Sunday, November 25, 2007

Best of this Week Summary 19 November - 25 November 2007

  • For software companies to test the security skills of their IT employees, the Secure Programming Council created this "Essential Skills for Secure Programmers Using Java/Java JEE". The draft is now open for public review for 60 days. Other languages like C++ and PHP will follow. Amongst the people in the Java steering committee are Ed Tracy and assisting them are for example people from the OWASP. Definitely a good initiative.

  • In October W3C wrote a proposal to allow cross domain capabilities (same-origin-policy) for the XMLHttpRequest (XHR) object. This article summarizes it and also compares it with the JSONRequest proposal.

  • Great presentations that contain comparisons of several Java web frameworks: JSF, Spring MVC, GWT, Seam, Stripes, Struts2, Tapestry and Wicket. Also included are Flex and Grails. Definitely a good starting point if you're starting with a web framework selection. Note that the general trend is that Tapestry is being used less and less, while Wicket is on the rise. GWT I would not use quickly for deployment on Internet sites since it creates quite large Javascript code. For intranet this constraint is a lot less serious. Note that soon you should be able to minimize the required Javascript libraries, thus improving download time. This is a presentation of Matt Raible where he compares a bunch of web frameworks in this 1 hour funny presentation, from a developer's point of view. He also asks who uses what (Hibernate, Websphere, Struts, JSF, Wicket etc). The above mentioned presentations are updated version of the one used in this presentation. His conclusion is that there is no real winner yet.

  • A nice how-to on how you can write RESTful web services in Java that conform to the JAX-RS: Java API for RESTful Web Services (JSR-311) specification. This JSR should be in Java EE 6.

Saturday, November 17, 2007

Best of this Week Summary 12 November - 18 November 2007

Sunday, November 11, 2007

Best of this Week Summary 6 Nov - 11 Nov 2007

  • This is a good blog to get you started on JavaFX and related technologies. See this post on what's been covered until now.

  • Madly interesting is this technical posting about Amazon's Dynamo, which is a their internal distributed storage system in which the data is stored and looked up via a key, with a put() and get() interface. Sounds quite similar to the put() and get() for a Hashtable in Java right? ;-) Actually Dynamo is built in Java, so I guess that's no coincidence! The posting gives you quite some details on Amazon's internal infrastructure, and introduces interesting new terms like that it is an "eventually consistent storage system". What is also cool is that each of Amazon's internal applications can setup their own SLA with Dynamo. This SLA defines the amount of delays and data discrepancy the application will tolerate from Dynamo. The fact that Amazon is opening up its services (with S3 and EC2), makes it a huge differentiator from companies like Google and Microsoft, which don't open up their systems (some Google GFS info you can find here). Related to this the new term that is being coined recently: HaaS (Hardware as a Service). No time to read the whole paper? A summary you can find here. Compare it with Hadoop and CouchDB.

  • Related to my last week's post about OpenSocial, this week the (very) alpha version 0.5 of the Container API has been released.

  • Note: I turned on moderation for comments this week because of a big spamming "effort"... Thanks whoever you are...

Monday, November 5, 2007

OpenSocial: the harder technical outstanding questions

This week anybody following technical news cannot have missed the announcement of the Google OpenSocial initiative.

Here is a short introduction. A bunch of live examples can be found here.

Basically it is a widgets (gadgets) API specification, built in Javascript and XML that anybody can plugin on a social network page (like MySpace, Plaxo) to show relevant social information (e.g who are my friends in this social network).
Most posts were positive and only looked at potential positive uses. It took about half a day before the first more critical posts showed up.
With this post I'd like to provide you the current outstanding technical questions and issues with the OpenSocial API. First I'll list the posts I found until now, then my own outstanding questions.

Note: don't misunderstand me, I like the initiative, trying to get the so-called social graph standardized. But a careful examination is definitely relevant if you want to introduce it on your site.

  • Good points (not only technical) what is not yet so good about OpenSocial

  • This a good pretty good technical overview and points of critique which the above post mentions. Btw: I disagree with this statement definitly: "if REST APIs are so simple why do developers feel the need to hide them behind object models?". Object model abstraction can still be needed/desired to acquire the best level of abstraction.

  • Note that the container API itself is not there yet...

  • In the FAQ there is the question: "Can OpenSocial apps interact with other websites?". The answer is "Yes, social apps have the ability to fully interact with outside 3rd party applications using standard web protocols." But how does it then avoid the same origin policy for Javascript? Would the calls go via Google? How does it work with Google Gadgets (iGoogle), where you can specify any feed URL? My guess for this last one: via a Google proxy as provided in the Google Feed API... At the moment there exists no OpenSocial gadget that implements accessing data from multiple social networks.

  • Why are technologies like Microformats and APML used? My guess for now: those "standards" are too much in an initial phase. An API with Javascript and XML are based on standardized technologies and immediately available.

  • Really pay attention to the authentication mechanism described for the People Data , which all go through a Google account (or you can always use an email-address and password). Check the first details on this issue here.

Update: here's some sort of answer to some of the above questions.

Update: Google released version 0.5 of the OpenSocial Service Provider API (the container API). Very alpha.

Update: Here's a Javascript library that "solves" the same-origin-policy.