• Home
  • Events
  • About
  • Jazoon '09: Some final thoughts

    June 26th, 2009

    A day after the fact and I feel that my time spent at Jazoon ’09 was definitely worth while. I attended some genuinely top-quality talks, had some great discussions with peers and potential clients; plus I got to meet the man who started it all: James Gosling.

    Conference host Christian Frei finished last the conference night with some thanks to everyone who doodled on the James Gosling campaign and for the Java Rookies. He noted that Jazoon ’09 had 20% more visitors than 2008, which is not what one might expect under the current financial climate… but is certainly encouraging.

    So three cheers for Jazoon ’09! Three more cheers for Jazoon 2010!!!

    Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
    • email
    • Print
    • Twitter
    • LinkedIn
    • XING
    • Facebook
    • Google Bookmarks

    Jazoon '09: NASA Keynote

    June 26th, 2009

     

    Speaker: Linda Y. Cureton, CIO, Goddard Space Flight Center

     

    l-cureton

     

    The speaker declares her goal today as to inspire the audience…

    Some background information ensues on the history of the Goddard Space Flight Center, which has a site here.

    She describes the culture as being one of pioneering, not being used to failure and very disciplined with regard project management…

    Describes one of her main tasks as having been to consolidate disparate networks, to enable Web 2.0 in a consolidated manner (which – I think she is suggesting – is a fine balance).

    What the network supports:

    • Blogging and micro-blogging i.e. twitter
    • Virtual worlds… and Linda describes an amusing experience when her avatar appeared naked in JPLs Explorer Island
    • Podcasts

    Linda observes that the new generation of employees are way more comfortable with the social networking the network provides.

    The primary accomplishment of the network is that it gives everyone users control, and ultimately it provides value to the organization as a whole.

    Ultimately Linda believes that Web 2.0 is an enabler for creating a more cohesive organization.

    Do I feel inspired? Perhaps after 4 solid days of intense sessions, blogging, talking… relieved would be a better word.

    Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
    • email
    • Print
    • Twitter
    • LinkedIn
    • XING
    • Facebook
    • Google Bookmarks

    Jazoon '09: Deploying Java apps from a website

    June 26th, 2009

     

    Session title: Wuala Webstart – Launching a Java Application directly from a Website
    Speakers: Luzius Meisser – Caleido AG / Wuala

     

    LuziusMeisser

     

    Luzius describes Wuala (which I’ve never heard of until now) as an all for offline file-storage. The goal was to make this available in as many contexts as possible, and to get the app up and running as fast as possible, which resulted in them creating their own webstart implementation.

    In the speaker’s implementation of webstart he demonstrates how the app starts before the complete app is loaded… which if I’m not mistaken is also possible in Java webstart.

    The strategy: Load a trusted applet, copy loader.jar into a temp folder and run it. Now RCP exists as it’s own process and consequently survives browser closure…

    On the server-side the apparently smart webstart server (the server counterpart to loader.jar) “learns” which classes are needed first and subsequently delivers the app faster and faster with time.

    Some extremely wordy slides are shown which are impossible to read because Luzius is talking. To read or to listen? That is the question.

    What I’m extracting from this mix of written and spoken words is that their webstart solution enables quicker downloads and updates than conventional Java webstart.

    Summary: This short talk was a little confusing to follow until I realised that I was hearing about two technologies: (a) Wuala – the offline file storage solution; (b) The unique webstart implementation – which was developed in order to improve Wuala’s quality. Nevertheless, I found it quite interesting to learn of the existence of Wuala… 20 minutes well spent.

    Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
    • email
    • Print
    • Twitter
    • LinkedIn
    • XING
    • Facebook
    • Google Bookmarks

    Jazoon '09: Addressing security in the agile process

    June 25th, 2009

     

    Session title: Agile and Secure; Can we do Both?
    Speakers: Jason Li & Jerry Hoff, Aspect Security

    Jerry Hoff and Jason Li of Aspect Security

     Goal: To try to get developers to think about security early on in the development process.

    Jason begins with a brief description of a common security flaw (in AJAX apps at least) XSS, which typically involves replacing regular text with a malicious piece of JavaScript. Example attack: The JS steals the end-user’s cookie by querying the DOM. A cross-site request forgery might subsequently be mounted by using the stolen cookie from within a new application context such as mail in order to delete all the users mail.

    Another example – SQL injection – is when part of a SQL statement is replaced with a semi-colon followed by another statement e.g. DROP TABLE… which is obviously bad news.

    With that whirlwind tour of web security… how to fix the process which results in such errors?

    Speakers refer to the waterfall and explain how in each of the chunky phases activities include (or should include) security; security requirements, security design etc…

    Speakers then argue that embellishing the highly iterative agile process in the same way as was done for waterfall is not practical. Blogger agrees… the granularity of the activities is too fine to permit the kinds of security analyses which are required. So what’s the solution?

    They recommend…

    Leveraging user stories

    Prerequisite step: Ensure that all developers have received adequate security training

    Another prerequisite step: Get management to fund this (gets a laugh!)
    Alternatively: The OWASP Open Web Application Security Project is an organization providing resources which provides heaps of information on attacks points and solutions for these.

    Leverage unit testing… and include security tests in the unit tests. This is obviously particularly effective in a continuous integration environment.

    To speed up this process, use common security components such as those at Open Enterprise Security. Organizationally, this needs to be communicated across the development team(s).

    Leverage and consolidate sprints… and ensure that all security stories are included in each sprint. For dealing with security stories which don’t fit into any particular sprint, run sprints that are focussed solely on security.

    Great line (paraphrased): Web apps are a kind of “perfect storm” comprising a complex mixture of technologies, which results both in a large attack surface area as well as numerous subtle edge cases which make us more vulnerable.

    Couldn’t agree more!!!

    I found this talk excellent both stylistically and, more importantly, in terms of content. There are still voices out there which claim that agile in some way incompatible with quality. Talks like this should go some way to quell those remaining voices. Although the pair used AJAX’s inherent security vulnerabilities to highlight the necessity for a systematic approach to security in agile environments, much of what they recommend applies to any agile environment, whether it is creating AJAX applications or not.

    Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
    • email
    • Print
    • Twitter
    • LinkedIn
    • XING
    • Facebook
    • Google Bookmarks

    Jazoon '09: Activity Based Costing and the Cloud

    June 25th, 2009

    Session title: Metering the Cloud, applying ABC from code profiling up to performance cost management of cloud computing
    Speaker: William Louth, JINSPIRED

    To quote Monty Python: And now for something complete different.

    WilliamLouth

    William correctly notes that ABC is an accepted accounting practice.

    Novel: A movie excerpt (THX1138). In the portrayed world every activity has a budget. (The chase ends when the chaser’s budget runs out.) William claims that the cloud will operate in an analogous manner to this world. Business will demand a breakdown of the activities which result in a given total cost. They will do this so they can subsequently optimize their resource usage and reduce costs.

    The speaker describes (and seemingly accepts) the assumption that the lower the cost, the higher the efficiency. For example, if I can identify that my persistence costs are high I may choose an alternative persistence provider.

    Blogger thinks: What a horrible world this would be, where cost becomes the sole consideration at the expense of all other quality attributes. What about uptime, response time, throughput? But come to think of it: Isn’t this how companies have been thinking ever since the bubble burst!? For that matter maybe this is how businesses have been thinking since the invention of Taylorism.

    Continues… billing will be required on various levels: Across groups and aggregated services.

    The Jinspired product “Probes” enables the monitoring of high-level entities e.g. user, house, washing machine etc. as opposed to simply methods, which is what most probing software focusses on. AspectJ is used to inject probes into code.

    The Probes API is attempting to become a JSR. It’s certainly an incredibly powerful idea. It permits metering at various levels, groups and aggregated entities.

    Summary
    This whole business of costing everything and billing accordingly will likely appeal to today’s business mindset.
    However, I (and I’m not alone) view ABC as a disastrous approach to improving the efficiency of the organization. This is not just because quality comprises a multitude of attributes (cost being just one of them), but – more fundamentally – because it turns out that organizational efficiency (the cloud, which forms part of the organization) is not in fact maximized by maximizing the efficiency of each individual element involved.

    Counter-intuitive though it is, the quality and quantity of what your organization produces (products, services) is actually determined by a handful of constraints (bottlenecks.) ABC does not only not recognize this fact, it guarantees that quality and quantity will be less than their potential for a given set of resources. For more information read this.

    Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
    • email
    • Print
    • Twitter
    • LinkedIn
    • XING
    • Facebook
    • Google Bookmarks

    css.php