If you've been reading the pages of
Redmond Developer News lately, you
know that application lifecycle management (ALM) is an increasingly active arena
for solutions providers. Borland famously bet the farm on ALM when it decided
to shift away from the developer tools business in 2006. More recently, software
configuration management (SCM) vendor CollabNet has extended its Subversion
product to incorporate ALM features.
But adopting ALM takes a lot more than simply deploying tools. After all, enabling
a successful ALM strategy means tapping into existing software development and
business processes, while doing it in a way that does not prove prohibitively
rigid or difficult.
It's a tricky balancing act that Macehiter Ward-Dutton Principal Analyst Bola
Rotibi says needs to be well thought-out. For those embarking on an ALM initiative,
Rotibi offered some key "rules of engagement." Her list includes:
- Get professional help and support from the outset.
- Work from a coherent strategy and vision.
- Invest in mature tools and platforms that offer modular implementation
(and licensing) with strong usability features.
- Develop a small and steady modular roadmap.
- Establish a repository and configuration management strategy.
- Define clearly existing processes and goals.
- Evaluate potential failure points and strengths.
- Invest in education and training for the IT delivery team and business
heads.
- Implement a measurement, QM and risk-mitigation framework.
- Build support for proactive and reactive processes.
- Start off small and build out.
Are you embarking on an ALM initiative, and if so, what challenges have you
encountered in the effort? E-mail me at mdesmond@reddevnews.com.
Posted by Michael Desmond on 08/26/20080 comments
Growing up with my younger brother, we used to engage in a dangerous game of
sorts that we called DefCon 1. The goal of the game was to annoy your sibling
as much as possible, without having him actually haul off and hit you. Granted,
the contest was far less dangerous than some of our favorite pastimes, which
included Yard Dart dodging and toboggan rides in the woods. But my brother is
a large man, and if I screwed up I was likely to be sporting a few bruises.
So when I called out Apple for its control-freaky nature in Tuesday's
column, I figured I might have crossed the line and earned a punch in the
arm. After all, the Apple community is notorious for nothing, if not its passion.
Surprisingly, I received some nuanced replies.
Bill responded by noting that there's "a fine line between protecting
your infrastructure and investment and surreptitiously guiding or vetting the
experiences and options of your customers." As Bill noted in his response,
Microsoft and plenty of other companies have stomped all over that line. While
he defended Apple products, he agreed that efforts to over-control the platform
can be damaging:
"Your caution is appropriate, I believe. It is mitigated for me by the
positive experiences I have had with Apple products. For the most part, they
simply support what I want to do more transparently."
Others were less understanding.
"To criticize Apple for the built-in kill switch is hypocritical by an
industry that Microsoft created with its activation and WGA [Windows Geniune
Advantage]," wrote Mark from California. "Yes, they [Apple] are control
freaks regarding their IP and their platform, but so is Microsoft with its products
and even more so."
Mark has a valid point. Microsoft drew
sharp criticism from us for a failure that caused its WGA validation service
to malfunction last year, threatening the reliable operation of enterprise software.
And I've long been critical of restrictive digital rights management (DRM) and
license-enforcement systems, if only because those systems inevitably place
enormous burdens on law-abiding customers.
So while I'm more than willing to paint both Microsoft and Apple with the same
broad brush, when it comes to issues relating to IP and platform control, I
still contend that Microsoft's more federated approach provides more elbow room
for developers and users alike to ply their own way -- as flawed as that way
may seem to iPod, iPhone and Mac owners.
"If I had to register every piece of software I developed with Apple,
for my own use on my equipment, I would be royally PO'd," wrote Matt from
Yakima, Wash. "I honestly don't see the draw for an Apple developer. I
can make any app I want for a Pocket PC or Windows workstation and never have
to worry that Microsoft will ban my program from running."
That sound you hear may be me losing another round of DefCon 1. E-mail me at
mdesmond@reddevnews.com with your
thoughts.
Posted by Michael Desmond on 08/21/20080 comments
Last week, Apple surged past Google with a market cap of just over $157 billion.
I suppose now is an appropriate time to make a confession: I never liked Apple
Computer.
For all the fantastic industrial and consumer design, slippery-smooth hardware
and software integration, and tightly evolved product development, Apple to
me has always been a company that just can't quite get it right. And by "right,"
I mean not demand complete control over everything on its platforms.
We got a nice reminder of that habit when it was alleged that the new 2.x firmware
for the Apple iPhone includes a provision to call home and check for unauthorized
applications on the handset. As reported
in Engadget, iPhone hacker Jonathan Zdziarski said the firmware features
a blacklisting system that may be able to remotely disable applications.
Never mind that Apple says the blacklist is to identify apps that should be
denied access to the iPhone's CoreLocation framework, which provides support
for GPS and other geo-located applications. The company's long history of rigidly
controlling its ecosystem has people assuming the worst. And honestly, even
after Apple's statement, it's hard to blame them.
The culture of control is etched into the DNA of Apple executive management.
Consider the fate of Power Computing, a clone-maker that built a humming business
in the mid-1990s selling Mac OS-compatible systems. The company was in the midst
of its best year when Steve Jobs returned to Apple in July 1997. By September,
Apple had bought up key Power Computing assets and shut down the clone business.
Now Apple is making a splash in the arena of mobile application development,
with its AppStore service that gives developers a one-stop shop for making software
available for iPhones. You can read about this in our Aug.
15 cover story by Senior Editor Kathleen Richards. If AppStore can do for
mobile apps what iTunes did for digital music, we'll be looking at a dramatically
changed marketplace in the next few years.
And honestly, I'm not sure how I feel about that. Because as slick and compelling
and inventive as Apple the hardware and software company can be, I worry about
the culture of control in Cupertino.
Do I worry too much? E-mail me at mdesmond@reddevnews.com.
Posted by Michael Desmond on 08/19/20088 comments
If you've been reading
Redmond Developer News, you know that the Beijing
Summer Olympic Games currently underway in China may be of particular interest
to .NET application developers. You see, Microsoft decided to
use
the games as a platform to showcase its Silverlight rich Internet application
platform.
Go to nbcolympics.com and you'll land
at a rather busy-looking portal page with links to all sorts of Olympics-related
news, video and schedules. Silverlight's role in all this is as the delivery
platform for streaming video of events. For followers of less-than-marquee sports
(I'm talking to you, badminton fans), the site is a huge benefit.
The problem is in the execution. First of all, the interface is terribly complex
and convoluted for something intended for a broad consumer audience. Just making
sense of where to find the video can be a bit tough. There's a "Video"
link along the top, but it's unclear if that's where all the latest and greatest
video event coverage is. Navigate by sport, and you're presented with no clear
Video section.
Second, there's the issue of the player itself, which launches in a second
browser window. The Standard Player offers a smaller window and a busy array
of tabs, links and ads for navigating content. Click the Enhanced Player icon
to achieve higher resolution, and you get a more soothing interface and larger
video window. But I was disappointed that the Video window itself couldn't scale.
YouTube offers a full-screen mode -- why can't Microsoft and NBC?
Finally, the enforced delay on streaming televised events is...well, it's maddening.
It's hard enough to know whether events taking place halfway around the world
are actually broadcast live or on tape delay. Now we have to guess at when the
online video of an event that may or may not have taken place will arrive?
My experience with the Silverlight streaming video, overall, has been good.
There's been just a few, brief pauses in the stream. The resolution is good
enough for desktop viewing. And I definitely appreciate that this channel delivers
so much action that would otherwise never see the light of broadcast day on
NBC or even its sundry satellite channels (MSNBC, CNBC).
But Microsoft should be less than satisfied with the way the video experience
itself has been packaged. Redmond, of all companies, knows that it's not technology
that wins markets -- otherwise, Windows would never have ousted IBM OS/2 as
a desktop operating system.
Have you had a strong development effort undone by bad marketing or packaging?
Tell me your tale at mdesmond@reddevnews.com.
Posted by Michael Desmond on 08/14/20087 comments
So Visual Studio 2008 Service Pack 1 (SP1) is finally here. And as service
packs go, VS08 SP1 is a pretty big deal.
The new bits do more than simply clean up flaws and holes in the shipping versions
of Visual Studio and .NET Framework 3.5. As John
Waters' story reveals, SP1 adds important new features, from innovative
data-handling technologies to game-changing design-time tooling.
You could argue that calling this release a simple SP1 entirely understates
the importance of the latest versions of Visual Studio and .NET Framework. Look
no further than SP1's support for language integrated query (LINQ) and the ADO.NET
Entity Framework (EF). These technologies promise to literally change the way
developers work with data.
In fact, as Gartner Analyst Mark Driver noted, the EF introduces an object
relational mapping (ORM) toolset to Microsoft-bound developers.
"It replicates what people like to do with Hibernate. LINQ to Entities
is as close as you're going to get to Microsoft's ORM facility any time soon,"
Driver said.
Ultimately, the data and scalability improvements of SP1 could help make the
.NET Framework enterprise-ready in the eyes of large development organizations.
But Forrester Analyst Jeffrey Hammond has some misgivings about the pile-up
of redundant tooling and resources that could complicate decision making for
development managers.
"This richness of choices is something that can create confusion among
developers," Hammond said, noting that developers can use the .NET client
runtime, Silverlight 1.1 or 2, or the Web Parts Framework to build rich client
interfaces. "Microsoft needs to continue to support developers to help
them make the right choices among all the options they now have."
What are your impressions of VS08 SP1 and the updated .NET Framework 3.5? Are
you planning to move to the new tooling soon? Let me know at mdesmond@reddevnews.com.
Posted by Michael Desmond on 08/12/20080 comments
Brian Chess has forgotten more about application security than I'll ever know.
The founder and chief scientist of security solutions firm Fortify Software
was a speaker at the Black Hat information security conference that concludes
today in Las Vegas. He also served as host of the
Iron
Chef: Fuzzing Challenge security cook-off at the conference, which offered
attendees a creative alternative to the usual 60-minute PowerPoint presentation
format.
Chess admits that the Iron Chef format -- cribbed from the popular cable TV
show of the same name -- hardly imitates real-life conditions. Under the format,
two security experts have 60 minutes to discover and exploit a code flaw in
an open source multimedia server application. One contestant is armed with static
analysis tools, while the other uses random fuzz testing. At the end of the
hour, the experts present their findings and work to judges, who select a winner.
"Like the 'Iron Chef' TV show, it's utterly ridiculous that you can take
what a chef does and present it as a competition based on what they do in an
hour," admitted Chess, who said the format lets "the audience feel
like they were more involved and have some fun."
He said the Iron Chef format was valuable in letting attendees see how the
vastly different approaches could be used toward the same goal.
"By far, my favorite comment from anybody yesterday came from Window Snyder. She's the chief security person at Mozilla and she was one of the judges," Chess said. "She came away with a much better understanding of the capabilities of static analysis and that was a really good deal."
In an e-mail exchange, Snyder wrote: "Fuzzing has been very successful for us and found lots of vulnerabilities. My experience with static analysis has been that there are so many false positives that it can be difficult to get any real value out of it. I was impressed that these guys were able to identify what appears to be a significant issue in such a short period of time using static analysis tools, and it made me reconsider whether it was time to take another look at these tools."
One thing the session illustrated is the need for security professionals and
developers to find a common ground in crafting more resilient software. Chess
said that application developers must incorporate security best practices in
their work, even as they partner with security experts. The growing challenge
of securing software demands a blended approach.
"There are two functions here and it is irreducible," Chess said.
"We need to have software developers who will do their best to build the
right thing. And then we need people to come and verify that they did build
the right thing."
Is your organization doing enough to make security part and parcel of software
development? Let me know at mdesmond@reddevnews.com.
Posted by Michael Desmond on 08/07/20080 comments
As far as I know, my father cannot count to three. Growing up, when my younger
brother and I began to fight, my dad would simply begin to count, loudly, and
we would sprint downstairs. To this day, I don't think my father has ever counted
all the way to three.
I bring this up because a recent
Forrester report about Microsoft taking SharePoint online reminded me of
one of my father's favorite phrases: "Take it outside!" Wrestling
in the den? Take it outside! Fighting over the remote control? Take it outside!
Facing keen opposition from services-savvy competitors? Yeah, take it outside.
My father's angry bellows must have echoed off of Mt. Rainier, because the
execs in Redmond have thrown open the shrink wrap to launch online offerings
like Office Live, Windows Live services and, most recently, SQL Server Data
Services (SSDS).
Forrester Research recently published a report, "SharePoint Shoots for
the Cloud," that makes a pretty strong case for Microsoft's new SharePoint
Online offering. Typical of SaaS implementations of shrink-wrapped solutions,
SharePoint Online offers a low barrier to entry, at the cost of limited features,
customization and integration.
In the case of SharePoint Online, organizations get what Forrester's Rob Koplowitz
called "commoditized collaboration," with a feature set that roughly
mirrors that of Windows SharePoint Services found in Windows Server 2008. As
an on-ramp to selling full-on Microsoft Office SharePoint Server (MOSS) licenses,
SharePoint Online seems like an interesting strategy.
What's more, there's little opposition from IT orgs. According to the report,
fully 40 percent of surveyed enterprise and SMB organizations say they already
use SaaS for collaboration tasks such as e-mail, IM, Web conferencing and team
workspace.
From a development perspective, SharePoint online offers a way for companies
to test the waters and determine, at least in a limited fashion, what they really
want to do. And if your IT management is rigorous enough, the approach can prevent
wildcat SharePoint Server installations from producing integration and migration
headaches down the road.
At the end of the day, however, my father's advice only gets you so far. Because
it's the content management, forms handling and business intelligence features
of the full-blown SharePoint Server that let corporate developers add value.
And until your organization is willing to make an investment to bring all that
in-house -- and to manage it effectively -- the opportunities remain pretty
limited.
Is your company looking at SharePoint Online, and if so, why? Let me know at
mdesmond@reddevnews.com.
Posted by Michael Desmond on 08/05/20080 comments
Anyone who has spent more than a few hours in front of late-night TV has seen
the unintentionally funny commercial for the Hair Club for Men. You know, the
one where the company president proudly announces: "I'm not just the president,
I'm also a client."
Well, Paul Kimmel, longtime enterprise application developer and author of
the new book LINQ
Unleashed for C# (Sams Publishing, 2008), has had a hair club moment
of his own. Only in Kimmel's case, it's over the Language Integrated Query (LINQ)
data access technology introduced as part of .NET Framework 3.5 and Visual Studio
2008.
Kimmel, you see, was more than a little skeptical about LINQ when he first
heard of the technology. To his mind, LINQ couldn't fix what was already wrong
with SQL, which he felt lacked the simplicity and consistency of natively object-oriented
code. But when he set to work to write LINQ Unleashed for C# (in part,
he said, to get a "continuing education"), something funny happened.
"I just decided to give LINQ a second look, and as I started to explore
and use it, I realized it was a well-conceived extension of the architecture
and tightly integrated," Kimmel said. "They really didn't just glom
this on here. It was really an evolutionary progression of features and capabilities."
Today, Kimmel is using LINQ in a limited fashion in some of his enterprise
development projects for Electronic Data Systems (EDS). But he expects that
we'll all be seeing a lot of LINQ in the future. The benefits, he said, are
just too great to ignore, especially when developers are struggling with so
many different data access approaches.
"Once you know how to do a left join or how to use aggregation or something
like that, it is pretty much the same, regardless of the technology you are
hitting," he said. "That homogenization of knowledge, where I have
to learn one set of grammar for all these different technologies, is a tremendous
lever for what I need to learn to be productive in the enterprise."
Kimmel said it will be some time before LINQ gains widespread adoption. After
all, the industry is still waiting for LINQ to Entities to emerge in its final
form. But Kimmel thinks the technology could help attract developers to .NET.
"The LINQ technology has so many useful tools surrounding it that most
developers are going to be interested, and it may be the thing that moves the
VB6 guys to .NET," Kimmel said, noting: "Nothing is going to get the
FoxPro folks out."
Are you a LINQ skeptic, and if so, why? E-mail me at mdesmond@reddevnews.com
and let me know what you think is wrong -- or right -- about LINQ.
Posted by Michael Desmond on 07/31/200810 comments
It's no secret that power consumption is a worrying issue among datacenter
managers. As system hardware becomes cheaper and energy costs continue to rise,
IT managers might find that they'll spend more to power and cool a system over
its lifetime than to actually buy it.
Which is why guys like Dan Pritchett, a technical fellow at eBay, has moved
beyond thinking about transactions per second (TPS) with his applications to
focusing on transactions per second per watt (TPS/w).
"One of the primary challenges we started to face in 2006 was power. The
datacenters were maxed out and we were still running at capacity," said
Pritchett, who noted that local municipalities were often physically incapable
of delivering enough power to meet eBay's growing energy needs.
Power consumption and efficiency are hardly new; mobile platforms have obsessed
about these issues for years. But the need to reduce power consumption in server
and even client applications has become acute enough that some development organizations
are actively seeking ways to do more with less -- be it in the datacenter or
on the desktop.
Check out this
interesting article, titled "The Case for Energy-Proportional Computing,"
for more on the energy consuming habits of modern servers.
Virtualization has played a huge role in datacenter operations, enabling companies
like Google and eBay to maintain ample hardware redundancy while driving up
utilization -- a key for energy-efficient design.
But dev shops can do more, Pritchett said. He urged dev managers to look to
established best practices and to focus on efficient, scalable designs. At eBay,
for instance, databases are always sharded -- split into smaller pieces -- to
produce optimal scaled performance. "Those things definitely come at a cost," Pritchett said.
"But if you are wanting to move into hundreds of millions of entities in
your system, and you're wanting to deal with tens or hundreds of millions of
transactions per day, that's what you are going to move to."
He also urged developers to work toward parallel programming, so that fully
threaded code can work efficiently across multicore processors. "I think
going forward this is definitely going to be a huge issue. We are going to start
having to leverage the parallelization of the hardware into the app space,"
he said.
Are you worried about the energy efficiency of your apps? E-mail me at mdesmond@reddevnews.com.
Posted by Michael Desmond on 07/29/20080 comments
On
Tuesday
I wrote about a conversation I had with Shaun Walker, founder of the popular
open source DotNetNuke Web application framework for .NET. I wrote about Shaun's
experience founding DotNetNuke and what it's like to be an open source developer
working under .NET.
Based on some of the comments to this entry, I think people might be misreading
the context of the interview. As is clear from the original post, Walker has
enjoyed outstanding access and guidance from Microsoft -- specifically through
the Developer Division (DevDiv) under Scott Guthrie. In fact, it was Guthrie
himself who hooked Walker's team up with key people in Redmond.
When Walker said his team was being ignored, he was speaking specifically of
other groups in Microsoft -- among these being the open source group led by
Sam Ramji. Walker said Ramji's group seems most interested in luring non-.NET
(read: Linux)-based open source developers and projects over to the Microsoft
platform. Native .NET developers -- including DotNetNuke -- just aren't on Ramji's
radar.
And that, Walker thinks, is a shame. DotNetNuke has benefited hugely from the
attention lavished on it by the DevDiv, but Walker believes there are scores
of worthy, .NET-based projects that are just not getting the support they need.
"We're hoping that over time that attitude will change and they will provide
more support for native open source application vendors," Walker told me.
Walker isn't alone in this sentiment. Back
in April, Coding Horror blogger Jeff Atwood spoke at length about his frustrations
with how Microsoft treats open source developers. He went so far as to say that
"open source projects are treated as second-class citizens in the Microsoft
ecosystem."
Walker, for his part, believes Microsoft is heading in the right direction.
"I do think it is going to improve over time. Like anything that is immature,
it does take some time to figure out how to coexist peacefully and collaborate
successfully," he said.
Do you think Microsoft is doing enough for native .NET open source developers?
What would you like to see Microsoft do to improve its efforts to serve this
group? E-mail me at mdesmond@reddevnews.com.
Posted by Michael Desmond on 07/24/20084 comments
"We can't stop here. This is bat country!"
Few lines of prose not written by Douglas Adams have made me laugh out loud
the way this brilliant scene from Hunter S. Thompson did. The quote, of course,
comes from the epic desert driving scene in Thompson's novel Fear and Loathing
in Las Vegas. The author and his attorney are barreling down a desert highway,
so pumped full of drugs and chemicals that the author begins hallucinating badly.
I thought of this moment, remarkably enough, while talking with Shaun Walker,
the creator of the popular DotNetNuke open source Web application framework
for .NET. Back in 2001, Walker had started tinkering with a Microsoft sample
application, called the IBuySpy Portal, designed to illustrate to developers
the value of the then-nascent .NET Framework.
Walker shared his work -- which he called the IBuySpy Workshop -- with other
developers on the ASP.NET community forums, quickly drawing an active following.
It became clear to Walker, and to Microsoft, that he was onto something big.
"I released the original IBuySpy Workshop on Christmas Eve 2002. Within
a couple weeks, there were 5,000 downloads," Walker recalled. "I realized,
'Oh, there is really a need for this kind of application here.'"
Three months later, Walker was in Redmond, meeting face-to-face with Scott
Guthrie, who's now the corporate vice president of Microsoft's .NET Developer
Division (DevDiv). That meeting, five years ago, illustrates that Microsoft
is no stranger to leveraging open source development.
"The DevDiv division at Microsoft is very open, and specifically Scott
Guthrie is very innovative and kind of visionary when it comes to emerging software
development trends," said Walker, who recalled that Guthrie was working
hard to build "a larger, more loyal, more passionate developer community
around the .NET platform."
The message to Walker in 2003 was clear: Bats or no bats, we can't stop here.
Today, DotNetNuke is the largest open source project for the Windows platform,
and among the most popular open source projects on any platform. Walker credits
the active partnership with Microsoft's DevDiv group for helping keep his project
rolling. But he's ambivalent about Microsoft's treatment of .NET open source
developers overall.
"Microsoft has a lot of divisions in the company and I think each division
treats open source differently," he said, describing Sam Ramji's Open Source
Software Lab group as "a marketing division" that seems to ignore
.NET-based OSS developers while working overtime to lure Linux projects to Windows.
By the same token, Walker noted, the Office division responsible for SharePoint
development seems to largely ignore DotNetNuke, despite its competitive threat
in the arena of Web publishing, collaboration and document management.
Walker's experience is enlightening. As Microsoft struggles to adapt to open
source development, services-based software and cloud computing, it's important
to keep in mind that Redmond is no monolith. Far from it, the company can be
stubbornly, frustratingly, diverse.
"I don't think we're being treated as a threat," Walker said. "We're
being ignored. Embraced by some, ignored by others."
Posted by Michael Desmond on 07/22/20087 comments
Back in the heat of the democratic presidential primary race, I used to joke that newly-minted front runner Barack Obama was running against the reanimated zombie corpse of Hillary Clinton. For months, it seemed, Obama would score an emphatic victory, only to give Clinton new life a week or so later with a sub-par result. Obama's failure to close out Clinton helped produce an unnecessary, months-long chase that nearly destroyed both candidates.
The lesson is simple: Let a candidate or an issue or a problem linger long enough, and it will take on a life of its own and strangle you, like something out of a Sam Raimi movie.
The International Organization for Standardization (ISO) has apparently decided not to make that mistake.
Back in April, the Office Open XML (OOXML) file format specification earned enough votes to gain ratification as an ISO standard. Four nations -- Brazil, India, South Africa and Venezuela -- later filed appeals alleging flaws in the process. Under the ISO process, OOXML was set aside while the appeals were reviewed. Now it appears the ISO is recommending that those appeals be denied.
Industry watcher Andy Updegrove, who blogs extensively about technology standards issues at consortiuminfo.org and co-founded the Digital Standards Organization, last week obtained a letter indicating the group's recommendation. He says the decision to ignore the valid complaints of member companies exacerbates a process that had been overwhelmed by the high-stakes OOXML effort.
"What we have seen is that the system really isn't that healthy when it comes to a hotly contested standards war. When that happens, rules and processes that may work well in a collegial environment can break down badly," Updegrove said in an e-mail exchange. "In my view, though, it goes deeper than this, however, in that I think that some of the judgments made by ISO in managing the process were terrible -- such as scheduling a one week Ballot Resolution Meeting to resolve 1200 issues."
The problem, Updegrove said, is that the ISO directives provide no mechanism for appealing ISO judgments. And Updegrove, for one, believes the ISO likes it that way.
"What I think you see here is a portrait of a comfortable management that has made some terrible calls, and yet is protected by rules that make them almost immune from being called to task," he complained. "Hundreds, if not thousands, of standards professionals around the world have been put through the wringer during this process, and those that have gone through the domestic heat to file appeals are now being told that their job is simply to take whatever they are told to do, no matter how ill-considered those requirements may be."
All that may well be true. But I think there may be another, more existential reason for the ISO's recommendation. The organization did not want to create the reanimated zombie corpse of the OOXML standards fight. The first go-around was bad enough.
Posted by Michael Desmond on 07/15/20081 comments