ESBs (Enterprise Service Bus) merge service-oriented architectures, Web services technology, and XML with a unique distributed deployment architecture to create an easily deployable and manageable infrastructure for integration. They deliver a manageable, cost-effective, and pervasive integration network.
G. van Huizen
http://www.bijonline.com/PDF/Sep03Van%20Huizen.pdf
200310Though several architecture-centric analysis and design methods exist, these methods have not normally been integrated with each other or into an organization’s software development life cycle. When an organization integrates these methods into its normal development process, it can eliminate the duplication of effort caused by performing the methods independently.
http://interactive.sei.cmu.edu/news@sei/columns/the_architect/architect.htm
200310The World Wide Web Consortium today released XForms 1.0 and XML Events as W3C Recommendations. The specifications have been reviewed by the W3C Membership, who favor their adoption by industry. Written for authors and implementers alike, XForms is the new generation of Web forms. XForms separate presentation and content, minimize round-trips to the server, offer device independence, and, using XML Events, reduce the need for scripting.
http://www.w3.org/MarkUp/Forms/
200310Application output logs create a very real dilemma. The logs can have too much output and be unmanageable, or too little output and be useless for tracing real problems. Developer Sam Mefford demonstrates that logging to an RDBMS can eliminate this problem, turning unusable output into informative reports. This article illustrates that by using SQL as a mining tool, data worth is greatly enhanced by revealing details of application usage, highlighting code fragments and queries that need optimization, and pinpointing the conditions that create hard-to-reproduce bugs.
Sam Mefford
http://www-106.ibm.com/developerworks/web/library/wa-logsql.html
200310The expansion in use of commercial off-the-shelf (COTS) products has been accompanied by an increase in program failures. Many of these failures have been due to a lack of familiarity with the changed approach that COTS products demand. This report describes the development of an approach to reduce the number of program failures attributable to COTS software: the COTS Usage Risk Evaluation (CURE). The origin of CURE and an overview of the method, along with detail on the materials and mechanisms used in CURE, are provided. The CURE process is outlined and the results of the evaluations that have been conducted are summarized. Finally, possible future directions for CURE are explored.
David J. Carney Edwin J. Morris Patrick R. H. Place
http://www.sei.cmu.edu/publications/documents/03.reports/03tr023.html
200310It is particularly difficult to bolt a single sign-on solution — SSO, the ability to log in once and be authenticated to all your network resources — onto existing applications, but every developer faces this problem when building sophisticated portals. Because portals need to integrate with back-end resources, each with its own authentication needs, the portal often has to provide the appearance of single sign-on to the user. In this article, Chris Dunne provides a step-by-step description of his experience with building a single sign-on solution for a Web portal. He shows you how to set up an open source solution, the Central Authentication Service from Yale University, and how to extend it to authenticate to a Microsoft Active Directory infrastructure.
Chris Dunne
http://www-106.ibm.com/developerworks/java/library/wa-singlesign/
200310Reviewing code for security defects is a key ingredient in the software creation process, ranking alongside planning, design, and testing. Here the author reflects over his years of code security reviews to identify patterns and best practices that all developers can follow when tracking down potential security loopholes. The process begins by examining the environment the code runs in, considering the roles of the users who will run it, and studying the history of any security issues the code may have had. After gaining an understanding of these background issues, specific vulnerabilities can be hunted down, including SQL injection attacks, cross-site scripting, and buffer overruns. In addition, certain red flags, such as variable names like “password”, “secret,” and other obvious but common security blunders, can be searched for and remedied.
Michael Howard
http://msdn.microsoft.com/msdnmag/issues/03/11/SecurityCodeReview/default.a spx
200310Unless we have a project with high stability in terms of both requirements and complexity, there is no way that we can accurately predict its cost, assuming a certain quality of its output. This is the “fixed-cost project paradox.” Put simply, fixed-cost projects do not work well for dynamic business system development.
Yet, the fixed-cost method is often the preferred choice of project clients, because it allows them to make fixed investments upfront, with a mirage of returns on the horizon. This is even simpler for contractor-delivered projects, in which contractors work out the cost and all the sponsor does is to pick the proposal that appears to be most applicable and to deliver “best value.”
Amit Bhagwat
http://www.therationaledge.com/content/oct_03/f_estimate_b.jsp
200310Mobile computing has attracted attention in the past few years owing to technology advances. However, viewing documents on a mobile device isn’t easy because of the limited display size, CPU power, and bandwidth. This is an obstacle for wireless Web browsing because there is no automatic transformation of HTML documents designed for display on large screens to small PDA screens.
Dik Lun Lee Ka Kit Hoi Wing Sing Dicky Wong Jianliang Xu
http://dsonline.computer.org/0310/f/lee.htm
200310Apache Maven’s reuse mechanisms simplify the build process and generally improve upon the popular Ant tool’s functionality. In fact, developer and Java technology trainer Dave Ford believes Maven could very well replace Ant as your preferred Java build tool.
Dave Ford
http://www.devx.com/Java/Article/17204
200310In 1994, the first edition of Firewalls and Internet Security: Repelling the Wily Hacker debuted in a world in which everything had just begun to be interconnected. Many things have changed since then - especially security concerns. In this second edition, the authors present a completely rewritten and updated book to address the new challenges and requirements.
Readers looking for broad coverage of major network security issues will find this book to be clear and enjoyable reading. It provides an excellent overview of how to deal with threats and how to choose and deploy effective defenses in today’s networks.
William R. Cheswick Steven M. Bellovin Aviel D. Rubin
http://www.aw-bc.com/catalog/academic/product/0,4096,020163466X,00.html
200310Hoe start je een softwarebedrijf? Veel ict’ers overwegen in deze tijd te starten met een eigen bedrijf in innovatieve softwareproducten. Ondernemen tegen de stroom in. De succesratio is onzeker. Hoe voorkom je als starter dat je kopje onder gaat? Over het belang van productsoftware en tips van ervaren ondernemers.
200310The XP Day Benelux is a one day conference about all aspects of Extreme Programming and other agile software development methods like DSDM, Scrum, Feature-driven development, and Crystal. See the “Agile Manifesto” for the principles of agile software development.
The XP Day Benelux conference is aimed at software developers, project leaders, IT managers, testers, architects, and coaches. It will provide a good opportunity for exchanging ideas and sharing experiences, and is suited for both experienced participants and beginners in Agile Software Development. The focus of this conference is on practical knowledge, real-world experience and active participation of all attendees.
http://www.xpday.nl/scripts/view.pl/English/FrontPage
200310