Dan Griffin's Blog
Comments on security, PKI, smart cards, cryptography, and entrepreneurship.
JW Secure is Solid Gold!
October 24, 2008
I’m proud to announce that JW Secure, Inc. is now a Microsoft Gold Certified Partner. We’ve also completed two competencies: ISV/Software Solutions and Security Solutions.
What does all of that mean? Well, first and foremost, it means that we’re among the top tier of companies in the Microsoft ecosystem, in terms of knowledge and experience, when it comes to building secure software. It also means that we’ve done a lot of custom development projects for a lot of customers and consistently delivered on time and on budget. And, finally, it reflects on our ability to stay ahead of the technology curve - a fact which our customers very much appreciate - and something that we take pride in.
Permalink | Comments (0)Opportunities in Cloud Computing
October 23, 2008
Cloud computing, in which highly scalable virtualized infrastructure is made available over the internet, offers a significant opportunity for companies of all size to increase their return on investment (ROI) in information technology (IT). This is because cloud computing offers pay-as-you-go data storage and processing power that can expand or contract, essentially on demand.
However, before that ROI can be fully realized, changes must take place in the software ecosystem. First, application developers must be trained in order to take advantage of new programming models. Good cloud-capable applications are parallelizable, fault tolerant, and designed with abstractions around message passing and data access. The ability to support remote diagnostics is an important consideration as well.
Second, line-of-business (LOB) applications must be updated, or replaced, to account for the considerations described above. This is not always as bad as it sounds. For example, not surprisingly, collaboration and web-based applications have been the first to bridge this gap.
Third, infrastructure and network operations people must be trained to handle the planning, deployment, and management of this new network resource class. Although cloud computing offers the lure of cheap and easy scalability, short-cuts must not be made when it comes to resource and capacity planning. But again, this is not as bad as it sounds: NetOps staff already understand this problem, they just need to be trained to apply their knowledge to the new problem domain.
Finally and this brings me to the real, near-term, opportunities service providers must evolve to fill-in, as well as straddle, these roles. ROI in cloud computing will only be achieved by an end-to-end understanding of infrastructure, application design, and deployment. Professionals, or small teams, with that sophisticated knowledge and experience will be in high demand. As in-house LOB and NetOps teams ramp-up, consultants will fill the gaps.
The key opportunities are twofold: first, for developers who build an understanding of network capacity planning, load balancing, and scalability. And second, for NetOps professionals who build an understanding of software architecture and design. That’s a tall order, but those individuals will be able to name their price!
Permalink | Comments (0)PDC 2008
October 15, 2008
I’m looking forward to attending Microsoft’s Professional Developers Conference 2008, starting Oct 27. It’ll be my first PDC, actually.
One interesting observation: the agenda shows that Cloud Services has the largest number of sessions (39) by topic. Even more than Windows 7 (22), although that’s the runner-up!
What does that say about what Microsoft thinks is the future of computing, its areas of future revenue growth, and its future investments in technology innovation?
Obviously, cloud computing has got major buzz. And it is a compelling computing model. But don’t forget that the interesting problems are always in integration. Developers will be asking about cloud computing at PDC, and how to take advantage of that new technology, but what they really need to know is how to integrate with what they’ve already got. Namely, a bunch of Windows clients and some servers!
Permalink | Comments (0)Reamping
October 6, 2008
Just learned about re-amping in the latest issue of Electronic Musician. This was after spending a day with Acid Pro, trying to reproduce that old-school trance sound and not having much luck with it. After reading the re-amping article, I feel like a little light bulb turned on in my brain, and then became as bright as the sun. Can’t wait to try it …
Permalink | Comments (0)I recently stumbled across the Java Model Railroad Interface, an cool open source project, although I found it for reasons totally unrelated to the ones that apparently make it relatively famous right now.
Just to get that part out of the way, this page provides a description of an interesting legal battle ongoing between one of the JMRI people and a third party. The third party is claimed to have taken portions of JMRI’s GPL content, patented it, registered a domain name for it, and incorporated it into another product without permission. Pretty bold! It’s considered to be an important case for OSS in general right now. So far, the legal appeals process seems to be siding with JMRI.
Anyway, I found JMRI because, although I’ve been away from the model railroading hobby for many years, I was wondering if exactly this sort of thing existed. Namely, “free” software that allows commodity PC-like hardware to control model trains. And I now know the answer to be Yes.
A conversation with my father, who is a considerably more hard core model railroader than I, made me wonder what the uptake of this technology is likely to be, though. It’s an interesting question, I think, for a number of reasons.
The first reason is that model railroaders have a history of striving to simulate realistic railroad operations on their models. Depending on the era being modelled, computer based control, along with signalling and transponding, are the reality. This is especially true if a modern intermodal shipping operation is being modelled.
For example, these days, any piece of mobile industrial equipment above a certain cost tends to have a GPS locator attached. That’s cool technology, but cost-prohibitive to replicate on a scale model. And yet, with a PC (or MAC, or anything with a network or USB stack and JRT) in tandem with digital command and control (DCC), modelling GPS is actually pretty easy.
Another reason that uptake of computer-based control will be interesting pertains to the evolution of model railroading as a hobby. There’s a different sort of skill required to setup a model railroad versus hooking into a PC. The typical hobbyist won’t have the skills to tackle the latter, although those skills can be acquired just like anything else. On the other hand, newcomers to the hobby are more and more likely to be computer savvy, and possibly looking for a non-work related outlet for those skills.
All of this aside, the argument can certainly be made that computer-based control is overkill for anything smaller than a large club layout (that is, unless simulation of modern shipping technologies is the primary goal). Plus, a typical large model railroading club is likely to have at least one person with deep computer skills, who can then contribute those skills not only to the club layout, but to the layouts of the other individual members as well.
From my perspective, the biggest barrier to adoption of computer-based control is that DCC is a prerequisite, and it’s still cost prohibitive. That is, even though software such as JMRI is compelling and free, and virtually everyone has a computer that could run it, it does you no good unless a DCC command station is deployed. A typical unit, the Digitrax DCS100, is almost $300 retail, and other lesser pieces of equipment are required as well before the functionality offered by the computer hookup becomes interesting.
I haven’t been able to track down a software implementation of DCC - does one exist? I think that’s the future.
Permalink | Comments (0)Part 4 in this series:
Check out the Concurrency and Coordination Runtime, and the benefits it provides for supporting parallel execution as well as synchronization. The Interleave Arbiter, described at the bottom of this page, is particularly cool.
Permalink | Comments (0)Part 3 in this series:
Check out the Velocity CTP, which provides a distributed memory-based cache. The canonical example of its use seems to be scalable storage of session state in an ASP.NET application, such as for shopping cart data.
This distributed caching implementation raises some interesting questions about security model, by the way. Per this blog post from the Velocity team, a typical configuration is for the cache to be exposed as a system service listening on a high port (22234 in that example).
In a typical deployment, I wouldn’t be surprised for data to be read from a persistent store, such as a SQL back-end, and then end up in the session state (and hence in the distributed cache). Is that data sensitive? Does the user’s credit card number end up in the session state? It’s one thing to protect the data in SQL; there are robust principal-based access control solutions for that that most administrators and developers are at least aware of.
But applying equivalent access control to a port is tough. I guess the best solution will be firewall rules that specify which sender IPs are allowed. That’s harder to administer, though, and it’s never handled by the application installation and configuration programs.
By the way, if you need a production distributed caching solution, I recommend checking out Seattle-based ScaleOut Software, which has had something similar on the market for several years.
Permalink | Comments (0)Part 2 in this series: check out the FILESTREAM feature in SQL Server 2008. This provides more robust support for associating large, unstructured “blob” data with the table row to which it belongs. The most obvious example that jumps into my mind would be the back-end for a site that serves videos.
This blog post series is a good introduction.
Permalink | Comments (0)Been researching new developer content opportunities recently and wanted to post on a few of them to see what sort of response they generate.
The first is socket support in Silverlight 2. This feature allows the Silverlight application to communicate directly with a web service, for example, using an asyncronous programming model. Looks like one of the best introductions is this blog post.
Permalink | Comments (0)
