Daily Archives: July 19, 2007

software, software development

Simple RAD tools from industry giants fly below the radar

4 Comments

Oracle and IBM are not normally names you associate with simple, highly productive software development tools. Arguably, it is the over-complexity of J2EE that left the door open for Microsoft .NET as well as nimbler open-source options like PHP and Ruby on Rails. Still, let me mention two tools that demonstrate how even these giants are devoting attention to productivity. IBM’s Project Zero is the first:

The Project Zero environment includes a scripting runtime for Groovy and PHP with application programming interfaces optimized for producing REST-style services, integration mash-ups and rich Web interfaces.

Groovy is a dynamic language for the Java Virtual Machine, and an interesting option for agile development on the Java platform, though it is perhaps getting overshadowed by JRuby.

And what about Oracle Application Express (or APEX)? This seems to be a well-kept secret at Oracle, though its users love it. Once known as HTML DB, it lets you write applications declaratively. A snag is that you have to know PL/SQL if you want to extend it with custom components. That said, APEX has a couple of big advantages. One is that it is a web services client, so you can integrate it with other web applications. Second, it is ideal for hosted development:

Oracle Application Express enables a single database to host large numbers of users.  Users work in a dedicated work area called a workspace.  This flexible architecture enables a single database instance to manage thousands of applications.

It all sounds strangely similar to what Salesforce.com is doing. Salesforce.com also calls its platform APEX, runs on Oracle, and was founded by former Oracle executive Mark Benioff.

A difference is that Salesforce.com says its APEX platform is the future of web development and will host your application for you, while Oracle markets Application Express as an alternative to Microsoft Access for small departments.

IBM is equally reticent about Project Zero. I couldn’t find it mentioned on the developerWorks site.

It is much easier for startups to promote new models of software development.

internet, security

Hot news: the Internet is as insecure as ever

4 Comments

I’ve been writing about the Internet for years, and some of my earliest articles were about security problems. I’ve written about why anti-virus software is ineffective, how application insecurities leave web servers open to attack, and why we need authenticated email combined with collective whitelisting in order to solve the problem of spam and virus-laden emails.

What depresses me is that we have made little if any progress over the last decade. Email is broken, but I have to use it for my work. Recently I’ve been bombarded with PDF spam and ecard viruses, which for some reason seem to slip past my junk mail filter. Said filter does a reasonable job and I could not manage without it, but I still get false positives from time to time – genuine messages that get junked and might or might not be spotted when I glance through them. The continuing flow of garbage tells me that anti-virus software is still failing, because it comes from other machines that are already infected.

And what about comment spam? Akismet is fantastic; it claims to have caught 43,000 spam comments to this blog since I installed it in October last year. In the early days I used to glance through all of them and occasionally I did find a comment that was incorrectly classified. Now, the volume of spam comments makes that unfeasible, so no doubt there are some being needlessly junked.

Security is a huge and costly problem. Even when everything is running sweetly, anti-virus and anti-spam software consumes a significant portion of computing resources. Recently I investigated why an older machine with Windows XP was running slowly. It did not take long: Norton anti-virus was grabbing up to 60% of the CPU time. Disabling NAV made the machine responsive again. Nevertheless, the user decided to keep it running. What is the cost to all of us of that accumulated wasted time?

We have become desensitized to security problems because they are so common. I come across people who know they have viruses on their PCs, but continue to run them, because they have stuff to do and would rather put up with a “slow” machine than try to fix it. Other machines are compromised without the awareness of their owners. Those PCs are pumping out viruses and spam for the rest of is, or are part of the vast botnet army which is now an everyday part of the criminal tool chest.

I actually write less about security that I used to, not because the issue is of any less importance, but because it becomes boringly repetitive. Desensitized.

The frustration is that there are things we could do. Email, as I noted above, could be made much better, but it requires collective willpower that we seem to lack. A while back I started authenticating my emails, but ran into problems because some email clients did not like them. Users saw attachments and thought it might be a virus, or could not reply to the email. I had to remember to remove the authentication for certain recipients, and it became too difficult to manage, so I abandoned the experiment. That’s really a shame. Authentication in itself does not prevent spam, but it is an essential starting point.

Do we have to live with this mess for ever? If not, how long will it take until we begin to see improvement?

Technorati tags: , , , ,