Saturday, June 30, 2007

Best of this Week Summary 24 - 30 June 2007

  • Nice use of RSS: use it to publish your nightly build results. They then use the (commercial) product Confluence to build a wiki page out of it.
  • Interesting write-up of one of the developers of the Digg comments system. Very AJAX and PHP orientated solution. Notice for example that the DOM is created mostly dynamically and there is 4x as much Javascript code than PHP code for the comments functionality! For interesting detailed design desicions made (main question to anser: how to the commenting more complex and simpler at the same time), see this link, also mentioned in the article.

Saturday, June 23, 2007

Business process modeling interviews one-on-one

On page 10 of this whitepaper I read an interesting statement regarding interviewing a customer to figure out what business processes they have (with as ultimate goal integrating different back-end systems to provide an automated business process in an SOA environment).

The process-modeling interviews were done one-on-one, instead of meetings where all involved parties are present. The system integrator's experience showed that otherwise (too) much time would have been spent on educating everybody about the big picture. In such a "grand" meeting, roles would be ranging from frontline-workers to the CIO, for which each would be contributing very different process insights, causing a significant delay.

For me it is quite remarkable, since all the process-modeling I was involved in over the years did involve a more consensus-oriented meeting structure were all relevant parties were put in one room. It does work, but indeed much time is spent on getting everybody on the same page. If time doesn't permit, the one-on-one interviewing technique is definitely a viable option. Still, it might provide less buy-in from the involved parties. Also some process optimization(s) might be missed because everybody still only sees his/her part of the process. And indeed, all involved did conclude that in the future a more participatory style and ongoing committee meetings will be most beneficial, especially in the area of SOA governance and the evolution of the business services layer. The paper also shows that iterative (agile) design/development with involvement of the business analysts from the start is still definitely a good way to go: it's just hard to get everything correct in the first iteration. As an SOA architect, you start constructing business services layers with BPEL, which future business applications can reuse (top-down). Then at almost the same time you start to webservice-enable existing systems (bottom-up). Note the combined effort: it was not implemented pure top-down or pure-bottom up, it was a mix. Here's a link to an elaborate description of the project.

Below is a screenshot of a great diagram in the paper which put sthe above architecture terms SOA, webservices and BPEL in perspective:


Best of this Week Summary 17 - 23 June 2007

  • Good introduction to Continuous Integration on software projects. Excerpt from the book "Continuous Integration: Improving Software Quality and Reducing Risk". It includes:
    - What is the value of CI?
    - What prevents teams from using CI?
    - How one gets to CI?
    - When and how should project implement CI?
    - How does it relate to other development practices like coding standards, refactoring and iterative development?

  • Another excerpt, this time from the book "SOA Using Java Web Services". It walks you through code for building an Ajax application that consumes RESTful Java Web services endpoints. Mainly useful for creating mashups, since enterprises usually use WSDL and SOAP. Section 10.4 is the most interesting with a list of conclusions. Regarding point 4 in that section, I rather recommend using soapUI as tool to explore service interface data, instead of building your own AJAX frontend, which can be a significant effort.

Saturday, June 16, 2007

Best of this Week Summary 10 - 16 June 2007

  • Good list of 30 questions you can ask when interviewing medium and senior Java developers for your team.

  • Good comparison of three bugtracking systems: Bugzilla, Trac and Jira. Bugzilla and Trac are open source, Jira is commercial.
    Bugzilla: exists the longest. It is the hardest one to install. Not an intuitive user interface. Trac: open source with Subversion integration. Lightweight. Just like Bugzilla a bit harder to install. Uses Python, not as many features as Bugzilla. Wiki based.
    Jira: commercial. Installation wizard.
    Which one you really prefer is up to you and the specific project situation. Check also the comments for other suggestions of bugtracking tools like Eventum, Mantis, JTrac, Project Dune and Track+.

  • Apollo has just been renamed to Apollo Integrated Runtime, or AIR for short. And it has gone into beta (was previously released in developer preview).


  • Apple released Safari for windows this week, a public beta version. Ars Technica looked at it. In general, the result is that the differences are so small, it's not worth it (yet) to switch to it. Pros and cons found were:
    + A little bit faster page load.
    + The ability to resize textboxes on forms (just like the new, just released, Netscape browser which is based upon Mozilla).
    + Since it should run on the iPhone (soon to be released), it should be able to fully support AJAX on that mobile phone.
    - On day one of the release 0 day security exploits were discovered.
    - Unstable, sometimes even requiring a full system reset while it was being tested.
    - Cross platform inconsistencies in for example the keyboard shortcuts to switch between tabs.
    An update that fixes most of the exploits has been released already.

Saturday, June 9, 2007

Best of this Week Summary 03 May - 09 June 2007

  • An interview with writers of new book about REST. One free chapter for download. Interesting is the interview with the writers were they explain why they think REST is great and (when) preferable above WS-* (SOAP).
  • An overview of nine free virtualization environments. Plus one free spreadsheet to compute the TCO of virtualization.
  • Interest points made about what Google Gears does not yet support out-of-the-box, like synchronization strategies. But as mentioned already a little bit in the article, the correct synchronization strategy depends on the application you are building. So maybe Gears could (should?) have contained already one or two simple syncing strategies. Also, I think saying it replaces one problem with another is a not really correct. I'd say Gears is a starting point in providing a full offline library/framework solution, but it does not solve all problems at this point in time.
  • The writers of the book "GWT in Action" answered a couple of questions on their impression is on GWT after a year.

    Most important points made:
    - Regarding debugging: most of the time you don't need to go into the generated Javascript,
    - The great fact that you can re-use all your Java knowledge and tools,
    - That for simple apps it would still be too heavy-weight (overkill),
    - How GWT tries to make the generated Javascript as little as bloated as possible,
    - That the generated Javascript code can be output in pretty, more readable Javascript,
    - A GWT application can mix Javascript and Java (so it is not that "crippled" as it seems),
    - There are wrappers available for Scriptaculous, JSCalendar etc,
    - Javascript files are provided per browser type, instead of one big file that handles all browsers,
    - Changing locale can require you to switch to a dynamic approach, losing GWT stripping,
    - Modularization can be improved; now you have to always download all modules that your application uses.

Saturday, June 2, 2007

Best of this Week Summary 27 May - 02 June 2007

  • This article shows why you probably shouldn't use subdomains to differentiate user accounts as in http://username.mydomain.com, giving a very good reason not to if you're using SSL. Use a REST style (like on Flickr, Del.icio.us) instead, like http://www.mydomain.com/username/. A reason you *could* be using it is to prevent XSS in user generated content sites...

  • How does OpenID work and how can you integrate it into your applications.
    OpenID is an open centralized authentication approach. It performs the same functionalities as SAML but is a slimmed down and lighter version to use. The article gives a good overview and also goes into the protocol details. It also shows how to implement OpenID with OpenID4Java.

  • Firefox plugins are getting more and more attention of hackers via a man-in-the-middle attack. An effective way of implementing this kind of attack is by setting up your own wifi-accesspoint, let your malicious code scan for what comes by, and insert a modified Firefox plugin. SSL connections like on the offical Firefox plugins website do not run this risk (or to be more precise, very limited).

  • Of course the announcement of the availability of Google's Gears was a biggie.

    It consists of three major components:
    LocalServer:
    Database:
    and WorkerPool (async javascript):
    Dojo Offline will be ported to move its API on top of Gears. Trying to make this an industry standard, Google is working with Adobe to get it integrated with Apollo.
    You can use the three components also seperately, you don't need to only use it for writing synchronzation software.
    Note that the workers in the WorkerPool are not threads, that is, they don't share anything with eachother, so they should be considered more as separate processes rather than threads.
    Here's a couple of nice examples with explanation on how you can use Gears.
    The question you can ask yourself is whether we should go down this Javascript road. It is so hard to create rich controls which work well always on all browsers. Are the desktop solutions (Apollo, JavaFX) the better way to go?