Symphonious

There’s a lot of talk around at the moment about how to allow cross-domain AJAX requests without compromising security. What I don’t get, is why this whole thing is an issue. What’s the difference between the two examples below:

Option 1: Browser connects to site A which loads JavaScript and initiates a request via AJAX to site B.

Option 2: Browser connects to site A which loads JavaScript and initiates a request via AJAX back to site A. The server at site A proxies the AJAX request to site B.

There’s no reason that site A can’t act as a simple tunnel straight through to site B so the only difference is which IP the connection comes from and that could be hidden by routing through a bot net. All the client browser cookies and other information included in the request would be passed through to site B so it can still be used to track users across domains. Where is the benefit to security or privacy by adding this restriction?

Permissions and an edit link.

All too often we think of wikis as some special breed of software that’s completely different to CMS. In reality any good CMS should be able to be a wiki simply by opening up the permissions, removing the workflow and adding an “Edit this page” link when viewing the site. The problem is, most CMS implementations spend all their time focussing on locking things down and adding 10 stage workflows. It’s no wonder user adoption is such a problem, no one has the required permission to do anything!

So it was refreshing to see James Robertson’s article What intranet CMS’s can learn from wikis:

At the end of the day, I don’t care about the publishing tools that underpin the intranet, as long as they work and are used appropriately. I am also not arguing for throwing away our intranets and replacing them with wikis. That would be naive.

It is, however, a good time to take a fresh look at how we manage and grow our intranets, and to learn lessons from the wider community.

Indeed. Learn to find the balance. There are a lot of documents on the intranet where you need to get them right first time - critical policies and procedures etc, but there are also plenty that should be more living documents and evolve over time, benefiting from the experience of your employees. Open up those documents like they were in a wiki and you’re on the road to a successful intranet, without the confusion of having two completely separate systems.

As part of a very good series on sustainable software, Gianugo Rabellino writes:

The market couldn’t care less about your developers’ kids in need of new sneakers or your VC craving about his next Lambo: the argument that someone has to pay for software development is one of the biggest straw man of Open Source - the market pays for value, and if you build very little, guess what, you won’t get more than peanuts.

This isn’t just limited to Open Source software or even software in general. Far too often people make the mistake of thinking that company expenses justify the price of goods and it’s simply not the case. Value to the consumer decides what something is worth and if that happens to be below the cost of manufacture that’s the company’s problem, not the consumer’s. If that means the company stops making the product, consumer’s won’t care because they’ve already decided to go without.

The base of this problem is the idea that everyone has the same point of view as yours, or that they can be made to care about your point of view. The reality is that they’re so busy dealing with their own point of view and the challenges that brings that they don’t have time or energy to care about yours too. This leads to a long line of misconceptions based on the same idea:

It costs nothing to reproduce software/music/digital goods so all companies should provide them for free. This is effectively the opposite point of view from Gianugo - the idea that it didn’t cost the company much to produce doesn’t inherently make it less valuable to consumers. Maybe you individually don’t value it that much, but if enough other people do, you’d better be willing to go without. Cost of production simply has no relationship to value for consumers.

The company had a bad year so employees get reduced or no bonuses. This might be important for the business to survive, but it doesn’t mean employees will be at all happy about it. If they did their best, met their goals etc, why shouldn’t they get rewarded for it, if they’d wanted to bear the risks of business they would have started their own. The key to understanding this is not to think that business should pay bonuses even if it sends them broke or that you can’t have compensation tied to overall company performance (e.g. stock options) but that employees view this from a very different perspective to your own and you need to make it worthwhile and justified from your employee’s perspective, not your own.

DRM restricts user’s rights. Not really, DRM reduces the value to clients but if they’re happy to pay it so be it. Consumers not only get to decide value, they get to decide what rights they want for their money too. Sometimes these rights get coded into law without the possibility of waving them, but not often. Many companies use the rights they offer as a key point of differentiation - car manufacturers offering longer warranties, stationary companies offer unconditional return policies, airlines providing more flexible tickets.

The key to successfully arguing for or against something is to understand who it is you’re trying to convince and arguing from their point of view. Arguing from your own point of view is just whinging.

Dear lazyweb (actually, just more intelligent web, I’ve done a lot of searching on this already…),

I have a nice install of WebSphere Application Server and IBM Portal 6.0.1.3 up and running with the WCM component configured. This is great, really happy.

I’d like to add Quickr (later also Connections and maybe even Sametime) but all the Quickr installs I can find want to deploy a second instance of WAS which isn’t ideal. Is it possible to just add Quickr to an existing install or is it possible to install it separately and move it into an existing install?

Since the search function for Apple’s mailing lists is pretty much useless, I’m making a note of the Reading PICT Images thread which contains numerous options for rendering PICT images in Java on OS X.