Not Only SQL

NO SQL is basically a highly scalable disruptive data storage technology. The basic downsides included proprietary APIs (no standard SQL), evolving capabilities, loads of vendors, lack of skills.

Here’s some information from the net…

FoundationDB – has the added advantage of providing data consistency.
 
MapR - SQL capabilities over large-scale distributed systems including Hadoop and NoSQL databases
 
GridGain - brings in-memory capabilities to MongoDB. Achieves elastic scale and automatic transparent re-sharding
 
Scientel - Gensonix® stores structured/unstructured data in Relational, Hierarchical, Network, and Column formats, and scales to trillions of real-time transactions.
 
Accumulo - enable online model building and dynamic indexing to support both retrospective analysis and enrichment of streaming data.
 
Microsoft - Windows Azure Tables offer the best of both scalability and ACID guarantees.
 
RavenDB - a schema-less document database that offers fully ACID transactions, fast and flexible search, replication, sharding, and a simple RESTful API
 
eXist-db - High-performance native XML database engine and all-in-one solution for application building.
 
Cloudant - providing strong-consistency for single-document operations.
 
Aerospike - optimized for SSDs through a highly parallelized, distributed architecture.
 
StarCounter - an in-memory database that processes millions of database transactions per second on a single machine.

Intellectual Property: Current Trends and Issues in I.T.

Introduction

Open source software, out-sourcing software development and contract programmers pose intellectual property theft exposure for companies today.

More brick-and-mortar corporations are investing heavily in I.T. In-house software development teams come with additional responsibility and risk for the leaders. As more and more software products use component-based technologies there is an increased chance of using open-source products without understanding their licenses.

Consultants and contract workers are hired for software development projects in addition to permanent employees to reduce time to market. Software development work is outsourced to other countries to cut I.T. spending. All these strategies have once common negative aspect – violation of intellectual property rights and subsequent legal action.

In this paper, I explore these three strategies in brief detail and determine the risk and exposure relative to intellectual property violations.

Intellectual Property Issues in the I.T. Department

According to independent research conducted by Forrester, CIOs of $ 1 billion-plus companies cite “Intellectual Property Theft” as the type of IT security incident that poses “the most threat” to their company’s business (see Figure 1). Four out of ten CIOs don’t think they spend enough on the most important security threat. Although malicious code and intellectual property theft pose 60% of all risk, and 70% of CIO’s approve IT budgets – yet 40% think not enough is spent on security.

Most often the core differentiator of companies is its business processes, strategic information systems, and technology. Outsourcing forces the company to reveal its internal business processes to vendors. Certain companies do not have strict intellectual property laws. Forrester’s Stephanie warns “North American and European companies should not consider China a viable location for software development and maintenance support. The market is too immature, and the problems associated with this immaturity - a lack of English language skills, the legal and regulatory environment and lack of intellectual property laws - make China too risky today.”

Often open source software is used by IT teams to build software products. Several software frameworks are available to be downloaded for free. What several companies, architects, developers and programmers fail to comprehend is that open source is not the same as “free”. Open source software is licensed. However, most open source license types like Berkeley Software Distribution, Free Software Foundation, or General Public Licenses lack indemnification.

The “as-is” aspect of open source software is risky. There is a possibility that part of open source software “copied code” from some other licensed product. It is very difficult for the companies to identify or compare open source with licensed software products to identify theft. This exposes the company using open source software to lawsuits from companies claiming that the open source software violates their intellectual property rights.

(Figure 1)

Contract workers often are hired for short stints to work on software development and testing. This type of work needs full developer-access privileges on the source code. The obvious risk is to the code being stolen or exposed to others.

Three Regimes that protect IP

Trade secret classification, copyright and patents serve to protect intellectual property under law. In addition, compliance requirements of law such as Sarbanes-Oxley, Gramm-Leach-Bliley and HIPAA are driving software development shops to protect intellectual property, ensure privacy, and aim for correctness in development products and practices.

With time, Trade Secret laws are being tightened. Trade secret plaintiffs sometimes would couch their claims under other, alternative titles, such as "common law misappropriation," "unfair competition," or "breach of confidence." The tactic was often a deliberate ploy to avoid complying with state Uniform Trade Secrets Act [UTSA] statutes. California is the first state that pre-empts such attempts. As more states follow suits, trade secrets laws will be more and more effective.

1998 Digital Millennium Copyright Act that amended the copy-right statute, defeating any technological control that controls access to a computer program in order to make even a legitimate backup copy is infringement. Computer games almost always have copy protection built in, and defeating the controls would be infringement. DVDs are encrypted, another type of technological control.

Challenges to Intellectual Property by the Internet and Technology

Technology is an enabler for both innovation and crime. Companies spend millions in research, design and development. All this information is stored digitally in software files. These portable electronic files make theft easy. Software files can be copied to Floppy disks, CD-RW disks, memory sticks, or other digital RW media and sneaked out of facilities.

Files can be uploaded to web-sites or e-mails from a secure machine to the Internet. Worse, it is possible to install “spy-ware” that can regularly scan machines and upload files automatically.

Websites can screen-scrape or use portal technologies to “grab” published web-pages from other websites and present them as their own. Website mirrors can be created which give access to content of other protected websites.

Hardware theft can result in the same effect. A knowledge worker’s laptop containing critical engineering designs can be invaluable to the knowledge thief. CEOs have the greatest fear of loosing their PDA or laptops.

Conclusion

Although protection of intellectual property is a key issue in the United States, a challenge in the future will be to ensure the same standards across nations. The Patent Cooperation Treaty is a first step in that direction, while it is gaining support in developing nations, like Oman, it is yet to be seen as an effective measure against software piracy and intellectual property theft.

While laws and precaution protect intellectual property, the threat of exposure will continue to increase with technological advances. The proper use of technology is closely related to the ethical and social constituent of nations. At the core of the problem are people and their honesty and integrity. As long as money governs societal well-being, human greed for money will bulldoze over anything that comes in its way – including intellectual property rights.

Reference:

1. Moore, Stephanie: Planning Assumption IT Trends 2004: Offshore Outsourcing. Forrester Research Report. (December 2003)

2. Laura Koetzle with Charles Rutstein, Angela Tseng, Robert Whiteley. How Much Security Is Enough? Forrester Research Report.(August 2003)

3. Nikos Drakos, Alexa Bona. Questions and Answers on Open-Source Licensing. Gartner Research. (October 2002)

4. Vijayan, Jaikumar. Security Expectations, Response Rise in India. Computer World, Vol 38, No. 5. (August 30, 2004).

5. Graves, Tait. A Trade Secret By Any Other Name is Still a Trade Secret The Intellectual Property Strategist. April 7, 2004, NEWS; Vol. 10; No. 7; Pg. 3

6. National Commission on New Technological Uses of Copyrighted Works. Making backup copies violates law. Information Outlook, July 2004 v8 i7 p32(2)

7. Business News Publishing. Patent Cooperation Treaty Oman joins the treaty. (2001)

Java SE Security APIs and Frameworks

 Java SE has a deep foundation for security – there are a variety of APIs and frameworks that plug on top of various security impls.

1. JAAS: Java Authentication and Authorization Services
2. GSS: Generic Security Services. Think Tokens.
3. JCE: Java Cryptography Extension. Keys and Ciphers.
4. JSSE: Java Secure Sockets Extensions. SSL and TLS.
5. SASL: Simple Authentication and Security Layer. Layer between Client and Server – describes the how. RFC 2222

 

TLS (SSL) is a point-to-point, transient only solution which provides no context, discrimination to content. Authentication, confidentiality and integrity is provided.
MLS (Message Layer Security) is an end-to-end security because it stays encrypted at rest and in motion. It is encrypted by the sender and can only be decrypted by the intended recipient. It does not depend on the transport layer.

Realm is the complete database of users and group, a user is an individual, a group is a collection of individuals, each group or individual can be assigned a key to the locks (aka role). In Java EE you can specify whether to propagate a client identity to the bean container or specify a run as. There is no choice either way but to trust the identify – as there is not authentication data propagated just the identity.

The EJB interoperability protocol is based on IIOP/GIOP 1.2 and CSIv2 (Common Secure Interoperability protocol).

XML Processing in Java EE 5

All of the new Web Services API requires XML processing. Thankfully there have been changes to how Java EE will handle that as well with a fresh batch of updates.

JAXB 2.0: Improves vastly over JAXB 1.0

W3C XML Schema features (fixes missing bindings)

Adds javax.xml.bind.annotation and supports Java-to-XML binding.

Reduction in generated schema-derived classes.

Validation via JAXP 1.3 validation APIs

Smaller runtime binaries.

Schema compiler, Schema generator and Binding runtime framework.

JAXB 1.0 allowed validation: at unmarshall time, and on-demand validation on the content tree. JAXB 2.0 allows validation at marshall time and unmarshall time.

Streaming API for XML (StAX)

StAX is the all new efficient API for XML, it has a lot of great features:

• Stream-oriented
• Event-Driven
• Pull-design
• Read/WriteYou can create fast, light-weight, bi-directional parsers that is easy on the heap.

JAXP (Java API for XML Processing) family includes StAX, TrAX, SAX, and DOM. StAX is good for low memory and limited extensibility applications.

Pull Parser – simpler than SAX, more memory efficient than DOM.

SAX can’t write – and isn’t bidirectional. DOM is way more powerful and flexible. One would dump SAX for StAX. An iterative pull parser – stax, an event driven push parser – then go for SAX.

I can’t see anyone using SAX anymore. Why would you? Unless you don’t want a cursor and iterator concept in your code – or you simply hate procedural and believe everything should be read-only events for XML processing. XMLStreamReader or XMLEventReader are the Cursor and Iterator APIs – well, Iterator APIs can do things a Cursor cannot do: Iterator is more extensible and flexible. Cursor is efficient, performant and memory friendly – ideal for small JVMs and JME

JAX-WS in Java EE 5

JAX-WS: Java API for XML Web Services. Does message oriented as well as RPC oriented services. Hides complexities of SOAP. No need to generate or parse SOAP messages (or understand the structure or format).

The JAX-WS endpoints must be annotated with @WebService or @WebServiceProvider. The business method must be annotated @WebMethod – a Service Endpoint Implementation (SEI) will be generated for this. JAXB compatible parameters are required.

Um, if you think Web Services or Clouds are NOT important, I hope the following stat will convince you.

 

The Client needs @WebServiceRef – the reference to the service (or wsdlLocation). Get the port from the service and then invoke the exposed method on the service. Yes you need the interface to the service.

JAX-WS 2.0 Support WS-I Basic Profile Version 1.1, SOAP 1.1 and WSDL 1.1.

There is support for doc/lit, rpc/lit, static ports, dynamic proxies, and DII.

All in all JAX-WS seems like a winner!

Well, can you still use SAAJ? Yes – it gives you direct access to the SOAP protocol and the SAAJ 1.3 API supports SOAP 1.1 and SOAP 1.2 specifications.

<Message>

<Part>

<Envelope>

<Header>

</Header>

<Body>

</Body>

</Envelope>

</Part>

</Message>

You can have Attachment Parts as peers to the Part. all Under the soap message but outside the envelope.

The attachment part will contain MIME headers and the content (any).

Um – BTW – you can use JAX-B to send SOAP Attachments too – so why would you want to bother with the SAAJ APIs is going to remain a mystery. But it’s there.

Distributed Garbage Collection and Stub Downloads–and other dirty solution architecture alternatives

Technology choices can make the difference between meeting the customers’ immediate needs and failing to complete a project on time. No can do if you’re using IIOP. If you’re still stuck in CORBA or IIOP, and trying to get remote objects talking to one another – don’t expect RMI-IIOP to help do what pure RMI does – DGC. Stub downloads and DGC are never going to be supported across technologies – it’s not possible to standardize it.

Think about refactoring to expose encapsulated business services instead. Use HTTP – it is connection based and stateless. Alternatively think about using messaging architectures, if you are at the systems programming level – IP Multicasting can be used of TCP that can serve as an unreliable messaging infrastructure – but it can also have layers of high speed health checks and retry mechanisms built. Virtual channels like queues (p2p) and topics with durability attributes can be used as well.

If a non-EJB Java application requires integration with your CORBA system, Java IDL is officially recommended – the communication protocol then is native IIOP. CORBA clients needs to talk to Java, Java IDL on the client end don’t make sense. If you want to integrate with the mainframe, and all you need is some fancy GUI, but the mainframe source code is unavailable – guess what? Screen scrapers via terminal emulator inputs may be recommended. Depends. If the goal is to meet the customer’s need quickly – don’t forget to do a trade off analysis and make target state recommendations. An architects job is to accelerate business not make perfect solutions at all costs. Judging trade offs is where we make money for the clients. Know when where and how to make short cuts if needed. Use a reverse proxy to target different servers for servicing different types of requests. Have failure management systems up to the wazoo. Avoid EJBs if you have no need for transactions and business logic in the solution. KISS.

If you must use CORBA and RMI-IIOP (for EJB type communications), and Session Beans provide good memory management like Pooling and Passivation (SLSB & SFSB). If you must integrate with existing native C++ code/business logic, it is advisable to wrap that with JNI calls, and remote it via RMI. Don’t over use web-services if you don’t need a business service. SOA isn’t API over the web.

All in all, Java IDL is business as usual for CORBA programming. Use RMI-IIOP is for Java programming over IIOP, it can interoperate with CORBA objects but those interfaces must be available as Java RMI. If you must use pure IIOP – then you have existing CORBA objects in play that can’t have Java interfaces – so you must use Java IDL. CORBA provides lots and lots of nice services; Naming Services, Security, Transaction Service, Event and Concurrency Control.

Regardless of how you meet your customers’ expectations – plan to leave them with an awesome build/deploy strategy & matching execution.

Google Chrome @ 5% (almost)

Google Chrome is now the 3rd most popular browser in the world.

According to recent reports here and here, Google's Chrome has overtaken Apple's Safari in the browser wars. While still at less than 5% chrome is no match for Microsoft's Internet Explorer which is slightly above 62%. Chrome is gaining strength quickly mostly due to two quality attributes: speed and reliability. Chrome is noticeably faster than Opera, IE, Firefox and Safari. It's reliability is unsurpassed due to its multi-process architecture.

Coming in at #3 just months after it's GA release is commendable. With new features like bookmark sync and support for themes and plug-ins it will rival the # 2 spot in a couple years, eating away Microsoft's and Mozilla's share.

Initialize Interpid Ibex

Well well - I decided to remove Vista from the Vostro, downgraded to XP and dual-booted with Ubuntu 8.10

Installation was smooth as ever and grub worked perfectly. Dell ships with these broadcom network adapters that need b43 drivers - thankfully these are provided with the new dist.

There is a bunch of software that I typically need/want/desire - here are the steps to get it

I don't mind free closed-source software, so edit /etc/apt/sources.list & enable what's disabled.

Enable medibuntu:

sudo wget http://www.medibuntu.org/sources.list.d/intrepid.list -O /etc/apt/sources.list.d/medibuntu.list

sudo apt-get update && sudo apt-get install medibuntu-keyring && sudo apt-get update

Now go for the mass install - remember Google & Sun want you to agree with their license terms - so keep an eye out for those when the time comes tab to Ok and hit enter.

sudo apt-get install python python-central python-gtk2 python-compizconfig compizconfig-settings-manager amarok flashplugin-nonfree amule audacity azureus banshee bluefish dvdrip filezilla msttcorefonts gnucash gstreamer* gtkpod-aac sun-java6-bin sun-java6-javadb sun-java6-jdk sun-java6-jre sun-java6-plugin k3b kino mplayer mozilla-mplayer quanta kompozer scribus xchat-gnome bittornado bittornado-gui sound-juicer helix-player mozilla-helix-player googleearth acroread mozilla-acroread non-free-codecs ubuntu-restricted-extras libdvdcss2 opera xine-ui xine-plugin xmms2 xmms2tray xmms2-plugin-airplay xmms2-plugin-alsa xmms2-plugin-ao xmms2-plugin-asf xmms2-plugin-asx xmms2-plugin-avcodec xmms2-plugin-cdda xmms2-plugin-cue xmms2-plugin-curl xmms2-plugin-daap xmms2-plugin-faad xmms2-plugin-flac xmms2-plugin-gme xmms2-plugin-gvfs xmms2-plugin-ices xmms2-plugin-icymetaint xmms2-plugin-id3v2 xmms2-plugin-jack xmms2-plugin-karaoke xmms2-plugin-lastfm xmms2-plugin-m3u xmms2-plugin-mad xmms2-plugin-mms xmms2-plugin-modplug xmms2-plugin-mp4 xmms2-plugin-musepack xmms2-plugin-normalize xmms2-plugin-ofa xmms2-plugin-oss xmms2-plugin-pls xmms2-plugin-pulse xmms2-plugin-rss xmms2-plugin-sid xmms2-plugin-smb xmms2-plugin-speex xmms2-plugin-vocoder xmms2-plugin-vorbis xmms2-plugin-wma xmms2-plugin-xml xmms2-plugin-xspf vlc vlc-data vlc-dbg vlc-nox vlc-plugin-arts vlc-plugin-esd vlc-plugin-ggi vlc-plugin-jack vlc-plugin-pulse vlc-plugin-sdl vlc-plugin-svgalib thunderbird skype

Note: When you run Google Earth ensure that you have not Desktop Effects enabled.

This should provide nearly all the functionality that's needed for a baseline O/S installation.