a favorable light…and of course I am; we set up the Foundation’s licensing policies to explicitly avoid the kinds of pitfalls that large users of OSS already know to avoid. This post is simply about helping everyone else understand that logic. That your tools of choice may not compare favorably isn’t for a lack of effort on our part. As I’ve said over and over, we welcome any deserving project under the umbrella of the Dojo Foundation. Enough about that, though. Back to the nuts and bolts.

As a user of Open Source code, my biggest concern is always that the code does what I want it to. There are lots of creative ways to isolate poorly licensed projects when building an app, but I’d much rather not expend the effort if I can avoid it. Some licenses (in some situations) may even impact my business model, so very close behind “is it good?” in my mind is always “how’s the license?”. When given a set of roughly equivalent options, big OSS users often flip those concerns. For them (and possibly for you), the hassle, risk, and expense of funky licensing absolutely outweighs functionality. Some are so large in-fact that using or backing an OSS solution is simply a market expedient and not a necessity in any way. But you and I aren’t that big (probably), and besides, we like our tools just fine.

And this really cuts to the crux of the issue: despite not having paid anything for the software, choosing a particular tool means investing in it. Learning the APIs alone is probably a significant investment, and porting to some other solution will require time and effort. OSS means you’re not putting up cash at the get-go, but certainly as time goes on there is a very real investment in the Open Source infrastructure that we build products and projects with. How “solid” is that investment going to be? Obviously, we can’t know what’s going to happen in the future, but can certainly steer clear of potential problems once you know how to look for them.

Which leads to the last point, and one which I’ve heard parroted by other OSS project leads who haven’t been as careful: are people seriously going to get sued? I mean, is this ever really going to matter?

Admittedly, Open Source licensing lawsuits are rare, and most small organizations never see them. Instead, what they see are opportunists and shake-down artists like SCO knocking on their door years later for “licensing fees” about some IP they may never know they’ve swallowed. The SCO suit was a weak case in part because SCO had itself distributed Linux and the kernel was GPL’d. Even the lamest and dumbest of trolls must surely have learned something from SCO’s public humiliation, no?

My only answer for this is that many of Dojo’s users get sued only because they have money and the sun is shining. That’s not going to change because they chose Dojo or don’t, but there is serious opportunity to for components like Dojo to put them in a bad situation were we not as careful as we have been about the licenses of all the components of the toolkit including images and CSS; not just code. I cringe every time I see an Open Source rich-text editing control which uses icons which could easily be confused with those from a certain (litigious and Open Source fearing) Washington-based software distributor. Those projects may never see so much as a C&D, but their users may be in for hurt. Now imagine if that were an entire UI theme and not just a couple of icons? Oof. If the projects which are saying they aren’t hearing concerns from their users reflect on it a bit they may realize it’s just as likely as not a question of timing and self-selection. The big OSS-savvy organizations have passed them over. Why deal with the headache?

The pedigree of the inputs into a project determines the legal risks associated with its use down the pike. Since we can’t eliminate risk, only mitigate it, it pays for all of us to ask questions about the licenses of the projects our products and projects make use of now — while it’s still cheap to do so. Hopefully by doing so, we’ll not only push the good code to the top but also build a licensing foundation that we can work from without ambiguity or risk for decades to come.

By alex | Posted in community, licensing | Comments (3)

Firefox 3 Arrays: No, You’re Not Insane

February 18, 2008 – 2:41 am

I just spent 20 minutes in IRC with Wolfram staring down one of those situations where you keep swearing under your breath “println isn’t broken….println isn’t broken….println is NOT broken”.

Catch this fun gem from FF3b2:


>>> typeof []
"object"
>>> var a = [];
>>> var b = new Array();
>>> a.constructor == b.constructor
false
>>> c = [];
[]
>>> c.constructor == a.constructor
true
>>> d = new Array();
[]
>>> b.constructor == d.constructor;
true
>>> b.constructor == a.constructor;
false

WTF?

By alex | Posted in javascript | Comments (6)

Extending dojo.query()

February 11, 2008 – 5:09 am

As you probably know, Dojo is layered, extensible, and our philosophy of “build with, not on” means that we give you all of the same tools and extension points that we use in our code for use by your app.

Dojo’s got 2 “sides”, namely the bits that make working with the DOM better and the bits that make writing idiomatic JavaScript faster and easier. Where the package and language utilities enable you to extend and modularize your JavaScript work, the widget, behavior, and query systems make working with the DOM similarly extensible. Writing widgets and behaviors is well-understood in the Dojo community, but extending the results of a dojo.query() call haven’t seen as much attention. To rectify that, here’s the two-minute version of how to write your own dojo.query() extension.

Step 1: grok dojo.NodeList

dojo.NodeList is the Array subclass which all dojo.query() calls return an instance of. Therefore, to extend the results of a dojo.query(), we really want to extend the dojo.NodeList class. Both dojo.query() and dojo.NodeList are available as soon as dojo.js is included in your page.

Step 2: extend NodeList the old-skool way

Instances of dojo.NodeList pick up properties from the prototype object of the dojo.NodeList class. Lets add an inspect() method which logs out the innerHTML of the nodes in the list to the Firebug console:


dojo.NodeList.prototype.inspect = function(){
    this.forEach("console.debug(item.innerHTML);");
    return this;
}

// now we can call it:
dojo.query("#container > p").inspect();

// or via a direct instance:
var nl = new dojo.NodeList(dojo.byId("container"), document.body);
nl.inspect();

A couple of small things to note:

this points to the dojo.NodeList instance inside the extension method
Our extension returns the current NodeList in order to enable chaining (e.g. dojo.query("*").inspect().connect(...))
Dojo’s forEach method supports a small extension to the Mozilla spec to allow you to specify a string to be used as the body of the iteration function instead of having to repeat function(){ ... everywhere. 3 “magic” variables, item, index, and array point to the things you’d expect. In every other way, our forEach conforms strictly to the Mozilla behavior on all browsers.

Step 3: modernize and package it up

We want to be able to use dojo.require() to manage this module, so we’ll assume that our Acme module lives in the acme/ directly which is a peer of the dojo/ and dijit/ directories from the Dojo distribution.

Lets add a provide() so that we can require() our module and use a bit of Dojo’s language tools to extend dojo.NodeList more tersely:


// this file located in:
//    acme/ext-dojo/NodeList.js

dojo.provide("acme.ext-dojo.NodeList");
// require() statements go here

dojo.extend(dojo.NodeList, {
    inspect: function(){
        this.forEach("console.debug(item.innerHTML);");
        return this;
    },
    ...
});

We can now include this module at runtime via dojo.require("acme.ext-dojo.NodeList") and use it as a part of a build which will significantly improve the performance of the application which needs the file. Dojo’s infrastructure makes doing what’s easy pay off in the long run for your application.

Note that the file name is acme/ext-dojo/NodeList.js, which might seem a bit odd at first glance, but the intermediate “ext-dojo” directory makes it blindingly obvious to anyone who sees the require() statement what’s going on. You can’t dot-access a variable named “ext-dojo”, so we know that this isn’t a “normal” module. Instead, it’s an extension, which extends the dojo.NodeList class. Subclassing is often more trouble than it’s worth, and discouraging people from extending the Dojo core objects seems lame. Instead, we use this convention to make it easy to understand what’s happening when you look at any given Dojo project.

And that’s it! Writing powerful extensions for query results is easy, and because your project is using Dojo, you can structure your extension as a module and gain the benefits of optimization for deployment via the Dojo build system and the ease of use that comes from not having to worry about what order you’re including your files in. It’s good to be using a tool that you can build with, not just on.

By alex | Posted in dojo | Tagged dojo, dojo.NodeList, dojo.query | Comments (1)

Big Questions On IE8’s Big Progress

February 2, 2008 – 9:20 pm

So IE is the first browser out of the gate to do something sane about rendering engine locking to content…and good on them for it.

Now we need to know a couple more details to see if it’s going to have real legs:

What is the precedence for resolution of conflicting rules? If the compatible rule is provided as an HTTP header and as a meta tag, which wins? If multiple tags occur, is it first or last wins?
If a rule is provided that ignores IE (assuming other renderers follow suit), and a subsequent meta tag shows up which specifies a rule for IE, will IE handle it correctly?
For instance, if the following occurs in a document:

<meta http-equiv=”X-UA-Compatible” content=”FF=3″ /> … <meta http-equiv=”X-UA-Compatible” content=”IE=8″ />

What policy will IE use?
Will there be any way to specify the box-model behavior on a sub-page basis?
Will the IE 8 rendering engine now be distributed to users of the IE 7 chrome, invoking itself only when the right meta flags are thrown? And what is Microsoft’s policy toward distributing renderers now that they have logically cut the chrome/renderer chord?
Where will you be standardizing this convention? When?

These questions need to be answered, and soon. If the IE team has just replaced one scarce resource for another, we’re not much better off over the long haul. It’s great news that the IE team is really implementing the “renderer selection switch” which many of us have dreamed of for so long…but having it continue to be global to the page or in other ways encourage contention on yet another single element in the document wouldn’t be stepping forward enough.

By alex | Posted in dhtml, javascript, openweb, webdev | Comments (7)

Roxer Goes Live!

January 22, 2008 – 12:49 am

So once upon a time, back when I had a “real” job, I used to do security (specifically webappsec) for a living. One of the shining lights in that world for a long time has been Jeremiah Grossman, and as I moved out to the Bay Area, I was lucky enough to meet him in person. We’ve kept up here and there, and while his company has grown at a furious rate, he’s somehow found time to continue to publish important original research, travel more than any human really should, and generally kick ass….oh…and build an awesome Dojo-based product on the side.

Jeremiah and Lex must really not sleep, ’cause their new Roxer app makes me all giddy to play with. Yes, yes, you should separate style from content…oh fuck it all. When it’s this easy and fun to build a web page, who cares? I loathe wikis, mostly because traditional wikis try to be “half-pregnant” about how what you write gets displayed. Roxer solves that essential failure in one easy step, and makes it enjoyable to boot.

Think of it as the anti-blogging tool. It’s not set up with expectations that you’ll be doing this or that with it, it’s there for you to do stuff. I literally cannot wait until it’s hooked up with some dojox.data love to access web services and the like. It’s not a programming platform, and maybe that’s what’s great about it. Can’t wait to see how it evolves and how they’ll open up the (apparently pluggable?) content type system.

Great work guys!

By alex | Posted in community, dojo | Comments (3)