A virtual conference for Delphi 2007, Delphi for PHP, JBuilder

Starting today, you can attend the CodeRage 2007 developer conference. It’s free, entirely virtual, and has some promising sessions for anyone wanting to keep up with what’s new for Delphi, Delphi for PHP and JBuilder. For some reason there are also sessions on Ruby; looks like CodeGear (a wholly-owned Borland subsidiary) is cooking something up here.

I like this idea. Conferences are part of IT culture, and I guess pros will always want to get together for real conferences, if only for the networking opportunities they present, along with the chance to collar the people who actually have the answers and grill them with your burning questions or complaints.

Even so, there is huge logic behind virtualizing conferences, especially bearing in mind the environmental cost of travel. The vendor gets access to a larger potential audience, and delegates have more flexibility over what content they view.

This one looks rather good.


I’m seeing reports of connection problems, video breaking up and so on. Perhaps that’s the major downside of virtual conferences. On the other hand, this stuff ought to work by now. If CodeGear can’t scale its conference servers, that’s not a good advertisement for its technology.


Technorati tags: , , , ,

Wii a one-trick console, but it’s a great trick

I’ve recently been trying Nintendo’s Wii console (I know I’m a bit late on this). A few comments.

First, the motion-sensitive controller is stunning, really well done. It is genuinely a new dimension in gaming. Even people who wouldn’t normally play on a console will pick up the Wii controller and have a go.

Second. the only game I’ve seen so far that really shows off the Wii is the one that comes bundled – Wii Sports. The bowling, tennis and golf are fantastic, though perhaps a tad too easy.

When you try games that don’t take much advantage from the motion-sensitive controller – Zelda Twilight Princess, for example – the Wii becomes poor and dated in comparison to the XBox 360 or even the original XBox; I’m sure the PS3 will easily outshine it as well.

The Wii remains in high demand, but there seem to be few games worth getting. No doubt the games companies have taken note and we will see some more sports simulations or other innovations that use the controller properly.

I still see XBox 360 and PS3 as more in competition with each other than with the Wii. Hardcore gamers will not be satisfied with Nintendo’s console. The Wii is physically so small that many families will pick up both the Wii and one of the other this-gen consoles.

Incidentally, sites like Amazon.co.uk  are still reporting PS3 consoles available for launch day (March 23, just 12 days away). Either Sony has promised delivery of an extraordinarily large number, or (more likely) demand is a little muted. These things are relative, it is still Amazon’s No. 1 seller. The Wii on the other hand still seems to be permanently out of stock and apparently still commands a premium of £100 over its full retail price, at least that’s what the third-parties are asking.


Technorati tags: , , , , ,

Software architects cautious about SOA; London Underground makes it work

SOA (Service Oriented Architecture) once seemed to promise a new world of smooth cross-platform and cross-language interopability, high software reuse, easier maintenance of complex systems, and clean wrapping of legacy systems. Has it delivered? I found the recent Microsoft Architecture Insight Conference surprisingly downbeat. Sam Lowe from Capgemini gave a brisk overview of where SOA is valuable, emphasizing that it is not always applicable, that its value is hard to prove, and that it often does not live up to its hype. “You need to think across business and IT”, he said, making the point that project roadmaps should not be technology-centric. It is no good rewarding people simply for creating services; if you do, you end up with lots of services for no clear reason. Too many services may be worse than too few.

All sound stuff. A second session from Conchango’s James Saull continued the theme in his “real world” session. It’s “very very rare” to see SOA success stories, he told us, following up with “I have never seen a business case for doing a service-oriented engagement.” One delegate immediately came up with one; but there was a fair amount of head-nodding as well. The supposed reusability of SOA services also got bashed. “I haven’t seen anyone to date really getting reuse,” said another delegate. Versioning and dependency issues were mentioned. The takeaway was not that SOA is useless, but rather that resources have been wasted in a mistaken belief in SOA as a solution to everthing.

It took a case study to bring relief from these depressing assessments. This was from the London Underground, the same WPF (Windows Presentation Foundation) application that I commented on earlier, but with a little more detail. I was not the only person impressed by this application; apparently the governor of the Bank of England, Mervyn King, paid the developers a visit to find out more about it. Although the project is only a proof of concept, there is great enthusiasm for it and a production version is actively being planned, though it will take until Q3 2007 before the 20,000 London Underground desktops are powerful enough to run it (.NET Framework 3.0 is required). Passengers may actually see station displays running WPF.

The London Underground application brings 3 or 4 systems together into one visualization. You can think of it as a kind of Enterprise mash-up. Although it is the user interface that catches the eye, it would not be possible without an existing investment in SOA, going back several years. It therefore appears that London Underground is getting reusability and other SOA benefits that are eluding most others. I asked what the secret was. The answer was a little vague. “We’re fortunate that we had the right services in the right place at the right time,” said developer Keith Walker. Peter Goss expanded on this. “We have four of five main services we use, but each of our large applications has an interface exposed which we can consume from if necessary. It’s an ongoing process.” In other words, every application was designed to be part of a platform, not just to work in isolation.  There was the right level of granularity for the services, which matched the business well.

Here at last is an example of SOA yielding perhaps unexpected benefits, presuming that the proof of concept does translate successfully into a deployed application. For more background on this case study, download the presentation referenced in my earlier post.

So what does it take to be successful with SOA? It’s hard to discern whether London Underground is just a particularly good fit for this kind of architecture, or whether it happens to be using development principles that would work equally well in other contexts.


Visual Studio 2005: still needs admin rights on Vista?

It was good to see – at last – the release of Visual Studio 2005 Service Pack 1 Update for Vista.

I was hoping this update would remove the need to run Visual Studio 2005 with administrator rights on Vista. Unfortunately I don’t think it does. It’s hard to be sure; in fact, I can’t find any clear statement about what the “Update for Vista” actually does. Following the “more information” links on the download page is like playing the original Adventure game – a maze of twisty little passages, all alike – none of which tells you what you want to know.

Still, I note that the list of bad things which happen when you run with normal permissions still exists; so I’m presuming Microsoft still recommends using “Run as administrator” for Visual Studio.

I dislike doing this. I don’t develop on Linux as root, nor on the Mac – why should it be needed on Windows? I realise that some things need local admin rights for good reasons – registering a COM DLL, for example – but I don’t see why I should have to run the entire IDE as admin just for the sake of those few activities.

How dangerous is it? I presume it’s no worse than running as admin on XP, for example, but it’s pretty bad. For example, I checked out what happens with online help if you use “Run as administrator” to start Visual Studio. Help opens in a separate application called Document Explorer, which embeds Internet Explorer to render the online documentation. As I expected, if you open this from Visual Studio’s Help menu it runs with elevated rights. Naturally, the docs include links to external web sites. What if you right-click one of these and choose “Open link in external window”? The site will open in IE, but take a look at bottom right. “Protected mode off”. In fact, IE is now running with a high integrity level, just like Visual Studio. Nothing to stop you browsing the web from here, probably not realising you are more at risk than usual.

It’s crazy to be reading documentation and browsing the web with full admin rights, just to keep Visual Studio happy.

I intend to try running Visual Studio as a normal user and see how it goes. I reckon it will work for some projects at least.

Note: if you want to see the integrity level of the processes on your system, download the latest Process Explorer. You’ll need to select the Integrity Level column. The ins and outs of UAC and the extent to which it protects you are discussed in Mark Russinovich’s blog entry on the subject.


Technorati tags: , , ,

Find the top ten of anything

This is skeletal right now, but knowing how much time we waste spend debating which is the best in this or that category (operating system, band, album, football club, office document XML schema, blog, breadmaking machine) it strikes me as a winning concept.

Top 10 Central is entirely user-driven and lets you create and vote on entries in top ten lists.

I’ve just contributed the top ten best ways to make coffee.

If it catches on it could evolve into something that is fun and occasionally useful as well.

Disclaimer: Top 10 Central is by Matt Nicholson, a friend and also the editor of dnjonline.com; I write for Matt from time to time.


Technorati tags:

What would the young Bill Gates make of today’s Microsoft?

He would be hacking (in a good way) with the crowd at the Future of Web Apps conference I attended two weeks ago, not here with a bunch of senior software architects discussing the failures and successes of SOA (Service Oriented Architecture). I’m at the Microsoft Architecture Insight Conference in Wales, where I’ve been hearing a lot about old-fashioned ideas like requirements analysis, making the business case for change, being realistic about software reuse, and other sound, sensible, but unexciting software development principles.

That’s not to say this is a bad conference, far from it. I had an excellent chat with Microsoft’s Jack Greenfield, a Microsoft architect who is putting together the next generation of Microsoft’s modeling and enterprise development tools for Visual Studio. “Software factories” is the buzzword – see here for more background on this. There is also good stuff on identity management within and beyond the firewall, sessions on using development methodologies in Visual Studio Team System; amigo Ivar Jacobson is here talking up his Essential Unified Process (though “process” is last year’s word; we do “practices” now); and a number of case studies including one on visualizing the London Underground network which I’m looking forward to later today – this is the amazing WPF application which was shown off at one of the Vista launches.

It’s easy to find fault with products like Vista or Office 2007; yet you have to give Microsoft credit for establishing .NET as a major platform for enterprise development against considerable JEE momentum.

That said, let’s go back to the young Bill Gates. There is a track here on SaaS (Software as a service), which seems to mean hosted, on-demand applications versus traditional premises-based development. We heard some research on disruptive technology which Microsoft is sponsoring in conjunction with the Manchester Business School, including a look at Siebel vs Salesforce.com for CRM (Customer Relationship Management). Here’s one facet that stuck in my mind. According to Dr Steven Moxley of the MBS, Marc Benioff’s first customers were not SMEs or start-ups, but groups within large enterprises that were frustrated by the shortcomings or inflexibility of their existing software. It was a kind of stealth adoption. Salesforce.com was able to sell to such groups because its software is zero-install, pay as you go.

I immediately thought of the times I’ve had phone calls that go, “Could you send that attachment to my Gmail account. Our email is playing up today.”

Gmail may be less feature-rich than Exchange; but it tends to just work.

In other words, you could as easily do Microsoft vs Google as Siebel vs Salesforce.com. Why is Microsoft sponsoring studies that articulate its own vulnerability? Officially, this is about helping its partners to grown their own distruptive solutions using Microsoft technology; but I also see this as evidence that Microsoft has abundant understanding of the difficulties it faces. What it lacks is any conherent strategy for overcoming them, though there are always hints that some such strategy will emerge sometime “soon”.

I think it might. Gates disrupted IBM; he didn’t topple it. But there is going to be some pain.

Postscript: See also this pertinent post from Zoli Erdos who is looking forward to ditching his desktop software, subject to finding a solution for a couple of unsolved problems:

My bet is on Google or Zoho to get there first. As soon as it happens, I’m going 100% on-demand.


IE7 phishing site confusion

Preparing for a conference, I saved the agenda from a web page to a file, so that I could read it on the train. I used the IE “web archive” feature, which saves a page to a single file with the extension .mht. When I re-opened the page later, I was suprised to see the following warning:

Local file identified as phishing site

Something wrong here I reckon. Apparently my own hard drive is a phishing site.

I suppose IE7 has a point. After all, I’ve copied the page from one place to another, and although it looks like a page on the web, it isn’t. Then again, it isn’t criminal either. I’m using a feature of IE exactly as designed.

Amusing; but the difficulty I have with these kinds of false alarms is that they undermine the real ones. How is the non-technical user to know which warnings they can safely ignore? The danger is that they end up taking none of them seriously.


Technorati tags: , ,

WordPress hacked: where do we go from here?

WordPress founder Matt Mullenweg reports the bad news:

Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.

This is truly painful and highlights the inherent risk of frequent patching. I haven’t seen any estimates of how many websites installed the hacked code, but I’d guess it is in the thousands; the number of WordPress blogs out there is in the hundreds of thousands. Ironically it is the most conscientiously administered installations that have been at risk. Personally I’d glanced at the 2.1.1. release when it was announced, noted that it did not mention any critical security fixes, and decided to postpone the update for a few days. I’m glad I did.

Keeping up-to-date with the latest patches is risky because the patches themselves may be broken or, as in this case, tampered with. On the other hand, not patching means exposure to known security flaws. There’s no safe way here, other than perhaps multi-layered security. All the main operating systems – Windows, OS X, Linux distributions – have automatic or semi-automatic patching systems in place. Applications do this as well. We have to trust in the security of the source servers and the process by which they are updated.

Having said that, there are a few things which can be done to reduce the risk. One is code signing. Have a look at the Apache download site – note the PGP and MD5 links to the right of each download. These let you verify that the download has not been tampered with. Why doesn’t WordPress sign its downloads?*

Next question, of course, is how WordPress allowed its site to be hacked. Was it through one of the other known insecurities in the WordPress code, perhaps?

I’m also reminded of recent comments by Rasmus Lerdorf on how PHP does not spoonfeed security. There is a ton of insecure PHP code around; it’s a obvious target for hackers in search of web servers to host their content or send out spam.

*Update: See Mullenweg’s comment to this post. I looked at the download page which does not show the MD5 checksums. If you look at the release archive you can see MD5 links. Apologies. Having said that, why couldn’t the cracker just update the MD5 checksum as well? This is mainly a check for corrupt rather than hacked files. The PGP key used by Apache is better in that it links to the public key of the Apache developers. See here for an explanation.

Perhaps this is a good moment to add that the reaction of the WordPress folk has been impeccable in my view. They’ve acknowledged the problem, fixed it promptly, and are taking steps to prevent a repeat. Nobody should lose confidence in WordPress because of this.


Technorati tags: , ,

Jitters about Adobe becoming “Microsoft of the web”

Ted Leung is bothered about Adobe becoming too sucessful with its Flash/Flex/Apollo technology:

Flash has a great cross platform story. One runtime, any platform. Penetration of the Flash Player is basically the same as penetration of browsers capable of supporting big AJAX apps. There are nice development tools. This is highly appealing.

What is not appealing is going back to a technology which is single sourced and controlled by a single vendor. If web applications liberated us from the domination of a single company on the desktop, why would we be eager to be dominated by a different company on the web?

These are valid concerns though arguably premature – we’ve not seen widespread adoption of Flex yet, let alone Apollo which is not yet released. But is Adobe’s potential monopoly equally as dangerous as what we’ve seen on the desktop? My instinct is that it is not, though I don’t pretend to have thought through all the implications, and I don’t like those proprietary Adobe protocols like Action Media Format (AMF) and Real Time Messaging Protocol (RTMP). I also think it will be healthy for the industry if Microsoft gains some momentum with WPF and WPF/E, and if Java stays alive as a client-side platform, simply because competition is our best protection against vendor greed. And as Leung notes, there is also Open Laszlo.


Technorati tags: , , , ,

Google can’t count

CodeGear’s Anders Ohlsson is excited because Google shows over half a million hits for “Delphi for PHP”. Even with the quotes.

I get the same results. More, in fact. Google says 654,000 hits.

Now try reading them. I get to page 35, then the hits come to a halt. There are 10 hits per page so that makes, hmmm, 350 hits. A bit less exciting. Let’s be honest, a lot less exciting. The real figure is probably a little higher, but not by half a million.

I do get this line (we’ve all seen it before):

In order to show you the most relevant results, we have omitted some entries very similar to the 341 already displayed. If you like, you can repeat the search with the omitted results included.

Trying the “complete” search does get more results, but they are just as repetitive as Google warns. Google appears to limit results to 1000 hits, so there is no obvious way to find out where the other alleged 653,000 hits can be found.

Microsoft’s Live Search says 24,473 results, but the trail runs out on page 80. That’s 800. So Microsoft Live Search can’t count either.

Yahoo says 322,000, but like Google can only show 1000 of them. I remain sceptical about the missing 321,000.

I’ve noticed this before. Certain phrases trigger huge numbers of alleged hits, but they vanish if you try to view them. Others seem to work fine. Perhaps someone more knowledgeable about the inner workings of search engines can explain why. It appears to be an unreliable measure.


Technorati tags: , ,