January 25, 2005 update: as per IBM Corporate standards, if I link to an audio or video clip, I need to provide a textual description for people with disabilities. I've posted a description of the video at the end of this blog, also in blue.
I got pinged* by Michael O'Connell the day before Thanksgiving pointing me to a web site with an article on corporate blogging at big technical companies like HP, Sun, Microsoft, and yes, IBM.
The article itself was fairly interesting - for instance - I didn't realize that Sun #2 guy Jonathan Schwartz has a blog. Surprisingly, it quoted my recent blog on Steve Ballmer's comments on Microsoft vs. open source security. The quote taken didn't really reflect (IMHO) the "fair and balanced" tone I tried to strike in the blog, but oh well, not that big a deal.
And now for something really funny.
As I was searching for the full text of Steve Ballmer's quote** and stumbled across a web page that links to several videos that show Ballmer doing and saying some really funny things. I would try to describe this video, but I don't know if my words could do justice to its funnyness. So instead, just right-click and save this link, then enjoy the show. Here's the whole page, which has one other funny video.
Though I disagree with Ballmer's arguments against open source, I really appreciate his passion for Microsoft and his willingness to pump up the Microsofties (not being sarcastic).
Should Sam Palmisano (IBM's CEO) ever do a dance like that on camera, I will definitely link to it ... but I'm not holding my breath :-)
* "pinged" simply means "sent an instant message to someone" in IBM lingo. Of course the term comes from the eternally useful ping program that you can use from Windows or Xnix to determine if a certain computer is alive or not. I'm not sure if this term is used in this context at other companies / institutions or not.
** Thanks to Michael O'Connell and my nephew Jay Solano for linking to the full-text in the comments section of the blog. Hi Jay!
Video description: Steve Ballmer, Microsoft CEO, runs on stage at a Microsoft developers conference and runs around, screaming and doing a funny "dance". Finally, a sweaty and exhausted Ballmer steps to the Microphone and shouts "I ... LOVE ... THIS ... COMPANY!!! WOOOOOO!!!!".[Read More]
Jazz platform development
I read a quote from Microsoft CEO Steve Ballmer today that I think merits some discussion.
We think our software is far more secure than open-source software. It is more secure because we stand behind it, we fixed it, because we built it. Nobody ever knows who built open-source software. (source)Let's analyze this quote for a moment:
We think our software is far more secure than open-source software.Fair enough. Everyone's welcome to their opinion, and there's nothing wrong with standing up for your products.
It is more secure because we stand behind it, we fixed it, because we built it.I wouldn't judge some system's security based on the system maker. Rather I would judge the quality of a system's security based on what independent security experts have said about it and the security principles applied to the system's architecture (e.g. using battle-tested encryption protocols vs. proprietary "security by obscurity" encryption protocols). Ballmer here asserts that Windows security is implied by the fact that Microsoft created it and have improved it over time. To give Microsoft credit, they have made great strides in their products' security as part of their "Trustworthy Computing Initiative" that they launched a couple of years ago.
However, I think many, if not most people (outside of Microsoft sales and marketing) tend to associate the Microsoft software brand with subpar security. This is unfortunate, because there are some good things to be said about the security in systems such as Windows, and Windows and Office get a disproportionate number of attacks because of their dominant market share on the desktop. Still, when it comes to branding, perception is reality, and the weekly announcements of new major vulnerabilities and associated patches to Microsoft products (especially Windows and the bundled Internet Explorer web browser) have taken a heavy toll on the industry's perception of security in products coming out of Microsoft.
Ballmer could make a much more compelling argument if he focused on objective security measures and analyses rather than simply saying "trust us".
Finally, he says:
Nobody ever knows who built open-source softwareThis statement could be kindly called "an extreme exaggeration" but in reality is simply untrue. Although it may not be possible to trace every line of open-source code back to the organization or developer who wrote it, it's quite common that the individual or organization of some open source component is well-known. For instance, IBM's OTI subsidiary wrote the majority of the code in Eclipse and reviewed the many valuable contributions submitted from other organizations and individuals. And in the case of the Linux kernel, there is a well known group of "committers" who create much of the code and review that which they do not create.
Once again, I think that Ballmer would do his company better service by speaking about more objective comparisons and analyses of security rather than comparing Microsoft Windows' not-so-pristine security reputation (again, somewhat unfounded) with a specious argument about not knowing the identities of creators of open-source software.
Steve Ballmer is a very smart man and has made a lot of money for Microsoft (and himself) with his sales and marketing abilities (at heart he's a sales guy, not a hard-core geek). As the saying goes, "the ultimate measure of success is success", but it's still unfortunate that he uses a specious argument on such an important topic as security to bolster Microsoft and spread FUD about open source. Alas, this isn't the first use of this technique in the software industry, and Microsoft isn't the only guilty party. Hopefully the folks who listened to his speech will compare the security of Microsoft products vs. Linux products using more objective criteria than Ballmer used in this quote.
PS - I couldn't find a transcript of the full speech and it would be interesting to see if he elaborated his argument beyond the soundbite listed above. If anyone finds a transcript, please link to it in the comment section below.[Read More]
IBM Fellow and self-ascribed "alpha geek" Grady Booch speaks to the benefits and the danger of over-selling service-oriented architecture.
Service-oriented architecture is one of those IT topics that drive me crazy because:
Grady is no luddite but he's more interested in creating good software than in creating hype around a hot methodology.
Check it out.
PS - If you'd like to learn more about SOA or think that SOA is nothing but hype, check out this article which lays out the practical benefits of SOA and puts them into a historical context.[Read More]
After a two month hiatus, Alan Brown is blogging again.
Alan's in charge of model-driven development strategy for Rational and used to work for the Software Engineering Institute (SEI) at Carnegie Mellon.
He wrote a good book called Large Scale Component Driven Development that is the first source I can find that mentions service-orientation, though there is probably something before that.
Also, he and Grady Booch co-authored a really excellent paper on Collaborative Development Environments that is driving a lot of my work these days.
Anyhow, check it out - he's got some really interesting things to say.[Read More]
This isn't related to work at IBM, but there may be a few fellow Star Wars geeks out there who are interested.
Starwars.com has posted the teaser trailer for Star Wars Episode III, "Revenge of the Sith".
The term "teaser trailer" is movie lingo for a short preview which doesn't really tell you much about the movie but shows some cool images and gives you the general theme. Teaser trailers usually come out about a half year before a big movie comes out to make the public aware that it is on the horizon. Then about two months before the movie the actual full-blown trailer comes out that reveals part of the plot. Then a couple of weeks before the movie comes out you start seeing short TV advertisements.
Why are they called "trailers"? A long time ago previews for new movies were shown *after* the feature presentation completed, rather than before. In other words, they trailed the main feature. The term has stuck even though the original meaning is now inaccurate.
Sort of like SOAP. Originally it stood for "Simple Object Access Protocol". Now according to the SOAP 1.2 specification:
In previous versions of this specification the SOAP name was an acronym. This is no longer the case.[Read More]
I said in the last post that I was going to review Bruce Schneier's book Secrets and Lies which is Ted Neward's (and now my) essential primer on digital security.
Schneier introduced me to the term "countermeasure" which is simply some mechanism that either attempts to prevent or effectively respond to a security incident.
I had to think of this while watching Weird Science (the movie) on cable this weekend. For those of you who weren't a young boy in the 1980s, Weird Science is about a couple of high-school nerds, Gary and Wyatt, who use their computer skills to create a woman they name Lisa who has supermodel looks (played by Kelly LeBrock), magic powers, and who will do whatever Gary and Wyatt want her to do (yes, this was a movie squarely targeted at adolescent males).
They create her through a computer program that simulates the creation of a woman, both physical and mental characteristics. They hack into a government facility to get more computer power, wire a Barbie doll up to their computer and voil, there she is.
Anyhow, it's a movie worth seeing, if only for the performance of Bill Paxton as Wyatt's incredibly obnoxious brother Chet, but the reason I mention it here is because of something to do with computer security.
As mentioned before, through a circa 1985 personal computer, Wyatt and Gary hack into a government facility to "steal more computer power". Ok, fair enough. But what was really cool to me then and hilarious to me now was the government system's response to being hacked. I have never attempted to hack a system but I imagine that if you got user access to a computer you hacked, you would either see a command prompt or a typical Windows / Linux / whatever GUI. But not the government computer that Wyatt hacks. When Wyatt bypasses the security program he is treated to a vivid artsy display of 3-dimensional graphics including freaky faces and whirling clocks - sort of suggesting that they've entered a secret wonderful computer world that they didn't know existed.
I realize that this is a movie so I'm not criticizing it for not being realistic. It's just that after working as a programmer it's funny to imagine a scenario that would lead to the existence of such a "feature". Say you're a system designer for the National Security Agency (NSA) and security is of utmost importance. You're in a meeting discussing what should be the response to a system security breach.
I wonder if the NSA sub-contracted to a graphics programming shop to improve the quality of the break-in graphics? And what was the budget to design and implement said graphics?
Ah, movies that involve computer programming are funny. But I guess in a movie that's based on the premise that using 286 PC, a modem and a Barbie doll, you can generate a living breathing woman resembling Kelly LeBrock who can perform magic ... then in comparison displaying fancy graphics in response to a security breach is pretty believable!
Then again, Microsoft Excel 1997 included a hidden flight-simulation video game, so perhaps it's not so far-fetched to have such a feature![Read More]
After my initial burst of posting I've had a slow couple of weeks. This is because I've been in a heavy input mode. I tend to go through phases of heavy input where I'm reading a lot of books and articles and generally studying, then going into a heavy output mode where I do a lot of work and post to this blog.
So I'll say a few words about what I've been reading. As I mentioned in an earlier post, Ted Neward's book, Effective Enterprise Java is a must have for all enterprise Java programmers. However, it is by design a breadth book, not a depth book. It touches on essential practices related to such huge topics as architecture, inter-process communication, security, state management, and others. But Ted recognized this and supplements each section with references to books that he considers to be the essential primers and/or references on each topic.
These last couple of weeks I read Ted's primers on transaction processing and security. So here is a review of the transaction processing book (I'll do one on the security book later).
Principles of Transaction Processing by Bernstein and Newcomer
This book was written in 1997 which is often considered ancient in "Internet-years" but it is still very relevant because it focuses on fundamental principles of transaction processing (TP) rather than the latest whiz-bang technologies that optimize TP.
For those of you who aren't TP experts, a transaction is a computer operation that meets the ACID test. ACID here stands for:
Why does this matter to the system user or stakeholder? The canonical example is that of the ATM machine (or the "handy bank" if you're Australian). When you withdrawl money from an ATM, it has to go out and validate you have enough funds to meet the withdrawl, reserve those funds, and dispense cash - all within the same transaction. If the ATM failed after your bank account had been debited but before you'd gotten your money, you'd be very upset; conversely if the cash was dispensed but the debit procedure failed, the bank would be very upset. Ted provides very amusing analogy for this using a wedding ceremony but you can read that in his book.
There's a whole lot more to transaction processing beyond ACID and the ATM example, including two-phase commit (TPC), high-availability, massive concurrency, and crash recovery. To find out about all of these topics, read the book. One thing to remember though is that most application developers will never have to deal with the extremely complex details of providing a working and robust transaction management implementation, but like any technology it's important to understand the technology's fundamental principles and mechanics to effectively use it.
The book itself is extremely dense. The content of the book is "only" 324 pages long but covers a large amount of ground in a good amount of detail. Definitely read in a quiet place free of interruptions with a strong cup of coffee.
One shortcoming of the book is that it was written in 1997 so it doesn't cover TP implementations in Java (e.g. JTA, EJBs, etc.) but it was nice to finally find out what the heck IBM's CICS and IMS products are.
Interestingly enough, I have never had to deal with complex transaction processing (i.e. two-phase commit) in my short IBM career. This is probably because I've worked on business-to-consumer (B2C) applications where only one data source is involved rather than a business-to-business system where multiple data sources are involved. I'll have to ask the B2B guys if they get heavy into two-phase commit or if it's not an issue.
The reason I read this book is because I've always been a bit mystified by Enterprise JavaBeans (EJBs). When I joined IBM, I knew the word, but I was not familiar with such topics as object-relational persistence, object remoting, and transaction processing, so to me EJBs were simply things that took four classes/interfaces to do what I could do in one simple POJO. Ted Neward, in a very interesting web interview on the Serverside.com mentioned that he used to think EJBs were completely worthless, but during the process of writing Effective Enterprise Java came to realize that they were not worthless but rather over-marketed. He said that they should have been called Transactional JavaBeans rather than Enterprise JavaBeans because transactions are what EJBs did very well. So, hearing this from Ted I decided to read a book on fundamentals of transaction processing, so that I could understand EJBs better. Now that I've read all about TP principles, I pick Richard Monson-Haefel's book again, and all of a sudden EJBs start to make a lot more sense.
Alright, well I've managed to ramble on about the transaction processing book long enough to turn this into yet another lengthy entry. I'll do a write-up on the security book (Bruce Schneier's "Secrets and Lies") another night.[Read More]