Features

Quick Response, Quick Risk?

Thu, 16 Feb 2012 09:45:00 EST

Quick Response (QR) codes are intended to help direct users quickly and easily to information about products and services, but they are also starting to be used for social engineering exploits. This article looks at the emergence of QR scan scams and the rising concern for users today. You don’t have to look far these days to spot a QR code. From their humble beginnings in labelling and tracking parts used in vehicle manufacturing, these blocky little barcodes-on-steroids are being placed everywhere from product packaging, to posters and billboards, to magazines and newspapers. QR codes are a jumping-off point from the offline to the online world. By simply scanning the code with your smartphone, people can quickly access the digital content triggered by the code – making them a marketer’s dream because they make it easy to direct users toward information and services. What’s more, they still retain a certain cool and curiosity factor, with users enjoying the point-and-browse convenience they offer. However, this also makes them useful to hackers as a social engineering tool, to exploit user interest and trust and direct them to malicious websites or malware. While the concept of ‘drive-by downloads’ is already well established as a stealthy tactic for stealing user data when web browsing, QR codes offer a new method for manipulating mobile users in a similar way.

Component Development and Assembly Using OSGi Services

Fri, 03 Feb 2012 11:45:00 EST

This article introduces the concepts of Component Oriented Development and Assembly (CODA) using the OSGi Service platform with an example application. The article starts with an introduction to software components, elaborates with an example application, followed by an overview of the OSGi Service platform, and an implementation of the example application using this platform. Components are parts that can be assembled to form a larger system. Electronic components such as ICs (Integrated Circuits) are assembled together to build an electronic system; similarly software components are assembled together to build a software system. Software systems have a static form as well as a dynamic runtime form. Software components can be assembled either in static form or dynamic form. In either case, the software component is an independent unit of development, deployment, and assembly. Using components to build software systems will provide many architectural advantages apart from promoting ease of reuse.

Access Control in Multi-Tenant Applications

Sun, 15 Jan 2012 11:00:00 EST

Defining "Who sees what" and "who does what" are the two important aspects of access control in any software application. "Security" is a much larger subject, but this article focuses on just the access control aspects of Security in a software application. When you build a custom application for a specific customer, the access control policies of the organization are often defined upfront as part of the requirements phase. Depending on the vertical, domain and the specific organizational structure of the business, first the roles are defined. And then each role is given access to a set of screens, forms, pages and reports. What role A sees might be different from what role B sees. What role A can do could be different from what role B is allowed to do. Of course, certain areas in the application can be accessed by multiple roles. While building software products (used by several customers), the roles are often generalized and predefined. The various access control policies of the product are often hard coded in to the roles. The customer will be able to assign one or more roles to their users.

Patterns for Building High Performance Applications

Mon, 09 Jan 2012 08:00:00 EST

Performance is one word that is used to describe multiple scenarios when talking about application performance. When someone says I need a High Performance Application, it might mean any/all of the following: Low web latency application ( meaning low page loading times) Application that can serve ever increasing number of users (scalability) Application that does not go down (either highly available or continuously available) For each of the above, as an architect you need to dig deeper to find out what the user is asking for. With the advent of cloud, every CIO is looking to build applications that meet all of the above scenarios. With the advent of elastic compute, one tends to think that by throwing hardware to the application, we may be able to achieve all of the above objectives. The patterns employed to achieve the above scenarios at times are different and it is important to find the right approach to the solution that meets the above objectives. We will examine some of the common patterns that can help us to achieve the objectives

Third-Party Content Management Applied

Fri, 30 Dec 2011 15:00:00 EST

Today’s web sites are often cluttered up with third-party content that slows down page load and rendering times, hampering user experience. In my first blog post, I discussed how third-party content impacts your website’s performance and identified common problems with its integration. Today I want to share the experience I have had as a developer and consultant with the management of third-party content. In the following, I will show you best practices for integrating third-party content and for convincing your business that they will benefit from establishing third-party management. First the bad news: as a developer, you have to get the commitment for establishing third-party management and changing the integration of third-party content from the highest business management level possible – the best is CEO level. Otherwise you will run into problems trying to implement improvements. The good news is that, from my experience, this is an achievable goal – you just have to bring the problems up the right way with hard facts. Let’s start our journey toward implementing third-party content management from two possible starting points that I’ve seen in the past. The first one is triggered if someone from the business has a bad user experience and wants to find out who is responsible for the slow pages. The second one is that you as the developer know that your page is slow. No matter where you are starting, the first step you should make is to get the correct hard facts.

Deduplication: When, Where and How

Wed, 30 Nov 2011 10:00:00 EST

Nearly every enterprise can benefit from deduplication. Business data has been growing exponentially. Routine backups of that data have become too costly or simply ineffective. Deduplication can help by reducing the cost of primary and secondary storage. Essentially, limited resources are made much more effective and efficient. What most organizations don’t realize is how much deduplication technology has matured. Originally, deduplication was used as an alternative to tape for backup and disaster recovery. This user case continues today and has become one of the predominant solutions for data protection. As it has matured, it has begun to evolve from being a point solution at the end of a backup chain (the target) to a player in every step of the backup process: at the client side, at the network side, at the media server side, as well as at the target device. Backup and storage vendors are implementing this technology in all aspects of their solutions.

Book Excerpt: Java Application Profiling Tips and Tricks

Fri, 25 Nov 2011 09:45:00 EST

Most Java performance opportunities fall into one or more of the following categories: Using a more efficient algorithm. The largest gains in the performance of an application come from the use of a more efficient algorithm. The use of a more efficient algorithm allows an application to execute with fewer CPU instructions, also known as a shorter path length. An application that executes with a shorter path length generally executes faster. Many different changes can lead to a shorter path length. At the highest level of the application, using a different data structure or modifying its implementation can lead to a shorter path length. Many applications that suffer application performance issues often use inappropriate data structures. There is no substitute for choosing the proper data structure and algorithm. As profiles are analyzed, take notice of the data structures and the algorithms used. Optimal performance can be realized when the best data structures and algorithms are utilized.

Best Practices for Business Transaction Management

Fri, 28 Oct 2011 11:15:00 EDT

The term Business Transactions and Business Transaction Management is widely used in the industry but it’s not always well understood what we really mean by it. The BTM Industry Portal provides some good articles on this topic and is definitely recommended to check out. The general goal is to answer business-relevant questions that business owners have for application owners: "How much revenue is generated by a certain products?", "What are my conversion and bounce rates and what impacts them?" or “Do we meet our SLAs to our premium account users?” Challenge 1: Contextual Information Is More than just the URL In order to answer these questions we need information captured from the underlying technical transactions that get executed by your applications when users interact with your services/web site. Knowing the accessed URL, its average response time and then mapping it to a Business Transaction is the simplest form of Business Transaction Management – but doesn’t work in most cases because modern applications don’t pass the whole business transaction context in the URL.

Change on a Dime: Agile Design

Fri, 21 Oct 2011 12:30:00 EDT

What does it mean to have a good experience? Think of your favorite restaurant, the interior of your car, and the software on your phone: how do people craft these experiences? What details, planning, and design go into the process? Would it be possible to create a great experience if you were limited from laying out a full design before you got started? That’s the typical scenario in designing a user experience within the realm of agile software development. As a designer, how do you manage in an environment with such a quick pace and changing specifications? This article provides a brief overview of agile development and gives several tips for working as a designer in this environment.

Business Technology Centers of Excellence - Investing in Your Future

Fri, 21 Oct 2011 10:00:00 EDT

It is time to invest in the advanced technology that provides the foundation and tools for the people and processes to meet their true potential. This means investing in the organizational construct known as a business technology Center of Excellence (CoE). The general concept of a business technology CoE has occasionally been incorporated into everything from a skunkworks-oriented IT research & development team to a full-fledged enterprise architecture organization. Corporate enterprise IT R&D teams are typically assigned a mission to constantly assess trends in business technology and make recommendations regarding their usage. These teams can serve a vital purpose in some companies, but are often challenged in making the connection between the new technologies and their immediate benefit to the business’ bottom line. Similarly, enterprise architecture teams have been very successful in documenting and establishing governance over the existing business, organizational, and technical constructs of a corporation, but have been challenged in delivering ongoing, proactive, and immediate strategic value to the business. A well-defined CoE with a specific mission addresses both the tactical and strategic issues associated with implementing new business technology solutions while remaining focused on the value the technology provides to the business.

Business Design for the Service-Oriented Enterprise

Fri, 14 Oct 2011 07:00:00 EDT

Business design is set to undergo a dramatic transformation. The convergence of ecosystem automation and autonomics, architecture for continuously evolving business, together with the merger of consumer and business IT will have a profound impact on conventional business models, which will in turn affect business modeling techniques and enterprise architecture. In this article we provide an outline of what we believe will become de facto best practice using some new and not so new patterns to guide the design process. The original SOA vision of the enterprise as a network of services is now attainable by many enterprises. But the route to the Service Oriented Enterprise is not so direct; it must evolve and integrate with an ecosystem of services that reflects business reality.

Architecture Evaluation Framework for ORM Technologies

Tue, 11 Oct 2011 12:00:00 EDT

Object Relational Technologies form the backbone of most of the enterprise Java applications. Choosing the appropriate technology however is one of the most important decisions for an enterprise architect. More often than not, such a decision is either a hit or miss. Mistakes done in selecting the appropriate technology results in performance bottlenecks, lack of scalability, unreliable transaction handling etc. More than the problem with the specific ORM technology, it's the suitability of that technology to the underlying business needs and non-functional requirements. This article aims to establish an objective architecture evaluation framework for evaluating which ORM technology best fits your project needs. Based on the requirements, one or the other technology may be appropriate. This article aims to establish an objective architecture evaluation framework for evaluating which ORM technology best fits your project needs.

Patterns of Enterprise Mobility

Sun, 09 Oct 2011 16:00:00 EDT

With the onslaught of mobile devices and platforms from multiple vendors, the current technology underpinnings of mobility solutions are in a state of flux. With the hype surrounding the hardware and software offerings across the mobility solutions, it is a challenge for enterprises to differentiate between the offerings and also to plan for enterprise mobility strategies. Across the solutions, however, there are four distinct patterns that have emerged, which are fundamental to the underlying architecture of various mobility solutions. Each of these patterns solves a broad usecase and has their own advantages and disadvantages. Understanding these patterns provides enterprises a clear view of evaluating multiple solution offerings, compare the pros and cons and also determine a mix of technologies that they can adopt for strategic mobile offerings.

A Complementary Query Language to Google’s Dart

Thu, 22 Sep 2011 14:00:00 EDT

Dart is a new structured data programming language from Google. While unstructured data has become extremely useful, structured data is still extremely important because it keeps businesses running day in and day out. Programming languages still need to be coded by hand and most Google users are not programmers. To fill this large gap for most Google users who have no programming experience, a structured data query language would be very useful. Query languages operate by what data or information is wanted and not how to access or derive it. No programming is necessary to use. This is very similar to a standard Google request. This allows anyone to specify a powerful structured data query request.

Making Sense of Large and Growing Data Volumes

Wed, 07 Sep 2011 09:30:00 EDT

Is MapReduce the Holy Grail answer to the pressing problem of processing, analyzing and making sense of large and growing data volumes? Certainly it has potential in this arena, but there is a distressing gap between the amount of hype this technology – and its spinoffs – has received and the number of professionals who actually know how to integrate and make best use of it. Industry watchers say it’s just a matter of time before MapReduce sweeps through the enterprise data warehouse (EDW) market the same way open source technologies like Linux have done. In fact, in a recent blog post, Forrester’s James Kobielus proclaimed that most EDW vendors will incorporate support for MapReduce’s open source cousin Hadoop into the heart of their architectures to enable open, standards-based data analytics on massive amounts of data. So, no more databases, just MapReduce? I’m not so sure. But don’t misunderstand. It’s not that MapReduce isn’t an effective way to analyze data in some cases. The big names in Internet business are all using it – Facebook, Google, Amazon, eBay et al – so it must be good, right? But it’s worth taking a more measured view based both on the technical and the practical business merits. I believe that the two technologies are not so mutually exclusive; that they will work hand-in-hand and, in some cases, MapReduce will be integrated into the relational database (RDBMS).

Steps for Improving Capacity Management in the Age of Cloud Computing

Tue, 06 Sep 2011 16:00:00 EDT

When you wake up in the morning and flip on a light switch, you don’t think about whether the local power company has enough electricity available to power the light. Likewise, when you switch on the coffee pot or turn on your stove to make breakfast, you don’t wonder about the available capacity of your local power grid. Similarly, cloud computing is rapidly making the delivery of business services second nature to business users. They are able to access the services they need, when they need them, because the dynamic nature of the cloud offers unprecedented, highly elastic computing capacity.

SOA-Powered B2B: A Long-Term Strategy

Wed, 24 Aug 2011 13:45:00 EDT

If you are in IT, there is good chance that you are maintaining multiple B2B integration systems for data exchange and translation. Every IT leader has considered consolidating these products into a single B2B suite to reduce costs and improve supply chain agility. Historically, each B2B system has acted like a “black box,” providing little visibility and integration into the IT governance tools. This article outlines the benefits of a service-oriented architecture (SOA)-enabled approach to B2B and why it’s a better long-term strategy. As more and more companies adopt SOA and realize the importance of governance, it’s becoming critical to include the B2B suites into the SOA fabric and govern them as any other IT system. A well-thought-out SOA-based approach to B2B not only reduces the B2B expense but also provides SOA benefits such as improved governance, compliance, reuse and the ability to extend B2B processes to other IT applications.

Cloud Computing & Virtualization: Hot Trends Organizations Can’t Ignore

Sat, 20 Aug 2011 12:00:00 EDT

The use of virtualization and cloud computing is growing quickly among companies of all sizes. Currently, 30 percent of servers are virtualized, and surveys show that by 2012, that number will grow to 50 percent. Virtualization and cloud computing go hand-in-hand, and virtualizing servers is just the tip of the iceberg. The trend to virtualize everything from servers to processing power to software offerings actually started years ago in the personal sector. In the recent past, it was common for individuals within major organizations to use virtualized services or cloud computing when at home, but at work they weren’t using those services at all. Why? Because corporate IT didn’t trust the lack of security of the cloud and they weren’t sure it was a hard trend – something that was definitely here to stay. Today, we know better.

Building a Cloud Factory

Sun, 14 Aug 2011 05:45:00 EDT

Few areas of human endeavor can match the pace of change in IT. Even by IT standards, the change being driven by cloud computing sometimes seems surprising. To refer to a virtual environment that has only recently been deployed as “legacy,” as some organizations are now doing, underscores the fact that the only thing constant in the data center is change. To deal with change of this magnitude, which can involve transforming the workload hosting model of an entire organization, some industrial-strength thinking is required. In order to tackle this challenge, it’s important to properly frame the cloud transformation problem. Many associate cloud with agility, flexibility, cost transparency and other end-user-oriented benefits. But many of these attributes are primarily associated with new infrastructure requests, and specifically, the use of self-service portals to “spin up” infrastructure to host new applications or host transient processing demands. When it comes to migrating hundreds or thousands of existing workloads into cloud infrastructure, agility is not a benefit that is typically experienced. In fact the opposite is often the case: because clouds require a higher degree of standardization (i.e., a finite catalog of sizes and software options), migrating existing physical and virtual servers into cloud models can actually be quite difficult. In other words, the very features that make clouds agile for new workload deployments can actually make them less agile from a transformation perspective.

Can Virtualization Help with Governance?

Sat, 13 Aug 2011 12:00:00 EDT

Enterprises are turning to enabling technologies such as data virtualization support the accessibility, security, consistency, quality and auditability capabilities required for effective data governance. As with motherhood and apple pie, who can argue with data governance? Business users like it because it assures critical business decisions are made based on sound data. IT likes data governance because as the organization's data stewards, it shows they are doing a good job. Compliance officers and risk managers like data governance because it lets them sleep at night.

Putting the Costs of Business Intelligence in Perspective

Fri, 12 Aug 2011 09:30:00 EDT

Successful business intelligence (BI) solutions serve as many business users as possible. As more users use it, the more value the solution brings. However, if you’ve had any experience with BI, you must have noticed that as the number of users grow – so does the complexity (and consequent cost) of the solution. This is a fundamental reality in the traditional business intelligence space, although many startups in the space are attempting to change it – each according to their own vision and understanding of the space. But why is buying a BI solution for dozens or hundreds of users so much more complicated than buying a solution for a select group of power users?

Best Practices for Cloud Workload Management

Wed, 10 Aug 2011 10:00:00 EDT

The biggest issue for the today's enterprises is the ways and means of measuring their computing / processing workloads that need to run their business and then work on the ways and means of optimizing the same. Workload is the amount of work assigned to, or done by, a client, workgroup, server, or Internetwork in a given time period. For example if we take a manufacturing organization, a workload can be a combination of: Interactive or Network Intensive Workloads: The amount of online entry of sales orders, program planning, warranty claims that are referred to a help desk and similar interactive applications. Content or Storage Intensive Workloads: The amount of huge content management systems that stores TBs of data, especially engineering drawings, CAD, CAM related.

Facebook and Google’s Single Views Don't Work for Enterprises

Wed, 10 Aug 2011 08:30:00 EDT

The business case for unified, 360° views of key enterprise data is compelling. But enterprises are complex. And enterprise IT is even more so. Data is siloed everywhere. Getting a single view of anything can be a significant challenge.

Testing the Cloud

Wed, 27 Jul 2011 10:45:00 EDT

Cloud computing has now passed the stage of hype to reality. More and more enterprises are realizing the benefits of remote hosting of IT services rather than local IT management, especially as managing and operating IT networks and services is not getting any easier. Managing IT networks requires a broad set of competencies in a growing number of technologies and products. It therefore makes sense that these competencies are centralized in larger data centers providing cloud services to a number of smaller enterprises for which IT is not a core competency. Larger data centers also means larger installations with higher-speed interfaces as well as an obligation to maintain service availability. This requires extensive test and management capabilities to ensure service “up-time.” However, will test and management of cloud services differ from how they are performed today? What are the special challenges that cloud service providers face in this regard?

Cloud Computing: Opportunities for Communication Service Providers

Mon, 25 Jul 2011 14:15:00 EDT

Cloud Computing is an evolution of existing technologies to deliver services to end users. Communication service providers have an early adopter opportunity to compete with new entrants, increase their bottom line and play a dominant role in delivering cloud services. Service providers have seen many so-called next- generation technology waves in the last 15 years. Cloud computing, which was seen as a new fad, has passed the initial test. Cloud computing is for real and not a vague idea anymore. It helps drive down costs for IT organizations by making infrastructure more distributed, more efficient and massively scalable. It’s being accepted by enterprises of different sizes as a smarter way to deliver services. The worldwide cloud computing market is growing fast. According to IDC, it will be a $148.8B market by 2014, of which the public cloud alone would be about $55.5B. Communication service providers (CSPs) have made a significant investment in technology, people and processes. They have customer knowledge and relationships. Public cloud computing offers a unique opportunity to CSPs to defend their hosting business and grow significantly by focusing on a much larger market than what they can do today. This article focuses on some of the areas where CSPs have an advantage over others to take the lead market share in public cloud computing.

RESTful Web Services: A Quick-Start How-to Guide - Part 2

Thu, 21 Jul 2011 16:00:00 EDT

Part 2 of "RESTful Web Services: A Quick-Start How-To Guide" explores foundational issues in coding RESTful operations, including Basic Authentication and Exception handling. Along the way I’ll share with you multiple real-world coding tips and workarounds. As a teenager, one of my favorite TV shows was “The Wild Wild West.” The show’s description goes like this, “… a 60 minute western action series on CBS that was like no other. Special Agents James West and Artemus Gordon were spies for President Ulysses S. Grant shortly after the civil war. In every other way, they could be easily confused with James Bond of the 20th century. They had a "high-tech" (for its day) railroad car stocked with a compliment of advanced weapons. James West especially seemed to woo every beautiful woman he encountered. The agents' typical mission involved saving the United States from some disaster or from being taken over by some evil genius.” Just in case you’re curious or are a fan like me, here’s a link to the first part of a full episode on YouTube: http://youtu.be/90FsuJjknV8

Rethink SOA - A Recipe for Business Transformation

Wed, 20 Jul 2011 11:30:00 EDT

One sure fire way to keep budget and buzz away from your projects is for you and your department to be associated with incremental improvement. Projects can generally be classified into two categories. The first is “business transformation,” which includes projects that generate excitement. The second category is for projects that fund incremental improvement to what is frequently considered the “cost center,” often with a strong ROI but seriously lacking when it comes to excitement… And without excitement comes underfunded and understaffed projects likely to underachieve the goals they set out to accomplish. So where does SOA belong? Is it one of the most powerful weapons in the business transformation arsenal or is it merely a tool for the cost center to provide incremental improvement? If we look at the traditional benefits of SOA, such as re-use of services, agility, scalability, and visibility, then SOA brings incremental improvement to the infrastructure. Although this incremental improvement can provide impressive returns that easily justify the investment, they are still more incremental than transformative to the business.

Do You Treat Your Customers Like the Ritz?

Wed, 20 Jul 2011 10:00:00 EDT

Unlike the Ritz where the highly trained staff can anticipate your needs just by the look in your face, most enterprises’ huge investments in CRM systems, marketing analytics, customer self-service and more have resulted in islands of nonintegrated automation and inconsistent, inaccessible, and incomplete data. Enterprises in multiple industries are increasingly leveraging data virtualization to do a better job integrating the customer relationship information required to develop and maintain superior customer experiences.

Communicate... Because in IT, If You Build It, They May Not Come

Mon, 18 Jul 2011 07:45:00 EDT

Finding the perfect balance of influence between IT and the Business Owners (I will resist the urge to refer to them as B.O.) is not easy. I usually find that most projects are influenced by one or the other in an unbalanced manner. The story is usually goes like this... The business feels that technology should not be a factor in making sound business decisions. In the business owner's eyes, whatever the solution is, the IT department should be able to support the technology that comes with that solution. This is bad when a custom software package is the solution. .NET/SQL Server shops may end up with a Java/Oracle product or visa versa. Although it is possible to support every technology in the world it makes absolutely no sense to attempt to.

RDP Exploitation Using Cain

Fri, 15 Jul 2011 07:30:00 EDT

I will demonstrate how to ARP poison a connection between a Windows 7 and Windows 2008 R2 Server using Cain. The Microsoft Remote Desktop Protocol (RDP) provides remote display and input capabilities over network connections for Windows-based applications running on a server. RDP is designed to support different types of network topologies and multiple LAN protocols. Remote Desktop Services formerly know as Terminal Services on Windows 2000 Server allow a server to host multiple, simultaneous client sessions. Remote Desktop uses Remote Desktop Services technology to allow a single session to run remotely. Thus a user can connect to a Remote Desktop Session Host server by using Remote Desktop Connection (RDC) client software.

RESTful Web Services: A Quick-Start How-to Guide - Part 1

Thu, 07 Jul 2011 12:00:00 EDT

Among PowerBuilder 12.5 .NET’s new features comes the ability to use WCF to call RESTful web services. This article, the first in a two-part series, provides a PowerBuilder 12.5 .NET developer with the foundational knowledge and skills to rapidly get up and running building PowerBuilder RESTful Web Service clients. Along the way I’ll share with you a few tips and workarounds. PowerBuilder 12.0 .NET provided the ability to call SOAP-based web services using Microsoft’s .NET 3.5 WCF API. I encourage those of you not familiar with WCF and SOAP to view my PowerBuilder WCF primer and StockTrader reference application overview hosted on Sybase.com. You can get to all my free tutorials from http://yakovwerde.ulitzer.com/node/1551687. New with version 12.5, along with an upgrade to WCF 4.0, is the ability to call RESTful web services, an increasingly popular mechanism for accessing remote resources in SOA applications. In this article I’ll help you gain some foundational understanding and definitions, then familiarize you with the mechanics of coding a client to retrieve data from a response-oriented RESTful service. In Part 2, I’ll explore the three types of request-oriented operations.

Post Exploitation Using Metasploit pivot and port forward

Wed, 29 Jun 2011 10:00:00 EDT

We are using the local port forwarding bound on a victim host so when we execute the route command and exploit internal hosts we can map them back to our initial victim, through the meterpreter connection and back to us. The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task. You can download metasploit from here. A very nice feature in metasploit is the ability to pivot through a meterpreter session to the network on the other side. This tutorial walks you through how this is done once you have a meterpreter session on a foreign box.

The History of Programming

Mon, 27 Jun 2011 12:15:00 EDT

I’ve been programming since around 1982, first using an Apple in high school and then finally getting my first computer, the Timex Sinclair 1000 (2k of ROM and 2k of RAM), that same year. Both computers came with a form of the BASIC programming language and it was the start of my lifelong pursuit of trying to understand computers. A few months ago, one of my good friends called and asked if I had a PowerPoint presentation on the history of programming. When I checked my extensive list of presentations, I noticed that I didn’t have one, so that led me on a journey to create a presentation on that very subject. However, where to start? Maybe 1940 or 1950? After thinking about it for a while I realized that’s really not where programming started. You need to go way, way back to really understand the programming concept and where it came from. This led me to envision the world as a dark, almost black place with a small white light in the center… really the only light around was the small white light in the center and that light represented the idea: there has to be a better, more accurate, way to count and keep track of things for commerce.

Book Excerpt: Service-Oriented Computing Fundamentals

Mon, 27 Jun 2011 11:45:00 EDT

This excerpt describes fundamental terms and concepts associated with service-oriented computing, including those related to service-oriented architecture, service-orientation, and cloud computing. Service-oriented computing is an umbrella term that represents a new generation distributed computing platform. As such, it encompasses many things, including its own design paradigm and design principles, design pattern catalogs, pattern languages, a distinct architectural model, and related concepts, technologies, and frameworks. Service-orientation (explained shortly) emerged as a formal method in support of achieving the following goals and benefits associated with service-oriented computing.

SQL Peer-to-Peer Dynamic Structured Data Processing Collaboration

Fri, 24 Jun 2011 10:15:00 EDT

Unstructured and XML semi structured data is now used more than structured data. Unstructured data is useful because of its fuzzy processing applied to this more common ubiquitous data. But fixed structured data still keeps businesses running day in and day out which requires consistent predictable highly principled processing for correct results. This means structured data cannot be replaced by unstructured or semi structured data. For this reason, it would be very useful to have a general purpose peer-to-peer collaboration capability that can utilize highly principled hierarchical data processing and its flexible and advanced structured processing to support dynamically structured data and its dynamic structured processing.

A Maturity Model for Application Performance Management Process Evolution

Thu, 23 Jun 2011 10:30:00 EDT

As IT systems form the backbone of business operations, their performance plays a key role in business growth. Understanding this fact, organizations work toward obtaining best performance from the software systems to maximize ROI on IT. Now an application’s performance can be improved by tuning numerous factors like the underlying infrastructure, deployment configuration, application architecture, design, workload, etc. Yet there is another important factor driving the performance of all applications of an organization – the performance management processes adopted by an organization. The performance management process consists of activities performed to get a better understanding and control of application performance. Here we present a maturity model that will help organizations evaluate and evolve their processes on certain key dimensions. The scope of the model presented is limited to the activities that have to be carried out as part of the performance management process. In addition, as the people and technology used for process implementation are equally important to achieve the required success, equal emphasis has been given to them. The model describes a six-level evolutionary path to progressively mature performance management processes in an organized and systematic manner. With the increasing maturity of the performance management process implementation, organizations can see a positive impact of the performance engineering adoption on the business.

What Movers in the Cloud Stand to Win in the $444B SMB Market Space

Thu, 16 Jun 2011 12:47:00 EDT

While much discussion of the cloud assumes the needs and concerns of large enterprises will determine how the cloud evolves, in fact AAPL, MSFT, DELL, AMZN signal that the migration of the fragmented $444B annual SMB tech spend from small datacenters to the cloud will redefine the industry far sooner and on a more sweeping and final scale than presently anticipated. The move of the SMB may determine the winners and losers long before the enterprise has made a significant investment. While “smokestack” and “brick and mortar” firms remain highly susceptible to “oil price shock,” ecommerce firms like AMZN increasingly remain highly dependent on the efficiency of the Internet in order to ensure growth and profitability. Unlike many other participants in the cloud computing space, Amazon has hundreds of millions of end users and millions of businesses already using its ecommerce interface to purchase and sell goods. Is Amazon playing in a much larger game and other participants see only the shadows of these moves, not the body or the head of this organism? What can the launch of Kindle, mobile computing, and Amazon AWS teach us about the present and future dynamics of the cloud marketplace? Does Amazon, like Google, perceive the current inefficiencies of the Internet and computing as potentially slowing or capping its growth? How will the cloud impact the way present and incumbent vendors do business in the small- and medium-sized business market space? Why is the SMB market a critical battle that may determine the winners and losers in the cloud? Who will be the winners and losers in this high-stakes game? Is corporate IT an incumbent service provider or the actual customer in this new world? Is the business unit going to own the technology services relationship going forward? It’s going to be a wild ride! Let’s look at some of these questions.

How to Evaluate a Data Virtualization Platform

Thu, 26 May 2011 13:00:00 EDT

Data Virtualization Platforms promise to bring order to the chaos of today’s data landscape through a range of agility, flexibility, as well as the potential for reduced cost and risk benefits. These benefits are the drivers behind the exploding industry demand, which in turn, is attracting new vendors with new solutions, thus making purchasing decisions more complex. Through careful consideration, enterprises and government agencies undergoing DVP evaluation can systematize their decision-making and thereby increase their confidence in successful DVP deployments.

The Difference Between Unit Testing and Integration Testing

Tue, 24 May 2011 12:15:00 EDT

What is a unit test? A unit test is: Repeatable: You can rerun the same test as many times as you want. Consistent: Every time you run it, you get the same result. (for example: Using threads can produce an inconsistent result) In Memory: It has no "hard" dependencies on anything not in memory (such as file system, databases, network) Fast: It should take less than half a second to run a unit test. Checking one single concern or "use case" in the system: (More than one can make it harder to understand what or where the problem is when the problem arises.) By breaking any of these guidelines, you increase the chance of developers either not trusting or not believing the test results (due to repeated false failures by the tests), or people not wanting to run the tests at all because they run too slowly.

OSGi Application Testing with Tycho

Thu, 19 May 2011 11:00:00 EDT

The OSGi framework is a popular platform for developing multifunctional desktop systems, enterprise systems and complex applications. OSGi uses a modular approach where each bundle is regarded as a relatively independent and separate unit. The framework controls maintenance-based tasks such as managing interactions between bundles, resolving dependencies, and managing lifecycles. Therefore, programmers can reallocate their time with less routine work and concentrate solely on solution development. However, testing such applications is a real problem. It is more demanding than regular Java application testing: there is a need to test interactions between the bundles, and the tests must occur within a real environment. In this case, the test must run inside the OSGi platform; thereby creating the need for specialized test frameworks.