Thursday, July 15, 2010

How I became known as Mr Smasher

I have worked on a wide variety of projects with Lotus/IBM during the 15+ years I have been with the company. Smasher was a very short project that I only worked on for a few weeks in my spare time. However, when I meet another IBM employee for the first time, there is a fairly good chance that they will smile and say "are you the guy who wrote smasher?". It is interesting that a project which only involved a very small amount of work had such a huge impact upon my reputation within the company.

Back in 2005 I started to hear a lot of excitement about a new client for the Sametime service known as IBM Community Toolkit (ICT). The interesting thing about this client (which later became the basis for the Sametime v7.5 and subsequent clients) was the fact that developers could easily extend the functionality by means of plug-ins which were only loosely coupled with the core client. A number of interesting extensions were available and proving very popular. At the time there was very little documentation on how to write a plug-in, but many people told me that it was easy to figure out the interface by looking at one of the samples which were circulating on the IBM Intranet. At the time I had been a manager for a few years and I was worried that my programming skills were getting rusty and so I decided to try developing an ICT plug-in as a spare-time to learn more about this new environment.

At the time much of the Lotus development effort was focussed upon the Workplace project (which subsequently became known as the project nobody wanted to mention) and so I decided to develop an ICT plug-in which interfaced to the Workplace server. I spend roughly a half a day a week on this project under an initiative known as "Think Fridays". Unfortunately I found it quite difficult to make progress with this project because the Workplace server was very unstable at the time and the interface was not very well documented. My life was made even more difficult by the fact that the CVS server I was using to save my source code was behind a boundary firewall. Boundary firewalls are network devices used inside IBM to isolate parts of the network and only allow access to packets to/from machines which have been authorised. Unfortunately there was problem with the firewall that I needed to pass through to get to the CVS server. The firewall used to reboot itself frequently which meant that it lost the list of authorised machines. I was often frustrated by the fact that my CVS commits failed and I had to go through the multi-step process required to re-authorise my machine against the firewall.

One Friday I decided to put the original project on hold until a more stable version of the Workplace server was available (which I was assured would only take a few weeks). In order to continue my learning I decided to instead spend my Think Friday time working on a simple utility with would automatically monitor whether my machine was authenticated against the firewall and if not perform an authentication. One thing that made this easy was the fact that the in general the credentials used for authenticating against the firewall are the same as the credentials used for logging into the Sametime server.

It turned out that this was an excellent choice as a plugin for me to write as an educational excercise because it was not too hard to write. I was able to have the bulk of the plugin written in 2 weeks (i.e. half a working day per week implies it was written one full working day). The normal firewall authentication method was via a browser and so my plugin used REST style programming to emulate the same process, which was something I wanted to learn (and was surprisingly easy).

There were a few minor bugs that were tricky for me to solve and so I asked a colleague for advice. Naturally I had to explain to him what it was doing, he was very impressed with the idea and as well ask showing me how to solve the problem he asked me for a copy of the plugin so that he could use it for himself. He in turn mentioned it to a few people and so it began to be circulated within the lab. I never really planned to distribute this plugin, but then again I had no objection to giving it to anyone who asked.

Around this time there were serious problems with the Firewall used in the IBM Dublin lab - it was constantly rebooting and forgetting the list of authenticated users. The local IT support people ordered new hardware to solve the problem, but there were a lot of irate engineers while waiting for the new hardware to arrive. One of the IT support managers asked me if I minded if they recommended the smasher tool to people who were complaining about the firewall issues (if the re-authentications were automated people would not be so upset with the problems). This seriously increased the number of people using the smasher plugin.

Gradually people outside of the Dublin lab became aware of the tool and started using it also. They reported to me that smasher had issues with some of the boundary firewalls used inside IBM which did not use the same authentication UI as the Dublin firewall. It was relatively easy for me to add support for a new login-UI when I was made aware of it, but as smasher grew in popularity the workload of providing support began to grow. Since my job description at IBM does not involve supporting firewall authentication tools, I was looking for a way to drop support for a tool which had already served its purpose for me (I had already learnt all I needed to know about plugin development).

Andy Piper from IBM UK suggested that I should create an IBM internal open source project so that anyone who wanted to add features would be able to do so themselves (this is a project whose source is freely available, but only inside IBM). This sounded like a good idea - there was no point in making it a public open source project since there is no other company I know who ised boundary firewalls like IBM does. Shortly after I created the open source project,  Billy Foss (an engineer from the IBM Raleigh office whom I never even met) kindly offered to take over as the chief maintainer of the smasher plugin.

After 5 years, smasher continues to be very popular despite the fact that there are now a number of excellent alternatives available:
  • BSO Bug me not is a very popular tool developed by Thomas Gumz in the Littleton lab. The only serious limitation with this tool is that it is designed to only work on Windows machines.
  •  My own current favourite is Bugmenot Firefox plugin which was developed by my colleague Stephen Kruger
It appears that my involvement in the smasher project has made my name within IBM. I sometime get asked for advice from other people who are new, but would also like to make their name within IBM. I am not sure I can give good advice since the smasher project happened more by accident than by design, but the lessons I learned from the project are:
  • Scratch your own itch: I didn't spend time wondering what would be useful for many people in IBM, instead I simply focused on what would be useful for me. I suppose I might be more typical than I realise, because it turns out that it was also useful to many other people.
  • Start something completely new: I often see poorly designed tools and feel that I could easier develop a better version. Unfortunately it often turns out that my version is not really better than the existing tool (perhaps better in some ways, but worse in others). I think the key to my success with smasher is the fact that it was a completely new type of tool and therefore there was no existing tool to complete with.
  • Don't aim too big: If you are looking to start a hobby project, I think it makes sense to aim at a small niche. I know that most entrepreneurs aim to find the biggest possible market, but if there is a big market for something then someone will start a formal team to tackle the problem and there is no way that a single hobbyist can compete with a professional team.
  • Be humble: I never tried to convince anyone that smasher was a wonderful tool, if I did I am sure that people would have been only too happy to point out its flaws.
  • Accept help: If you are lucky enough to get offers of help you should accept the offers gratefully. In addition to lightening the load on you, you will probably find that anyone who has helped with the project will become your best advocate.


  1. After all that, it wouldn't occur to you to include a link to the bloody thing, would you?

  2. Anyone inside the IBM Firewall can get Smasher code and documentation from - unfortunately it is not available outside the IBM firewall

  3. We need more info like this on a daily basis. Hope you'll regularly update this web in the future. This article is pretty interesting since there's so many useful info inside. Thank you.

    Upper arm bp monitor India