Usability - Productivity - Business - The web - Singapore & Twins

By Date: March 2006

Microsoft Exchange for DB/2

Now that I'm inside, I have access to a new wealth of information. Today I got access to a draft for a press release: In a surprise move IBM and Microsoft announce today:

Microsoft Exchange for IBM DB/2

The IBM spokesman declared: " With our scalable and robust storage technology we finally can ensure that you never have to spend time in Exchange hell anymore. Also true Microsoft shops can finally benefit from IBM technology. The code name for the project is TBE = True Blue Exchange ".
When questioned about the move a long serving Microsoft engineer stated: "With all the pressure and monstrous code in Vista, Office 12 and Exchange 12 we remembered the good times when we were working with IBM on OS/2. Basically then we were playing Mimesweeper and Flight Simulator while the IBM coders did all the work. The only thing we did was to put the presentation manager GUI coordinates upside down to ensure the Lotus people would use up all their resources to recode 1-2-3 on OS/2 while another team was working on Windows 3.11. We wanted the good times back, so we handed over the complete API spec to the
IBM Almaden lab, of course not before they ensured us not to deliver it to the Europeans, since it is our policy to ignore court orders".
I was puzzled, so I contacted the Alpha team @ IBM Almaden. The lead architect confirmed : Microsoft Exchange for IBM DB/2 does exist.
With a big smile he added: " If you have a close look at the code, you will see, that it is actually a Domino 7.1 server in disguise. We had the messaging part, the DB/2 storage, the fault tolerance and the scalability. We just merged our Domino Access for Outlook into the Domino core and off we went."
I got my hand on some Alpha code. It is amazing. All MAPI calls work, Outlooks sees a native Exchange box, even active directory recognized an Exchange12_01042006 version. Once I've played more with the code I'll post my test results, so stay tuned.

Posted by on 31 March 2006 | Comments (5) | categories: Software

Loosing patience

Hello Mr. Robot @, you belong to 209-128-119-045.BAYAREA.NET and it is completely pointless to add empty comments to this Blog.

Posted by on 31 March 2006 | Comments (0) | categories: Software

Hierarchical documents - a Domino development pattern

Notes provides us with a build in hierarchy for documents. You have documents, responses and responses to responses. This looks like sufficient to cover most hierarchical requirements. Nevertheless it often is not the right fit. For example: would you consider the head of a department a main document and her staff response documents? Rather not. Especially moving a response document around (when you switch departments) is a pain in the neck. Enter the Hierarchical document pattern. I will describe the principle, you can adopt it to your specific needs.

Step1: Compute your document ID. Use a field DocID and the formula @Text(@DocumentUniqueId). The field can be computed when composed or computed. If you opt for computed when composed you need to take care of the Copy & Paste operations (Take care does not mean: suppress it, life is hard enough for your users).

Step 2: Create a field Parent[xxx]ID. Replace the [xxx] with the logical relationship e.g. ParentManagerID, ParentRequestID, ParentDocID. You can have as many as you want (thus a difference to the mono-inheritance of the build-in hierarchy. You need to populate this fields according to your business logic. If you only have ParentDocID you could put it above the DocID, switch on "Inherit values" in the form and use DocID as formula for a computed when composed field. If you have multiple fields your mileage might vary.

Step 3: Since it is often necessary to get values up the hierarchy we create additional fields. E.g. you have an appraisal form (HR stuff), where you want that your manager, your dotted-line manager and their bosses and their bosses bosses can read how miserable you felt much you appreciated the ever changing challenges. There you have two options: pull the values on the fly when saving the document using some lengthy script code - or store the values directly in the document. You need to consider: does my hierarchy change often (every minute) or rather rarely (twice a month). Our approach fits well for the later.
For every Parent[xxx]ID field you create one field Parent[xxx]IDtree. This field will have the following formula (adjust as needed) @if(ParentDocID="";DocID;@GetDocField(ParentDocID;"ParentDocIDtree"):DocID). Some error handling needs to be added and the field needs to be multi-value of course. Now you have all DocIDs of the tree above the document in one field. This comes VERY handy in a view, when you want to get all documents that "hang below" a specific one regardless of depth of the hierarchy. It also allows (but we might avoid it) that you loop through the various document using @GetDocField to pull values.

Step 4: Extend the pattern. Besides storing the IDs you could store also normal fields like Manager or Subject in a redundant hierarchical fashion (data normalizers will shoot me for that "high-performance" approach. Typical examples: Show me all my managers, show me the project structure etc. Instead of pulling the values at view time using a @For loop and @Getdocfield for a computed for display field, we use computed fields:
e.g. SubjectDocTree, FullNameManagerTree, CompletionDateProjectTree etc. The formula for the computed field would be similar to above: @if(ParentDocID="";Subject;@GetDocField(ParentDocID;"SubjectDocTree"):Subject), repeat this for all fields you need.

Why are we doing that this way? Very simple: @Fomulas perform typically faster than LotusScript code. Also the pattern is easily extendible. Need another hierarchy: just add the fields. The only caveat: when you change a value "up in the tree" you need to cascade down the branches to the leaves. However after having identified the documents (Step 2 and the matching view) a simple doc.computewithform will do, so you Script Code will be generic.

I know your next question: Where is the code? I'll post the LotusScript for the updates and a sample database on an upcoming Show-and-tell Thursday soon.

Posted by on 30 March 2006 | Comments (0) | categories: Show-N-Tell Thursday

If you love somebody, set them free

After some teasing and cryptic thoughts, here the conclusion. Linus Torvald said it in his keynote address during 1999' Lotus DevCon: "If you love somebody, set them free". I put in a lot of work in TAO Consulting over the last 6 years and it is time to set it free. Ms. Ida Cheong will take over as Managing Director, Pitt will run the Notes consulting arm, Dr. Magaret Tan continues the Business consulting, Christoph Schaaf will cover UMsys. The position for a sales director has three hot candidates (more once its closed). We recently signed partner agreements with eWorkplace and CPUSoft to resell our products, so expect more activities there. If you want to have your product represented in SE-Asia talk to the good folks at TAO.

And I? Well think Rock, think Bob

I will be the LTPA ....

Read more

Posted by on 30 March 2006 | Comments (12) | categories: Singapore

Hello Singnet, ever heard of RFC2142?

There is a document called RFC2142. This RFC defines some standard email addresses every provider is supposed to implement monitor and attend to. Names like hostmaster, abuse etc. You would expect, that a very big provider would implement them to be a good net-citizen. Not so here:

Dear Stephan H. Wissel,

Emails sent directly to our mailbox are no longer attended to with
immediate effect. Please use the online form at
http://www.singnet.com.sg/tou/misc/ia_incidentreport.asp to submit your
Internet Abuse Incident Report.

For more information on Internet Security, please visit our website at

We wish you a pleasant day ahead!

Yours sincerely,
SingNet Internet Security Team
(this is a system automated reply)

SingNet Homepage - http://www.singnet.com.sg
Internet Security - http://www.singnet.com.sg/tou/security.asp

<rant> !@#$%^&
So when you just forward a virus message nicely with all headers, so they can notify the poor soul and rescue it, you get told: no we won't help unless you accommodate our process, that is in violation of internet standards. Hhm. Time for the ICT regulators to step forward and have a nice roster of fines for negligence. An ISP should be held responsible for maleware traffic leaving their network. </rant>

Posted by on 26 March 2006 | Comments (2) | categories: Singapore

Sunday thoughts

I did some clean-up in my paper files and realized how time flies Twenty years ago I completed my internship with IBM. I still wonder till today why they took in a law school student as intern. Ten years ago I designed the new UI for UMsys which has stood the test of time since then (of course with the help of some facial and plenty of make-up). Nine years ago I became a CLP. Eight years ago I married into the adventure of an Intercultural relationship. Six years ago I moved to Singapore, became a father and started TAO Consulting. Three years ago I spoke on my first public conference. Last year I spoke for the first time on conferences in Iran, Vietnam, Pakistan and China. Two month ago I spoke for the first time on Lotusphere.
More first time events are ahead. Stay tuned.

Posted by on 26 March 2006 | Comments (0) | categories: Singapore

Big news ahead

On a personal note: Big changes and new exitement ahead. Updates soon here, tune in next week.

Posted by on 23 March 2006 | Comments (1) | categories: Singapore

What is in a server name?

A short, sweet and controversial tip today: how to name your servers. When Notes entered the market, the predominant network protocols were NetBui/Netbios and IPX/SPX. Beside that Apple Talk, Banyan Vines and some inferior protocol called TCP/IP were supported. Naturally that Notes server discovery ran primarily via Netbios. Fast forward to today. Hands up: who has anything else than TCP/IP in production to link Notes clients to Domino servers? No one - good.
One of biggest support issues (by number of cases), especially when you have travelling folks, is to get the clients connected to the server. We all fiddle with pushing connection documents, keeping them updated etc. On the same time we already run a proper naming service for our servers: DNS. When a client tries to connect to a server it uses the server name and shouts into the network: "Are you there?". The you in this case is the server's common name. In a properly configured Intranet DNS or Netbios will resolve "myserver" to (or whatever your IP might be). In the "wild" that won't work, so you have to resort to connection documents. Unless of course you didn't name your server myserver/servers/myorg but myserver.mycorp.com/servers/myorg.
We tried that in a number of cases: Naming your server after its full qualified DNS entry will prevent most "server not found" issues.
Of course your mileage might vary: If your internal DNS is not well administrated or subject to constant change you will open just another can of worms.
So when you setup the next server(s) have a long chat with your DNS guys first.

Posted by on 23 March 2006 | Comments (0) | categories: Show-N-Tell Thursday

When you buy software before breakfast, Zonelabs is a good shop

We have a new member in our IT Zoo. A nice Sony VGN-A17GP laptop. After reinstalling the OS from the rescue disk and one gazillion patches there was the question of Antivirus/Firewall. Since the desktop runs happily with Zonealam pro with Antivirus I wanted to order a licence for the Laptop too. To confuse me product is now called ZoneAlarm Suite and ZoneAlarm Pro doesn't come with Anti-Virus. Before breakfast I only skimp pages and I promptly spend 50 bucks on the wrong product.
So I headed to the customer feedback page, actually not expecting much, but to my surprise after they had their breakfast I got a mail stating, that they refunded my purchase and I'm free to order what I originally intended to do.
Well done Zonelabs!

Posted by on 21 March 2006 | Comments (0) | categories: Software

Bring order to your group names

I'm not and admin buff, so I try to keep time spending in administration short. Management of groups for security purposes can be a drag on your administrative time. Since Notes basically let you do whatever you want, I find a lot of organic grown group structures. These are hard to maintain and often confusing. So over the years we refined a group structure, that is easy to understand as well as processable through code. The groups consist of three semantic elements connected by a dot:

&domainname dot metagroup dot purpose

Some examples:



&domainname stands for your domain name or a sensible abbreviation of it.
metagroup can be either sys for system group (e.g. server access) or apps for applications
purpose can be composed out of one or more sub-elements. In the system metagroup it would be either an access role .createdatabase or a servername with an access role x34za.denyaccess. In the application metagroup it always will be the name of the application and the application function. . leave.hr .po.manager etc. Depending on your organization's size you might want to tweak the structure rules for the best fit (<advertisement>if in doubt ask TAO for consulting services</advertisement>). Keep in mind to stick to the maximum length of 64 characters

The structure has a number of advantages:
  1. Using the # in front makes sure the groups are not mixed with user names or mail-group names in the address dialogue
  2. Having the domain (or a sensible abbreviation of it) in front eases the maintenance of ACL of databases and templates that get replicated across domains (e.g. from system integrator to customer)
  3. The structure allows for easy parsing. E.g. a server document must only contain groups that have .sys. in the second position. A ACL can only contain groups that carry the application name in third position. We typically use a registration database where all databases are configured with their "application name" to a acl scanner can find inconsistencies
  4. We typically add a #mycorp.apps.NameOfTheApp.support group with designer rights to every database. The group is empty. When there is a need for troubleshooting a workflow process will add the developer to this group for a specified time frame. This way we avoid the two pitfalls in security: giving developers full admin rights or giving them permanent developer access to production databases
  5. Since group names for applications are well defined you can use the application registration database for some kind of self service, where the business owner of a database grants access to a user by filling in a form and a background agent is updating the Domino directory. You can have as much audit trail and workflow as your auditors need to see.
  6. ACL structures can be fine granular and well defined at the same time. E.g. you can enforce (and scan) rules like: If it is not a mail file, there must not be a person entry. Every database needs a support group with designer access (the structure would determine the exact name). etc.
Update: IBM recommends not to use #, so I replaced it above with &

Posted by on 16 March 2006 | Comments (2) | categories: Show-N-Tell Thursday

XForms - Putting your form processing on steroids

On 15 March 2006 I will speak on the Singapore XML Standard day organized by the XML Working Group of ITSC. After introducing the XForms concepts I will show how the Orbeon Presentation Server allows for easy implementation of a server side forms processing application. Get the full details here.
If you are free in the afternoon -- and free -- join me at Tower Three #14-00 Suntec City in the multipurpose hall of IDA.

Posted by on 14 March 2006 | Comments (0) | categories: Software

Volunteering at Northland Primary School

Singapore's educational system is modelled after the British one. Actually is modelled by  the British. So we have primary schools, secondary schools, college and universities (and a few other things). Schools compete with each other and put a huge effort in branding themselves (mostly with bright students and good Alumni connections). Back in Germany the Primary Schools don't do that and you simply go to the nearest one. So I felt a little helpless when we had to select one for Anthony and Ernest. They will go to Primary one in 2007, so selection had to be done now to be able to take the needed action.
We decided on the Northland Primary School. It has a decent reputation and is not too far away from where we stay. Admission to the school is regulated by a (at least for me) confusing set of rules about school distance, siblings in school, Alumni connection and parent contribution. Since we just live outside the 1km circle of practically sure admission we had to opt for scheme 2b. That means voluntary work of the parents. This doesn't guarantee admission, but increases the chances.
Until today all of the hours have been contributed by my wife. Today was my turn. The school was organizing a sports day with many station where the students had to exercise. My station was basketball. So 300 kids had 3 turns each to score. Balls were flying in all directions and I had fun doing 900 times catch the ball and throw it back. I definitely can skip my gym session tonight. There might be photos up on the parent volunteers website.

Posted by on 10 March 2006 | Comments (4) | categories: Singapore

Visualizing a Date Range

After last weeks flight level 500 contribution I'd like to dive right into some code today. The task at hand: visualize a date range in a calendar like display with weekends and special days (e.g. Holidays) marked differently. A leave application or a travel approval system would be typical examples where that comes in handy. Do not use any Lotus Script or Java or JavaScript. OK and no C/C++ either. So the tools at hand are @Formula, HTML and CSS:

Let us assume, that the two fields holding the start and the end date are: LeaveStart and LeaveEnd.
Create one field, Type date, name Datelist, multivalue enabled, computed, Formula: @Explode(@TextToTime(@Text(@Date(LeaveStart))+"-"+@Text(@Date(LeaveEnd))))
Another field dHolidays contains all the special days as Text list.

The surrounding code for the display looks like this:
 <table width=100% border=0 cellpadding=2 cellspacing=2 bgcolor=#DDDDFF class=leavecal>
    <tr><th colspan=7>Overview days for this request</th></tr><tr>

The code in the computed for display text field [dLeaveCal] looks like this:
REM {Hodidays in Red; Weekends in Green; Leave in Blue};
tmpColWeekend := "weekend";
tmpNumHolidays := @If(@Elements(dHolidays)<1;1;@Elements(dHolidays));
tmpColHoliday := @Trim(@Explode(@Repeat("holiday!";tmpNumHolidays);"!"));
tmpColLeave := "leaveday";
tmpdays := @TextToTime(datelist);
tmpWeekdays := @Text(@Weekday(tmpdays));
tmpFirstWeekday := @TextToNumber(@Subset(tmpWeekdays;1));
leadString := @If(tmpFirstWeekday=2;"";tmpFirstWeekday=1;"<td colspan=6>&nbsp;</td>";"<td colspan="+@Text(tmpFirstWeekday-2)+">&nbsp;</td>");
tmpWdNames := @Replace(tmpWeekdays;"1":"2":"3":"4":"5":"6":"7";"Sun":"Mon":"Tue":"Wed":"Thu":"Fri":"Sat");
tmpbgcolstep1 := @Replace(datelist;dHolidays;tmpColHoliday);
tmpbgcolstep2 := @Replace(tmpbgcolstep1;datelist;tmpWeekdays);
tmpbgcolstep3 :=@Replace(tmpbgcolstep2;"1":"2":"3":"4":"5":"6":"7";tmpColWeekend:tmpColLeave:tmpColLeave:tmpColLeave:tmpColLeave:tmpColLeave:tmpColWeekend);
tmplinkebreak :=@Replace(tmpWeekdays;"1":"2":"3":"4":"5":"6":"7";"</tr><tr>":"");
leadString+@Implode("<td class="+tmpbgcolstep3+">"+tmpWdNames+"<br />"+@Text(datelist)+"</td>"+tmplinkebreak;" ")+
"</tr><tr><td  colspan=3 class="+tmpColLeave+">Leave days</td><td  colspan=2 class="+@Subset(tmpColHoliday;1)+">Public Holiday (if any)</td><td colspan=2 class="+tmpColWeekend+">Weekend</td>"

You need to figure out some CSS for the classes:
.holiday { font-size : xx-small;
               background-color: #FFCCCC;
               border : 1px solid #FF0000;
.leaveday { font-size : xx-small;
                  background-color: #CCCCFF;
                  border : 1px solid #0000FF;
.weekend { font-size : xx-small
                   background-color: #CCFFCC;
                   border : 1px solid #00FF00; 

The result will look like this (look Ma, no JS):
Display of a date range in HTML

Posted by on 09 March 2006 | Comments (4) | categories: Show-N-Tell Thursday

I could use a little help from an NSIS expert

DominoWebDAV 0.1 will be up soon. Part of the application is a little helper application, that knows how to deal with the webdav:// protocol. As "good citizens" we want to make the information available, that the helper is installed by amending the user_agent string in the browser. We add something, not alter, so the typical browser sniffing scripts won't break (Note to all who still use them: start sniffing the DOM).
In Internet Explorer the user_agent extension are defined by a registry entry (This is e.g. how IE/IIS "knows" that a .net runtime is installed):
HKLM "Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform" "Some funny string" All entries here end up in the user_agent. In Firefox it is a little trickier: the following steps are needed:
  1. Is Firefox installed?
  2. Locate the profile directory (per user)
  3. Read the profiles.ini and locate the current user profile
  4. Look for the file user.js, create it if missing
  5. Add the line user_pref("general.useragent.extra.funnySoftware", "Some funny string"); if missing
I managed to get the part with the Registry going, but I could need some help on the Firefox part. Any takers?

Posted by on 07 March 2006 | Comments (0) | categories: Software

Lotus Notes in Calgary/Canada anyone?

My colleague Nigel is migrating from Singapore to Calgary in Canada. He does Lotus Notes since R3 and is a CLP, Java and M$ certified as well. Getting certifications is a popular past time here, since it is both sponsored by the government and less boring than reading our local newspaper. He is a nice chap and if you know about a Notes/Domino related job in the Calgary area drop him an email nigel.choh (at) taoconsulting.sg.

Posted by on 05 March 2006 | Comments (1) | categories: IBM Notes Lotus Notes

To the gentlemen (?) who use story?OpenForm on my blog

I'm generally open to have guest entries here. However it would be a clever idea to ask me instead of trying to log in. The IPs are logged, so I can find out who you are.
Special note to the Singaporean subset of you. Can you spell Computer Misuse Act?

I'm not amused.

Posted by on 03 March 2006 | Comments (3) | categories: Singapore

What are the strongest aspects of Lotus Domino?

I was asked recently to sum up the strongest points about Lotus Domino. This is what I came up with:

Lotus Domino is an integrated communication platform, that features email, instant messaging, collaboration and an application development platform. Its strongest points are self-containment, robustness, scalability, freedom of platform choice, security, extensibility, low cost of ownership and IBM's commitment.

Self-containment: Domino is not dependent on external applications other than the operating system and the network. While MS Exchange depends on Active Directory and Novell Groupwise on Novell's eDirectory, Domino provides it's own directory that also can serve as an LDAP directory for other applications. Due to the lack of external dependencies Domino servers can be moved from one platform to another with ease and low effort. More important: Running Domino does not require a bundle of different products and product skills. When comparing Domino's capabilities with Microsoft's offerings, you would need multiple Microsoft products to cover all Domino functionality: MS Active Directory, MS Exchange, MS Sharepoint, MS Life Connection Server and MS SQL.

Robustness: Domino uses individual databases for every mail user. The databases can synchronized ("replicated" in Notes lingo) between multiple servers and clients. Therefore Domino is very resilient against failures on one server or in one database. Combined with the active clustering and the choice of platforms a Domino system can be build with practical no perceivable downtime.

Scalability and platform choice: Domino is available on multiple platforms from Windows, Linux, Unix to z/OS. It provides cross-platform clustering and load balancing. An investment into a Domino cluster for high availability is paid back with better response times due to the load balancing functionality. IBM has provided benchmarks on notesbench.org where a single iSeries server supports 100,000 concurrent mail users.  However the most interesting aspect of the multi-platform availability is the possibility running Domino servers on different operating systems than the clients, thus providing a natural infection barrier for viruses and maleware. The platform choice doesn't stop with the servers. eMail and data stored in Domino can be accessed by a wealth of clients and protocols, giving the customer the freedom to pick the desktop (email) application of their choice: Lotus Notes Clients, IBM Workplace, MS Outlook, POP3/IMAP4 clients like Mozilla Thunderbird or web mail via a browser.

Security: Domino's granular access control to email, calendar and Domino applications is unique in the industry. Furthermore Domino provides digital signatures and encryption both in Domino's propriety format as well as the industry standard X509. Domino serves as the corporate PKI infrastructure, eliminating the need to invest into and introduce another technology for that. But there is more: Domino enables by design the lock-down of sensitive information, so even the system administrators could not retrieve it, so the data owners can be assured of data confidentiality.

Extensibility: Domino's mail design is completely open and can be customized to specific corporate needs. The OpenNTF open source community provides an free alternative to IBM's own design with enhanced functions putting pressure on IBM to constantly innovate. Besides eMail Domino features a platform for collaborative applications like discussion boards, blogs, wikis, CMS, CRM and a huge selection of open source or commercial applications. The latest version of Domino makes all this available as web services, in fact turning Domino into a pilar of a SOA strategy. Since the application share the platform with messaging they integrate well with email and allow the creation of an corporate unified information backbone.

Low cost of ownership and IBM's commitment: a well configured Domino platform takes advantage of the policy based administration, that minimizes administrative efforts through a set of comprehensive rules. In the latest release IBM also added a comprehensive domain monitoring capability. All this frees up valuable time for administrators to manage their environment more proactive. IBM is the single vendor with the most detailed roadmap for it's messaging platform. The current version Domino 7 has been released a few month ago, nevertheless IBM has outlined plans for Domino version 8 and 9. This assures users of the Domino platform, that they are not in for any rip and replace upgrade any time soon.

Posted by on 02 March 2006 | Comments (14) | categories: Show-N-Tell Thursday