Writing Secure Enterprise Applications by Neil Smithline — “Even with security provided by firewalls, application servers, and hardware security modules, a secure Web site still requires careful design and programming,” says Neil Smithline in this article that shows just how difficult it is to create a secure site.

BEA, WebLogic, Security

Advertisements

I’ve been reading about the new Moto Q on Gizmodo and Scoble’s blog among others and I really really want one. Motorola announced the Moto Q, a new Windows Mobile Smartphone that’s going to be available in Q1 2006. This beautiful device will feature Windows Mobile 5.0 for Smartphone, full QWERTY keyboard, 5 way navigation and thumbwheel, 320×240 Display, MiniSD, Bluetooth and a 1.3MP Camera.

I love my Audiovox SMT5600 phone but I’m trying out the Motorola MPx200 to see if it’s any better. Since I have to wait till Q1 of 2006, I guess I better make the best of my Audiovox phone. I really love my Audiovox phone as it has pretty much everything I need. The Outlook integration is great and the camera is not bad for being a phone camera. I love the email and MSN IM integration capabalities but I haven’t played with the Java capabilities of this phone. It will be nice to have the bigger screen of the Moto Q for browsing. I just hope AT&T/Cingular offer this phone right away.












Joel comes through again: In his latest article entitled Hitting the High Notes, Joel attempts to debunk prove the idea that you must have the best programmers to make the best product and be profitable. It’s a must read, pretty much like everything Joel writes. Great article.

Update: Yeah – what Cedric said ๐Ÿ™‚ – See the first comment from Cedric to make sense. Joel’s debunking the idea of the traditional ‘build-a-better-mousetrap’. Lack of caffeine is my story and I’m sticking to it ๐Ÿ™‚

MIT Weblog Survey

July 23, 2005

Take the MIT Weblog Survey

iBatis book in Q4 2005

July 22, 2005

Looks like Clinton and the rest of the iBatis gang are working on a book. I just caught this on the mailing list and I can’t wait to read this book. Clinton – if you see this, we need more details on the book.

From: Clinton Begin 
Reply-To: user-java@ibatis.apache.org, cbegin@ibatis.com
To: user-java@ibatis.apache.org
Date: Jul 22, 2005 10:05 AM
Subject: Re: iBatis book

We're working on getting a book out for iBATIS.  So cross your fingers.  
If all goes well, it should be out in Q4 of 2005.

Cheers,
Clinton

ibatis, book

This is getting really frustrating and I’m starting to sound like Hani, which is pretty scary ๐Ÿ™‚  Mailblocks, the web-based mail service that I pay for is down again for the 2nd time this week for an extended period of time. I’m paying $25.00/year for this mail service and these guys can’t even keep their servers up. $25.00 is peanuts and I don’t care about the money but I need access to my email and that’s worth way more money to me.

Instead of offering details about the root cause, they have the standard lie about being down for a few moments. Take a look at this screenshot:

Ever since AOL has purchased them, they’ve completely gone downhill. I am demanding a full refund and requiring them to permanently forward my email to my Google Gmail account. Let’s see if they can make that happen.

Mailblocks, AOL, GMail

Better J2EEing with Spring by Peter Braswell — J2EE has exploded into a complex network of APIs, complicating programming, and configuration. To address some of this complexity, new frameworks are emerging that rely heavily on Inversion of Control (IoC). In this article Peter Braswell explores some features and benefits of IoC and how it can ease J2EE programming.

It really is a sad state of affair when it comes to blog server software for Java and .NET. For the last few weeks, I’ve been working to introduce blogs and the concept of blogging internally at work and trying to pilot the use of blogs instead of the standard project portal. To that end, I figured I should really get the latest offerings from all of the blogging server software out there and put them through the paces to see which one works better than the other.

I’ve personally only used Blogger, Movable Type and WordPress in the past 5 years. The primary blog ran on Blogger for many years before I finally moved everything to WordPress. To make sure we’re eating our own dog food, I decided to download Roller and Community Server (formerly. Text) and give them a whirl.

Being a Java guy, I was excited to download and install Roller, as it’s one of the most popular Java blogging software out there. Boy, was I disappointed. I know this is free and open-source but installing and getting Roller running was a royal pain in the neck. The installation is documented fairly well for Tomcat but I have tons of servers running WebLogic and so I tried to deploy Roller under WebLogic. So I configure the appropriate datasources and authentication realms and try to deploy the application. I killed the server before I got a seizure from the fast scrolling stack-trace. Without boring you with all the details, it took me almost 8 hours to get Roller to work correctly under WebLogic. Having worked with J2EE containers for over 6 years, I know the reality of deploy-anywhere but this is ridiculous. How easy is it to create a web application that works on a bunch of different containers? I could not believe the effort it took to get this simple web application deployed. Take a look at Confluence – Java web application that configures itself and runs on every container out there. And other major issue I have with Roller is the lack of support for any other database platforms besides MySQL, PostgreSQL and HSQL-DB. I love MySQL but I have Oracle running internally on big boxes that are backed up several times a day and actively monitored. But I can’t use Oracle with Roller as it only supports MySQL, PostgreSQL and HSQL-DB out of the box. With technologies like Hibernate, why do we still have applications written in Java that are so database platform bound? My next mission is to get Roller working with Oracle and then document (and blog) the hacks necessary to get Roller working under WebLogic and Oracle.

Another problem with Roller is the lack of community support and plug-ins. Coming from the WordPress side of the house, there is a plug-in for everything including the kitchen sink. Before you can think it, someone has already written a plug-in for it. (I should really look at Pebble and Blojsom)

Moving to the .NET side of house is not a pretty picture either. The blog engine that used to be named .Text is now rebranded as Community Server. The installation is pretty easy and product looks fairly robust. Telligent Systems is the company that’s taken over development of .Text and the new product includes a discussion system, blogging system, and photo gallery system. The same lack of plugins or add-ons exists here and the 3 listed add-ons require a commercial license. Beyond the base blog functionality, there is nothing available.

Roller and Community Server work well once you get them installed. But anything beyond the basic requires custom development and I just feel that is not a good use of my time. To me, blog server software is a commodity and so I want to find something that’s easy to use and has the most features. I know I am developer and I can sit down and write anything I need but my company pays me to add value in a different capacity.

WordPress on the other hand is unbelievable. It’s written in PHP, which I can hack (if I had to) but all the plugins I’ve downloaded simply work. Download a plugin and just drop it in the plugins directory and you’re off and running. The big deficiency for WordPress in my opinion is that it only supports MySQL as a database platform but the value proposition provided by all the functionality is just incredible. I just hope Roller can catch-up as competition is great and really helps drive innovation.

Technorati Tags: , , , , ,

Mailblocks just sucks!

July 19, 2005

Mailblocks, the first webmail service to offer challenge and response has really gone down the hill. About 2 years, I was humping their service and even blogged about it as I loved their service and offering. The whole idea of challenge-n-response was not the best solution but it did cut almost all my spam and I was willing to put up with the nuisance of having people that email me for the first time to respond to their web-based CAPTCHA. Then comes AOL and buys them out and everything has gone down the hill since that point. AOL bought out Mailblocks to power their free email service that’s being offered are part of AIM and it seems like all the engineering and support people are working on the AOL side of the house, ignoring all the customers that are on the Mailblocks side of the house.

Let’s take this week for an example — Mailblocks has been down most of the day yesterday and they are still down. Can you imagine a 24+ hr outage on your application and the wrath of your users? I can’t wait to cancel my account that I am paying for and move everything over to GMail.

It’s official – Matt Luce has joined the ranks for the bloggers and is now officially blogging. Check it out @ http://www.mattluce.com/blog

Just saw this via. Robin Cover’s awesome XML.org Daily Newslink. The good folks at McAfee are releasing a open-source tool named WSDigger that helps identify vulnerabilities in Web services implementations. WSDigger contains sample attack plug-ins for SQL injection, cross-site scripting, and X-PATH injection attacks. It also allows developers to import their WSDL’s and test for compliance with the WS-Security specification.

Juan Pablo Montoya won his first race for McLaren this year at this year’s running of the British Grand prix at Silverstone. I’m glad the race wasn’t cancelled with the tragic events that happened earlier in the week in London.

It was great to see some real racing after the disastrous weekend at Indy. Read more from Montoya here. Great weekend for McLaren getting 2 podium positions with Kimi Rไikk๖nen finishing 3rd.

 





 

Implementing Transaction Suspension in Spring by Juergen Hoeller — Juergen Hoeller discusses the Spring Framework’s declarative transaction facility, and how it integrates with WebLogic Server’s JTA implementation.

X&Y by Coldplay The hyperbole around Coldplay’s latest offering is just incredible. There are people calling them the biggest band in the world and comparing them to super groups like U2 and others. I don’t about any of that but this has to be the best album of the year.

X&Y is an absolutely brilliant album that is bound to be an instant classic. I am so hooked to this album that I haven’t stopped listening to this album since the very first day of it’s release on iTunes. All of the songs are incredibly melodic, catchy and bound to be instant classics. The first single, Square One is a great song but it’s just the beginning, as what follows it even gets better. Chris Martin is just an incredible songwriter and the other members of the band are great musicians.

I read a review where the reviewer called the music on this album as ‘silent screaming’ and I think that’s is really an apt description. The album just has a huge wall of sound that’s really loud without sounding like Metallica. This is a loud, rocking album with incredible guitar work that is bound to have you hooked from the first listen.