November 2011 Archives

Gartner talks application architecture in Las Vegas

bridgwatera | No Comments
| More

Analyst firm Gartner is currently avoiding the onset of winter by staging its "Application Architecture, Development & Integration Summit" in Las Vegas this week.

Although press invites to international Gartner events are as rare as a good hair day for Donald Trump, we can at least "enjoy" some of the news online and take a look at what is being said.

This event sets out to update and inform on SOA and ADI. Overuse of acronyms maybe, but SOA we know to be Service Oriented (or Orientated even) Architectures. ADI logically then is Application Development (&) Integration.

Gartner appears to have set out a forum to discuss the future of software architecture as well as its development, integration and usage in the cloud.

A cynic might argue that this event is merely a showboat for the company to sell its analysts' services and recommendations on how to approach software architecture tasks in the new world of cloud, big data and mobile.

But as I'm not feeling cynical today, I won't suggest that.

According to Gartner, "Organisations must plan for the rapid emergence of cloud and they need to further integrate SOA and overhaul their application portfolios in order to reduce escalating costs and free up resources to invest in supporting growth and innovation."


The many ages of mobile application development

bridgwatera | No Comments
| More

Have you noticed how often your applications are being updated these days? Especially so in mobile, it seems like the same apps are being updated every 10 days or so at times.

Popular rumour suggests that part of the reason for this may be the way we (as users) are prepared to accept mobile applications with initially limited features on the promise of later extensions.

Where we initially needed a mobile app to "ape" its mobile equivalent with perhaps 20 or so distinguishing features - it now appears acceptable to push initial versions of mobile apps out with just a handful (2 or 3 even) of features and then build upon that foundation with updates.

So what has governed the process of application creation for these devices?

William Coleman, developer product manager lead at Microsoft UK suggests that prior to smartphones becoming the dominant mobile platform, application development was centered around the enterprise, OEMs and mobile operators.

"Mobile apps were commissioned and developed by OEMs and mobile operators as a way for them to differentiate their offerings from rivals. Over the last few years there has been a burst of 'consumer-facing' apps due to easier access to the end user as well as robust software development kits (SDKs) to create the apps. The combination of marketplaces, decent SDKs and the growing demand for smartphones has opened up a huge opportunity for developers as they can quickly get an app exposed to millions of people," said Coleman.

Microsoft's mobile lead also asserts that developers outside of the mobile industry have joined in here -- and so a "new breed of developer" has emerged i.e. the number of amateur, independent and smaller shops has grown rapidly.

"Previously software development was often focused on large projects in the enterprise, but over the past four years there has been a growing focus on creating smaller apps aimed at consumers. Users expect a consistent experience across platforms - whether websites, applications for smartpones and slates/tablets or web apps - and a well thought out journey as well. The way the user interacts with the app is therefore crucial to its success, and so developers need a flair for user experience or should look to work with a designer."

Coleman says that this whole environment, with the relatively low price points of mobile apps, is leading to consumers devaluing apps and creating a 'throw away' app culture. This means that developers need to be at the top of their game and look at providing their customers with relevant updates and new content.

Microsoft's customers appear to concur.

According to Ian Blackburn, CEO of bbits, "Developing mobile applications is a very different approach to desktop apps - essentially you're keeping complexity out of the mobile apps and putting it in richer desktop apps or in automated services running in cloud services like Windows Azure. For mobile appswe've moved from a very fragmented collection of devices, resolutions and capabilities to devices which are more standardised and predictable."

This is a fast changing marketplace, this story is far from over.

How should developers learn the cloud?

bridgwatera | 1 Comment
| More

I've invented a new game. It's called "Cloud Teach or Leech". Here's how you play.

Open up your browser and Google "xyz cloud tuition" and look at the results where xyz = a cloud hosting provider of your choice.

If the majority of your search results relate to xyz provider trying to tell you how well its cloud services work in the education market, then you have a leech and a bloodsucker. Go to jail, do not pass GO, do not collect £200.

If you manage to get some results detailing developer learning resources for cloud focused programmers then bingo! You have won a cloud teach star!

With my new game system you'll be able to assess whether a cloud player is more concerned with winning new customers than trying to promote skills excellence.

Now I could pick any major vendor, but as Microsoft's 'Learn' portal for Azure isn't half bad, let's take a quick look.

This site sets out to provides guidance on getting started, data, managing services, planning & design, access control, service integration, monitoring, migration & performance.


Mark Quirk, Azure product manager at Microsoft UK points out what he calls a "key resource" available here -- the getting started page is essentially the Windows Azure platform training kit which includes walkthrough tutorials, code samples and what Microsoft likes to call "real world guidance" for programmers.

Speaking to the Computer Weekly Developer Network blog directly, Microsoft's Quirk explained the skills challenge (and opportunity) for cloud developers here.

"Once you have installed the Azure SDK, it's really straight forward to get started. The complexity is really dependent on your application and your existing knowledge. For example, if you want to build an application that dynamically scales up and down, your understanding of how to design an application that scales across multiple servers will have a big impact -- a much bigger impact than understanding the tools or SDK," said Quirk.

There are versions of the SDK for .NET, Java, PHP and Ruby, though the core SDK can be used for any programming language/runtime.

"There are additional helper device toolkits to simplify working with specific devices (there's no requirement to use these kits, they are helpers) -- for example there are toolkits for Windows Phone, Apple iOS and Google Android," he added.

So Microsoft appears to take cloud developer training pretty seriously. Can we knock them for anything? Not really -- the company uses some of the key cloud-centric messages that its competitors are fond of, but that's hardly a crime.

Do Microsoft's learning resources come with a cheesy smile and the odd "we're super excited to bring you this new development" type of comment?

What do you think?

Hacking Apple Siri to broaden speech recognition

bridgwatera | No Comments
| More

Apple's natural language speech recognition Siri technology appears to be receiving plenty of interest from the developer community just now.

More accurately, the Siri speech user interface is being actively hacked with a view to extending it into third-party applications; something that is not currently possible given that Apple has not released a Siri SDK.

Developers at Paris-based firm Applidium have reverse engineered Siri's speech-to-text conversion capabilities and published a brief technical explanation of the protocol and some sample code for programmers that might want to pursue this opportunity.

Applidium's efforts are not the only hack here. A St Louis Missouri-based programmer known as @plamoni has built a means of running a proxy server on his desktop PC to fool Siri into thinking it is talking to Apple's servers.

According to the GitHub project page describing this "tampering" proxy server, "Siri Proxy is a proxy server for Apple's Siri assistant. The idea is to allow for the creation of custom handlers for different actions. This can allow developers to easily add functionality to Siri."


Apple is thought to be both tightening up security controls on Siri and working towards making the technology more open anyway in the near future.

Microsoft student programmers follow UN development goals

bridgwatera | No Comments
| More

Now in its tenth year, Microsoft's student developer competition The Imagine Cup will hold its 2012 worldwide finals in Sydney, Australia.

This year's theme has been designed to run close to the world challenges being addressed by the United Nations Millennium Development Goals (MDGs).

As part of their Imagine Cup entry, students must explain how they would use technology to help solve some of the world's toughest problems.

"Already the MDGs have helped lift millions of people out of poverty, save countless children's lives and ensure that they attend school," said UN Secretary-General Ban Ki-moon in July of this year.

"They [MDGs] have reduced maternal deaths, expanded opportunities for women, increased access to clean water and freed many people from deadly and debilitating disease.

Imagine Cup.png

For Imagine Cup 2012, students can choose from three team competitions -- Software Design, Game Design: Xbox/Windows, and Game Design: Phone.

According to the Windows Azure team blog, "Students already signed up to compete in the three competitions can increase their chances to share their world-changing ideas by signing up to compete in the Windows Azure or Windows Phone Challenge."

Windows Azure has been a popular technology among Imagine Cup students in past years. In fact, 32% (36 projects) in last year's competition used Windows Azure.

You can read more here for competition details, FAQs and examples of previous years' winners.

Business software development needs to get Agile like Flickr

bridgwatera | No Comments
| More

Just as the Indian subcontinent has its Hindu's, Christians, Buddhists and Jains, software application development has its many methodologies from Scrum, to Extreme, to Waterfall, to Rational Unified, to Agile.

But, for software development, which is best?

Thankfully we don't have to choose a single definitive process and (generally speaking) we can apply different methodologies to different development environments and use cases.

So what's the problem?

Agile development seems to have received more than its fair share of media attention in recent years. Yet it is still sometimes criticised for not being "robust enough for serious organisations" from time to time. Other comments suggest that it may get a project started off rapidly, but ultimately in the long term it's more costly.

Martin Cheesbrough is CTO of financial services and energy trading software development company Digiterre. Cheesbrough maintains that the problem here may be that some organisations simply don't understand Agile.

A home truth -- unlike other approaches, Agile doesn't come with a weighty 300-page book of what to do, and what not, to do. Instead Agile is based on a set of guiding principles that fit onto one sheet of A4.

"Problems often occur when 'process-orientated-people' think that delivering a project using Agile involves following an 'Agile process'. Agile advocates a little and often approach with the development team given complete autonomy over their tasks. The feedback loop is ongoing and concise. This ensures that you stay on track and collaborate but also guarantees that the project keeps moving and remains relevant to the business. That's the theory - and it makes perfect sense. But when putting it into practice something seems to break down. Agile isn't about becoming a slave to process; instead it concentrates on getting the most out of the development team and playing to each person's strengths. Smart, creative individuals that are able to break out of the process mould and embrace the Agile philosophy are fundamental to its success."

Cheesbrough suggests that just because Agile is light on supporting paperwork that it is deemed insubstantial, lightweight and risky.


"Agile tools and techniques promote transparency and expose how the project is developing each and every day. This means that any bumps in the road can be smoothed out before they become obstructive to progress. Companies such as Flickr are demonstrating that little and often improvements negate the need to get bogged down in ongoing projects. Each day the site makes small changes that enhance the service it offers. Isn't this the flexible IT environment that will power the businesses of tomorrow? It's been a long time coming, but the revolution engulfing IT to make it faster and better is demanding significant changes to development. Say goodbye to prescriptive process and hello to the more free thinking future of development."

Enhanced by Zemanta

IBM: 2011 'Tech Trends' report lists top ten developer skills

bridgwatera | No Comments
| More

IBM has released its 2011 'Tech Trends' report this week which the company says highlights "significant enterprise technology trends" for the year ahead. The report is based on the input of more than 4,000 IT professionals and developers across 93 countries and 25 different industries.

This year's survey examined how businesses are adopting, using and planning to use mobile computing, cloud computing, social business and business analytics.

The results are hoped to offer a glimpse into the future and provide IT professionals with a roadmap of the technologies and platforms that will be in the greatest demand in the coming year.

So what did this year's report reveal?

Analytics was named as the most in demand area for software development in the future.

According to IBM, "Whether it is the powerful analytics capabilities in IBM Watson that IT professionals feel will transform the education and healthcare industries, or the need for open source analytics skills, the trend is clear -- businesses are focused on analytics now and for the future."

When it comes to analytics development open source skills such as Apache Hadoop and Linux lead the pack (87% of respondents said they were key) -- some other interesting stats are listed below:

Top 8 -- "in demand" areas for software programming today

1. Application Development
2. Mobile
3. Cloud Computing
4. Database Management
5. Business Analytics
6. Security
7. Software/systems engineering
8. Business Process Management

Which of the following IT skills do employers look for? (Top 10 answers)

1. Java
2. Linux
3. .NET
4. J2EE
5. XML
6. c/C==
7. HTML5
8. PHP
9. SOA
10. C#

Tuning up a dual-engine anti virus machine

bridgwatera | No Comments
| More

As data becomes big so it also becomes more complex, we know this.

So-called 'big data' and its proximity to complex event processing and extended algorithmic analysis are inherent elements of the IT landscape today.

With big data also comes big trouble, potentially.

As the flow of data-driven "events" increases across an increased number of communication and data exchange channels, a multiplicity of malware dissemination attack vectors now starts to have a greater impact upon users.

If we accept this state-of-the-data-nation to be true, then what can we do at the back office level to ensure that we tighten security controls to the nth degree?

In other words, what can software developers do to help?

Commercial anti-virus suites come in many forms at the consumer and SMB/enterprise level. Originally developed by Sunbelt Software, the Vipre (pronounced "vi-per") anti-malware set of tools now resides in new reptilarium looked after by the head keepers at GFI Software, who have just released version 5.0 into the world.

GFI's Dodi Glenn, Vipre consumer, SDK and OEM product manager and Vipre enterprise product manager Jason Chronowitz spoke to the Computer Weekly Developer Network blog to explain more.

"It's a blended threat landscape today with social engineering techniques being used to compromise users -- even Google images (other similar sites) can harbour malicious links via a redirect. Search Engine Poisoning is also going on here," said Glenn.

Technical Note: Search Engine Poisoning attacks work to manipulate search results with links to malware. Techniques here include complete website takeover, using the search's "sponsored links" channel and/or injecting HTML code.

But GFI has an interesting level of openness on its web-based Malware Protection Centre. Its Software Development Kit (SDK) installation options open up the opportunity for developers to work close to the coalface of its technology.

"We provide a Vipre service interface if a company wants to do some preliminary analysis of data. This scenario could come into play if a company wanted to run a dual-engine environment where more than one anti-virus suite is used -- and this might be needed by a security specialist company themselves, rather than a bank or other end-user customer for example," said Glenn.

The software engineering team then gets to "look under the hood" to see what product (or products) actually does; and this may mean that eventually the second (least effective) engine is dropped. Glenn and Chronowitz predictably point to what they claim to be Vipre's healthy positioning on the RAP score malware-scale.

"If you look at our sample flows, we have 500,000 samples every day and it's just not possible to analyse all these samples from a human perspective, so a lot of it is automated. The GFI Sandbox is a digital behavioural analysis system to look at code behaviour once it becomes active in a user's system. It doesn't even need to be active in RAM, we also look at archive-based files; so as soon the data is dropped onto disk, we want to keep track of the file and see where it sits on the server," said Chronowitz.

"Since the beginning of VIPRE, we highlight performance and ease of use. If you look at the SDK we provide, we have great documentation to support this and this theme is carried through throughout our product set," he added.

Whether GFI's approach could lead us towards safer technology futures may be too much to say. The fact that the company works at a level to open up its SDK up in this way should surely be a positive though.

Is this akin to a restaurant cooking with a wide-open kitchen hatch so that diners can see all the ingredients used in this mix? It might just be so... Food for thought then? Ouch! Sorry :-)

Enhanced by Zemanta

Is Android standing on the shoulders of the Microsoft giant?

bridgwatera | No Comments
| More

Lesson number one in the field of patents and licensing if of course pronunciation. While the correct British articulation of word is "pay-tent", it is our colonial cousins in the new world territories of North America who have adopted the more casual "pah-tent" instead.

But pay-tent or pah-tent regardless, an understanding and appreciation of the issues surrounding patents and software licensing are a must have for developers today.

But the jury is out on one issue.

While one camp says that patents protect innovation, as they should do; others argue that in some areas they may stifle creativity.

Much of this subject concerns the mobile arena today. A lawyer at Microsoft has even accused Google's Android software of "standing on our shoulders" i.e. to benefit and profit from previous innovations carried out in Redmond.

Microsoft Intellectual Property group deputy general counsel Horacio Gutiérrez told the San Francisco Chronicle that over the years "a flurry of patent disputes" has followed any new disruptive technology at least as far back as the telegraph.

David Akka, UK MD of Magic Software ponders the effect that all this litigation is having on the market and has asked whether developers are becoming overly wary and concerned when trying to develop new and innovative applications?

Litigation is now dripping down to small development houses, since non practicing entities (NPE) or "patent trolls" specifically buy up patents in order to pursue those who infringe them. Small development houses are therefore faced with hefty legal documents every day.

"The biggest issue around patents is the sheer volume of legal jargon involved and the wide sweeping nature of some of the patents which have been awarded in the past, which in turn lead to confusion in the market and the constant legal battles we have seen," said Magic's Akka.

Akka bases the breadth of his comments on Magic Software's work with its uniPaaS product, an application platform designed to deploy applications in multiple deployment modes including full client, Rich Internet Application (RIA), Software-as-a-Service (SaaS) and mobile.

"However, we should not forget the original purpose of the patent and the fact that all these law suits simply prove how important and valuable truly innovative design can be. Put simply, if the big boys are willing to fight over every detail of a patent, this simply proves their worth. I would argue that patents are not stifling creativity, that they do indeed protect those who have innovated and that development houses should carry on in their innovation and reap the rewards from that innovation."

Is SAP finally getting its money's worth from Sybase?

bridgwatera | No Comments
| More

Corporate technologies acquisitions can go bad, it's a fact.

AT&T bought NCR to try and gain a foothold in the PC market and the deal ended up as rotten as a box of stale eggs. The Skype and eBay deal went pretty sour from the start and HP's purchase of Compaq was not without its woes.

Oracle on the other hand sits proudly (with a Larry Ellison kind of swagger) behind an open statement which specifies that the company is "out there to push forward its corporate acquisition and consolidation strategy" to grow.

So to SAP and the company's somewhat over-used favourite term "innovation" -- this week sees the company host its Sapphire/TechEd Europe conference in Madrid with its newly adopted child Sybase also in attendance.

At the time of SAP's most recent corporate shopping spree, headlines of "SAP buys Sybase, but why?" were not uncommon. The German software giant was derided for "purchasing" a mobile platform rather than building its own; and Sybase itself seemed to be going from strength to strength at the time, posting successive positive earnings results as it was.

But the purchase went ahead regardless and the industry has sat it out and waited to see if it was going to be a case of happy families or one of irreconcilable differences.

So to Madrid and SAP's keynotes, Sybase has been left in the front row seats as opposed to having any stage presence these days. SAP's spokespeople have been shuffled to the front of the press briefing list and the Sybase Unwired Platform is jolly nice, but the real news is SAP HANA.

But wait, analyst firm IDC is positive and research director for enterprise mobility strategies Nick McQuire thinks that the integrated platform and application story of SAP and Sybase is strong.

"Companies are seeking the productivity and process improvements, cost reduction and business transformation opportunities that mobile applications can provide. This perfect storm of mobile device proliferation, 3G adoption, employee mobility and consumer app demand is propelling mobile enterprise applications up the CIO agenda," said McQuire.

So in the words of British Rail, "we're getting there" then? Are we?

Sybase has in fact used this week's event to talk about its next release of Afaria, a management product for mobile application development that brings some fairly well respected security functions to the table. The company also integrated its Sybase RAP trading edition product for financial/capital markets with the R statistical programming language for data scientists and business analysts.

These were pretty interesting stories. But SAP had plenty to say too and made much of its Electronic Medical Record mobile app as well as its 'Field Service', CRM and retail execution technologies.

Then there was also the SAP 'Citizen Connect' mobile app. Citizens can take a picture of an issue and locate, categorise and describe it to local authorities and then receive status updates on reported issues, such as graffiti, trash removal or street light or pothole repair.

So this Sybase story has ended up as an SAP story and perhaps that speaks volumes. Perhaps this means that Sybase has been successfully absorbed into the fold. So is SAP finally getting its money's worth from Sybase? It seems so; SAP has stated that all mobile applications that it will not certify have to be compliant with the Sybase Unwired Platform.

Editorial disclosure: Adrian Bridgwater works in an editorial capacity for the International Sybase User Group, an independent association that represents thousands of users of Sybase products in more than sixty countries around the world. He is not an employee of Sybase but seeks to work with ISUG to support its work challenging Sybase product development and training.

Job market on the rise for UK PHP developers

bridgwatera | No Comments
| More
You know what they say, never trust an estate agent, a recruitment consultant or a man who is left alone with a tea cosy and doesn't try it on. Well Billy Connolly may take the blame for the latter quote and estate agents are notoriously slippery, so what's the score with recruiters? 

For one, UK-based IT recruitment firm Mount Recruitment has stated that the country is currently witnessing a rise in demand for PHP developers. 

The agency's latest market report suggests that strong demand for PHP pros is showing that the web development industry continues to thrive in the UK.

PHP is basically a common-purpose scripting language initially intended for web development with a view to create dynamic web pages. 

According to website, "Keeping this [web development] purpose in view, the PHP code is rooted into the HTML. Moreover, PHP has developed to comprise a command-line interface competence and may be also used in separate graphical applications. The best part of PHP programming language is that it is possible to deploy it on the majority of the web servers and as a separate interpreter, on just about all operating systems as well as platforms free of charge."

Developed further under the auspices of code development specialist Zend Technologies, PHP is claimed to be deployed on over 20 million websites and one million web servers. 

Two examples of real information warfare hacking

bridgwatera | No Comments
| More
It's important to remember what we mean when we talk about hacking these days. Hacking has many positive connotations and is often used hand-in-hand with the term 'mashup'. Coders using APIs relating to popular web services to provide new incremental layers of user functionality is, of course, hacking -- and this is usually a good thing.

This is as opposed to hacking in the sense of malware creation. There are indeed many hackers whose core aim is destructive code creation and application destruction. 

The reason that we use the same term for both is that it is largely the same skill set required to perform both.

Some of the most topical information security topics relating to developers (and users) were discussed this week at a technical discussion day hosted by SecureData at Wembley Stadium.

Some deep tech was discussed here this week. But there were some frightening IT security revelations from ground level too. Two real cyber criminal hacks were disclosed as detailed by Daniel Cuthbert at SensePost below.

<strong>Scenario 1:</strong> Do you want to know how hackers get inside big offices and start to infiltrate company systems? Hang out with the smokers and walk in through the back door.

<strong>Scenario 2:</strong> A group of hackers wanted to target the CEO of a big petrochemical company. The CEO was pretty IT savvy and quite well protected, but his PA had most of the access to sensitive data that was needed so the attack focused on her. A dummy Facebook profile was set up to look like the CEO and a simple message was sent with a link to a site harbouring intrusive and invasive malware. The PA took the bait and the hack was successful.

<img alt="Häcker_Küchen_Logo.svg.png" src="" width="448" height="108" class="mt-image-none" style="" />

A lot of the "how to" information needed to complete these hacks is freely available on the web. So what does it teach us?

Etienne Greeff is professional services director for SecureData and his core message when it comes to access control, passwords and information security in general is that it is... "Key is to achieve essential and then worry about excellent," as he puts it.

"The case of the PA is interesting. But to clarify, our research shows that 92% of hacks come from outside of the organisation. This whole 'greatest IT security threat comes from inside' is a fallacy. Inside staff may be 'used' by hackers as a means to facilitate an attack, but in general these employees do not themselves perpetrate the attacks themselves," said Greeff.

Greeff also highlighted a new reality of information security saying that the focus is changing from "infrastructure" protection, to "information" protection. Given that devices including smartphones and tablets are in everyone's hands now, the "perimeter" of a company's information security boundary has changed.

Interesting stuff for developers, users and (god forbid) hackers alike perhaps?

SecureData specialises in providing managed services for security and networking technologies. The company's latest news sees it providing financial support packages for customers buying its services.

Data's main drivers: volume, velocity, variety and variability

bridgwatera | 1 Comment
| More

Trends typifying data usage today appear to fall into four categories. Volume, velocity, variety and variability; allow me to explain...

Volume -- of data is getting higher/bigger than ever.
Velocity -- of data is increasing e.g. Complex Event Processing of real time data.
Variety -- of data is spiraling e.g. unstructured video and voice.
Variability -- of data types is also increasing

These are the findings of the October 2011 Forrester report Enterprise Hadoop: The Emerging Core Of Big Data.

According to the report, "This growing tsunami of intelligence feeds downstream business processes in both the front and back office, helping organisations optimise their interactions and operations through powerful analytics."

As a result of these realities (if we accept Forrester's statements to be true), the market for data analytics is also potentially expanding. Vendors eyeing this space are busy about their business trying to develop tools and analytical algorithms that will work on the data stored in databases.

Logically then, it is the database companies that are trying to spearhead this mission.

Everybody's at it

IBM has its Smart Analytics System 7710 based on the IBM Power7 chips as well as the IBM DB2 Analytics Accelerator. Oracle's strategy in the big data analysis market encompasses NoSQL, Hadoop and R analytics. Compuware's Gomez Application Performance Management system now comes packaged with deep-code analysis - largely as a result of the company acquiring dynaTrace earlier this year. Plus there is also Sybase and its IQ column-based analytics database, which has just hit its version 15.4 release.

Speaking directly to the Computer Weekly Developer Network blog, Sybase business development manager Andrew de Rozairo explained that this latest release of Sybase IQ includes a native MapReduce API, Predictive Model Markup Language (PMML) support, integration with Hadoop and an expanded library of statistical and data mining algorithms.

The new product uses Sybase IQ PlexQ massively parallel processing (MPP) technology as well as some new APIs to enable developers to implement in-database algorithms achieving what the company claims to be greater than 10x performance acceleration over existing approaches.

"What we see today is that organisations have an array of different tools and techniques to leverage big data and gain insight. These different tools include MapReduce, predictive modeling and data mining tools, in-database or embedded analytics. The issue is that until now, all these tools have been separately, in different analytic environments. With Sybase IQ 15.4, we deliver a single analytics platform to bring together all these different tools and techniques, ensuring consistency and simplifying the architecture," said de Rozairo.

"Sybase IQ 15.4 delivers MapReduce functionality against data held entirely in IQ or in a combination of IQ and other storage systems, including Hadoop. PMML support will mean that statisticians and data scientists will be able to bring their sophisticated models from their favourite data mining tool into IQ and execute this against large volumes of data," he added.

The concept here is for extended in-database analytics capabilities to eliminate the time wasted transporting data to the analytics engine. So therein lies Sybase's attempt to justify its claims of increased speed. This "single platform for data analytics" is being promoted as a key advantage for BI (business intelligence) programmers and report-writers.

Editorial disclosure: Adrian Bridgwater works in an editorial capacity for the International Sybase User Group, an independent association that represents thousands of users of Sybase products in more than sixty countries around the world. He is not an employee of Sybase but seeks to work with ISUG to support its work challenging Sybase product development and training.

Hackers rooting and jailbreaking mobile apps for evil malware creation

bridgwatera | No Comments
| More

San Antonio based web application security specialist Denim Group has been airing its opinions on the security challenges facing developers looking at mobile app creation.

The company asserts that mobile applications can be (especially) challenging to develop securely because they have "a very different threat model" than traditional web-based applications.

So what does that mean?

Dan Cornell, Denim Group CTO says that these apps are typically developed so that a significant part of the processing runs on the mobile device itself.

"However because the devices are under the control of potentially-malicious users, developers have to expect these devices to be rooted or "jailbroken" so platform security features might be disabled. In addition, application code that is sent to run on the device might be run through testing tools such as a debugger or network traffic proxy, and application binaries can be disassembled and reverse engineered," he said.

It is because of this scary reality that security-critical decisions such as authorisation must be handled on the server side or at least confirmed on the server. This in turn means that developers should expect any "secrets" or proprietary algorithms sent to run on the device to be viewed and analysed by malicious users.


According to Cornell, "Mobile applications are typically developed for specific platforms such as Android, iOS or Blackberry and little or no code can be shared between these environments because they use different programming languages and Application Programming Interfaces (APIs). This places developers in a situation where they are always struggling to keep pace with the advances of their technologies and where attackers often have deeper insight into security-critical functions and libraries than they do."

Cornell is logically and "obviously" vocal on this subject as his company sells security solutions in exactly this space, but he makes a frighteningly (literally) good point.

It appears that some mobile application development platforms such as iOS for iPhones and iPads use Objective-C and other languages that are more susceptible to buffer overflows, format string attacks and other classes of vulnerabilities that are not typically of great concern to web application developers.

So, is this a wake up call for the coding masses? No, I'm sure there is a general awareness of some of these issues. Is it insightful and even just a little bit scary at the same time? I'm saying yes, would you argue with me?

Subscribe to blog feed

About this Archive

This page is an archive of entries from November 2011 listed from newest to oldest.

October 2011 is the previous archive.

December 2011 is the next archive.

Find recent content on the main index or look in the archives to find all content.