April 21, 2008 | Comments: (0)
Is "professional software developer" an oxymoron?
I've been reading Emergent Design: The Evolutionary Nature of Professional Software Development by Scott Bain (Addison-Wesley, 2008, $49.99, 0-321-50936-6). I'm finding it a thoughtful book, which makes a good case for the adoption of patterns, refactoring, and test-driven development.
On the other hand, Bain leads with the premise that software development is not currently a profession. Why is that? It's not a matter of being paid for the work: it's because software development is too hard, too unpredictable, too chaotic.
Of course, those are the things that make it fun. Bain admits that as well.
I think it's no stretch to accept Bain's point that medicine is a profession. Bain cites some of the things that go with medicine -- lengthy training, a specialized language, a professional organization, peer review, standards and practices -- as things that define a profession as opposed to a job.
Bain says that software development is by nature a professional activity, and should be conducted as a professional activity. He also says that we're not yet conducting it as a professional activity.
What do you think? Is the phrase "professional software developer" an oxymoron?
Posted by Martin Heller on April 21, 2008 07:36 AM
February 06, 2008 | Comments: (0)
Writing Secure ActiveX Controls
This recent news story touches on a long-standing problem:
The fact is, writing secure ActiveX controls is an art, not a science. To succeed, a software developer has to look beyond the intended purposes of the interfaces, to other purposes for which they might be used.
Say, for instance, that I wrote an interface to upload files to a site, intended to be run on a well-known safe site. If I had written it in a broad way so that it could be used to silently upload any file to any site, then a malicious site could detect the control and use it to upload Quicken files to steal peoples' financial information.
One safeguard is to be noisy about what you're doing. My ActiveX controls pop up simple OK/Cancel permission dialogs the first time they are invoked in a browser session; the dialogs say what they are going to do and what sites they were intended to work on. That's simple, and only mildly annoying. Of course, users tend to get jaded and accept such dialogs without thinking, but darkening the screen and sounding the klaxon horn of doom probably won't help in the long term.
Another safeguard is to actually check the site currently in use. That's a little harder, but it's possible. Internet Explorer supports a service called IWebBrowser2, which has an interface called get_LocationURL. This returns the URL of the calling page as a BSTR, and you can then use InternetCrackUrl from the wininet library to extract the domain and see if it's on your white list of safe or licensed domains.
A third safeguard is to restrict the functionality of the interface. Perhaps I want the control to upload images. If that's the case, I could restrict the file types it will upload to .GIF, .JPG, .PNG, and .TIFF. The control could also double check that the files were valid before uploading them: there's a reason that .TIFF files all have the number 42 in a specific place.
And yes, 42 is the answer to "life, the universe, and everything."
Do you write ActiveX controls? If so, how do you protect them from malicious use?
If you write Flash controls, how do you protect them?
Posted by Martin Heller on February 6, 2008 07:10 AM
December 05, 2007 | Comments: (0)
Volta: Web Development by Tier-Splitting
Microsoft Volta was just posted as a technology preview at Microsoft Live Labs. The short summary is that Volta is a new methodology for creating Web applications. Instead of deciding on your architecture at the beginning, building the tiers and tying them together, you start by building a .NET client application, then designate components to run on the server and client tiers later in the cycle, and let the tool generate the plumbing for you.
The tag line is "Web development using only the materials in the room." Why do I keep looking around for Heidi Klum and Tim Gunn?
Here's the full introduction from the Volta home page:
The Volta technology preview is a developer toolset that enables you to build multi-tier web applications by applying familiar techniques and patterns. First, design and build your application as a .NET client application, then assign the portions of the application to run on the server and the client tiers late in the development process. The compiler creates cross-browser JavaScript for the client tier, web services for the server tier, and communication, serialization, synchronization, security, and other boilerplate code to tie the tiers together.
Developers can target either web browsers or the CLR as clients and Volta handles the complexities of tier-splitting for you. Volta comprises tools such as end-to-end profiling to make architectural refactoring and optimization simple and quick. In effect, Volta offers a best-effort experience in multiple environments without any changes to the application.
Read Paul Krill's news article about Volta here, including discussions with the architects and product managers.
Posted by Martin Heller on December 5, 2007 11:13 AM
February 19, 2007 | Comments: (0)
The other day I got a press release that started:
Sehr geehrte Redaktion,
Letzte Woche sind einige Neuerungen auf http://www.canoo.net livegeschaltet worden: Vorschläge wie bei Google Suggest...
I got a big kick out of reading the German, but I can't expect you to share that. The English translation was given later in the same release:
Dear editor,
Last week the following changes went live at http://www.canoo.net: AJAX Preview similar to Google Suggest...
I had just been reading Ajax Design Patterns by Michael Mahemoff (O'Reilly, 2006, 635 pp., $44.99, ISBN 0-596-10180-5), and I thought to myself: "Ah, the Suggestion pattern. I wonder how they're doing on throughput, since that pattern typically incurs an XMLHTTPRequest call to the server on every keystroke, unless you throttle the calls." When I tried out the site, I was pleasantly surprised at how quickly the word list popped up.
When I opened the back cover of the book and found the Suggestion pattern listed, I turned to the page reference, and reread the entry. Sure enough, the pattern was based on Google Suggest, as well as Kayak, Delicious, and Amazon. I remembered the throughput problem and the throttling solution correctly, but rereading the pattern entry reminded me of several coding details, alternative solutions, and related patterns.
Since reading the GoF Design Patterns book years ago (note to self: where has that book disappeared to?) I have found it useful to think in terms of design patterns for much of my software development work. It has also been useful to refer to design patterns when discussing solutions with other developers. I have found the various extensions to the design patterns useful as well: C# Design Patterns, J2EE Design Patterns, Enterprise Integration Patterns, and Refactoring to Patterns.
Ajax Design Patterns seems to be the right book at the right time. It covers 60(!) design patterns for Ajax development, classified into four groups: Foundational Technology, Programming, Functionality and Usability, and Development. XMLHTTPRequest Call is a Foundational Technology pattern. Submission Throttling is a programming pattern. Suggestion is a Functionality and Usability pattern. DOM Inspection is a Development pattern.
This is an excellent book. I could quibble about the number of minor typos, and I could wish for an updated edition, especially in the area of Ajax frameworks and libraries. On the other hand, the book is supported by a Wiki, so current content is as close as your Web browser.
Posted by Martin Heller on February 19, 2007 06:00 AM
TOP STORIES
ADDITIONAL RESOURCES
- Do you have the power to resolve technical issues with one call?
- Take control of your content- leverage Microsoft SharePoint
- Keeping the E-Mail Flowing
- PS Series Best Practices Deploying Microsoft(R) Exchange Server 2007 in an iSCSI SAN
- Building a Highly Reliable SAN
- Enhancing Your IT Environment with SnapShots
