They must be... cuz I've developed one! Check this little sucker out --- link to my google gadget!
Background - My sailing club has an anemometer set out on a platform about a mile offshore. Wind speed and direction data is transferred by radio back to the offices of a local firm (who provided the anenometer) which then uploads the data to their site. This data is used by them on their website. The only problem is that their site relies on an Internet Explorer control not available to those of us that use Firefox (or iPhone for that matter), so I emailed asking whether I could have a go at producing something myself.
What I did was write a php script that, when called, snaffles the data from their site and pops it into a mysql database on my site. I then created a script that would (via an HTACCESS directive) intercept a request for a graphic, and then send back the appropriate image. So if you request http://dev.bathwick.com/wind/grapics_service/Highcliffe_basic_windvane.png your browser thinks it's picking a standard png file off the web-server, but infact - a php script is running which either returns a cached copy of the graphic or, if the cached image is stale, regenerates the image, caches it and sends it back to the client.
I use this technique because some browers are sniffy about retrieving images where the url doesn't look like a standard graphic (eg http://dev.bathwick.com/wind/grapics_service/image.php?name=Highcliffe_Basic will break in some cases ).
And hey presto.
I began with this excellent tutorial - http://www.seoish.com/how-to-make-google-gadgets/
Then I used google's own docs to figure out what info I needed to include in order to make the gadget "publishable" - Here - http://code.google.com/apis/gadgets/docs/basic.html
In the meantime let me know if you'd like more info.
I've just completed what is essentially a 0.8 version of an iPhone web-app that allows Bathwick analysts to view their tweets, and post tweets to both twitter and the bathwick website. It's still basic, but I am absurdly pleased with the result! It was my first attempt to create an iPhone web-app, and I have to say both Safari and the twitter API's are extremely easy to use. Trust me - If I was able to get a working prototype together in three hours, then you can rest assured this stuff is simple!
I think I might write up a basic "introduction" or tutorial - If only to show developers how easy and quick web development can be.
The only other thing worth mentioning is that .... we all spend lots of time talking about web services / REST (well I do!) etc etc... but the real buzz for me comes from using them... It took an open sourve library and a couple of lines of code and suddenly my app is using all of the infrastructure that twitter provides... that is cool.
At the moment, the app is web-based, but I'm planning to AJAXify it as well - at which point I'll happily share the source with the community.
In the meantime, if you have an iPhone and fancy a "play" drop me a line and I'll happily share the source with you.
I've just spent time with a client who, having had some initial success with SOA, seemed to hit a brick wall. and (as is increasingly often the case) it came down to a failure to scale up the processes and governance that should surround SOA... here are the notes I made while talking to the client -
NOTE : If anyone would like me to expand on this, drop me a line and I'll finish baking these thoughts for ya.
Governance and SOA
SOA comes with a host of “promises” all of which centre on the key idea of “re-use”. Re-use has been the holy grail of software engineers for decades, and SOA represents the latest, and best means to achieve re-use. The benefits of re-use are clear;
These are all good things, but there’s a but: At Bathwick we spend a lot of time reminding our clients that there’s an “A” for Architecture in SOA, and we also talk about the hidden “M” for Method. Architecture isn’t just a collection of cool diagrams – it’s a set of rules, guidelines, and best practice – Think about bricks-and-mortar architecture for a second – Architects have to produce plans for the people that are going to use the space, the people that are going to build the space, the people who want to check that building regulations have been followed etc etc – The building regulations determine how the structure is to be designed (ideally so it doesn’t fall over). Software architecture is the same. The M for method is also key, and it’s a shame that it isn’t talked about more – In our view the M encompasses best-practice, engineering discipline and policy. “Policy” is all about defining a set of standard behaviours – but it’s only “aspiration” if there isn’t some form of governance framework wrapped around it.
Without a governance framework SOA is guaranteed to disappoint – Re-use isn’t an automatic or spontaneous result of your announcing that you’re adopting SOA… developers have to be encouraged (forced!) to re-use. If you’re in the early stages of adopting SOA, you’ll find that the relatively small community of developers that you have working on SOA related projects will probably be able to do re-use, identify candidate services and make sure that they’re implemented properly; in small tightly knit teams, governance comes in the form of team culture and peer-pressure. The challenge shows itself when you try to do SOA on a larger scale – As your investment in SOA grows, everything becomes more complex –
To a large extent, it doesn’t matter whose “SOA governance toolset” you use – and your choice might be influenced by your existing investments in middleware and SOA-based technology, we’re not here to recommend one product over another, but we are here to say that without the right culture, commitment, and supporting technology governance will be very hard to do – and if you don’t do governance right, your SOA journey is likely to end in disappointment.
This isn't going to be the most serious blog entry I've ever written, but I had a convesation recently with my lead developer about the personalities of different languages.
My lead developer is a Java guru, he's taught EBJ development to masters students at Sussex Uni and we were talking about his transition to PHP...
By way of background, some time ago I took the decision to base our SaaS offering (a survey/assessment/benchmarking engine) on PHP rather than Java. As for why I made that call, I guess that would be the subject of a longer post, but the main reasons were -
So my Jedi Java guy was confronted with PHP... And I had to put up with a couple of months of moaning about this "silly, scrappy" language, But then something changed.. He started talking affectionately about PHP...
Then one day I got a skype message "PHP is the puppy that licks your face".
This promped a skype conversation in which he explained that PHP is the scruffy puppy in the litter, a little wobbly perhaps, but its the one that, when you pick it up, licks your face.
We then talked about other languages -
I was wondering if anyone else had classified different languages in a similar way?
I've been really ticked off by the number of "pundits" writing nonsense about this story, so I wrote this blog entry for my personal site, which I thought might be of interest here so I'm reposting for all you developer workers!
If you’re busy, here’s the abstract:
It wasn’t twitter that was hacked – it was Google Apps
Here’s what happened : Someone hacked into the Google Apps service used by Twitter. The guys at Twitter use Google Apps (you can confirm this by typing “docs.twitter.com” into your browser). Someone managed to hack into one or more Twitter employee acounts. It seems as if a hacker was able to guess (either by cunning or brute force) the relevant password or passwords, and “hey” presto.
So the lesson here is about password security, and the steps that providers like Google ought to implement in order to detect and prevent brute force attacks (where someone attempts to log in over and over again using different passwords).
Please, please stop confusing “network” with “cloud” – it’s embarrassing to read and makes you look stupid
No, really! They’re not the same thing! Cloud computing is a computing paradigm in which one or more third parties provide a load of underlying infrastructure that enables you to do stuff. A network is a collection of computers that can talk to each-other. Sure you need network connectivity for cloud to work – but the two things are as different as “tarmac” and “road”.
A useful test, which you can use either on your own comments or others is to see whether you can safely substitute “network” for “cloud” without affecting the actual meaning of the piece. If you can, then stop and have a think.
We analysts love coining our own very special definitions of things like cloud - I quite like this one from Wikipedia
This is not a story about cloud computing, it’s a story about security
This story is only coincidentally connected with the fact that the Google Apps service runs on a cloud. If Twitter were using Exchange (and I’m guessing hell might have to freeze over for the cool kids at Twitter before that happened) they could very well have suffered the same issue - by carelessly allowing web-access to the exchange server, or sharepoint for example.
The moment you make a computer accessible via the internet you have a security challenge
Everyone has heard someone say “if you want your data to be really safe, then don’t put it onto a device that can be connected to a network”. While this (obvious) statement does have some truth to it – it’s slightly beside the point. We really do have to make our computers accessible via the network, and lots of smart people have developed all sorts of cunning techniques to make that data secure.
I had a short twitter exchange with another analyst (the wonderful James Governor) on the topic of “cloud security” a little while ago. James was irritated by a comment from a vendor that cloud computing raises serious security issues. His assertion was that cloud computing is not inherently “less secure” than a private network. As it happens I disagree fairly strongly with this assertion as a general statement – but James also made the point that most internal networks are a security nightmare.
My take is that it should be obvious to anyone with even a basic level of competence that when you make sensitive data accessible over a public network you need to take steps to ensure that it is secure. If you’re not asking questions like “Do I trust my provider to keep my data safe from harm (ie Loss, Tampering etc) , and secure against unauthorised access (ie Hacking)” or “Will I be compliant with my company’s regulations (and the relevant legal requirements) for data security?” then, you’re not a fit person to be making important decisions about data (or indeed about how many sugars to put in your coffee).
By way of a short aside:
Oh yes - that really is a true story.
Security is an important issue for cloud computing – So instead of hyping it, or denying it, we need to deal with it
Cloud-based computing does raise security challenges. And you have to consider them. You absolutely should not put data into the hands of a third-party without asking some very straight forward questions (which might include “how do you dispose of back-up media…”).
Sensationalist stories that hype up the security challenges of cloud computing are just stupid, but we also have to avoid falling into denial as well.
Will be talking and writing at length about security in cloud environments – but the key message here is that you can make cloud computing environments secure – you just have to engage your brain.
The good the bad and the ugly – Some of the articles/blog posts I’ve seen on this topic
Good -Recent Twitter Hack Reveals Humans Are Still Security’s Weakest Link by Terrence O’Brien. A really good common-sense post.
Good - Twitter Gets Hacked. Can It Happen to You? Riva Richmond provides some sensible advice.
Good - Twitter’s hack is a timely reminder that the cloud is only as safe as you make it I’m not so much a fan of the Tory-graph, but this is good stuff from Basheera Khan.
Good - Possible link to Twitter hack – GMail vulnerable to password cracking Some important technical information about potential vulnerabilities
Mostly Good - Twitter’s Problem With the Google Cloud - Although “cloud” and “network” are more or less interchangeable in this piece it has some good advice – “Before enterprises can safely move sensitive applications (and thus data) to the cloud they must ensure their security is effective, since a key layer of protection is being removed.” – Although, I’d submit that if you’re planning to move apps and data to the cloud, and this hasn’t already occurred to you then the chances are you’re too stupid to sign up for a cloud-based service anyway.
OK - Twitter Hack: Are Companies Moving Too Quickly To The Cloud? I was going to put this into the “bad” category because the headline is sensational, but in fairness Andy Cordial from Origin Storage makes some good points:
But Origin Storage’s Cordial and other security experts raise a different sort of question. They say that the means to properly secure IT operations in the cloud may be in place at the service provider’s end, but the hard work of integrating those security mechanisms with companies’ own internal protocols isn’t getting done in the mad dash to the cloud.
“Applying effective security is all about planning and then applying that planning, backed up by a set of solid security policies with encryption at its heart,” Cordial said. “If Twitter had had this strategy operating at all levels of its hierarchy, rather than apparently going for user growth at any cost, it wouldn’t be in the embarrassing situation it is now.”
Bad - Twitter hack raises questions about ‘cloud computing’ By John D. Sutter I’m putting this one into the bad category, because the headline is misleading, and the article closes by confusing “cloud” and “network” which is either scaremongering or a sign that Mr Sutter doesn’t understand the difference
Ugly - The Twitter hack and the cloud This is a real shame; the bbc should have higher standards. The last sentence highlights the confusion between “cloud” and “network” –
“But if you allow your employees - including very senior members of staff - to send confidential information on cloud-based e-mail then you’d better make sure their passwords are super secure.”
Dude, it’s not the “cloud” that’s at issue here – it’s the fact that you can connect to the email account over the interweb.