blog-j: Symbolizing, Coding, Objectifying, Processing

I saw a link to this via ActionScript Hero, and was intrigued enough to read the article. It’s an interesting review of Gartner’s Application Development Summit, held in Phoenix this week.

I’m particularly interested in what the keynotes were saying about the “future of application development”.

But when they say “agile,” they may not mean the same thing you do. According to the presentation notes, Veccio and Hoyle say that the keys to unlocking the agility paradox are architecture; a focus on software process and engineering; and reuse — of everything. In the past, they maintain, we’ve been builders of custom software, or deployers of packages. According to the keynote presenters, in the new, agile application development lifecycle, reuse and assembly are key. “Application development organizations can’t code themselves into the future!” they write.

“The future of application development is not about programmer productivity,” said Hoyle during the keynote presentation, “but in assembling functionality from components.” While programming will not go away, he stressed, programming has decreasing importance in delivering excellence. “Assembling, buying, and extracting is an increasing part of what you need to do,” he said. To be more agile and responsive, application development managers have to manipulate, orchestrate, and compose new business processes, using resources available from outside partners, third-party applications, Web services, and existing code components. Veccio asked, “Why would you ever code an app from scratch again? Why would you need to?”

Quite frankly, I don’t quite disagree - reduce, reuse, right? Recycling is completely en vogue now (as it should be).

But there’s something missing from this equation: who is their audience?

See, if you’re talking about enterprise IT departments (omg, wtf are those?!?!), yeah - I completely agree. Writing software to run your own enterprise is generally going to be a ridiculous proposition. Chances are you won’t have the manpower to write all your applications, or even to assemble “resources available from outside partners”, support them, and maintain the company network. Some IT departments have enough trouble just maintaining the networks (or so I’ve heard). From that perspective, absolutely: third party wins everytime. Assuming, of course, you’ve got a good third party (or, more likely, a bunch of good third parties).

Everybody in Enterprise IT should have a good party every once in a while.

But while “things” tend to be greater than the sum of their parts, you can’t expect to push forward by assembling the same old pieces in different ways. Sure, you could hook things up a bit better, tighter or looser (depending on your preference), but, at the end of the day, you’ll be completely limited by what’s already there.

Enter the third parties: these are the guys that are going to have to write code. Good code. Code that can be integrated with other providers (well, ok, not code per-se, but applications). It’s the third parties that are going to need to maintain the development roles. Without that, there is no future, no innovation.

It’s obviously not just the third parties, of course. Though I’m really thinking about Microsoft and Google (and, yes, Sun, and OSS providers as well), but they’re technically third parties in this instance. Granted they write software that they themselves use, but they’re really just third parties for the planet.

And I’m completely not against buying software or software components (either as a consumer or as an enterprise). How many large companies write their own accounting software? How many of the ones that do don’t focus on writing accounting software? None. Look at Google and Yahoo - brilliance in picking up application from people writing software (think Flickr, Picasa, etc).

What I’m getting at is that their [read: Gartner keynotes] model doesn’t work if no-one is in trenches writing code. Solid code. Effective code. New code, in particular. Pushing the boundaries, adding new capabilities that were impossible to achieve by stringing together a chain of sufficiently loosely-coupled web services. “Why would you ever code an app from scratch again? Why would you need to?” Aside from the pure pleasure of starting with a blank canvas and seeing where you can go? How about because the app you’re about to write doesn’t exist? That’s a good reason, isn’t it?

Bah. Read the article. Let me know what you think.

Hit it @ devsource.com

Something that should be obvious, yet isn't always.

We'll use a relatively concrete example, without naming names or giving out links. Because while Encryption does not equal Protection, Encryption not equaling Protection plus scandalous leaks can equal very bad things.

In any case:

Let's say you want want to pass some sensitive data from one site to another (in particular I'm thinking about single-sign on solutions, where a login persists between sites). In order to keep the information "safe" over the wires, you encrypt it (on the server, of course). I'll pseudo-code this so it's language agnostic for y'all:

Somewhere on your page, you call the "WriteUserLink" function which outputs a link to do something to the user, encrypting the password along the way*. Now, no-one will be able to see the plain text password if they happen to sniff the request or look over the users shoulder.

Hopefully you see the problem.

The scenario above is would be put in place where authentication on one site needs to carry through to another site (eg: a single sign on solution). When transferring a user between the two sites, the username/password combination is passed through, the password encrypted.

Well, my friends, you've just left the barn doors wide open.

Why? Because, in the scenario, anyone who grabs the url can now login as the user in question, simply by copy-and-pasting the url into their own browser. Depending upon the abilities given through the site, the nefarious agent may now be able to change the account password, and would then have complete control of the users account.

At the very least, use form (POST) variables - while they're visible in the request, they're not visible in the URL. A somewhat better approach would be to drop a cookie on the second domain from the initial site, with a fully encrypted payload. From there, the page on the second domain could read the cookie. Still not 100%, but way less transparent. Alternatively, if you have really sensitive data, a better idea might be to authenticate the user a second time on the other site - it's a slightly worse user experience, but virtually eliminates the possibility of the authentication data being picked up in between.

I'd love to offer more (and better) solutions - they're definitely out there (I am definitely not inventing the wheel on this one). I'll follow up on this post as I think/discover more about it...For the time being, just think carefully about how you implement things like this.

And keep your barn doors closed. Ahem.

* Please note: I am absolutely not advocating sending a username/password combination via querystring...this is just an example.

When I originally set up my mail hosting, I thought it would be effective to have multiple email addresses to manage the (huuuge) flow of (relevant) email that I expected. At the time, it really seemed like a good idea. So I've got an info@, services@, whatever@ (I don't remember all of them, sorry - I'm sure you're all crushed).

Nevertheless, every once in a while something does come in on one of those addresses (even though I don't give them out), so, like the responsible bloke I am, every few years months I dive in and slog through the backlog of spam to find those hidden gems.

(Some of you may point out that I don't have a contact form or page on this site. To be honest, you can send me an email at any address at jasonnussbaum.com - jason is the preferred alias. But feel free to get creative. Use your name instead of mine. Make up a name. Now you have no excuse for not contacting me. Hopefully google will crawl this and pick it up for contact info quickly. I'll say it again: google, please consider this my contact page.)

In any case, I really don't find a whole lot of gems, but the spam is really quite amusing. For your reading displeasure, I shall share a few of the better ones with you.

• "Napoleon"@.SYNTAX-ERROR writes: Can't buy expensive software? Look here!
• Krissy wants to know: Is 36 hours enough for all you needs?
• Machelle Bond is offering the Erection PowerPack. Time limited offer
• Beth warns: Full of health? Then don't click!
• Abdul, a senior QA analyst, asks: Wanna make sure your Web Site looks perfect in my computer?

Man. The quality of spam has gone done so much over the years. I remember the really good made up names, none of this "Beth" and "Abdul" stuff. I have to admit that syntax-error is a great domain name (probably taken, I just don't have the energy to check...).

Have you read any good spam lately? If so, shoot it over in the comments. I'm always up for a bit o' spam - and with all the free \/1agra and c1a|is I'm getting, it's no wonder...

All comment spam will be deleted.

Happy Spam Day!

If you play guitar (like I do, or, rather, better than I do), in your forays into learning guitar you've probably read some tablature, and possibly even written some of your own. I remember when I discovered the internet, one of my favourite things to do was download tabs for songs I wanted to learn; the format was generally horrible, requiring mono-spaced fonts, but everyone writing the tabs had a different way of doing things (notation for bends, hammer-ons, etc), which made it an awkward experience at best. Sure, you could translate it while you read it, but for anything beyond simple chordal notation it left quite a bit to be desired.

Enter the PowerTab editor.

PowerTab is a free tablature editor, and it absolutely rocks. The notation capacilities are stellar, you can write for multiple parts (including bass, which you can set to be a separate score in the tab file), and it features musical notation in addition to the tablature (hence you can see the correct rhythmic notation, or read the notes instead of the tab if you're so inclined). Time signatures, key signatures, etc. And, perhaps best of all, it features a built in player, so you can listen to (and speed up/slow down) any tab you write or download.

Power Tab Editor is a tablature authoring tool for the Windows operating system. It is intended to be used to create guitar sheet music, more commonly known to musicians as guitar tablature and bass tablature. (aka guitar tab/bass tab). The program provides the most commonly used symbols in tablature, including chord names, chord diagrams, rhythm slashes, bends, slides, hammer-ons/pull-offs, harmonics and palm muting.

There's also a very active community putting out tabs in PowerTab format which you can download.

There are (obviously) other tab editors out there, and for comparison purposes I should say that I've at least tried them, but I have yet to see another free (as in beer) editor that packs the features and quality of PowerTab.

And no, nobody from PT asked me to write this. It is completely unsolicited. Why? I'm in the middle of writing a song, and while I haven't had time to sit down and record it with an actual guitar, I have been able to put it down it PowerTab: no lost tunes, no frantic scratchings on paper; just pure, tabby goodness.

Check it out @ power-tab.net
For tabs, you can search with google or swing over to powertabs.net

I was recently asked to join an advisory committee for a program at a local college. Attended our inaugural meeting earlier this week, and have had some thoughts going through the ol' noggin that are begging for release.

The program is one from which I graduated (DMA at Seneca, 2001), though it has changed quite a bit from when I started. It used to have a major focus on 3D modelling/animation (3D Studio Max), with a minor focus on interactive media (Director, Flash, web); at it's core, though, were visual art courses - drawing, particularly, but also some design, history, etc. The focus is now on interactive media, but still with a visual focus, not a programming one.

So, of course, you get a bunch of programmers, projects managers and designers in a room and opinions fly like hotcakes.
(more...)

Yeah, I know what you're thinking...Jay has had nothing to say for how long, and now he blurts out with a Vista post?

You bettah believe it, baby.

Vista RC1 is now available to the masses.
That probably includes you, but if not, don't feel too bad.

Take a download @ download.windowsvista.com

Hat tip: Mike