Tech Team Lead News: July 2008

Saturday, July 26, 2008

Part 2 of last week referenced, this time horizontally scaling JEE applications.

"Microsoft has developed a new static code analysis tool for finding SQL Injection vulnerabilities in ASP code. Web developers can run the tool on their ASP source code to identify the root cause of the attack and address them to reduce their exposure to future attacks. The tool will scan ASP source code and generate warnings related to first order and second order SQL Injection vulnerabilities. The tool also provides annotation support that can be used to improve the analysis of the code."

On the fun side: a Java based Massive Multiplayer Online Game with about 6 million unique active users per month.

Detailed info on whether you are affected from the (Spring) source ;-) on last week's security problem in Spring MVC.

Summary of Flickr Database Architecture presentation on how Flickr database scaling is implemented.

Real world cases used to describe vertical scaling for Java EE applications. Definitely check also the comments.

An interesting theory and technology: host-proof hosting. This is a technique where the browser encrypts the data to be stored on the server, such that the host (application) only sees encrypted data, thus completely preventing the host from seeing the actual contents of the user data. Thus enables for "zero knowledge web applications". Two examples of implementations are Clipperz (sourcecode partially AGPL v3) and Passpack (sourcecode MIT license).
Visualize your code in CVS with this Visual Code Navigator. Too bad that's CVS, which is quite old. Hopefully there'll be an SVN version soon!

Sun this week released their
Sun Java Mobile Enterprise Platform 1.0: "MEP is a framework for developing mobile enterprise applications. Based on robust synchronization technologies, it enables enterprise users to synchronize enterprise data (from back-end systems like Siebel or SAP) with their mobile devices. In a nutshell, MEP enables enterprise users to carry the enterprise in their pockets". You can get a free evaluation here.

Bjarne Stroustrup in an interview describing what every programmer and software engineer should know about C++.

Browser memory performance comparison between Safari 3.1, Firefox 3.0, Flock 1.2, Opera 9.5 and IE 8.0 B1. Conclusion: Firefox 3 beats them all in memory efficoency.

Definite interesting read this white paper from Kent Beck "Tools for Agility". On an invitation basis from Microsoft, he wrote "thoughts on the relationship between tools and agile software development. He looks at how tools have evolved in aiding software flow, efficient transition and team transparency". It includes what makes agile development different and difficult from other development-cycle approaches. For example the tools should support: even shorter development cycles, even more automated testing, much more transition between activities, transparency and real time collaboration, .

The TLS Report, a recently started website, is keeping track of how major sites have implemented TLS (Transport Layer Security, formerly SSL). Check the first surprising results of the best and worst here.

Presentation from Jason Sobel, the manager of infrastructure engineering at Facebook, on how Facebook implements the storage of about 6.5B images (profile pics, regular photos) in 4 or 5 sizes, totalling about 30B files, 540TB and serving 475K images per second! Their servers (10K Apache webservers, PHP, Memcached, 1800 MySQL servers) can't handle that so they use CDNs.
Here's a page from the presentation that shows the "read" setup:

Adobe announced that they've created a special Flash player that runs on the server which allows search engines to better index Flash and Flex applications: Rich Media Search. The search engines are now supposed to "see" the Flash application just as the user does. Well, that's one reason less to not use Flash ;-) Google is also improving its Flash indexing by using this new searchable SWF library.