Opinari

Subscribe

A Podcast on Modern Software  
# Tuesday, January 31, 2006
 
After my keynote this week at VSLive in San Francisco, I sat down with Ron Jacobs from Microsoft for a chat about modern software. In the context of this discussion, "modern" means service-oriented and workflow-based applications, although our conversation ranged over a number of topics. Ron is a great interviewer, full of smart questions and ideas, and it was a pleasure talking with him. The podcast is available here.

0 comments :: Post a Comment

 

The Three Faces of SOA  
# Monday, January 23, 2006
 
Among software people, the word “architecture” is commonly used in three distinct contexts: application architecture, infrastructure architecture, and enterprise architecture. The notion of service-oriented architecture spans all three of these areas. Yet whenever somebody talks about SOA, he or she is often implicitly thinking about only one of them. Developers are mostly interested in the challenges of building service-oriented applications, for instance, and so their focus tends to be on the application architecture aspects of SOA. A vendor of web services management tools commonly thinks of SOA primarily in the infrastructure sense, while an enterprise architect at a user organization is likely to be concerned mainly with SOA’s enterprise aspects.

All three perspectives have value. Here are simple descriptions of each one:

- Service-oriented application architecture: Guidelines, patterns, and practices for creating service-oriented applications. People who focus on platforms for service-oriented software and on the architecture of individual applications tend to emphasize this perspective. Technologies such as Microsoft’s Windows Communication Foundation (WCF) and the recently-announced Service Component Architecture (SCA) are directly relevant here.

- Service-oriented infrastructure architecture: Guidelines, patterns, and practices for managing and operating service-oriented applications. Big thinkers about SOA sometimes give this perspective short shrift, but anybody who’s actually trying to make it real knows how important these issues are. Vendors like AmberPoint and Actional are focused here.

- Service-oriented enterprise architecture: Guidelines, patterns, and practices for using and getting business value from service-oriented applications. Technical issues still appear here, but many of the biggest concerns revolve around people. (In fact, I’d argue that this view of SOA encompasses the most difficult challenges--people are usually more problematic than technology.) Advice on SOA from analyst firms such as ZapThink often emphasizes these aspects.

I’ve seen people argue about the meaning (and even the value) of SOA when their real difference was that one took an application-focused view while the other took an enterprise view. Words are only useful when we can agree on what they mean, and so having a clearer sense of what we’re talking about when we use this overloaded term would be a step in the right direction.

10 comments :: Post a Comment

 

Comparing Windows and Linux Security  
# Saturday, January 07, 2006
 
A new bulletin from the Computer Emergency Readiness Team (CERT) has once again raised questions about the relative security of Windows and Linux. It provides a list of software vulnerabilities that were identified in 2005, categorized by operating system. To the surprise of some, almost three times as many problems were found in Unix and Linux, which are reported as a single category, as in Windows.

Open source fans have criticized the document, complaining about how vulnerabilities were categorized and other things. From the looks of things, they're right to do so. The bulletin includes information from both CERT and other sources, and the methodology used in compiling it seems to have been informal at best.

Yet I did a similar analysis myself a couple of years ago, described here, using a somewhat cleaner approach. I examined only CERT security advisories, categorizing them into four groups: Windows, commercial Unixes such as Solaris, other commercial software such as Lotus Notes, and open source software. I found that while commercial software in general and Windows in particular had far more CERT advisories in 2001, the picture had changed by 2002. Open source software, which is largely Linux- and Unix-based, had 15 advisories that year while Windows had only 6.

Does this matter? Security problems in Windows are so much more significant than those in Linux because Windows is so much more widely used. And even if Linux were perfectly secure, this wouldn't do much to loosen the grip that Windows has on most desktops today.

There is an important conclusion to draw here, however. Some in the open source world have long argued that, since the code can be examined by anybody, open source software is therefore more secure than proprietary software. But the evidence doesn't back up this claim. Commercial software surely isn't secure enough today, but the assertion that open source software is inherently more secure just isn't supported by the facts. Like it or not, security is a problem for everybody.

0 comments :: Post a Comment