Blogging from the Server Side

Coding Horror author Jeff Atwood created a great post a few days ago about the link between writing and coding. He starts off by citing a blog post by Coding the Wheel author James Devlin, which draws programming lessons from Strunk and White's classic micrograph on writing, The Elements of Style.

The centerpiece of Atwood's post is this passage:

Writing programs that the computer can understand is challenging, to be sure. That's why so few people, in the big scheme of things, become competent programmers. But writing paragraphs and sentences that your fellow humans can understand -- well, that's even more difficult. The longer you write programs and the older you get, eventually you come to realize that in order to truly succeed, you have to write programs that can be understood by both the computer and your fellow programmers.

Of all the cruel tricks in software engineering, this has to be the cruelest. Most of us entered this field because the machines are so much more logical than people. And yet, even when you're writing code explicitly intended for the machine, you're still writing. For other people. Fallible, flawed, distracted human beings just like you. And that's the truly difficult part.

I concur with Atwood and Devlin that there is a strong link between coding and writing.

I did my undergraduate study at Rose-Hulman which specializes in science and engineering, and although it does not offer degrees in the humanities, the leadership at the school strongly encouraged a respect for language, literature, and the arts. Indeed the president of the school at the time, Sam Hulbert, exhorted the student body to be "Renaissance Men" (it was an all-male school at the time :-) ). I took this advice to heart, working hard to hone my skills as a writer.

I had two additional influences during my years as a student. As a junior and senior in college, I took classes taught by Prof. Stuart Leipziger, who whose eloquence as a lecturer was profound. I don't think my understanding of heat transfer and thermodynamics would have been as enriched without his ability to illustrate and enlighten.

In graduate school, I had the good fortune to take a class by the late Prof. J.J. Carberry, who was not only a distinguished scholar in the field of reaction engineering, but also a very gifted writer. His textbook, Chemical and Catalytic Reaction Engineering, uses a writing style seen rarely in the field, rich in its choice of adjectives and elegant in its flow.

These experiences shaped my outlook towards communication, helping me to realize how much of a difference could be made by channeling energy in that direction. By thinking through the process of expression, the weak points of a position could be identified, thereby giving guidance on how to refine the ideas that comprised them.

Back in the mid-90s, when I was trying to make a transition from FORTRAN to C programming, I picked up a cheap book titled C Programming Proverbs and Quick Reference. The author, Ron Wodaski, put lots of emphasis on being a conscientious programmer, someone who was not only coding to solve the problem of the moment, but also solutions that could be reused and maintained by others.

Early on in the book, Wodaski borrows the notion of a "Reader Over Your Shoulder" from the book by that name, written by Robert Graves and Alan Hodges, to instill a sense of self awareness about one's own code.

Calling this awareness the "Programmer Over Your Shoulder" (or POYS, for short), Wodaski pictured him or her as being an intelligent, friendly, yet uncompromising software developer who sits with you as you write code. He even goes so far as to give the metaphorical awareness a name. He called his POYS "Clarence".

One of the goals of having the POYS was to catch yourself when you were about to cut corners on coding. While it is hard to see your own mistakes as you write code, it isn't hard to feel it in your gut when you're about to do something half baked. Maybe it's deciding not to write some comments about some code that's less than obvious, lying to yourself that you'll get back to it later, or perhaps it's deciding that throwing in sanity checks to protect against an error condition would be just too much trouble, given the deadlines that must be met.

The POYS fusses about the things you'd rather ignore, but you know deep down that you shouldn't. It can take some self discipline and brutal honesty to develop a helpful POYS. I believe that Wodaski's writings, published in 1992, presaged the onset of pair programming, which attempts to do code review in real-time. Instead of trusting yourself, you get a real-life POYS to help keep you honest.

At the heart of Atwood's paradox is the central truth that meaningful computation seldom occurs in a vacuum. Time, talent, and treasure are devoted to programming because it is believed that computer applications can satisfy a human goal, be that to inform, to engage in commerce, to facilitate logistics, to forecast future conditions, or even to provide amusement.

These applications operate within the context of an imperfect world. Network hardware fails, people overdraw their bank accounts, bad weather strikes, models get created with faulty assumptions, and people try to circumvent security infrastructure. Useful code has to take into account these and many other edge cases. The firm logic of a programming language must be molded around this imperfect surface of reality.

Careful communication helps mitigate the turbulence of confusion. Agreeing on precise use of terminology helps avoid misunderstanding between product owner and development team. Regular status meetings with meaningful commitments and accountability help keep things on pace. Well documented specifications help developers blaze the trail, and accurate comments help the maintenance programmer follow along. Relevant documentation helps the end user assault the learning curve.

The gift of expressiveness both in code and prose makes a software engineer more valuable because he or she must bridge the worlds of the flawed but forgiving human and the logically rigid, unforgiving, yet incredibly stupid machine.

One of the barriers to blogging on a regular pace is the ever dreaded scourge of writer's block. One of our recurring goals is to help our readers overcome that with tools like the keyword tag cloud and the keyword strength meter. And rest assured we continue to work on new features that will aid the content author.

However, for those customers whose inertia seems insurmountable, there is a much more draconian solution, a tricked out simple text editor called Write or Die. The editor was plugged today on the personal productivity blog Lifehacker. It might well be one of the most extreme forms of timeboxing that I've ever seen!

To start using Write or Die, the user completes a form that specifies the following parameters:

• number of words to be written
• amount of time to be spent writing
• severity of negative feedback

Once you've completed the form, the editor gives you a countdown clock and a word count to remind you of your progress. If you stop writing, the editor will use effects to remind you that you aren't keeping pace. You will see flashes of red in the page background, perhaps an annoying noise.

At it's most severe settings, it will start to delete words from your content from the end of the text going backwards. The only way to mollify this demanding master is to keep writing.

Fortunately, the editor comes with a Pause button in the event you have to stop writing. Moreover, it plays triumphant music when you achieve your writing goal within the allotted time, so it does offer some positive feedback.

I really hope they don't follow through on the "electric shock" feature, though. :-)

	287
16
lab.drwicked.com

A good reason to blog for your business is to boost your company's reputation.  Search engines find your content, and search engine users find you.  If your content is compelling, a relationship may be established.  Your blog is a chance to make a first impression with a potential customer.

Amid all the buzz of blogs and business, something usually gets short shrift -- application security.  The multinational law firm Pinsent Masons maintains an IT and e-commerce issues blog called OUT-LAW.COM, and a recent post takes up this issue.

Citing some statistics and advice from a white paper by computer security system vendor Network Box (free registration required), the post gives some ideas on the scope of the issue and recommendations on what a blogger can do to mitigate the risks, which include potential damage to your company's reputation.

The white paper identifies comment spam and SQL injection as the top threats to a blogging environment. 

Comment spam is one of the ways that malicious third parties can abuse the visitor content creation features to your detriment.  This was one of the forms of "virtual blight" that Google spam fighter Matt Cutts discussed in his talk from this past Wednesday.

Compendium addresses from several angles:

• Comment forms require a name and a syntactically valid e-mail address. The comment will be rejected if these form elements are not provided.
• A CAPTCHA must be successfully completed, otherwise the comment will be rejected.
• The text of the comment is stripped of all HTML tags.
• URLs are converted to hyperlinks with the the rel="nofollow" attribute to prevent spammers from feeding off of your search engine reputation.
• Comments must be reviewed and approved by the company's local blog administrator before going live.  There is no way for the spammer to bypass this.

SQL injection attacks are an ulcer point for all web application developers who have to interact with a database.  This is where a malicious party determines, through either good guesses or trial-and-error, how to create inputs to the application that allow the execution of database commands that he or she shouldn't be running.

Cautious parameter validation on the server side provides a first line of defense.  The next line is using care in how query strings are formed.   Consideration of these points is an integral part of our development process, not an afterthought.  Moreover, they are backed up with regular code reviews and continuous refinement of our coding standards.

Unfortunately, bugs are a tough thing to completely eliminate in the real world, so vendors typically have to issue security updates.  The Network Box white paper recommends that corporate blog applications be updated when new releases come out.

Here is where relying on sotware as a service, like Compendium Blogware, has a distinct advantage.  Instead of tracking when a vendor updates and then going through the process of rolling out the new version to production, the hosted application provider takes care of the updates for you.  Here at Compendium, releases are usually pushed out on a weekly basis, so when isues are found, it won't be long before a fix is on the way.

When you base your corporate blogging platform on Compendium Blogware, many of the issues of maintaining a secure blogging environment will be taken out of your "worries" tray.  Isn't that a price worth paying?

The relevance of the Long Tail with respect to search is a recurring topic among the blogging employees of Compendium.  A Long Tail search marketing strategy attempts to win on niche keyword searches that are specific to the business rather than more generic phrases that may be more frequently targeted.

A recent post over at ReadWriteWeb, a popular read among us here in the Engineering team, reports on some new findings by SEO and web analytics specialist Dustin Woodward,   Using statistics collected by Hitwise, Woodward found that the Long Tail is a lot longer and more substantial than anticipated.  Quoting from the ReadWriteWeb post (emphasis mine):

The top 100 search terms account for 5.7% of all search traffic and include keywords like 'myspace,' 'google,' 'bank of america,' and ' yahoo mail.' Those numbers are not unexpected. However, the top 1,000 search terms only account for 10.6% of all search traffic, and even the top 10,000 search terms only drive 18.5% of all search traffic.

Note that these statistics filter out keywords that would refer to adult content, so that we're referring to searches that have a greater potential relevance to mainstream businesses.

What does this mean for a business trying to get found by potential customers?  It means that there is a very good likelihood that your potential customers are using  specialized keywords to find the products and services you're selling.

Another notable can be found at the end of the post:

Also, looking at this data is yet another good reminder of the fact that search has replaced bookmarks and memorizing URLs for a lot of people. Most of the top search terms like 'google,' or 'usps,' are, after all, identical to their URLs.

For many, search engines have become a web content database in which search terms are the primary key. 

A well done blog, keyword rich and frequently updated, will boost your profile in search engine results, and with Compendium's keyword blogs, your employee-created content is automatically organized across different search keywords, so you can get elevated search results on the Long Tail.

If this isn't a good reason to blog for your business, I don't know what is.

This morning, the computing trade press and blogosphere was abuzz over a curious utterance from Microsoft CEO Steve Ballmer.

• Microsoft looking at Webkit? (CNet news.com)
• Microsoft Probably Not Really Considering WebKit For IE (TechCrunch)
• Ballmer Rules Out Another Yahoo Bid - WebKit Statements Overblown (ReadWriteWeb)

The quotation in question was this:

Open source is interesting. Apple has embraced Webkit and we may look at that, but we will continue to build extensions for IE 8

WebKit is an open-source HTML rendering library that was developed originally for the KDE web browser Konqueror and then embraced later by Apple for it's Safari browser.  It also is used by Google Chrome.

I tend to concur that Microsoft is not serious about looking at WebKit for replacing the HTML rendering engine for Internet Explorer.  They tend to depend on a mix of in-house developed code and code gained from mergers and acquisitions.  I just coudn't see them bringing themselves to live in the sharing oriented culture of open source.

Perhaps what's most interesting about Ballmer's remark isn't the consideration of open source, but rather his posture toward open source.  Calling it "interesting" is a considerable departure from his past remarks, which usually categorize open source somewhere between dangerous and evil.

Still, I think that Microsoft would stand to gain a lot in the area of developer good will if they were able to embrace (without the extend-and-extinguish two-step that is so much a part of their past history) a standards-compliant rendering engine.  It's hard to find a web developer who just loves using IE as a primary platform for app development. 

Granted, shareholders wouldn't reward Microsoft in the short run for building up good karma with developers, but Microsoft rose to prominence with developer support, and may well suffer a long decline as developers forsake it.  At some level they must realize this is true, or else they wouldn't be doing the big startup software giveaway they announced earlier this week.

When it comes to blogging for SEO, questions arise over the risk of content being seen as spam by search engines.  This is a legitimate concern, but a lot of the claims and assertions in this area tend to be based on anecdotal evidence or empircal studies of questionable fundamentals.  Advice should always be approached with a skeptical eye and a readiness to ask for justification.

If there is one person you should pay attention to in this area, it is definitely Google's Matt Cutts.  He spends a lot of time mulling over what makes a page spammy and making sure that Google doesn't give those pages undue placement.

Yesterday, Cutts gave a talk at the Web 2.0 Summit on what he calls "virtual blight"...  the techniques that spammers use to hijack websites to boost their own search engine profile.  The talk wraps up with some recommendations for site owners who might be targets of such activity. 

The trade publication eWeek has posted a slide show of the talk materials.  If your line of work involves managing this kind of risk, the talk materials are worth a read.

Sometimes you want to go
Where everybody knows your name

-- Gary Portnoy and Judy Hart Angelo,
"Where Everybody Knows Your Name" (a.k.a. Theme from Cheers)

Over at Dr. Dobbs Code Talk, Christopher Diggins has an excellent post about the importance of coming up with good names when writing code.  He opens up with a brief anecdote to make his point:

It seems much of my time programming is spent trying to come up with meaningful names for things. I recently observed a problem that arose when two things were given the same name in a library, but that were in fact different. I was trying to document the library's functionality, and it turns out that virtually everyone on the development team was confused as to what it really was. Breaking apart the concept into two names, instantly cleared everything up.

I've seen this problem come up many times in my 11 years as a software engineer.  It's  a side-effect of the imprecision of everyday language. 

The eight years I spent developing software at Wolfram Research exposed me to a corporate culture where the precise use of terminology was heavily emphasized. 

Their flagship product, Mathematica, is a high end technical computing package that has at its foundation a vast, eclectic programming language.  Not only does it support different programming paradigms (procedural, functional, and rule-based), it also has to straddle concepts from disparate domains like computer science, applied mathematics, physics, graphics, and typesetting.

As a simple example, consider the term trace.  In linear algebra, "trace" refers to the sum of the elements of a matrix's diagonal.  In software development, the same term refers to a record of function calls by a program.  Since Mathematica is a program that can record its evaluation history and do matrix algebra, the language had to support both notions. 

To resolve the collision, there was a compromise, with the keyword Trace becoming the function that was used to track the execution history of an expression evaluation, and the keyword Tr being used to denote the linear algebra operation.  It's worth noting that in making this distinction, the developers had to make an exception to another rule for the language, which was to shun the use of abbreviations in keyword names.

In my last job, I had interaction with members of the complex event processing community, an emerging field of applied computer science which deals with the modeling and creation of algorithms that can make decisions based on patterns of observed data.  They are only beginning to coalesce around some common terminology for things that we don't give much thought to, such as what exactly is an event?

Here at Compendium, we grapple with getting the terminology right in the day-to-day design and implementation of our blog hosting software.  Usually these are things we can hash out with quick meetings and a whiteboard.  At other times, there is a need to be more formal. 

For example, during one of our strategic sprints, we did a complete redesign of the default template used for our customer blogs.  To make the style sheet easy to learn for web designers, we sat down and mapped out the layout of our pages and standardized the terminology of the elements, creating an ad hoc, yet very useful, ontology.

Going back to my previous post about web APIs, the need for consistency and precision in terminology is very important.  APIs have both functions and parameters that serve as inputs to the application, and they have names to identify them.  When a group of APIs uses names inconsistently, it makes the learning curve much steeper, and opens up the possibility of bugs due to programmer confusion.

As for Diggins' post, it wraps up with the following recommendations:

As a closing thought, the following are some of the different naming sins that I frequently see in big libraries in no particular order:

• overloading of names - sharing a name between two different items
• incomprehensible names - "quux"
• vague names - "Object", "Do", "Run"
• missing names (e.g. using ints instead of enum, using literals instead of constants)
• using comments instead of names

Web application programming interfaces (APIs) allow website creators to harness the data and computational resources of other web-based applications.  They are the underlying glue of the so-called "mashup" sites that rose to prominence a few years ago, but they can do a lot more than just create composite views of questionable value (like an overlay map of locations of people who have Nickelback's latest CD on their Amazon wish list, complete with links to their MySpace profiles).

TechCrunch had a post yesterday devoted to the proliferation of APIs.  The motivation for the post was the observation of the 1,000th API to be tracked by the definitive portal for this area -- ProgrammableWeb.  The post wraps up by asking readers to talk about which APIs they find useful.

Here at Compendium, we leverage several well-known APIs.  Amazon Web Services like SQS, S3, and SimpleDB help us with several behind-the-scenes aspects of our application.  We use the Annotated Timeline from the Google Visualzations API to create nice charts of post and comment activity for our blog administrators.  We use Browsershots for cross platform browser testing.

While third-party APIs can provide a quick path to new functionality, they must be used with care. 

First of all, one must keep in mind the stability of the provider.  It's not worth the effort to code on top of something that may disappear tomorrow. 

Second, reliability has to be taken into account.  If the API fails a good percentage of the time due to heavy loads on their server, your customers are going to blame you, not the original provider.

Third, terms of use are important.  Some providers limit the usage to non-commercial applications.  Others place limits how many times you can invoke the APIs in a given day.

APIs aren't just a good idea for third parties.  They are also good for internal use.  A growing percentage of our core functionality is exposed through service endpoints that can be reused in multiple locations throughout the application. 

The benefits of reuse comes at a price, though. 

The APIs require lots of up front design because they may be used in a wide variety of contexts. 

Consistency in parameter names, URL paths, and data payloads has to be enforced to minimize learning curve steepness.

 Finally, the APIs have to be documented thoroughly so that all developers are aware of their availability so that wheels don't get reinvented, let alone misused.

Still, the payoff of modular APIs is worth well enough that we'll continue to use this approach into the future.

Back in April, Compendium CEO Chris Baggott made the following statement in a post to his blog:

Stop thinking about Blogging as a top-down, CEO thought leadership thing, and stop thinking that you are going to implement a “Social Network” and all your fans will come out of the woodwork to post their praises.

This is a position we continue to stake out in promoting our product, and it's an idea that's starting to catch on with others. 

Take for example a recent post by Kevin O'Keefe on his blog Real Lawyers Have Blogs.  A fellow law blogger had commented on how hard it was for a new blogger to build up a loyal readership in an area that's already saturated with popular bloggers.  O'Keefe responded by saying (emphasis mine):

I don't believe you should decide whether to blog on a subject based upon the existence of other blogs on the niche. In fact, there can be an advantage starting a blog on an area of law where there are a number of successful blogs.

The goal of a law blog is not just to become one of the most widely read, ie, in the top 3 or top 10 in employment law. Blogs can be used very effectively for networking, reputation enhancement, and business growth even where there are other popular blogs on the subject.

This is exactly the point we have been making.  You grow your business by acquiring new customers who find you're out there providing services that they might need.
 
O'Keefe cites the reputation enhancment that blogs can bring, and it's not just the boost you get from citations from your peers.  It's also the elevated reputation you gain from search engines as you write frequent posts on matters that are recent, relevant, and keyword rich.  It's why blogging for SEO is so critical to blogging success.

The collection of posts from Lifehacker on Friday included one about the availability of an open source implementation of the BASIC interpreter for the Commodore 64, allowing its use as a scripting language.

The post's screen shot of an infinite loop "Hello World" program, running inside a Darwin shell, is especially amusing.

As someone whose first programming experiences involved coding on that machine and Radio Shack TRS-80s over 25 years ago, I felt just a wee bit nostalgic, recalling learning about PEEK and POKE calls and making sprites move across the screen. 

I'm pretty sure I wouldn't want to code a complete corporate blogging application in Commodore BASIC, though. :-)

While it's OK to take on a less formal tone with your corporate blog posts, there's no excuse for being sloppy when composing your content.  People will judge you by the attention you place on details, like proper spelling and punctuation.

A recent survey of blog readers, sponsored by copy editing service GooseGrade, should help you see the light in the event you might harbor skepticism.  ReadWriteWeb contributor Marshall Kirkpatrick has a post that does a great job summarizing the survey results.

Those responding to the survey said that spelling and grammatical errors were a minus in their perception of a blog's quality.  Moreover, the survey revealed that readers frequently noticed spelling and grammatical mistakes on posts and were overwhelmingly less likely to share the material with others when those errors were present.

What's the bottom line?  Be relaxed in your tone, but not lax in your proofreading.  That's just another ingredient in the recipe for blogging success.

A week or so ago, I had a chance to meet up with some personal bloggers, and one of the questions that arose from that gathering was whether blogging as we know it would be around in five years. The basis for the question was the rise of simplified rich media creation and the development of semantic technology that makes locating the media more feasible.

I thought about this for a while. I've been reading blogs for around eight years. I've contributed content both as an author and as a commenter for about six of them. I've read a lot of blogs... personal, professional, and corporate. Rich media has a seductive lure, but I don't think it's for everyone.

Creation of video and audio content is certainly easier and cheaper to do than it was four or five years ago. Free or inexpensive video editing software, Adobe Flash's support for streaming video, and the ease of uploading content on sites like YouTube have created a boom in this area. Indeed, just about anyone with enough desire to be seen has put a clip or two on that site.

The downside to rich media is that if you want to stand out, the quality bar gets raised several notches higher. In the business world, minimally edited output from a camcorder or a webcam won't do it. You're going to have to look good, or at least have good presentation graphics, for people to not only push the Play button, but also stick with the clip all the way through. You're probably going to have to have an expert at the helm.

Contrast this with how corporate blogging works with Compendium's hosted service. Employees across your organization contribute, so you can harness the creative energies of many, not just a few. You get to retain content control through an approval process. And you can always add rich media, when it makes sense, by embedding an object in the post's HTML.

Blogs are also search engine friendly. Even with semantic aids that are becoming increasingly available for rich media, the added overhead of tagging and annotating media imposes an added burden that may not always be met consistently by your organization. Compendium's blog pages use a structure that is rich in semantic detail, aiding search engines in focusing upon the most relevant parts of your content.

Finally, blogs are reader friendly. Information overload is an undisputed problem we all have to deal with. To deal with it effectively, people have to train themselves to filter through the deluge for relevant bits and pieces. You can do this easily with a blog post. It is less possible with podcasts and video. When someone is in a hurry to find something, which do you think will help the prospective customer not only find you, but also learn whether you are going to meet their needs?

Compendium is helping to shape the future of corporate blogging, both on the consumption side, with people and search engine friendly content presentation, and on the creation side, with tools that make the blogging experience more enjoyable to the author and accountable toward ROI.

When you take all of this into account, corporate blogging is definitely in it for the long haul.  We'll be glad to help you along the way.

Over at ReadWriteWeb, there is a post by Lidija Davis about the potential of the Semantic Web to improve advertising.  Citing some points in a keynote address delivered by Peer39 CEO Amiad Solomon, Davis then goes on to write:

Successful advertising means showing the right product to the right person at the right time. The semantic Web puts data into semantic formats on the fly, and targets ads based on the meaning of data with a high degree of accuracy.

One of the readers, identified as "DD" takes issue by writing in a comment (emphasis mine):

What it will actually bring is ever more sophisticated ad blocking software. The result will, in a weird way, be more effectively targeted advertising because those who just hate the ads anyway will be blocking the few (allegedly relevant) ones that they would be sent and those who are ad junkies and take any notice of that stuff will, perhaps, get ones they will react to. Face it, advertising is a continual battle for the advertiser to intrude into the attention of the target. One that advertisers are probably losing because modern media give the target the ability to fight back (ad blocking software, speeding through the ads in recorded TV programmes).

I think DD is spot on here.  The Semantic Web isn't going to help traditional advertising at all, because people don't go around looking for stuff to grab their attention. They go around looking for things they want.  That's why search engines are way more popular than banner ads on the web, and that's why people put more credibility in organic search results than sponsored ad results.

I think the real story of the Semantic Web is that it empowers search engines to provide more relevant results, because the pages the engines crawl have deeper meaning attached to them. 

So if you're a business trying to make sense of what this Semantic Web stuff is all about, the takeaway should be not smarter ad delivery it should be that you are going to have to retool the way you get new customers. 

You need to be there when they're looking for you, and software for natural search should be part of that equation.  Setting up a corporate blog can help you achieve better search placement.  Advanced business blogging software from Compendium Blogware helps you do the job well.

If I have learned anything in my current and previous jobs, it is that so much of our world is event driven. That is, most of what we do and choose is based heavily on our analysis of observations and sensations.

At a personal level, the human nervous system generates a multitude of signals, supplying the brain with a snapshot of our physical and chemical environment.  Through our five senses, we interpret this information and respond, consciously based on past experience, and unconsciously through reflexes.

Timely and credible information is essential. If you need an example of this on a dramatic scale, think about the recent turmoil in the finance sector. Those with money to lend are refusing to do so because of uncertainty, rooted ultimately in large numbers of institutions holding complex securities. No one has a good idea of the securities' true value.

For as much as we feel overloaded by information, there is so much that transpires without our immediate awareness. If those events are of little consequence to our lives, that's not such a bad thing. But in the world of software engineering, ignorance is seldom bliss.

There are a good number of tools, both free and commercial, that will help you monitor your hardware and it's network environment. For several months, we have been using such tools to keep an eye not only on our servers, but external services upon which we rely.

Web applications run atop on server software, like the Apache web server, which provides a lot of raw information about what it's up to, such as who is requesting what at which time, but that's hardly the full picture of what's going on.  Between the request and response , there is considerable activity which is not visible from the webserver's logging facilities..

Once you get into the body of a web application, especially one that you've developed from the ground up, the ability to detect and understand what's going on within falls upon the developers. Unfortunately, many application developers treat this as an afterthought, even though many web application frameworks give you some basic tools for collecting data.

I remember hearing some horror stories from a couple years ago, where another startup went live with a lot of publicity, and their servers got hammered by traffic. Most visitors were disappointed because the application was barely functional from their standpoint.  On the server side, little effort had been put into providing facilities to diagnose problems with each application component. Even if they knew something was wrong, they didn't know where to start looking.

Because we're software-as-a-service, we're responsible for providing reliable, hosted blogging software to a large number of paying customers. Uptime and responsiveness are critical, and we've been putting a lot of design and development effort toward tools that will help us keep an eye on that.

Over the past couple of weeks, we have been adding to our application the infrastructure that enables event tracking at a very fine level. This week, we completed an extensive instrumentation of our code base to take advantage of that foundation.

This project has been exciting because it gives us a very high level of flexibility. Each consumer of this rich data stream can pull the level of granularity that is needed. The tracking exerts minimal overhead on the system and allows us to get a detailed view when we need it.

While this enhancement may not be immediately visible to our customers and visitors, they will certainly appreciate the rewards of an rock solid web application.

ReadWriteWeb recently ran a post about some issues with Google Blog Search's recently added memetracker feature.  The feature manifests itself on the search page as a list of hot topics in the blogosphere, with links to more extensive lists of posts on that topic, an example of such an item is shown in the screenshot below.



Author Frederic Lardinois observes that at the time he was writing the post, there were several spam posts ranking in the technology section.  Lardinois speculates that the results were driven by PayPerPost bloggers.

Unlike ghost blogging, which has its own set of issues, the PayPerPost model matches advertisers up with bloggers who are willing to write posts about their products in exchange for a fee.  It helps to create the impression that a product is more popular than it might actually be.

I suspect that as Google works to fine tune their memetracking algorithm, they will succeed in weeding out instances of these kinds of SEO swindle games.

Contrast this with the Compendium approach to blogging for SEO.  Instead of putting money into the hands of a middleman, who forwards it on to bloggers of questionable ethics, you invest in reliable blog hosting software and a client success program that works with you to realize the full potential of corporate blogging. 

With our blogging application, you harness the creative energies of motivated employees to deliver an authentic message about your product or service.  There is no appearance of impropriety because the affiliations are transparent.  Moreover, you connect directly with customers in a way they to.

Today, Dr. Dobbs' website is running a piece by Michael Swindell, Vice President Products at Embarcadero Technologies, making the case that native code development is still relevant in an age where dynamic languages and intermediate language runtime environments are all the rage. 

Granted, Swindell probably has a vested interest in promoting this idea, since his employer bought CodeGear from Borland earlier this year, thereby acquiring a good deal of native development tools, but I think on one level Swindell is right.  Without some native code running somewhere, things like JavaScript, the .NET Framework, PHP, and Flash arent possible.  All require a foundation of native code to execute, and as we were reminded recently with the release of Google's Chrome, the design of the underlying native code matters.

But is native development truly thriving?  Necessity is one thing; numbers are another.  I don't think that the number of people involved in native code development is on the upswing.  The statistics of job openings that I saw on the employment boards during my job search in 2007 sure reflected that.  Indeed, this dearth of opportunities gave me good reason to move away from the native code sphere. 

Moreover, I don't think that native code is going to supplant dynamic languages where dynamic languages deliver adequate performance.  As we're seeing with both Firefox and Chrome, the performance gap in dynamic languages is being addressed by radically changing the way dynamic languages are executed.

Dynamic languages have the advantage of flatter learning curves.  The lack of direct access to memory shields developers from buffer overruns and memory leaks.  It's usually easier to push out an update to a dynamic language application.  All of these things give non-native code a leg up on cost savings.

Native code will continue to dominate where dynamic languages fall short, such as time-critical embedded systems, low latency financial trading aps, middleware, and operating systems.  Positions in those rarefied spaces, while very lucrative, will continue to be less common  Those who find jobs in that market tend to be the cream of the crop because those are areas where the cost of a bug is very high.  If you don't believe me, just ask someone who has tried to interview for a hedge fund.

It's a given that a software developer working on a challenging project will stumble across an issue that is pretty esoteric.  After having checked the documentation and the FAQs, the perplexed developer is usually off to the mailing lists and IRC for further guidance.

Depending on the urgency of the situation, the developer may also punch portions of the error message into a search engine.  If all else fails, then a voyage through the source code may be in order.

We ran into a situation recently that fell into this category, and since it isn't well documented, I thought it would be worthwhile to provide some background information on its causes on my blog because it may help someone else down the line.

The problem was observed in PHP 5, using the XSLT extension that's built upon the XSLT C library for GNOME (libxslt). 

The XSLT extension provides a class, XSLTProcessor, which performs an XSLT transformation.  A processor object works with two XML documents, which are represented as PHP DOMDocument objects.  One document is the stylesheet document, and the other is the document being transformed.

The problem arises under the following conditions:

• The stylesheet includes an XPath that uses a same-document reference.
• The stylesheet DOMDocument object was initialized with a string using DOMDocument::loadXML().

A same-document reference XPath has at its root the document() function, with an empty string as the URI argument:

document('')

When the XSLT processor encounters a style sheet rule with an XPath like this, what should happen?  If you think like I do, your guess would be that the processor would use an in-memory copy of the transform XML document, and you'd probably use Section 4.4 of RFC 3986, which deals with URI syntax and semantics, as the basis of your conclusion.  Quoting the text of that document, with my emphasis added we read:

When a URI reference refers to a URI that is, aside from its fragment component (if any), identical to the base URI (Section 5.1), that reference is called a "same-document" reference. The most frequent examples of same-document references are relative references that are empty or include only the number sign ("#") separator followed by a fragment identifier.

When a same-document reference is dereferenced for a retrieval action, the target of that reference is defined to be within the same entity (representation, document, or message) as the reference; therefore, a dereference should not result in a new retrieval action.

The developers of libsxlt thought differently.  When their code encounters an XPath of this form, the engine will attempt to retrieve a new copy of the document using the documentURI property of the document object.  This is not explicitly documented, but a developer made clear that this is the intended behavior in a May 2006 post to the libxslt mailing list.  Quoting from the email:

My previous concern was directed to the possibility of using the document() function for stylesheet trees, which were constructed via the API or parsed from an in-memory representation. In such cases, the stylesheet tree won't have a base URI normally, thus document("") won't work.

After citing some notes about in-progress standards for future versions of XSLT, the developer writes:

So, for me, the conclusion is that it's better handled ony the user's side; the spec clearly rules out scenarios where there's no base URI available.

Summary of scenarios:

1) If the user has an environment, where stylesheets are constructed via an API (i.e., no XML document source available):

a) If document() must be supported: He has to provide a base URI and serialize the tree; either simply to file, or tweak I/O to use an in-memory representation.

Although this is a clear break from the RFC cited above, it might be difficult imagining why this would be problematic.  That's where the second criterion comes into play.

If you instantiate a PHP DOMDocument object via a string rather than a file, the code behind the DOMDocument extension assigns PHP's current working directory as the documentURI property.  The net effect is that you get libxslt going off on a wild goose chase for a file, using a path that corresponds to a directory. 

If the rule containing the XPath fires hundreds of times, you will not only get a barrage of PHP warning messages, the operation will proceed painfully slowly because it will be attempting to access the file every time the rule fires.

You can reproduce the behavior using the following example. 

Here is a stylesheet with a same-document XPath, shown in boldface.  We will refer to this document as "foobarbaz.xsl" later on in the post.  The transformation rule matches a foo element in the source document and then appends to this element the text node of the data:baz element that resides within the style sheet.

<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>

<xsl:stylesheet version="1.0"
 xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
 xmlns:data="http://foobarbaz.org/data" >

 <!-- start transform at root of document -->

 <xsl:template match="/">
 <xsl:apply-templates />
 </xsl:template>

 <!-- <foo /> -> <foo>bar</foo> -->

 <xsl:template match="foo">
 <xsl:copy>
  <xsl:value-of 
   select="document('')/xsl:stylesheet/data:baz/text()" />
 </xsl:copy>
 <xsl:apply-templates />
 </xsl:template>

 <data:baz>bar</data:baz>

 <!-- identity transform -->

 <xsl:template match="@*|node()">
 <xsl:copy>
  <xsl:apply-templates select="@*|node()"/>
 </xsl:copy>
 </xsl:template>

</xsl:stylesheet>

Here is a document that is to be processed.  We will refer to this later as "fake-document.xml".

<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>

<fake-document>
 <foo />
</fake-document>

And here is a PHP snippet that uses the XSLTProcessor class to perform the transformation.

<?php

$transform_document = new DOMDocument();
$transform_string = file_get_contents('foobarbaz.xsl');
$transform_document->loadXML($transform_string);
echo 'Transform document URI ', 
 $transform_document->documentURI, "n";

$source_document = new DOMDocument();
$source_document->load('fake-document.xml');
echo 'Source document URI ', 
 $source_document->documentURI, "n";

$xsl_processor = new XSLTProcessor();
$xsl_processor->importStyleSheet($transform_document);
$destination_string = 
 $xsl_processor->transformToXML($source_document);

echo $destination_string, "n";

?>

Here is what we observe when we run the script.  Note that the transform's document URI is a directory.

$ php -f testfoobarbaz.php 

Transform document URI /home/developer/
Source document URI /home/developer/fake-document.xml
PHP Warning: XSLTProcessor::transformToXml(): 
 /home/developer/:1: parser error : Document is empty in 
 /home/developer/testfoobarbaz.php on line 15
PHP Warning: XSLTProcessor::transformToXml(): 
 in /home/developer/testfoobarbaz.php on line 15
PHP Warning: XSLTProcessor::transformToXml(): 
 ^ in /home/developer/testfoobarbaz.php on line 15
PHP Warning: XSLTProcessor::transformToXml(): 
 /home/developer/:1: parser error : Start tag expected, 
 '<' not found in /home/developer/testfoobarbaz.php on 
 line 15
PHP Warning: XSLTProcessor::transformToXml(): 
 in /home/developer/testfoobarbaz.php on line 15
PHP Warning: XSLTProcessor::transformToXml(): 
 ^ in /home/developer/testfoobarbaz.php on line 15
<?xml version="1.0"?>
<fake-document>
 <foo>bar</foo>
</fake-document>

Note that the output is what we would have expected, so libxslt manages to eventually fall back on the in-memory copy of the transform document.

Although the above example is admittedly contrived, we encountered this behavior in a real-life setting.  In our case, the XPaths to same-document elements served as dummy elements upon which to do replacement operations in attribute strings.  Our workaround was to move the dummy points from the stylesheet to the source document, eliminating the need for the same-document reference.

Douglas Karr, friend to many here at Compendium, and the Bean Cup's über-Bean Fiend, has a great post over at his Marketing Technology Blog that is a must-read for any business decision maker new to the field of search engine optimization (SEO).

Having received a complimentary copy of the book Content Rich by Jon Wuebben, Karr takes an opportunity to provide a thorough critique of the book and its companion website, which is anything but search engine friendly.  Karr does an excellent job of taking Wuebben to task for the dubious claim that blogs are less effective than conventional websites for achieving high search engine ranking.

If Karr's explanation doesn't sway you that Wuebben is just plain wrong about the effectiveness of blogs, take a look at a recent post from Compendium Client Success team member Sarah Sedberry.  In a post from Friday, Sedberry provides a case study of real world results for the Indianapolis Convention and Visitors Assocation.  Since ICVA switched to blog authoring software from Compendium, they are getting both elevated search rankings and plenty of inbound traffic via their corporate blogs.

The Valleywag blog had a great post tonight about the ineffectiveness of sponsoring a celebrity blogger.  Citing Seagate's sponsorship of Robert Scoble's blog as an example, post author Owen Thomas notes that the computer storage manufacturer's stock price has decreased significantly since the sponsorship began.  The post goes on to cite some interesting statistics.

In April, a study by Canadian research firm Pollara found that word of mouth works — nearly 80 percent said they'd buy products recommended by a friend or family member. But word of mouse? Only 23 percent said they'd buy something touted by a blogger. "This shows that popularity doesn't always equate to credibility," Pollara executive Robert Hutton told MediaPost. "Marketers might have to reconsider who the real influencers are out there."

This is an reinforcement of the case that Compendium CEO Chris Baggott been making both in his presentations and blog posts like one from late May, where he wrote:

2.    Celebrity.    So many journalists covering  Social Media focus on Celebrities and celebrity bloggers.   There are 20,000,000 businesses in the United States…and this doesn’t count non-profits.   Hearing stories about Jimmy Wales, Michael Arrington, Kerry Miller or Jonathan Schwartz is great if you’re People Magazine, but this is Business Week.   Tell me about real businesses using these tools.   The story at Sun Microsystems isn’t the story of a CEO/Celebrity blogger (Jonathan's Blog), the story is the thousands of normal everyday Sun employees that blog.  Who are they?  What are the benefits to the organization?  (hint…it’s not touchy-feely....the ROI is found in winning searches and converting those visitors to prospects….)

The takeaway message for businesses is that you'll get more mileage for your marketing dollars if you invest in a company weblog, continuously stocked with content by plain-spoken employees who believe in what you're doing.  Compendium's Multi User Blog Software helps you achieve that goal.

"History doesn't repeat itself, but it does rhyme."

-- Mark Twain

I was reminded of this quote by Twain today as I read two articles, one at InfoWorld and the other at InformationWeek, about the Mozilla team's plan to give Firefox's JavaScript performance a jolt.  Code named "TraceMonkey", the project is introducing support for just-in-time code compilation into its JavaScript engine.  This new feature has been included with the alpha version of Firefox 3.1, but it is turned off by default because of it's work-in-progress status.

This project is interesting from our standpoint because an increasing amount of our application relies on client-side JavaScript to provide our customers with a smooth experience in editing and maintaining their blogs.  While the rise of AJAX has included many singing the praise of rich internet applications, JavaScript's status as an interpreted language has forced us to keep an eye on performance as our blog authoring software becomes increasingly feature rich.

As ambitious as the project may be, the Mozilla team are thinking wisely here.  The narrative being pitched by Adobe and Microsoft is that if you want to create rich web interfaces that have good performance, you need to lock into one of their proprietary technologies, the kind of technologies that require downloading and installing plug-ins.  As JavaScript pioneer Brendan Eich astutely points out in the InformationWeek article, "Not everyone wants to get a plug-in."

I was also struck by this passage from that same article:

If Mozilla is successful in its efforts, the rationale for developing rich Internet applications will become increasingly questionable. As Eich sees it, RIAs are already at risk. "Those platforms that are not a browser are an increasingly thin value-add to what the browser can do," he said.

In these remarks I hear an echoes of Marc Andreesen back in the mid-to-late 90s, when he boasted that one day Windows would be reduced to "an unimportant collection of slightly buggy device drivers" with a combination of Netscape's browser and Sun's Java technology.  It's even more amusing when you recall that part of this promise was tied to Sun's addition of support for just-in-time compilation for the Java virtual machine.

Will JavaScript succed where Java fell short.  It will be interesting to see how it all plays out.