• Enterprise Java Community: Using JavaSpaces
  (tags: javaspaces jini jinipr)
• Jim Gray Missing at Sea
  Of all the transactions to lose, let’s hope it’s not this one.
  (tags: news)
• No T-Shirt hurling contest this year
  It’s JavaOne, but not as we know it.
  (tags: news java)
• GlusterFS - GlusterDocumentation
  (tags: storage)

I’ve lost count of the number of developers who rave at me about how things have advanced, “look at Spring or AJAX or ……” they cry.

But is anything really changing? I don’t think there’s any doubt that things are moving along but it’s at snails pace. Why? Because whilst we have a new tool or IDE plugin or container it’s based on the same old programming/architectural model:

1. N-tier
2. Application running in a single JVM
3. No concept of remoteness
4. Little explicit concurrency

i.e. Whilst we change the way we build our applications at code level to some degree, we don’t change our architecture or programming model. We are locked into one way of thinking and subconsciously enforce it on everything we look at. This lock-in causes us significant stress when we attempt to evaluate something with a different programming or architectural model with typical responses being:

1. It’s too complex
2. I can’t understand it
3. It melts my brain

But this is a good sign, this is real learning that stretches you in new directions and makes you a better, more rounded techie. If you don’t thrive on this stuff you can’t be cutting edge and you’re certainly not advancing significantly.

Think different - that’s genuine progress!

Technorati Tags: philosophy, technology

• None Too Soon
  Could manage without the Lisp but JSON wins hands down over XML
  (tags: xml json)
• the global microbrand rant 2
  Blogging is another channel by which one can demonstrate skill. What may make it different is that the little guy can get access to the whole world without heavy advertising. Will it stay that way?
  (tags: blogging business publishing)
• EarlyStageVC: Fail Fast, Fail Often
  (tags: business businessmodel startup Entrepreneurship)
• Inside MySpace.com
  More real-world data on scaling big systems and the associated issues
  (tags: distributed scaling)
• Sensemaking 4: Summary of your comments
  (tags: communication ideas productivity psychology management)
• The persistent blogosphere
  Blogs are often a more convenient way to post up knowledge than webpages or even wikis. None of these are truly durable but maybe fixing that for blogs is easier than for webpages or wikis?
  (tags: blogging)

Now it’s Java properties.

I say once again - the last thing to do is to extend the language. Before that try a new API or have your IDE do it. In the case of Java properties I really don’t see any reason whatsoever for this being in the language as it’s blatantly something that can be done in the IDE plenty well enough. That just leaves a couple of arguments:

1. More readable - I can understand perfectly well from the method name what set* and get* do, surely I’m not the only one?
2. Reduces boilerplate - Indirecting through a method allows more flexibility and a modern IDE can fold these things away so we don’t have to see them. Finally, some boilerplate actually makes code more explicit and therefore more easily understood which is far more important.

Elliotte and others already have the rest of the reasoning nailed so I’m not wasting any more breath.

Common practice these days is to have a firewall between corporate’dom and the internet and only open port 80. It’s claimed this is secure but is it and what is this approach costing us? And is the price worth paying?

We tend to argue against open ports at the firewall for two reasons:

1. Denial Of Service Attacks
2. Hacks

Denial Of Service Attacks

The mere act of opening a port leaves one open to such attacks. The difficult bit is having access to sufficient resources with which to attack the target. This drives some to look for more sophisticated attacks that don’t require a “stampeding herd” of machines but there are very few of these people because:

1. You have to be expert
2. You have to have lots of time

In conclusion, denial of service attacks are a part of being on the net and firewalls help very little in this regard. What’s really needed is intrusion detection software and dynamic response/adaption something the firewall doesn’t facilitate.

Hacks

The reason a hack works at all is because it exploits some weakness in some service somewhere. But these weaknesses vary by OS, machine and software version. Blocking everything at the firewall works but really and truthfully we should:

1. Keep our machines up to date
2. Manage this machine by machine because they each have different needs and services

How Secure Are We?

Given the above we can see that boundary firewalls actually provide little effective protection against attack because to provide service, we must open the firewall and as soon as we do it, the hoardes can rush in. Certainly a firewall can stop certain kinds of packet spoofing, remote login etc but we don’t need to close all ports to achieve this goal.

In summary, firewalls are hammers and we are attempting to treat all security issues as nails to beat on.

The Cost of the “No open ports” Strategy

Because port 80 is the only one open, we are seeing everything tunnelled via http. This leads to a whole series of complications:

1. Not everything we would like to use has support for tunnelling over http
2. http is not suitable for all applications, it can be made to work but it’s complex and fragile
3. Given that all traffic looks like http it is difficult to manage/monitor traffic for individual services
4. Multplexing and demultiplexing all this network traffic manifests in our architectures - e.g. configuring our front-line httpd’s to redirect traffic based on URL components

Connection building in certain directions is impossible in most cases which denies us architectural options:

1. Callbacks are not viable - leading us to deploy polling solutions which perform badly and prevent us from building solutions that offer timely updates
2. Protocols other than http cannot be used

The border firewall becomes a point of contention trying to serve conflicting policies for individual services. Changes to the policy are slow owing to the need for agreement from so many parties or, in the worst case, no change happens at all.

We Really Need to Change

Firewalls as they are typically used are the software equivalent of a “Maginot Line” and history is littered with examples of failed border-control policy such that the military at least have learnt that defense in depth is a more appropriate solution. The “Maginot Line philosophy” denies us various software architecture options that would make our systems less complex and more scalable.

Certain elements might argue that all of this should lead us to base our services solely on the web architecture but that denies us certain kinds of desirable abstraction such that we expend lots of effort close to the metal attempting to force our solutions into a single generic approach. This would be somewhat akin to the pain we suffer trying to tunnel everything over http, not good.

Amazon’s EC2 provides some interesting possibilities in that it provides a more flexible firewall policy than straight border control and perhaps the most significant aspect of EC2 is that the firewall configuration can be controlled programmatically thus it would be possible for a service to configure the firewall to suit it’s needs on demand. If nothing else, such an option can speed up deployment removing the need to fiddle with http tunnelling and de-multiplexing or to discuss policy with a centralized admin authority.

In conclusion, we need to look at changing our policy and other approaches such as providing infrastructure that can secure individual services with appropriate policies from machine through to software level. Much of our current software infrastructure has little support for such a strategy and will need to change but surely it will be for the better?

Technorati Tags: architecture, distributed systems, technology

• Creating Passionate Users: Sensemaking 3:The search for a representation
  (tags: management productivity psychology)

• StorageMojo » Isilon’s Cluster Technology. Pt. 0.5
  (tags: storage toread)

Nick Gall (Gartner) has published a position paper on WS-* and The Web. This statement has drawn quite a lot of attention:

“Unfortunately, Web Services, at least the WS-* style, are “Web” in name only. While WS-* enables tunneling over HTTP (used merely as an XML message transport), in almost every important aspect, WS-* violates (or at best ignores) the architectural principles of the Web as described in the W3C’s Architecture of the World Wide Web, Volume One and in Tim Berners-Lee’s personal design notes.”

Personally I find this statement completely unsurprising as all it really says is that The Web is not the same is WS-*. Perhaps some people are upset because WS-* aka Web Services dares to make use of the word Web. That might even be a reasonable complaint but does it really matter? It seems to me that this part of the paper is a lot more incendiary and far more significant:

“The large set of WS-* specifications is almost entirely focused on recreating traditional middleware capabilities using XML as the syntax for the formal message structure and the formal interface description.”

Which appears to be saying (at least to me) that WS-* is nothing new and thus all the hype about how it’s a great step forward starts to look rather lame. That’s not to say WS-* won’t have it’s uses but it’s no more of a cure-all than The Web or anything else.

[Update: Bill has clarified the posting I link to above, stating that his interest is in the fact that the likes of Gartner are acknowledging that The Web does indeed have an architecture.]

Technorati Tags: architecture, distributed systems, technology

• Catching Up
  My EC2 slides made it to the Amazon blog - cool!
  (tags: me)
• Help, My Hard Drive is Full!
  File-sharing via NAS on a home network with Windows and OS X
  (tags: toread osx windows)
• Will Price: The Economics of SaaS: We Need a Platform
  (tags: saas architecture)
• Sam Ruby: Pro Choice
  Yep, most “standards” are just plain evil. Has to be said that customers need to blame themselves some as they demand standards before any experience for what a good standard would be is available.
  (tags: standards)
• Unintended Consequences of Syndication
  (tags: socialsoftware)
• Software Architecture - Zoom In Zoom Out
  Service oriented systems with all their compositing will provoke these kinds of issues
  (tags: architecture)
• InfoQ: Good Agile Karma
  Doesn’t matter what fancy process or tools you use, software engineering comes down to being disciplined and doing the right thing, there are no corners to be cut just time to be optimized.
  (tags: agile teamwork philosophy)

Notwork!

I’m currently in Boston, staying in the Hyatt Regency (Cambridge) they claim to have a premium internet access offering via wireless throughout the hotel. Hmmm, well if this is premium I dread to think what the normal service would be like.

Any time we make a decision to ignore a problem, or attempt to work around it, we make more work for ourselves.

That additional work turns into something akin to the death of a thousand cuts. The problem never goes away and the associated consequences continue to manifest all over the place. And as the problem gets tougher so there are more and nastier consequences to deal with and they are harder to work around. Eventually, something has to give…….

This is really a long hard-learned life lesson which has some convenient applications in software engineering…..

Consider a bug in some code you’re using - if you don’t fix that bug, you end up dotting workarounds all over to cope with the presence of this bug. The same problem occurs with a badly written API, all around your code there will be compensations for it.

I was reminded of this recently when discussing code-lifecycle issues which is a nasty problem, make no mistake. Some members of the discussion wanted to accept the issues as unsolvable and work around them leading to hideously complex architectures and masses of code scattered all over the system. Myself and a couple of others felt it better to tackle the problem head on and came up with a simple solution that’s small and easy to use. Most importantly, the solution relieves us of the burden of tackling all those hideous consequences.

This lesson can also be applied to systems architecture in general. For example, the general policy to place firewalls at the borders of corporate networks which accept nothing unless it’s on port 80 has resulted in a raft issues which exert significant costs on our software and hardware infrastructure.

Technorati Tags: design, philosophy

• sshfs for Darwin (Mac OS X)
  (tags: osx ssh storage)

• Software Startup Myths Debunked
  (tags: startup Entrepreneurship business management)
• Top Ten Mistakes Startups Make Building Technology
  (tags: business Entrepreneurship startup management)
• Google Base data API- Google Base data API Documentation
  (tags: api storage)
• Introduction to The Solr Enterprise Search Server
  (tags: search lucene server)
• Mac OS X S3 Browser
  (tags: amazon s3 storage tool)
• Home - muckOS
  (tags: amazon ec2)
• GoodPage - HTML CSS Editor for Mac OS X
  (tags: osx web editor)

Is a (popular?) saying that essentially means “There’s more than one way to do something”.

And the fact that there are many ways to do things makes for a lot of fun, after all variety is the spice of life! But it also brings a burden of having to sort through the options and pick the one most appropriate.

This should all be horribly familiar to most of us but I’m going to concentrate on engineers for the rest of this blog. See, engineers do some peculiar things when confronted with this reality:

1. They invent all sorts of complex classification schemes in an attempt to determine the best solution.
2. They often ignore available real-world data or worse the fact that there is no data.
3. They declare one solution the solution for now and all time ignoring the fact that things change.
4. They attempt to force their choice of solution on everyone else - “my way is the only way and all should follow because that’s what I’ve decided is best for you”.
5. Once they’ve decided on the solution, no question or opposing view is acceptable.

If you have any of these tendencies take note:

1. You are not infallible, your solution may not be the best.
2. If someone else picked a better solution, it could cost you big time.
3. If you keep pushing your solution without listening to others, you risk making yourself an outcast.

Then take a break, go get a chill pill and mend your ways. Be a little less prescriptive and thrive on that variety.

Technorati Tags: philosophy, engineering

• Yahoo Research on Distributed Web Search
  (tags: search scaling distributed)
• Thanks, Guy
  (tags: humour perspective)
• Google Co-op - Custom Search Engine
  (tags: search tools engine)
• Monothickic
  “It’s Mainframey!” - Exactly!
• Architect, Functional and Technical: IT’s Good, Bad and Ugly?
  What’s really needed is one thing across IT - customer focus. Deliver solutions to users everyday problems rather than building complex infrastructures just because IT can.
  (tags: soa)
• 10 Things You should Know About WordPress 2.1
  (tags: blogging blog software)
• Mercurial
  (tags: rcs)