Rich Internet Applications (RIA)

The Summer ‘09 issue of our RIA Newsletter is available. Be informed about the following topics:

• JavaOne 2009: Sun’s Open Cloud Platform and Java Store, JavaFX 1.2
• Larry Ellison (CEO Oracle) on the future of Java 
• Dierk König (Canoo Fellow) on “Beauty and Code”
• Jazoon 2009: James Gosling, Jazoon Rookies
• User Interface evolution: The Age of RIA

A day after the fact and I feel that my time spent at Jazoon ‘09 was definitely worth while. I attended some genuinely top-quality talks, had some great discussions with peers and potential clients; plus I got to meet the man who started it all: James Gosling.

Conference host Christian Frei finished last the conference night with some thanks to everyone who doodled on the James Gosling campaign and for the Java Rookies. He noted that Jazoon ‘09 had 20% more visitors than 2008, which is not what one might expect under the current financial climate… but is certainly encouraging.

So three cheers for Jazoon ‘09! Three more cheers for Jazoon 2010!!!

Speaker: Linda Y. Cureton, CIO, Goddard Space Flight Center

The speaker declares her goal today as to inspire the audience…

Some background information ensues on the history of the Goddard Space Flight Center, which has a site here.

She describes the culture as being one of pioneering, not being used to failure and very disciplined with regard project management…

Describes one of her main tasks as having been to consolidate disparate networks, to enable Web 2.0 in a consolidated manner (which – I think she is suggesting – is a fine balance).

What the network supports:

• Blogging and micro-blogging i.e. twitter
• Virtual worlds… and Linda describes an amusing experience when her avatar appeared naked in JPLs Explorer Island
• Podcasts

Linda observes that the new generation of employees are way more comfortable with the social networking the network provides.

The primary accomplishment of the network is that it gives everyone users control, and ultimately it provides value to the organization as a whole.

Ultimately Linda believes that Web 2.0 is an enabler for creating a more cohesive organization.

Do I feel inspired? Perhaps after 4 solid days of intense sessions, blogging, talking… relieved would be a better word.

Session title: Wuala Webstart – Launching a Java Application directly from a Website
Speakers: Luzius Meisser – Caleido AG / Wuala

Luzius describes Wuala (which I’ve never heard of until now) as an all for offline file-storage. The goal was to make this available in as many contexts as possible, and to get the app up and running as fast as possible, which resulted in them creating their own webstart implementation.

In the speaker’s implementation of webstart he demonstrates how the app starts before the complete app is loaded… which if I’m not mistaken is also possible in Java webstart.

The strategy: Load a trusted applet, copy loader.jar into a temp folder and run it. Now RCP exists as it’s own process and consequently survives browser closure…

On the server-side the apparently smart webstart server (the server counterpart to loader.jar) “learns” which classes are needed first and subsequently delivers the app faster and faster with time.

Some extremely wordy slides are shown which are impossible to read because Luzius is talking. To read or to listen? That is the question.

What I’m extracting from this mix of written and spoken words is that their webstart solution enables quicker downloads and updates than conventional Java webstart.

Summary: This short talk was a little confusing to follow until I realised that I was hearing about two technologies: (a) Wuala – the offline file storage solution; (b) The unique webstart implementation – which was developed in order to improve Wuala’s quality. Nevertheless, I found it quite interesting to learn of the existence of Wuala… 20 minutes well spent.

Session title: Agile and Secure; Can we do Both?
Speakers: Jason Li & Jerry Hoff, Aspect Security

 Goal: To try to get developers to think about security early on in the development process.

Jason begins with a brief description of a common security flaw (in AJAX apps at least) XSS, which typically involves replacing regular text with a malicious piece of JavaScript. Example attack: The JS steals the end-user’s cookie by querying the DOM. A cross-site request forgery might subsequently be mounted by using the stolen cookie from within a new application context such as mail in order to delete all the users mail.

Another example – SQL injection – is when part of a SQL statement is replaced with a semi-colon followed by another statement e.g. DROP TABLE… which is obviously bad news.

With that whirlwind tour of web security… how to fix the process which results in such errors?

Speakers refer to the waterfall and explain how in each of the chunky phases activities include (or should include) security; security requirements, security design etc…

Speakers then argue that embellishing the highly iterative agile process in the same way as was done for waterfall is not practical. Blogger agrees… the granularity of the activities is too fine to permit the kinds of security analyses which are required. So what’s the solution?

They recommend…

Leveraging user stories

Prerequisite step: Ensure that all developers have received adequate security training

Another prerequisite step: Get management to fund this (gets a laugh!)
Alternatively: The OWASP Open Web Application Security Project is an organization providing resources which provides heaps of information on attacks points and solutions for these.

Leverage unit testing… and include security tests in the unit tests. This is obviously particularly effective in a continuous integration environment.

To speed up this process, use common security components such as those at Open Enterprise Security. Organizationally, this needs to be communicated across the development team(s).

Leverage and consolidate sprints… and ensure that all security stories are included in each sprint. For dealing with security stories which don’t fit into any particular sprint, run sprints that are focussed solely on security.

Great line (paraphrased): Web apps are a kind of “perfect storm” comprising a complex mixture of technologies, which results both in a large attack surface area as well as numerous subtle edge cases which make us more vulnerable.

Couldn’t agree more!!!

I found this talk excellent both stylistically and, more importantly, in terms of content. There are still voices out there which claim that agile in some way incompatible with quality. Talks like this should go some way to quell those remaining voices. Although the pair used AJAX’s inherent security vulnerabilities to highlight the necessity for a systematic approach to security in agile environments, much of what they recommend applies to any agile environment, whether it is creating AJAX applications or not.

Session title: Metering the Cloud, applying ABC from code profiling up to performance cost management of cloud computing
Speaker: William Louth, JINSPIRED

To quote Monty Python: And now for something complete different.

William correctly notes that ABC is an accepted accounting practice.

Novel: A movie excerpt (THX1138). In the portrayed world every activity has a budget. (The chase ends when the chaser’s budget runs out.) William claims that the cloud will operate in an analogous manner to this world. Business will demand a breakdown of the activities which result in a given total cost. They will do this so they can subsequently optimize their resource usage and reduce costs.

The speaker describes (and seemingly accepts) the assumption that the lower the cost, the higher the efficiency. For example, if I can identify that my persistence costs are high I may choose an alternative persistence provider.

Blogger thinks: What a horrible world this would be, where cost becomes the sole consideration at the expense of all other quality attributes. What about uptime, response time, throughput? But come to think of it: Isn’t this how companies have been thinking ever since the bubble burst!? For that matter maybe this is how businesses have been thinking since the invention of Taylorism.

Continues… billing will be required on various levels: Across groups and aggregated services.

The Jinspired product “Probes” enables the monitoring of high-level entities e.g. user, house, washing machine etc. as opposed to simply methods, which is what most probing software focusses on. AspectJ is used to inject probes into code.

The Probes API is attempting to become a JSR. It’s certainly an incredibly powerful idea. It permits metering at various levels, groups and aggregated entities.

Summary
This whole business of costing everything and billing accordingly will likely appeal to today’s business mindset.
However, I (and I’m not alone) view ABC as a disastrous approach to improving the efficiency of the organization. This is not just because quality comprises a multitude of attributes (cost being just one of them), but – more fundamentally – because it turns out that organizational efficiency (the cloud, which forms part of the organization) is not in fact maximized by maximizing the efficiency of each individual element involved.

Counter-intuitive though it is, the quality and quantity of what your organization produces (products, services) is actually determined by a handful of constraints (bottlenecks.) ABC does not only not recognize this fact, it guarantees that quality and quantity will be less than their potential for a given set of resources. For more information read this.

Session title: Programming the Semantic Web with Java
Speaker: Taylor Cowan, Travelocity

Taylor claims to quote Niel Ford (prior keynote): “The best way to predict the future is to create it”… and doesn’t appear aware that he’s actually quoting Abraham Lincoln.

Taylor shows a couple of sites which exhibit the semantic web, one of which is Yahoo.

Then demo’s GeoSPARQl which enables semantic-style queries.

Then contrasts RDFa (a way of embedding RDF in XHTML) with Microformats, the latter being more complex to parse. With RDFa you can use a single format and hence require a single parser. With Microformats you a parser for each format.

Technically, everything identified by UDI, all data as canonical RDF, RDFS provides a schema, OWL provides additional meaning, SPARQL queries semantic web data, RDFa encodes RDF within XHTML.

Speaker then contrasts the RDF Triple Store vs. the Relational DB approaches to persisting semantic web data and notes that RDF is not XML but rather a way of structuring data as a directed graph. In this graph nodes are nouns; axes are verbs.

For the record: Triple = Subject, Verb, Object

The concepts in a semantic declaration can be represented sequentially using N3.

Similarly, the Java API JENA can also be used to model semantic relationships.

Using an inferencing engine new relationships can be derived automatically e.g. the explicitly declared relationship “Java is the primary topic of Jazoon” (after interence) automatically results in a new relationship “Jazoon has Java as the primary topic”. Pretty neat!

One of the major pain points with JENA: Having to create unique URL’s for every entity.

Taylor then describes a bean helper mechanism “JenaBean” (which I understand he created and is hosted at jenabean.googlecode.com) which (he claims) makes working with JENA somewhat easier.

Finally some words on tooling:
Triple stores: JENA, Sesame OpenRDF and Mulgara are all Java-based.
Java binding tools: JenaBean, Jastor, Owl2Java, Elmo.

During Q&A Taylor notes that triple store scalability is often a big issue; thinks that commercial solutions such as Oracle’s will not suffer from this problem.

From the perspective of a non-expert in Semantic web (i.e. myself), this was a valuable, quick introduction to a deep subject. Good stuff!

Links:
http://thesemanticweb.com
http://twitter.com/tcowan

‘Groovy Usage Patterns by Dierk König’ is currently being showcased on the ‘Technology’ page on SlideShare. Enjoy!

Keynote title: The Changing Nature of Enterprise Java Application Development
Speaker: Adrian Colyer CTO SpringSource

Adrian – perhaps principally of AspectJ fame – begins by stating that we live interesting times and that “seeds of change” are present… which leads naturally enough to a rain-forest metaphor.

To cut a long story short: New stuff starts out as a seed, some of this stuff rises and becomes well established… whereas much of it dies out at some point on the way up. Assuming my interpretation of the symbolism is on the mark.

A picture of the sun setting over the rainforest… represents Sun “moving on”. And the metaphor continues… but strangely I find my interest in it is waning…

Adrian cites Java 7’s improved for support new languages, plus the proliferation of new languages (Groovy, Scala, Erlang, JRuby, Clojure, Jython, Ruby) as one of the significant new developments. And questions which one of the new languages will dominate over the coming years…

And initially picks Groovy, Clojure, JRuby and Scala because they are designed to work on a JVM.

A comparison of Java versus Groovy ensues, with emphasis on Groovy conciseness.

The challenges posed by concurrency are mentioned, and Clojure’s “immutability by default” and Scala’s built-in actor model are cited as a ways of addressing them.

The speaker drops Clojure from his list of candidates because he feels the Lisp-inspired syntax of Clojure too radical a leap from Java’s syntax and the C-legacy/culture.

Eventually he gives Groovy the edge because of its super-tight two-way integration with Java… and then is kind enough to admit his (or his company’s) bias in this matter.

Next up: A monolog on the various application frameworks, and acknowledges both the power and the complexity of the new programming environment. He recalls the classic terminal application to reinforce the point that times have changed radically. Can’t disagree with that!

The final message: “The future is coming!” which for me definitely means a very strong coffee.

Conclusion: A well delivered presentation, rather too drawn out and too long on metaphors. Nevertheless, an opportunity to reflect a bit about the strange, changing ocean in which we IT geeks are immersed. Hey… I wonder if I can develop this metaphor and use it in my next presentation?