April 2011 Archives

Dubai programmers show self-sufficiency in mobile app development

bridgwatera | 1 Comment
| More

Developer-centric attention is perhaps all too often focused on the code, commits and contributions emanating from Burlingame (next to LAX airport), Berkshire and Bangalore.

But a vibrant ecosystem of software application development activity is also bubbling in the UAE, with the country's programmer community focused especially closely on mobile apps in both English and Arabic language versions.

Self-sufficiency is the watchword for developers in this region; where resources are not available (for whatever reason), local dev shops appear to have rebuilt from scratch -- surely giving their Western counterparts a lesson in proactivity?

Web developer M. Saleh Esmaeili of Dubai-based company 'dots & lines' is the product lead behind Carbon, a Twitter client for webOS devices.

According to the product's official literature, "Carbon was initially developed because the developers behind it could not access paid apps in the HP App Catalog from Dubai. What started as a need is now one of the most prominent, respected and loved Twitter clients on webOS in under six weeks of its Beta release."

Currently available for Palm Pre/Pre+/Pre2, Pixi/Pixi - Carbon maintains a position of being a webOS app first, and a Twitter client, second.

As a Twitter client, most of the app features are accessed within two taps or by just flicking your way around the GUI. Advanced gestures such as Power Scroll and webOS-only features such as #Hashcard are some of the features in Carbon that were firsts for webOS and Twitter clients.

Given the UAE's reputation for rapid growth and development, perhaps we should be eying this market for closely in terms of its aptitude for mobile software application development?

A suggestion I think that is further compounded by the recent TNS Mobile Life research study, which found that Saudi Arabia has world's highest smartphone penetration at 86% / population, UAE follows with 75% and Singapore is third at 72%.

British-born UAE IT industry commentator and broadcaster Alexander McNabb has said that, "Mobile applications are starting emerge from regional developers and we are seeing significant growth in the innovation not only of developers in the UAE, but in Egypt and, in particular, Jordan - which has a small but strong IP creation industry."

"The Middle East is a fast-moving, vibrant mobile market and the GCC, in particular, displays very strong rates of adoption of new technologies. Paid apps are still hard to come by here, with many global content and application providers such as Amazon, Apple and the Android Market choosing not to sell paid content and apps and this will only foster faster growth of home grown applications," added McNabb.

The region itself has recently witnessed the Planet of the Apps Arabia 2011 conference and the Apps Arabia programme, which is described as "An exciting new initiative that creates unprecedented opportunities for everyone involved in the development of apps in The Middle East & North Africa."

Time to think twice about how you plan your next business trip to Dubai perhaps?

Dubai.JPG

Dubai's innovation heritage, so-called "wind-towers" pre-date modern air con - and they're cheaper and better looking too!

Something old, something new, something secure & something blue

bridgwatera | No Comments
| More

Last week's InfoSec security exhibition was pretty good value. The usual mix of briefings, stands and "booth babe" show girls, packets of complementary (but heavily logo-branded) mints and candies, on-the-spot interviews and -- oh yes, vendors and news announcements too.

So as I bounced between the stands and spent a good deal of time with companies including SecureData and Websense (watch this space for more from both), I also got a basin full of IBM.

AB CW.png

Now IBM, as we know, makes a version of pretty much everything. So how does its security offering match up?

Something old

IBM says it is, "The only technology provider with more than 40 years of security development and innovation."

Hmm, this sounds like an overly grandiose claim, but then again, not many IT companies go back as far as IBM. Julius Caesar apparently invented his own message cipher back around 50 BC, but he wasn't VAT registered, so he wasn't strictly a company in his own right - perhaps we'll have to allow IBM to say this then?

Something new

IBM says it has made 11 security-related acquisitions since 2006, including Ounce Labs, Internet Security Systems, Watchfire and most recently BigFix. This is what the company has been spending its pocket money on recently, so this is our "new" factor.

Something secure

Today, IBM says it has more than 250 security-related products and services as well as nine worldwide research labs and nine security operations centres.

Developers touching IBM security technologies will work with products such as IBM Rational Asset Manager, which supports integration with the Tivoli Change and Configuration Management Database (CCMDB).

"Developers can automatically create assets in Rational Asset Manager from existing configuration items (CIs) in CCMDB and use Rational Asset Manager as a Definitive Software Library (DSL) for storing software images," says the company.

Something blue

Into deeper Big Blue IBM territory to finish, we find that IBM has announced the results from its 2010 X-Force Trend & Risk Report, which marks a year where public and private organisations around the world faced increasingly sophisticated, targeted IT security threats.

Vulner.png

IBM: Security Vulnerabilities Per Year

According to IBM's report, "More than 8,000 new vulnerabilities were documented, a 27 percent rise from 2009. Public exploit releases were also up 21 percent from 2009 to 2010. This data points to an expanding threat landscape in which sophisticated attacks are being launched against increasingly complex computing environments.
"

Garter: in applications, it's design that makes the difference

bridgwatera | No Comments
| More

Gartner is hosting an application architecture, development & integration summit 2011 in London on June 16 this year.

So what right?

Gartner does this all the time doesn't it?

Well, yes it does -- and this one isn't that much different on the face of it. This is the usual corporate shindig with so-called "application development specialists" talking about overhauling application portfolios to support business growth in a more agile, collaborative way.

Strategic design = modernised applications

But hang on -- it's gets better.

Gartner is suggesting that as a business now strategically designs to modernise its applications stack, it will need to also undertake a transition to also modernise
more-modern languages, architectures and runtime environments.

I'm going to quote directly from Gartner's keynote synopsis, as I think (for a company that can push out some arguably quite wishy washy surveys) that this is good solid stuff:

"Demand for application services is exploding. Business managers under pressure to perform want changes to existing applications and they want new applications. Now. At the same time, applications technology choices are expanding rapidly. Cloud. SOA. Mobile. Event-driven. Context-aware. Agile. IT is challenged to be more responsive, even visionary and entrepreneurial."

"All are somewhat myopically focused on the needs of constituencies. But all expect everything to be integrated, reliable, resilient, secure, usable, adaptable and low-cost to operate - in short, to be well-engineered. Architecture can describe the satellite-level view of how this happens - but translating the architectural vision into practical engineering demands design of the highest quality."

Gartner's opening keynote: In Applications, it's Design that Makes the Difference
is on Thursday 16 June, 09.15-10.00

Modern.jpg


Infosec 2011: application (development) appetisers Part I

bridgwatera | No Comments
| More

For the average attendee, London's Infosecurity Europe (Infosec) event this week represents a chance to review the great and the good of the security industry's latest vendor offerings.

For myself, I will be aiming to uncover some of the trends that come out from this event from a software application developer's perspective.

InfoSec.jpg

Just last night I was communicating with Chris Eng, who is senior director of security research at Veracode on the subject of SQL injections and the application vulnerabilities that arise from it.

But what are the root causes of this issue -- and will Infosec help provide answers?

"Either companies are not incorporating security processes such as education, threat modeling and security testing into their software development lifecycle, or their security processes are simply not working," suggests Eng.

"Data from our recent application security survey shows that over 50 percent of users who took an Application Security Fundamentals exam (a very basic exam) through our service platform received a grade of C or lower, with over 30 percent of them received a failing grade of D or F. If developers lack an understanding of security concepts to this degree, it's no wonder that they are making the same mistakes over and over resulting in vulnerable code," said Eng.

So I asked for a list of topics that I might see covered at Infosec this year -- and this is what I got:

· Mobile Security
· PCI DSS
· Web security and hackers
· Two-factor tokenless authentication
· Vulnerability and penetration testing
· Data in transport and encryption
· Firewalls
· Insider threats and Identity Management
· Encryption Key Management
· Security around Unstructured data
· Advanced Persistent Threats
· Social Media
· Cloud Computing
· and more...

But -- and it is a BIG BUT! Too much of the information pumped out at this event is surface level.

Like my recent beef over Adobe not explaining how its products work -- we need to know more about the "guts" of these new so-called "offerings" right?

Just to pick one example from many exhibitors. Mr Andy Cordial, MD of Origin Storage, will be at the show demonstrating his company's Data Locker product, a military grade hardware encryption tool, as well as Enigma, a self-encrypting drive.

Great Andy, nice one! Will you be explaining:

Who: from within the application development and systems administration team is best suited to use and be tasked with implementing this product?

What: kind of implementation skills will be needed to make this product work well operationally?

When: this product should be implemented in the total application development lifecycle?

Why: if this product's USP such an appeal proposition for those working at the command line?

I could go on, you get the point. Will we get gutsy earthiness? Or will we get gut busting marketing puff?

One can only hope.

Cloud computing is NOT a product, discuss

bridgwatera | No Comments
| More

I was working on a story this week that examined cloud computing adoption - but please don't stop reading yet!

OK so here's the basic stuff - Gartner estimates that in 2010, cloud computing service revenue was estimated to be somewhere around £41 billion, a nearly 17 percent increase from 2009.

Stay with me please ... although it gets worse first, it then gets easier.

Following on from Gartner's estimations, some analysts have reportedly further estimated that we will see this figure to leap to £90 billion by 2014.

So are these estimates worthwhile?

Clive Longbottom, service director at IT analyst house Quocirca thinks not.

"On these £gazillion per year figures -- I really don't give a flying one. Cloud is not a product, so can't be costed as a market like this. It's such a mix of services, hardware, licences and maintenance etc. that you can give it any figure you want and stand by it," said Longbottom.

Is it time for us to change the way we talk about the cloud and measure it?

It may well be so.

How shalt we configure & manage the cloud, oh lord?

bridgwatera | No Comments
| More

That's the thing about cloud computing configuration and management stories isn't it? You wait around all month for one and then three come along at once.

Skytap has been vocal this week on its point-and-click UI cloud management tool, which the company says is suited to what it calls "functional users" i.e. those who want to use the cloud for development, testing and IT sandbox projects.

Presumably "functional users" can't configure a cloud (or least a hybrid cloud) on their own then by Skytap's definition right?

Manager File.png

According to the company, "Hybrid clouds usually require three things: an onsite data centre, a public cloud and an IT person dedicated to spending days connecting the two. Despite the benefits of hybrid clouds, setting up and configuring them has proven to be costly, complex, and time consuming for most enterprises and software vendors to implement. In February of 2011 Skytap expanded its usability capabilities by launching a set of new networking features for creating hybrid clouds in under 10 minutes."

No cloud without ERP?

Skytap's comments come in the same week that Steve Ballmer and team have been talking about how companies can use Microsoft Dynamics AX 2012 as an ERP (enterprise resource planning) solution to anticipate and embrace change as the cloud model becomes more deeply embedded. "With agility made possible by a unified business process repository, model-driven architecture and simplicity that comes from a familiar user experience and built-in collaboration tools," said Kirill Tatarinov, corporate vice president for Microsoft Business Solutions.

... and then there's IBM.

IBM says that it is bringing automation and standardisation to simplify cloud software deployment, taking human error and latency and manual labour out of the equation.

"For the first time, clients will be able to use a simple web-based interface to easily install applications, configure databases and set up security for the cloud services they consume or deliver to their customers. Delivered with built-in monitoring, life-cycle management and resource elasticity, the software can dramatically accelerate cloud deployment," says IBM.

Readers will note the use of "for the first time" in the above paragraph and the fact that I referred to several companies being vocal on this subject just now.

Much though I respect IBM, its core values, its brand strength and its very affable employees -- the company does have a bad habit of waiting until word 457 in a 759 word press release to actually mention what its product is called.

In this case it is called IBM Workload Deployer (previously known as WebSphere CloudBurst Appliance) --

We are interested IBM, but don't keep us waiting so long please.

Anyway - there you have it. The cloud is deeper ingrained into our technology stacks and we're starting to talk about real management, configuration and monitoring issues relating to cloud resources.

Good isn't it?

Microsoft showcases developer 'platform preview' of Internet Explorer 10

bridgwatera | No Comments
| More

Late this evening we are hearing news of the first developer platform preview of Internet Explorer 10 coming out of MIX 2011, Microsoft's annual web designer and developer conference, which is taking place in Las Vegas this week.

The company is already keen to engage developers in the drive to popularise its next browser -- and says it will announce new builds for the platform roughly every 12 weeks at this stage.

The Internet Explorer 'platform preview' is available at the Microsoft TestDrive site here http://ie.microsoft.com/testdrive/ and is expected to ship with Windows 8 if and when it meets its development deadlines in 2012.

The following preview images and captions are courtesy of the Microsoft Press Pass resource.


Internet Explorer 10 Platform Preview Fish Bowl Demo

IETestDrive_FishBowl_web.jpg

Internet Explorer 10 Platform Preview demo illustrating full hardware acceleration, allowing graphics on the Web to take advantage of the entire PC via the GPU.


Internet Explorer 10 Platform Preview CSS Gradient Demo

IE2TestDrive_CSSGradientMaker_web.jpg

Internet Explorer 10 Platform Preview demo to create CSS background-image gradient using the same CSS markup as proposed by W3C.

Adobe ups the ante, but it never tells us how it does it

bridgwatera | No Comments
| More

Today you can feast on what is commonly known as a "mid-cycle" product release as Adobe comes high kicking its way to market with the 5.5 version of the Creative Suite 5.5 product line.

No don't get me wrong. I harbour a deeply biased adoration of InDesign and all of its cute little brothers and sisters, these are some of the best software products this planet will ever see on the consumer/professional desktop in my opinion.

But, why doesn't Adobe ever explain HOW it does what it does?

adobe-image.jpg

A year ago this week (give or take) I was sat in an Adobe briefing with a "super excited" spokesperson giving us the tour de force on Photoshop Elements 9 and I only had one question for him.

"I love the new offering. Very interesting to see that you've re-architected the application to present it to less technical users in this way. How did you do that?"

That was 2010.

It is now 2011.

I have never had an answer.

Today's news sees (the very lovely) Creative Suite 5.5 now delivered with innovations across Flash, HTML5, video, mobile apps and digital publishing tools.

These "innovations" are said to, "Enable designers and developers to target popular and emerging smartphone and tablet platforms, as the revolution in mobile communications fundamentally changes the way content is distributed and consumed."

Here's the best bit from the press release:

With today's announcements, Adobe is extending the creative process beyond the desktop by helping integrate tablet devices into creative workflows. A new scripting engine in Adobe Photoshop and an enhanced Photoshop Software Development Kit (SDK) enable developers to build tablet applications that interact with Photoshop from Android, BlackBerry and iOS devices. Adobe also announced three new iPad applications that demonstrate the creative possibilities of using tablets to drive common Photoshop workflows - Adobe Color Lava for Photoshop, Adobe Eazel for Photoshop and Adobe Nav for Photoshop.

So like brilliant yeah, a cool new product. You know what it does and you can visit the company's website for pricing details and everything!

But how did they build in these extra new tools?

Best we don't ask - just go and have a cuppa.

Developers beware; the lethal SQL (injection) stalks this night

bridgwatera | No Comments
| More

CAST Software's press team has been a busy lot this week. Just last night I was working on a story that talks about the company's opinions on sloppy programmer code validation practices and how this can lead to SQL code injections targeted at the database layer of an application.

The software quality analysis company says that if programmers ignore so-called "application component interaction patterns", then this leaves doors open to malicious attacks.

"While SQL injection is not a new exploit, applications continue to be vulnerable to it. It's not because developers and architects don't know about them or don't have the skill to prevent them -- it's because they can't see them, or worse, they may think they've prevented it, but something outside their range of competence conspires against them," says the company in a press statement.

Not surprisingly, CAST has an automated system that can look for patterns in the application -- patterns of component interactions -- that can potentially compromise the application.

But CAST is not the only company vocal on this subject.

Technical director at F5 Networks Owen Cole says that, "SQL injection attacks are amongst the stealthiest hacking attempts. Attackers have learned that the Trojan Horse can be easily recognised by application firewalls and denied entry into the application infrastructure completely."

Consequently, Owen says that we have seen a modified kind of attack born, the Trojan Zebra.

Zebra_face.jpg

"Standard Trojan horses can easily be corralled by matching suspicious text within the query, but zebras conceal the attack characters within a string of text, rather like a single malicious zebra within an otherwise benign herd. This is simply the next step along the evolutionary arms race of hacking, but organisations can counteract such threats by normalising text and examining both URLs and characters within the text without being fooled by lack of spaces within the entry, for example," said Owen.

Looking further afield for still more opinions in this space we find Tony Haverson, a senior developer at a popular online dating site.

"There are easy and proven ways to prevent SQL injection in most modern programming environments and when best practice is followed, it should prevent the attacks by virtue of preventing user input from being treated as any thing other than data. Parameterising SQL queries, for example, rather than constructing text sql queries out of the user input, will completely defeat SQL injection attacks. For example, microsoft's best practices for preventing sql injection are at http://msdn.microsoft.com/en-us/library/ms161953.aspx."

"This suggests that the solution to these vulnerabilities lies in developer education and proper application of defensive programming in validating user input."

"The use of automated tools as a backstop to these practices is very useful. Developers should be writing unit or integration tests to catch these sorts of omissions, but few developers ever have the time or inclination to write enough cover to catch all of this."

"SQL injection attacks are really just a subset of the larger set of security issues raised by improper verification of input, which include cross-site scripting attacks in a web context, where a malicious user will cause the victim site to display content or run JavaScript code of the malicious user's choice," said Haverson.

Don't say legacy applications, say LONGEVITY applications!

bridgwatera | No Comments
| More

I wrote a blog post this week detailing what I called this misnaming of legacy applications, suggesting that we should instead call them 'longevity' applications - as essentially, they still work and should be looked upon as things of value.

In an attempt to try and make this renaming of the term stick, let me try and reinforce the point with a few comments from the industry.

So remember, my suggestion is -- just what is a legacy application anyway? It's not a bad thing, it's just software that works right?

TAG.jpg

Mateen Greenway, HP Fellow and CT EMEA Defence, Security, Government & Healthcare at HP agrees with me.

"Quite right. Anything in production, be it COBOL, Java, Microsoft .Net or a web app written in HTML can be considered a legacy application. The term legacy application should not be perceived as synonymous with senility or anachronism any more than the cloud should be considered a silver bullet," said Greenway.

Relating his comments to my question of whether so-called legacy apps should be migrated to the cloud, Greenway added, "Certainly the cloud has vast potential for improving the efficiency and flexibility of a business but only if leveraged sensibly and, at this stage, selectively."

Simon Gay, CTO at Adapt, an independent IT managed services provider also appears to be on the same page.

"Legacy applications are retained by businesses as they still serve a purpose or deliver value. Complex Unix or mainframe legacy applications will never be contenders for the cloud because the cost of virtualisation will often exceed the cost of updating to more modern code.

"However, some legacy applications are candidates for virtualisation. Intel-based applications can be encapsulated in a virtual "bubble", guaranteeing minimal change with high availability," said Gay.

Come with me on the LONGEVITY trip please.

I'm asking nicely after all :-)

June is cloud month, is this strategic cumulo stratus real?

bridgwatera | No Comments
| More

The time is right for cloud computing - discuss. The hype of cloud computing launch fever has (to some degree) settled down to a pleasing cloudscape of strategic cumulo stratos has it not?

So why should you look skyward to the cloud this summer.

Firstly - and most importantly, the deployment of truly workable hybrid clouds is starting to become the new norm. The combination of public cloud efficiency matched with private cloud security makes so much sense that we are perhaps just witnessing phase #1 of its total evolution; there is much more to come.

Secondly - and most of the reason for this blog if I am honest; there's a whole heap of cloud conferences, conventions, symposiums (call that what you will) scheduled for the early summer of 2011.

6 - 9 June - is the 8th International Cloud Expo - in New York.
http://cloudcomputingexpo.com/

22 - 23 June - is the 4th Structure 2001 event (this is GigaOm's cloud event) - in San Francisco
http://event.gigaom.com/structure/

21 - 22 June - is the 3rd Cloud Computing World Forum - held in London
http://www.cloudwf.com/

Backing up this kind of content is the fact that companies like Rackspace are saying that the interest of small- to medium-sized businesses has been piqued by the computing power of the cloud in recent years -- and uptake among such firms will continue, resulting in nearly 40 per cent of SMBs paying for cloud services by 2014.

Rackspace is quoting a survey - conducted by market research firm Edge Strategies and collecting data from across 16 countries, including the UK, the USA, several European countries and emerging economies China and India - which polled businesses with fewer than 250 employees and found 39 per cent of them expected to be paying for at least one cloud service in three years' time.

So - anyone attending these events might do well to ask for customer case study materials. Although these can be somewhat dry at the best of times. We are looking for what I would call EMPIRICAL PRACTICAL IMPLEMENTATION BY REAL WORLD PRACTITIONERS.

So let's not let the vendors simply cloud the issue eh?

Sorry - worst technical pun I have ever made.

Legacy applications is a misnomer

bridgwatera | No Comments
| More

This week I am writing a feature for a newly launched website devoted to cloud computing pros. My subject matter in hand is legacy applications and their potential migration to the cloud.

Interestingly, when I asked openly for some industry feedback on this subject I got more than I could eat by a magnitude of roughly 10 times.

This "content overload" is because:

a) new websites are sexy and companies want to be seen on them
b) PR companies want clients to be seen anywhere & everywhere, whatever
c) cloud computing is super hot and every IT vendor has to have a public stance on it
or d) it's a real world IT issue that we should all be more concerned with...

Or is it all of the above?

old.jpg

Anyway - two of the most interesting things I read on legacy apps (in relation to how we should view them) are the following teasers:

i) Legacy applications need not be old, cranky and ungainly - they are still in use after all! So this (you could argue) means that this is quite simply SOFTWARE THAT STILL WORKS.

... or if you were very snide and cynical; this is software that ACTUALLY works - given that so much of it is argued to be badly delivered.

i) Forget old, cranky and ungainly - legacy applications need not even be old. We should think differently. Windows 95 running that year's version of Excel is a legacy app - but so is Windows 7 running last week's company database on Excel without that latest Microsoft Service Pack update.

I'll say it one more time. The term "legacy" implies negativity in technology-centric circles and, as it stands, does not convey a robust application's true worth.

Perhaps we should use a term that suggests heritage, robustness and strength and call them LONGEVITY applications?

Do I have any takers?

Subscribe to blog feed

About this Archive

This page is an archive of entries from April 2011 listed from newest to oldest.

March 2011 is the previous archive.

May 2011 is the next archive.

Find recent content on the main index or look in the archives to find all content.