Thursday, December 23, 2010

The Hammer and the Anvil

“Hephaestus created Hermes winged helment and sandals, the Aegis breastplate, Aphrodite’s famed girdle and Agamemmnon’s staff of office.” ~ IIlad II Homer

The software model used predicates the architecture of the application, its use and design and generally how easily the software may be maintained and updated through its life-cycle. There are many formal software models that have been developed; the most popular is the Waterfall, there is also Agile, Big Design, Chaos, Iterative, Rapid Applciation Development, Bhoem Spiral, V-Model’s. [i] 
There are as many methodologies as there are models to software development, these include Agile, Clean room, Iterative, RAD, RUP, Spiral, Waterfall, XP, Lean, Scrum, V-Model and TDD. [ii]

Each of these models have their respective strength’s and weakness; the analysis of all of them would be far too comprehensive for discussion; AJAX being developed by developers trained to use these models however is closer as a methodology to XP, AGILE, RUP and the Waterfall models. With respect to Rich internet applications, AJAX is more of an interface standard than anything else.

As a specification AJAX is great for users, good for servers and excellent for computers. It’s great for users because it removes the tedious aspects of user input within forms and transitions within websites. It’s great for servers because it limits the interface with the client to only what is needed when it is needed. IT’s excellent for computers because it distributes the processing requirements actively from the server to the client and can be used to reduce the cost of running the servers.

Good software design is a very subjective statement; ask a hundred developers what “Good software design is” and you will receive a hundred answers each equally cryptic and unique. Upon further study themes would begin appear. The Systems development life cycle or SDLC for short is the fruits of such work.[iii] The goals of any systems produced using Secure SDLC and SDLC are to produce high quality systems that are maintainable inexpensively, operate in a secure fashion and may be enhanced cost effectively.[iv]

AJAX is good for web-applications, it’s great for instances where applications are running within a client browser; that’s its prime function; and its prime limitation. Software applications run on plethora devices; not all of which are connected to the internet. I do not think we will ever see an implementation of AJAX based software on devices that are used in the automotive industry. AJAX would not be implemented in any systems that are using the MOST protocol to communicate.[v]
AJAX is useful for mobile applications on smart phones which are now the largest emerging device market on the planet; even though there are a number of challenges for smart phones as a platform since the client side processing available is quite limited[vi]; As the Smartphone as a platform increases its computing capacity AJAX will become more common. It’s also great for any web based application which is another large chuck of the application industry.

AJAX will definitely aid in the forward evolution of web-development on many fronts as it’s use simplifies form interaction for both the end-user and the server. I see AJAX as a standard requirement for web application development.

Just as the Hammer, anvil and clamps were Hephaestus tools used to create articles and items of legendary beauty, AJAX is standard that is used to create beautiful and elegant web-tools for people.


References

[i] N.A. (Wikimedia, 2010) Software Development Process: Software Development Models [Online] World Wide Web, Available From: http://en.wikipedia.org/wiki/Software_development_process#Software_Development_Models (Accessed on December 23rd 2010)
[ii] N.A. (Wikimedia, 2010) Software Development Process: Software Development Models [Online] World Wide Web, Available From: http://en.wikipedia.org/wiki/Software_development_process#Software_Development_Models (Accessed on December 23rd 2010)
[iii] N.A. (Office of Information Systems, February 17 2005) Selecting a development Approach [Online] PDF Document, Available from http://www.cms.gov/SystemLifecycleFramework/Downloads/SelectingDevelopmentApproach.pdf (Accessed on December 23rd 2010)
[iv] Howe, Denis (FOLDOC, December 24th 2000) Systems Development Life Cycle (Online) Available from: http://foldoc.org/Systems+Development+Life+Cycle (Accessed December 23rd 2010)
[v] MOST Consortium (MOST, 2010) Introduction to the MOST Protocol [Online] World Wide Web, Available from: http://www.mostcooperation.com/technology/introduction/index.html (Accessed on December 23rd 2010)
[vi] N.A. (StackOverflow, N.D.) AJAX Support in Smart Phones [Online] World Wide Web, Available from: http://stackoverflow.com/questions/849850/ajax-support-in-smart-phones (Accessed on December 23rd 2010)

Friday, December 17, 2010

The Changing nature of web-development

Web services are defined as any service or function delivered via hypertext transfer protocol (HTTP) offered via the Internet and executed remotelyi.
Service Oriented Architecture is defined as a flexible set of design principles used during the phases of and integration within the software development life-cycle of which XML and JSON are commonly used but not required for service coupling.ii
The current state of web-development for most popular web-applications is based on “Foundational Technologies”; a foundational technology is defined as any technology that becomes a base requirement to enable any other technology. Real world examples include how the current state of the multi-billion dollar produce and food industry rely solely upon widespread cheap and available refrigeration and the national and international power grids to maintain product stocks both in warehouses and during shipping to the grocers. If the North American power grid fails; all grocers have blackout sales of any and all frozen produce.
With respect to the Internet; foundational technologies include systems such as DNS, multi-homed peering sites, BGP router gateway protocols, widespread use of TCP/IP and most importantly standardized application programming interfaces such as those created by web-applications to facilitate the exchange of information from system to system using either SOAP, XMLRPC or JASON using standardized methods as defined by the W3C's Web 2.0 conference.iii The basis of for web services are defined as the web as a “platform” where regardless of client operating system or device the web and the browser deliver the desired computing application functionality. This is often referred to as the “Cloud” or “Cloud Computing”.
Essentially web development now has many vertically integrated services that have introduced dependencies on the platform that would have previously been required to be developed and supported internally within the local application and it's framework. This means the development of databases of information to be accessed by the application locally have been moved to the web or removed from the application completely.
The current state of web development is dominated by the use of the cloud as the platform; Microsoft even has commercials using public marketing designed to popularize the term “To the Cloud”, as if it was one of their inventions. Wal-mart's store locater relies upon the use of Google Maps to add relevant and easy to use Geo-location specific information to their clients.
Web services such as Amazon's EC2 cluster allow the direct purchase of computing power delivered through the use of an API designed by them with any choice of transports; The popularity of folding@home, Seti@home and other distributed supercomputing environments are demonstrating how the “Cloud as a platform” is the most powerful super computer. Currently not just web-applications but local applications are now relying upon service oriented architecture and distributed and dynamic capacity to accomplish both complex and amazing science.
The three critical factors in the production of anything as defined by neoclassical economics are “Labor, Capital and Land”iv, the goal of web-development is to produce a usable web-application to serve a dynamic and wide range of people's needs with information. Often this production is based on the two requirements of Labor and Capitol, the “Land” is virtually defined as hosted or rented space within the “Cloud”.
The “cloud as a platform” has reduced the capitol and labor requirements such that a small team of developers can now create entire applications within months. They may rely on third parties for access, authorization, authentication, service maintenance, information transfer and hosting; all of these third parties may only specialize in one particular service as a critical or dependant function.
Currently any relevant web-site as dictated by the popularity of use via ranking services such as “Alexia” have demonstrated that not only must a web-application function within itself, it must depend on external services. Google uses 3rd party maps and satellite imagery to generate Google maps; Microsoft relies on 3rd parties for service delivery; even Apple's iTunes could not function without Pay-pal which was originally developed as a platform for eBay.
Not only does current web-development require the use of web-services, but the business success of any web-application requires that it integrate well with other Web 2.0 sites via these now standardized interfaces. The future of web development is anyones guess as to weather or not JASON, JAVA, HTML, PHP, Javascript, XML or HTML5 become standards; the only certainty is that most platforms will inter-operate to deliver a service to a client regardless of operating system type or browser and that this operation will be seamless. Not because it's cheap, nor because it's simple but because we the users demand it.

References

iRichardson, Lenord, Ruby, Sam; (O'reilly Media, 2007) Restful Web Services P.299 ISBN: 978059652960
iiBell, Micheal (Wiley, February 2008) Service Analysis, Design and Architecture P 2 ISBN: 9780470141113
iiiSharma, Prashant (Techpluto, November 28 2008) Core Characteristics of Web 2.0 Services [Online] World Wide Web, Available from: http://www.techpluto.com/web-20-services/ (Accessed on December 16th 2010)
ivSamuleson, Paul A. Nordhaus, William D; (McGraw Hill, Yale University, 2010) Economics Glossary of Terms ISBN: 9780073511290

Sunday, December 5, 2010

The information warehouse

A data warehouse is defined as the collective content of a collection of databases; usually normalized and sanitized in the process of moving out of an operational database into the data warehouse. It's primary use is for reporting and business intelligence.i

Data-warehousing on the web, or using a cloud to host the data-warehouse presents a number of issues and risks we have listed them in no specific order;

Privacy
Within the United States, Canada and most G8 countries there exists legislation that is enacted to protect the privacy of the citizens of said country. In Canada it's refereed to as the Privacy Act. With respect to digital information in Canada there exists a separate act refereed to as PIPEDAii. With respect to the operations and storage of personally identifiable information, if a company does not take “due care” to protect said information they may end up getting sued by the Crown in Canada for a gross violation of the act; within industry this is known as privacy associated risk. Gross violations include making any of that personally identifiable information available on the Internet, with or without the owners consent.

Security
There are entire volumes written on the appropriate methods for security to be used in conjunction with a data-warehouse; these include concepts such as Logical, Phyiscal and Technical access controls; Formalized data security models, such as Biba, Bell-LaPaullda, and others as mentioned in various U.S. DoD, NIST, CMMI and ISO standards; procedural controls for access including Separation of Duties, Two Factor authentication, biometrics, and various other methods and procedures too numerous to list. All of these standards, guidelines, and procedural concepts are designed to achieve one goal, to ensure that the risk of fraud internal and external sources is reduced to an acceptable level.iii; thus the business may trust the data within the warehouse to be sound.

Availability
Assuming that an organization utilized Software as a Service, or a 3rd party provider for data-warehousing; with the Internet as an intermediary, having a “Service Level Agreement” and “Business Continuity Plan” in place with the provider and including the “Right to independent Security Audits” are critical in nature to the business that conducts the outsourcing. Both the ISC^2 and the ISACA cite the “Right to independent security Audits” as a critical factor in conjunction with High Level Sponsorship; ie; the board of directors signs off on the risks associated with hosting a companies data-warehouse to ensure that various mitigating measures are met to accommodate any and all potential business impacts including the saftey of employees and clients as well as to ensure the business itself is not at risk.iv v

Non-repudiation
The other major issue is the implementation of technical controls and validation and sanitation methods and processes; With either Normalization or Dimensional approaches to be usedvi; the business itself must implement measures to ensure that security and privacy regulations are met; these include the use of encryption of a military grade or greater to assure that client data in transit is protected from unwanted disclosure and that the integrity of the Data warehouse is maintained.

Regulations
One of the major risks to data-warehousing with regards to businesses are the creation of new regulations; Sarbanes Oxley was created to mitigate fraud from an organizational balance sheet, GLBA exists to ensure that Bank's do not engage in reckless behavior with deposits; HIPPA exists to ensure that patient data is not exposed during transit and that insurers and health providers adhere to the privacy requirements of both the public and the letter of the law.

Each of these regulations was created by the American congress to mitigate some major legal issue that arose from industry recklessness; these include the fiduciary and privacy scandals of Enron, MCI world-com, Nortel, TimeWarner, America Online, Investors group, Bank of America and others. The ISACA and ISC^2 stipulate that global policies with local versions that meet any local regulations be enacted in any enterprise that operates on a global scale; however the ISACA state that the data owner must agree to any data transit policies upon submission of any data.

The major issue with regulations and their respective risk to a data warehouse is that the acceptable use and client notifications must include what will occur to the data that is disclosed by the end user and they must also comply to all regulations for all countries that the businesses operates in.

This creates a compound issue where a company collects client information in north America and stores it in China or India for more efficient processing. The major problem is that China and India do not have stellar records when it comes to upholding American privacy legislation. Therefore it is up to the Business to ensure that American legislation and requirements are met within the operations of the third party within it's country of residence. Although this is difficult it requires both strategic oversight and governance form the parent organization.

The nature of organizational change is that global operations will maintain an executive board and security steering committee whom meet to determine the appropriate behaviors to mitigate the above risks, and to meet audit and legal and policy requirements. The person responsible for these operations in most organizations is usually the CIO, CISO or COO. The rise and prominence of information and it's value in the Internet age has created many new and complicated issues. To navigate these waters with clarity adds both to the business value and competitive nature.

How these new requirements affect a web based data-warehouse are that any 3rd party provider of data-warehousing services must meet the regulations and legal requirements for privacy of the country of origin and country of residence.

References
in.a. (Wikimedia 2010) Data Warehouse [Online] World Wide Web, Available from: http://en.wikipedia.org/wiki/Data_warehouse (Accessed on December 5th 2010)
iiGoC (Canadian Parlement, November 14th 2010) Personal Information and Electronic Documents Act [Online] World Wide Web, Available from: http://laws.justice.gc.ca/eng/P-8.6/page-1.html#anchorbo-ga:l_1 (Accessed on December 6th 2010)
iiiHarold F. Tipton (CRC Press, 2010) Offical ISC Guide to the CISSP CBK 2nd ed.
ivGoC (Canadian Parlement, November 14th 2010) Personal Information and Electronic Documents Act [Online] World Wide Web, Available from: http://laws.justice.gc.ca/eng/P-8.6/page-1.html#anchorbo-ga:l_1 (Accessed on December 6th 2010)
vISACA (ISACA, 2009) CISM Review Manual 2010 ISBN: 978-1-60420-086-7
viE.F. Codd (ACM, 1970) Communiations of the ACM “A relational Model of data for large shared banks [Online] PDF Document, Available from: http://portal.acm.org/citation.cfm?doid=362384.362685 (Accessed on December 6th 2010)

The forest and the trees



According to the ISC^2 under the information security governance and risk management section of the common body of knowledge there exist a number of rules regarding the ISC^2 code of ethicsi;

The no free lunch rule” - “Assume that all information and property belongs to someone.”

ComScore states that e-commerce spending neared 34 billion dollars in the first quarter of 2010ii.

Of the 256,000,000 websites on-lineiii; as of 2007 there were 20,000,000 using php this is of 102,400,000 total domains at the timeiv. If we assume these trends have remained constant then we may extrapolate that around 35% to 50% of all web-sites on-line use php scriptingv.

The TIOBE index for 2010 states that PHP falls just behind C/C++, and JAVA in popularityvi.

Most companies which engage programmers to develop applications for them retain intellectual property rightsvii. These rights and applications are the tools used to extract value from eCommerce.

Web development by it's very nature is open; the main issue that business managers have with regards to web facing presence is that they expose the company to a degree of risk; these include the risk of theft of IPviii. Google had it's Intellectual property removed by force and order of the chinese government due to a politicians disdain for his on line presence. Since Google net worth is approaching 5 billion, we can see that this theft of IP would be the equivalent of stealing a bakers oven, or a delivery companies planes, trains and vans.

Legal considerations aside; the future of web development is open, but in a validated escaped vetted and verified manner. As applications become more dependent on web-based technologies; such as the games in facebook, or how salesforce.com can pull contact information from linked in; the sites that work with one another use the number of users as a method to apply a metric from which to derive economic value.

People often quote that facebook is worth x billion of dollars based on the data the web-site retains; however real asset valuation is usually based on revenue plus operations and management plus cash in hand and holdings. Far too often do we as investors assign value to worthless ideas. Facebook is based on enabling a distributed community of people to tag meta data within digital photos. This idea is patented formally and coded on the platform that is facebook.

The future of web development will have greater interconnectivity, however these levels will be offset by the needs for the enforcement of privacy legislation and both local and non-local security interests.

The nature of how future web-sites will communicate may involve active security testing as part of the web-sites operations and api development; DNS based secure validation may also be required for all domains, further to this we will also see a rise in privacy violations made by companies since they are often neither enforced nor punished legally for doing so.

I see a forest of many brilliant trees with fireproof bark whose branches only cover certain valuable areas; the mycelium of this forest is ironclad and paid for.

Future web-sites will be service level based connections that are agreed upon by the various data holders; such as facebook, google and the like, and they will probably be fortified by in-line detection of any and all valid code and transactions, mired in legal requirements and legislation and audited by many security personnel.

As the internet grows and adoption continues to rise in global adoption; the future of website development is very open, the nature of the back end of websites is becoming far more closed and restricted. This is to protect the investment of both human and real capitol in the development of these most brilliant tools.


iHarold F. Tipton (CRC Press, 2010) Offical ISC Guide to the CISSP CBK 2nd ed. P.495
iiN.A. (comScore, Marketing Charts) Q1 E-commerce spending rises 10% [Online] World Wide Web, Available from: http://www.marketingcharts.com/direct/q1-e-commerce-spending-rises-10-12982/?utm_campaign=rssfeed&utm_source=mc&utm_medium=textlink (Accessed on December 5th 2010)
iiiN.A. (Netcraft ) Web Server Survey [Online] World Wide Web, Available from: http://news.netcraft.com/archives/category/web-server-survey/ (Accessed on December 5th 2010)
ivN.A. (php.net) Usage Stats [Online] World Wide Web, Available from: http://php.net/usage.php (Accessed on December 5th 2010)
vSeguy, Damien (nexen.net, 2008) All statistics related to PHP [Online] World Wide Web, Available from: http://www.nexen.net/chiffres_cles/phpversion/ (Accessed on December 5th 2010)
viN.A. (TIOBE Software) TIOBE Programming Index for November 2010
viiNicholson, Andrew (FindLaw, Austrialia) Without Employment Contracts employeers risk losing IP [Online] World Wide Web, Available from: http://www.findlaw.com.au/articles/2269/without-employment-contracts---employers-risk-losi.aspx (Accessed on December 5th 2010)
viiiThomsan, Ian (V3.co.uk, November 29th 2010) Wikileaks Cable showed that China politburo oreded Google Hack [Online] World Wide Web, Available from: http://www.v3.co.uk/v3/news/2273507/wikileaks-google-china-cables (Accessed on December 5th 2010)