An exchange of emails with the UCSD library staff has given me some new insight into adapting UCSD’s Google search appliance to our web sites. The ‘proxystylesheet’ parameter can be set to the URL of a XSL file that is then used to style the appliance’s XML output. The search function on the UCSD Libraries page uses the following XSL file:

http://gort.ucsd.edu/itd/libraries_stylesheet.xsl

I haven’t tried developing an XSL file for the CCE search yet. I’m actually not sure if it is a better approach than the PHP wrapper approach I described in an earlier entry. The XSL file would have to be maintained separately from the CSS files that define our sites’ layout and appearance. This means that any time we made a change to the look and feel of a site, we’d have to duplicate that change in the XSL file. If anyone else has any thoughts on the pros and cons of the different approaches, I’d be interested to hear them.

How to summarize - grab hold of - a productive year so it not only adds to individual recollections but also appears as a common foundation for next year’s endeavors? How to merge our interdependent discoveries/perspectives/understandings? Creating a set of our own ‘informatics principles’ seems a bit lofty - off-putting even or premature - so maybe we cam grpw a collection of lessons learned along with some resolutions instead.Here’s a list begun as we dispersed from the oceaninformatics year end story hour - trailing AmoebaLikeBacteriaShapedMarineSnowflake balloons.

Ocean Informatics 2005

Retrospective: A Lesson Learned
Some ‘one’ may provide ‘A Data Solution’ but no ‘one’ can provide ‘The Data Solution’. That is, there is much to be learned for those focusing on a one-stop shop/one-stop system data solution, and much else to be learned for those focusing on new approaches to design/integration/interoperability.

Prospective: Some New Year Resolutions
-to identify and articulate our own assumptions while learning to learn
-to work on recognizing the loss of fundamental categories and perceptions evident with technology
-to learn from diversity and difference, tending to our language, its ambiguities, and our local needs
-to aim for sustainability: think global, design local
-foreground the learning and the design /learning environment making use of collaborative, interdisciplinary prototyping
-to continue creating and articulating the multiple dimensions of infrastructure
-to focus on opening up new roles, ie of information manager, information scientist, data curator/mediator/liason, social informaticist, and environmental scientist
-to contribute to the dialogue about responsibilities and ethics of data producers (ie a change from being data users) while cultivating the enviornomental science-information science communications
-to consider data (flow, sustainability, synthesis), data support (IT, sustainability, alignment) and data use (local, public, long-term)
-to develop and inform ourselves about methods, approaches and perspectives for informatics, technology interfaces, communities of practice, and learning environments

I installed DokuWiki on iOcean a couple days ago. For those of you who weren’t there, DokuWiki is a code/project documenting tool that was demoed at last week’s WebHeads meeting. I haven’t had much chance to play around with it, but you’re all welcome to go take a look and try it out. The URL is:

http://oceaninformatics.ucsd.edu/dokuwiki/doku.php

There are no access restrictions in place right now, so don’t post any code that contains sensitive information (e.g. MySQL passwords). Also, you may want to look over the DokuWiki syntax if you want to try adding an entry.

The ongoing effort to bring Google Search to the OI sites has made some progress recently. While it turns out that we can’t register sub-domains of ucsd.edu for Google Public Service Search, we can tap in to UCSD’s Google Search Appliance. There are two ways we can do this:

1) We could create a custom front end, called a ‘client’, that would get registered with the search appliance. We could then create forms that queried the search appliance and requested that the results be displayed in a specific client. Hidden fields in the form could restrict the searches to one or more sub-domains.

2) We could use a PHP script as a proxy to send queries to the search appliance, again restricting searching to one or more sub-domains. The script would then get the results back as XML, parse them, and redisplay them in any format we choose.

So far, I’m not even sure if the first option is offered by UCSD - and even if it is, the second option seems to offer more autonomy and flexibility. So, I’ve started work on a PHP script that implements option two. Using the PHP XML parser functions and the Google search protocol, it’s been relatively painless to get a simple search interface up and running. My first experiment has been a simple test search page on the CCE site (I’m still working on the script, and I make no assurances that this page will be working when you click the link).

So what comes next? The search interface needs more polishing, especially if we want to implement feature similar to Google’s advanced search page. Also, now that we’re implementing searches, some issues have come to the forefront. For example, we need to consider page titles - right now, most of the pages on a given site have the same title, which makes search results less informative (thanks, Shaun, for pointing this out). Our current design templates weren’t created with a search bar in mind, so we’ll need to work this element in somehow. We might also want to start adding keyword metadata to our pages for more meaningful search results. I’m sure there are other issues to be addressed as well - any thoughts?

I just read about a new web-based collaborative writing tool available at:

http://www.writely.com

Collaboration begins when you enter a document online (similar to a blog post) at the writely.com website. You can also upload Word, HTML, OpenOffice, plain text or image files as well. Once you’re ready to share the document, you enter the email address of those you wish to collaborate with and they will receive a notice with the URL and password to use for logging into the collaboration. The site handles syncing changes made by each collaborator as well as maintains version control.

When the document is ready you can download it into Word or OpenOffice on your own machine for printing etc. and/or you can post it to your blog for community viewing. Writely only supports Firefox and Mozilla on the Mac, for the moment. The service is currently free. Not sure what their business model is but it looks really new and I imagine that they’re still trying to figure it out.

For more info, visit their site. There you’ll find a tutorial and FAQ. Worth a look.

As we’ve been expanding the scope of the services offered through the various Ocean Informatics web sites, the issue of authentication has come up more than once. When a user connects to one of our web applications claiming to be Mason Kortz, how do we know he really is Mason Kortz? Answer: we put the user to the test by requiring a password that only Mason Kortz would know.

The first issue we dealt with was how to securely transmit passwords over the Internet. Sending a password from your computer to a server is like writing it down on a piece of paper and passing it through many hands to another person. If the wrong person grabs it and looks at it along the way, it’s not very secure any more. That’s why last month we enabled SSL on our Ocean Informatics sites. Sending a password over an encrypted connection, like the ones formed with SSL, is like writing it down on a piece of paper and passing it through a cast-iron pipe to another person - significantly more secure.

So, with a safe way for users to submit their credentials, the next issue is to create and maintain a list of names and passwords to check the submitted information against. There are currently two lists of users in the OI environment that could be considered authoritative - the system users for iOcean and the personnel directory. An ideal authentication system would use one of these lists, and avoid the need to maintain a third, independent list.

Our first take on authentication was to use the Apache mod_auth module. Mod_auth allows you to secure your web space on a per-directory basis, using .htaccess files. A simple command line tool, htpasswd, is provided to maintain the text files that form mod_auth’s backend. When a user authenticates through mod_auth, their username is available to PHP through the $_SERVER superglobal array, so web apps can make use of this form of authentication. Mod_auth does have its downsides. It slows down a bit with large numbers of users, and the user/password list it uses stands completely alone, so it would have to be maintained independently of the server users and the personnel directory.

These issues brought us to the next possibility - creating our own authentication app using PHP over MySQL. Specifically, the login app would draw on the personnel database for user/password matching, and then set a cookie that could be accessed by all other web apps, effectively creating a single sign-on service for the OI web space. This solution would have a more robust backend than mod_auth, and would tie the login information to the contact information in the personnel directory. Again, though, there are downsides. Cookies are stored locally on the user’s computer and are easily read, so keeping our sites secure against ’spoof’ cookies would mean devising some security measures of our own. Also, the personnel directory is still divorced from the server users list - so although this solution provides single sign-on for the OI web space, it does not extend to the rest of the OI infrastructure.

This brings us to LDAP/Kerberos, which IOD is moving towards for network authentication. Whenever you sign on to a network resource - which can mean logging in to a computer, connecting to a shared drive, or accessing a secured webpage - your username and password are checked via the Kerberos server against the LDAP database. If they match, you are given a Kerberos ticket, verifying that you are indeed the user you claim to be. This ticket is good for all other (Kerberized) network resources as well, so you have strong single sign-on capabilities. Also, the LDAP database can contain more than just a username and password - it has a customizable schema, and by default supports extensive contact information. This would allow us to maintain one user list that acted as both the authentication database and the personnel directory. Of course, there are drawbacks. Setting up an LDAP server is not a quick task - at the very least it is on par with building our own authentication system. Furthermore, LDAP isn’t a familiar technology, so even once the server is running there will be learning curve as we figure out how to work with the schema files and customize the server to our needs.

in working with trasect figures in Matlab7.1 (R14) on my mac over the past few days, i have discovered a few secrets:

- Matlab has a canned feature for plotting with two Y-axis vairables (plotyy.m), but leaves double X-axis plotting up to the user. the way to do this is to create one figure, and then overlay a second set of axes on top of the original by ‘get’ting the axes ‘Position’ from the original set and using that to set the ‘Position’ for the second. when creating dual x-axis figures, there are a few things to consider:
1. overlapping tickmarks - if you create two sets of axes, it is likely because you are trying to plot two seperate sets of variables with different scales. This means dual tick-marks which may make your figure overly confusing. Possible solutions:
- use set(gca,’TickDir’,'out’) on one axes set to differentiate from the inward tick marks.
- do not use tick marks (see the next ’secret’ for more info)
- turn the bounding box off to remove ticks from secondary x and y axes, while leaving the primary tickmarks. set(gca,’Box’,'off’)
2. overlapping axes - only certain visualization fuctions seem to be compatible with xx figures. for example, adding a bar or plot is not possible as far as i can tell, nor are multiple levels to one of the axes (ie. no ‘hold on’ allowed!). much trial and error seems necessary! note: put more complicated figure (ie. contour, pcolor) on the bottom layer.
3. remember to turn off the background color in the overlapped axes, the default is white which will obscure the original figure. set(gca,’Color’,'none’)
4. set the second x-axis to the top by using the ‘XAxisLocation’ setting ‘top’.

- tick marks are fun! there are a few things the books don’t tell you:
1. while you CAN have tickmarks without labels, you CANNOT label intervals without tickmarks! you can get around this by hint #2.
2. you can change the tick mark length! this hidden value is not in any book or help menu that i have found, but it is invaluable for removing tick marks but leaving the labels. i found it using the ‘inspector’ feature under the plot tools. the command is set(gca,’TickLength’,[a b]) where a and b are mystery values. my experimentation shows that a must be a positive value greater than zero (ie. 0.001), or the tick marks will not appear at all, and that b seems linked to the actual length, with 0.4 being a common starting value, 5 being very very long! using [0 0.01] will remove the ticks from the figure. using this command in combination with ‘Box’,'off’ will leave the tick marks on your screen-display figure looking seperated from the axis, but when you export this problem disappears in the .tif version.
3. another way to include labels without the tick marks is to use the text function which still works well in double axes.

- the matlab defaults for image quality are very poor. suggestions are as follows:
1. when exporting, create a .tif with the openGL renderer and 150dpi. this will give a full-page figure of around 2Mb that looks nice. 300dpi is nicer, but the file size starts to get out of hand.
2. printing from the screen figure works well, but for some reason the pageSetup options are greyed out on the printMenu. remember to set your pageSetup Lines and Axes to ‘Color’ before printing!

- i have not yet found a way to make the colorbar logrithmic. i belive this is possible by changing the axes defaults for the colorbar (set bar=colorbar to get the handle for the axes!) but i do not know if it will translate the axes change to the color values. another possibility is to create a new colormap with log intervals for color. i will post more when i have it figured out!

I created a Page to store snapshots of the CCE LTER site. You may visit it periodically to observe the ev0lution of the CCE LTER site.

CCE LTER Site Snapshots