Category Archives: General

All things general

Next Generation SOA book – part of the Thomas Erl Series

14 Sunday Sep 2014

Posted by in Book Reviews, Books, General

1 Comment

Tags

, , , , ,

I recently contributed to the prepublication review of the Next Generation SOA book. Aside from offering feedback, I also provided some praise for the book which has been published at servicetechbooks.com/nextgen and quoted below …

“This is the perfect book for anyone who wants to refresh, or get a handle on the foundations of SOA without delving into the deep technical details & implementation specifics. By working from the principles, the book shows how the SOA concepts and goals have matured, influenced and grown with technologies such as Master Data, Virtualization and Cloud. The book points to other volumes in the series for the depth of detail and technicalities, allowing you to get the broad picture view and without any vendor colouration.”

– Phil Wilkins, Enterprise Integration Architect

I would actively recommend the book to anyone who has an IT leadership role.

IMG_0099.JPG

Adopting Collaboration Tools in the Workplace

14 Sunday Sep 2014

Posted by in General, Technology

Leave a comment

Tags

, , ,

I was recently reading an article from MIT Sloan about the use of collaboration tools in the enterprise. The article made the point that collaboration tools are being introduced into the workplace, but not being effectively leveraged and people continuing to use email. I think there is a correlation here to some of the statistics for mobile and web applications.

So let me start with some facts, and some thoughts before I bring it back to the point about office collaboration.

We know from research from organisations such as PEW (general view of use, older generation view) that there is a correlation between age and use of mobile devices, and mobile apps. This I believe reflects on technology in general. As collaboration technology goes, it is a fairly young set of ideas. Although many will associate collaboration with social – there is a difference when social is more simply just sharing information. Collaboration is not just sharing but collectively working on assets such as documents.

Add to this a view of the demographics of any enterprise leadership (although IT is something of an exception) and you will see that leadership is an older generation (illustrated by this FT article). So, understandably less likely to lead an organisation into technology adoption.

Add to this the constant noise and increased pressure on information security, remembering that the most harmful security compromises originate internally. So with this sort of consideration you’re likely to see downward pressure to keep things tightly controlled. Such tight reigns seriously impact collaboration from my experience.

The last key thread, is the fastest way to encourage adoption of something is for the executive and senior leadership visibly adopt something. Organisational role comes with an inferred command (a well established piece of psychology) best illustrated by a story where a chief exec wanted to motivate staff, so spent time wondering around talking with his staff, and in doing so made observations and suggestions to people thinking he was helping. But as his role inferred a level of command, he sound discovered that those suggestions and ideas had been read as instructions and his staff where rapidly implementing such suggestions.

So here you have a recipe, where executives potentially don’t get the power of collaborative technology, potentially nervous of the security implications and least of all not using position to leverage it. You can see why the technologies aren’t being effectively exploited.

What is worse, is that you will see hotspots of collaboration which will be established by those who get the ideas and will inspire their colleagues. This is the true risk of collaboration as it is unlikely to controlled or properly secured with no contingency or remedial actions in the event of a security breach as those situations aren’t being dealt with by

Mastering Puppet Review

09 Tuesday Sep 2014

Posted by in Books, General, Technology

Leave a comment

Tags

, , , , , , , , , , , , ,

Packt’s Mastering Puppet kicks off with substantial first chapter on how to setup Puppet in a manner that can then scale. The core of this is driven by an explanation of the constituent parts of a Puppet solution and where the workload is. In terms of execution this is as much about understanding the configuration of things like Apache, Passenger and Ningx as it is Puppet. As part of the explanation there are indicative numbers in terms of supportable scale which reflects the knowledge of the product.

Looking at configuration distribution for headless deployments with Git is a solid well considered piece and the writing suggests considers all the needs of a solid deployment of a production quality solution such as access control, whilst supporting collaborative working etc. it would be interesting to have seen how that would have stacked against capabilities such as Zookeeper.

As we move through the chapters the books continues with more advanced themes such as using Hiera as a object hierarchical framework for managing configuration and on into leveraging Puppet forge and various Git repositories (and the challenges when linking to git repositories of the latest code vs a release). With the repositories we can draw in additional tooling and how to incorporate these capabilities into a deployment. This includes looking at several modules that practical experience from the author would recommend.

By chapter 6 we’re into writing our own custom modules and facts and deploying them. So you can do things such as create modules to manage your custom solutions.

The next natural step is to look at the reporting aspects of Puppet, orchestration through marionette collective (mCollective). Obviously to report you need to gather the activity information, so the book touches on the out of the box (OOTB) approach and moves onto the idea of using IRC; presentation via Foreman and Puppet Dashboard. Finally then with a reporting view, the next step is to dynamically query the nodes in Puppet environment which uses mcollective to communicate back & forth with the nodes.

So now we have a dynamically configurable set of Nodes, which can report and have dynamic querying against the nodes.  Final chapters cover the use of things like PuppetDB, roles & profiles and developing and debugging your puppet environment.

Reading the book, I get the feeling that a fair grasp of Linux system administration would help (i.e. a bit more than the average developer). There are a few useful touches that I think could have been included, such as external references such as man pages for RPM or site for the Pulp tool mentioned. But, as criticisms go, this as much me being too lazy to Google. The only other refinement would be inclusion of some diagrams to support the words. As they say a picture can tell a 1000 words, even if this was to just show the hierarchy or directory structures involved.

Compared to the recently reviewed Puppet Reporting book, this book isn’t for someone starting out with Puppet (but the Packt site says as much). You atleast need to have got some basic understanding or practical exposure to Puppet,  and exposure to a development environment is an added bonus.  So if you’re setting out with Puppet you might consider starting with the Puppet 3 Beginner’s Guide (Amazon) or Instant Puppet 3 Starter (Amazon).  Having got those under your belt, try this book to to really develop the use of Puppet configuration and deployment.  When it comes to reporting I’d look at this book along with reporting book (reviewed here).  This book feels like more options are on offer, but Puppet Reporting is a lot richer (but you’d expect that given the different book emphasis).

In summary – good solid book, full of practical experience and ideas.  But don’t try to use this as a jumpstart to Puppet.

Below are a few links I thought might be helpful as they aren’t in the book:

  • YAML – human readable serialization format
  • Pulp – software repository management app
  • Ruby – Open Source OO programming language
  • Foreman – tool capable of extending puppet to deliver PXE capabilities along with capabilities such as reporting
  • Splunk – BigData style analytics on log files etc
  • Elasticsearch / Logstash / Kibana (ELK) – set of tools to provide analytics against log files
  • ActiveMQ – Apache implementation of a JMS compliant messaging solution used my mcollective

Mastering Puppet at Amazon.

Booking Puppet and SOA

21 Thursday Aug 2014

Posted by in Books, General, Technology

Leave a comment

Tags

, , , , , , , ,

So having been a little quiet on the book review side of things, having had a bit of time away with the family Packt have asked me to take a look at their book Mastering Puppet  (Packt site, Amazon); and excitingly I have been talking with people at Architura (the people behind the Thomas ERL SOA books published by Prentice Hall (Amazon)) and the architecture resources such as SOA Patterns with the possibility of contributing to the pre-publication reviewing of a new book in the series in the next month or so – should be interesting.

Talking of pre-publication reviews Applied SOA Patterns on the Oracle Platform which I contributed reviews to is now publisher on the Packt Site and Amazon.

 

Walk by shooting

19 Tuesday Aug 2014

Posted by in General, Photography

Leave a comment

Tags

, , ,

No, I’m not talking about some weird variation of drive by shooting for malls or that European phenomena of pedestrianized city centres (or some poor joke about the events in Ferguson). But an approach to taking photos whilst on holiday with you family.

When holidaying with family the opportunity to work out the best location to get your shot, adjust you exposure, aperture and so on doesn’t exist – your other half doesn’t want to stand around for ages and you’re trying to keep track of your children.
Nantes Cathedral
But at the same time you don’t want to be reduced to taking ‘snaps’. Now, a lot of photography books would say you split your time go persue the photography whilst the rest of the family are chilling etc. Which is all well and good, but with a young family not so easy, and what about when you’ve spent an hour driving somewhere. Are you really going to drive back to where you’re staying, turn around and drive back?

 

So the approach I’ve taken to have a sense of the sort of pictures that you might want to take.  Look ahead to where you’re walking/travelling and try ‘steer’ things in the direction that would give you the best chances of an acceptable picture.  Have you camera prepared in terms of settings – that may mean relying on preconfigured modes or settings, or just quickly flicking between the different modes to get different depths of field etc.  Have a stab at setting the focus to be roughly what you’ll want as you approach your subject.  Don’t set the focus to be too tight – in the world of digital you can then crop and tweak any slight angle challenges (yes for the old  school – that is cheating, but cheat a little or no photo?).

When taking the picture – with a digital SLR you might was well have the camera on multi frame shutter and bracketing modes. At the end of the day you can bin the bad frames to free up storage on you memory stick.  Not to mention a multi-gig USB card these days is cheaper than a reasonable role of quality negative now, so be trigger happy with your young children etc you’re likely only get one crack at the photos.  All of this means you’ll probably got through 6 or 8 frames for every photo you’re going to consider passable.
A sharks smile    Silverback Gorilla

 

Of course there is nothing wrong with snaps – a chance to pickup images that amuse, like this …Nice Things Hopefully you might find some other images you like at http://photos.mp3monster.org 

JDeveloper 12c

29 Tuesday Jul 2014

Posted by in General, Oracle, Technology

Leave a comment

Tags

, , , , , ,

So I have been using JDeveloper 11g for a while and have to admit that I wasn’t a big fan finding a bit flaky and prone to crashing. The biggest driver to using it has been the fact that it offers a lot of XMLSpy like features without the stupidly high XMLSpy license costs.

With JDeveloper 12c arriving I took the opportunity to give it a go. Wow, is it so much better – quicker particularly during the startup cycle and way more reliable. The features around XSD editing haven’t significantly changed but just feels subtly easier to use.

With all the features around working with SOA Suite 12c and Weblogic 12c for core Oracle development I can imagine it is a huge step forward.

With the easier deployment of 12c getting PoC work done should be a lot easier. It’s just a shame still needs that huge 8GB footprint to do anything meaningful and my company laptop being a notebook (great for travelling with) doesn’t pack that punch and Oracle isn’t yet offering low cost SOA Suite deployments in the cloud yet.

Evaluating SSL certificates for SaaS

29 Tuesday Jul 2014

Posted by in General, Technology

Leave a comment

Tags

, , , , ,

So when looking at SaaS solutions one of the things we consider is the strength of the SSL certificate, and when using a small provider who the Certificate Authority as commercial authorities will provide insurance for a breach which can go to paying some of the cleanup costs (assuming the breach isn’t from negligence).

So how to evaluate SSL certificates in terms of robustness (i.e. cryptographic strength) after all some people will talk. About 128 bit certificates and others such as Google mention 2048 which on the surface don’t seem comparable.

So the bit length is to do with the cryptographic algorithm used of which there are several such as AES, 3DES and so on. No I’m no expert on this so I won’t presume to explain the pros and cons of the different algorithms, there are other resources on the web for that (such as this document).

The point I have been working towards is that NIST (National Institute of Standards and Technology)(aside from being a good resource on security) have tables  that recommends the size of the key used to help build the certificate (the document is here and tables 1 & 2 contain the key details, more here). The tables shown below takes into account the algorithm (therefore a comparator on key size) but also a recommended growth in key size.

 

NISTTable2 NISTTable

 

An alternative representation of the same information can be found here and the 1st table here.

So why grow a key size well one of the factors in driving key size is that as computing power increases the time and effort to brute force crack of a key shrinks. So every time the key size increases so does the effort to brute force the cracking of the key.

This leads to secondary consideration – that of the certificate life i.e. how long the certificate is valid for. This is in effect to potentially greatest period of exposure based on the fact that someone may brute force your certificate and then simply listen to the traffic so you never know of the compromise. Obviously you can revoke the certificate at any time.

Finally remember the need and level of security should be informed by assessing the data being transferred (in motion). Data security should also be considered for data at rest I.e being stored (data loss from a data store is likely to be far more damaging).

Farnborough Airshow

19 Saturday Jul 2014

Posted by in General, Photography

Leave a comment

Tags

, ,

I couldn’t resist sharing a few shots I got at the Farnborough Airshow (although they look far better in full resolution) …

Red Arrows with jet trails

A380

Typhoon with afterburners on and vapour forming around wings

 

For more photos pop over to ly Flockr account at photos.mp3monster.org

Review of Creating Flat Design Websites

18 Friday Jul 2014

Posted by in Books, General, Technology

Leave a comment

Tags

, , , , , , , , ,

I always find when looking at book if I encounter early in the book comments such as “…eventually I found out that design is not about the answers, it’s about asking the right questions …” as Antonio Pratas does in the Acknowledgement of Creating Flat Design Websites that the book feels like I can trust the author as this sort of thing is both an honest observation and one that reflects some more considered thinking. The book beards this point out. For example rather than pitching the technology or approach as a tool for all things as many IT books have habit if doing, even in the first couple of chapters we are clearly informed that flat design isn’t necessarily correct approach in all cases and examples are given to illustrate the point.

The opening chapter explains the ideas of flat design vs skeuomorphic, and a brief history of the design approaches and “flat’s” ruse in popularity. Even providing an incredibly simple illustration that doesn’t demand that you be a graphic artist to achieve to show the differences and how you might move from skeuomorphic to flat.

The following chapters look at the consideration for usability, referencing Jakob Neilsen’s work (and if design piques your interest I’d highly recommend the work of Neilsen’s partner at NN/g – Don Norman with writing such as the Design of Everyday Things). The only criticism I might make here is with UI design, and specifically web there are legal (in the UK this cones presently as part if disability discrimination) and industry standards (particularly W3C’s WCAG standard/guidelines) aren’t really mentioned. But if you start digging into good usability material you will encounter these aspects.

From this point when are then guided through a design approach with plenty of recommendations on how to approach the design phase (from the basics of considering your target audience onwards).  It is only chapter 5 that really get stuck into web tech with HTML and the Designmodo framework built on Twitter’s Bootstrap and chapter 6 covers building your own flat UI framework. So this book maybe pitched at web app development, but actually the bulk of the books content holds true whether you’re working on web solutions, thick apps for the desktop or the mobile variety as it embodies the principles if good interface design.

Not only does it successfully talk about good design it bridges the gap between techies and graphic artists without the sense it is trying to address either skills base. No mean feat.

Rather than stealing the book’s wealth of useful resources, I’ll point you at links relevant the book and it’s author. From there you’ll find a cast array of helpful resources. The references :

CreatingFlatDesignWebsite

Pure REST is not always a good thing

05 Saturday Jul 2014

Posted by in General, Technology

2 Comments

Tags

, , , , ,

So following REST web service best practice is not always a good thing, but of a controversial statement. That said I came across a situation that beautifully illustrated it.

I was recently asked for my opinion on a web solution that had to interact with customer data. The developers concerned implemented the functionality using REST web services and followed the principles to the letter. Except one of the services needed to locate a unique customer object. To do this the service enough customer details are provided in the URL to obtain a unique record.

So regardless of the security Implemented using strong SSL and payload encryption in the solution implementation we have just exposed every element in the network that can log URIs to DPA levels of security (not to mention information commissioner requests). That is before you consider man in the middle and packet URL attacks.

What to do, such sensitive web services need to be delivered without personal data in the URL, we could go via WSDL (but our use case points to REST being a better approach) or we follow the object creation pattern for REST (and pay the price of not caching the results on the web tier although if we are concerned about security then this isn’t such a bad thing and we can still get performance on the DB tier. Using the payload is probably the right thing to do.