IT Conversations - Goodbye

Don't recall exactly when, but somewhere in 2003 I bought my first mp3 player (*). One of the triggers were the pod casts of ITConversations. When ITConversations began publishing recordings of OReilly and other conferences, the podcasts were really a joy to listen to.  Maybe not the best pod cast, but one pod cast I recall (**) very well is "The Art of Innovation" by Guy Kawasaki.

The IT Conversations Network was a network of volunteers doing all the interviews, recording, audio processing and publishing. They have decided to stop all activities end of 2012.

The founder of IT Conversations - Doug Kaye - is a really interesting person: journalist, producer, author, photographer and more.  Take a look at his photographs here. His last book -
"Loosely Coupled: The Missing Pieces of Web Services" - was one of the first books in electronic format that I bought.

Many thanks to the whole IT Conversations team!!!

(*) That first mp3 player ended up in the washing machine, followed by many more.  After some time I switched from ear phones to an in-car FM transmitter.  But with built-in Bluetooth and the Listen pod catcher (on Android), these days are luckily over.

(**) There were also pod casts that went much broader than IT: one was the podcast on DayJet about how Edward Iacobucci - co-founder of Citrix - would be launching a new model for flying, whereby flights are dynamically scheduled based on demand.

Laptop upgrade

Just replaced the hard disk of my laptop with a SSD.  While looking a bit around between at all these different brands and types, I went for the Samsung 840 of 250GB at 142€.  The Intel 330 was the runner up.

Because I wanted to replace my HDD, I particularly looked into positive reviews of the migration software. (Intel Data Migration and Samsung Data Migration Tool) The migration itself went very smooth.  Used a USB-to-SATA cable from a friend. Results: much faster boot time, more responsive laptop, less noise and battery that lasts longer.

One thing was very badly documented: how to enable the built-in drive encryption (AES).  It was simply a matter of going into the BIOS.

Why are so few laptops provided with an SSD instead of an HDD?
Big exception of course being Apple.

SAP Netweaver Cloud Connectivity Service

Did some reading about the about SAP Netweaver Cloud, triggered by an article on InfoQ.

SAP Netweaver Cloud is the new Platform-As-A-Service offering of SAP. It fully supports the Java EE 6 Web Profile etc. This means no limitations on what libraries to use etc. This shows again that SAP likes ABAP most as a programming language, but Java is also a very good friend.

SAP Netweaver Cloud is based on OSGI whereby SAP has chosen for the Virgo container.

Note: one thing I do not find is the pricing of SAP's PAAS offering.

One of the challenges for cloud applications is how to integrate with on-premise applications. SAP Netweaver Cloud comes with the SAP Netweaver Cloud Connectivity service to allow the applications on the SAP Netweaver Cloud to communicate with on-premise applications. The SAP Cloud Connector is installed locally and makes SSL/TLS connections to the SAP Netweaver Cloud. The bi-directional TCP/IP connections are used to invoke services of on-premise applications over HTTP (using http://hc.apache.org API).

The SAP Cloud Connector needs to be installed on a SUSE Linux server (SUSE Linux 11 SP1 or SP2). Setup is somewhat similar to the Secure Data Connector of Google. Google also requires the use of Linux, but leaves freedom on what Linux distro to use.

Congrats to SAP for focusing on (Java) standards for their cloud offering. But it is a pity that each cloud solution comes with its own cloud connector. It would be so much nicer is a single cloud connector/adapter could be used for many cloud platforms!

Remove password from PDF

Christmas time is also time to do some reading or studying. Often I upload the training material or books to my Kindle account and read on my tablet.

One annoyance are PDF files with password protection. So I went looking on how to easily and quickly remove password from a PDF file. Through the article "8 Free PDF Password Remover Tools" I ended up using PDFUnlock. Works very fast, both the up- and download part.

Network upgrade

A couple of weeks ago, I upgraded my Telenet broadband connection from 30Mbit to 60Mbit (with 4Mbit upload speed). There is also a 120 Mbit option but I found the 20€/month extra just a bit too much, I can also upgrade afterwards. The switch over was easy: drill some holes in the wall to install the modem+router, remove the old modem and re-onnect the cables. And degraded my Linksys E3000 router to become an (extra) access point.

Next I upgraded my old D-Link power line adapter to Netgear 500 Mbit PowerLine adapters (XAVB5602). These adapters have built-in power outlet and come with 2 Ethernet ports.

SAP NetWeaver Cloud Integration

During the TechEd conference, SAP has released more information about their new Netweaver Cloud Integration offering, that is the "Integration-As-As-Service" offering from SAP.


From this presentation we learn that Netweaver Cloud Integration is not "SAP PI in the cloud", but comes very,very close to it. Netweaver Cloud Integration is fully compatible and integrated with the on-premise version of SAP PI. Same development, configuration and monitoring approach.

Also interesting is the blog entry of Prasanna Burri where he talks about using Netweaver Cloud Integration with SuccessFactors. In his answers to questions, Prasanna mentions an availability date of Feb. 2013.

Virtulization: from VWare to KVM and Red Hat

To better understand the capabilities of on-premise virtualization, I've been reading the book Mastering VMWare vSphere5 last summer.  It is really amazing how this world of virtualization evolves: what surprised me most was the support for Virtual Networks.  But still need to learn about how virtualization can help arrange high availability.







On the train from Brussels to home, listened to a reasonably good interview on Floss Weekly with KVM developers at Red Hat.  Learned about the competition going on with virtualization performance.  For on-premise virtualization solutions, names like VMWare and Microsoft HyperV ring a bell.  But I was completely unaware of the Redhat virtualization offering.

Note: in the cloud world, Amazon uses Xen, OpenStack primarily used KVM

ECC - Elliptic Curve Cryptography

Security is an interesting domain: a recent episode of the SecurityNow podcast about elliptic curve cryptography triggered me to dive a bit deeper into the topic.

Contrary to shared secret security, public key cryptograph is based on a public key and private key/secret.

The public and private key are related through some mathematical algorithm whereby it is impossible to derive the private key from encrypted content or the public key itself.  The most popular mechanism - RSA - is based on the difficulty to factor prime numbers.

• RSA: based on difficulty of factorisation
• DSA: based on difficulty of discrete log for integers modulo a prime
• ECC (based on difficulty of discrete log for discrete ECC system

Tried to get my head around the math behind the Elliptic Curve Cryptography but it went just too deep.  Even the basic underlying mechanisms of point addition, point doubling and point multiplication went too far.

With RSA, key size need to become pretty long: 512 bits is broken as recently proven.  A key length of 1024 bits is still considered acceptable, but 2048 is becoming the default key length for RSA.  In case of ECC, key lengths can be much shorter: 200 bits is considered very strong.  These shorter key lengths have a very positive effect on performance, which is e.g. positive for mobile devices.

Use of ECC cryptography is still limited.  The world of PKI and certificates has standardized on RSA.  One use case of ECC is DNSCurve, a mechanism to secure DNS.  DNS is not connection oriented but based on the UDP protocol.  Efficient crypto is therefore very relevant.  OpenDNS has adopted DNSCurve and thus ECC cryptography.

Web Service incompatibilities

SOAP Web Services have lost quite some of their popularity: too complex, incompatibilities etc.  My answer is always that 1) SOAP just adds a very simple envelope around the request and response messages and 2) SOAP does work fine when you stick to the rules (a copy of a slide I use in my training classes):

Just recently I had encountered 2 nice examples of SOAP incompatibilities.

Cookies and SOAP

While investigating the web services API of a cloud SAAS application, encountered another example how things should not be done.  First of all it was not "stateless" but required the use of a login and logout operation. With security not based on standard HTTP basic authentication or WS-Security, but a proprietary scheme:

  <urn:credential>
    <urn:companyId>company-id</urn:companyId>
    <urn:username>user-name</urn:username>
    <urn:password>password</urn:password>
  </urn:credential>


But then came the surprise: the login operation returns a session handle which is actually a cookie!  The cookie is to be passed as an HTTP header in each subsequent web service.  Had seen many ways to make web service implementations incompatible, but is one for the top 5!  Obviously most web service clients require some hack to pass this cookie along the SOAP request.

Doc/literal with 2 parts

A more subtle challenge came recently by at a customer: the IBM DataPower ESB refused to import the WSDL file an Oracle product.  The web service used the document/literal style and one of the operations had a request message consisting of 2 parts.  So who was wrong and who was right: IBM or Oracle?

SOAP went through some growing pains in the beginning. The initial idea was an RPC mechanism whereby an operation could have multiple parameters. These parameters are passed as multiple parts in a request and response message. But with a better understanding of XML and XML schema's, the world move to a model whereby XML documents were passed. Microsoft introduced the document/literal wrapped style whereby the root contains the name of the operation.

<soap:Envelope xmlns:soap="http://www.w3.org/2001/12/soap-envelope">

  <soap:Body>

    <OperationName>

      actual XML document...

    </operationName>

  <soap:Body>

</soap:Envelope

</soap:Envelope>

So my initial response was, document/literal web services should only have one part and Oracle is wrong. But a colleague pointed to the fact that Oracle would not implement web services that violate the standards. And indeed, the IBM article clearly explains that a document/literal web service can have multiple parts in a message.

The WS-I Basic Profile was an initiative to sharpen the rules and states: "R2201 A document-literal binding in a DESCRIPTION MUST, in each of its soapbind:body element(s), have at most one part listed in the parts attribute, if the parts attribute is specified.". So the Oracle web service is not WS-I basic compliant but does not violate the SOAP/WSDL specifications.

Again a situation where one has to go for workaround, this time in the DataPower ESB. Had IBM implemented the specs correctly and/or Oracle stuck to the widely accepted ways-of-working and the WS-I Basic profile, everything would have worked smoothly.

IBM DataPower as ESX appliance

i8c does quite some work with IBM WebSphere DataPower. And counts a number of experienced and certified DataPower developers and architects. DataPower is great at securing and mediating web services.

Colleague Kim came up with a very interesting evolution: DataPower as a virtual appliance, so the XG45 gateway and XI52 integration appliance as ESX images.


This is similar to the CastIron offering of IBM that comes with on-premise hardware and virtual appliances. Right now we have a CastIron instance running on our ESX server (i8c employees can deploy their images either on an ESX server or a Windows server running HyperV).

Note: together with Joris Verberckmoes (Lead Designer SOA Services @ Gdf-Suez) I'll be giving a presentation at the Belgian WebSphere User Group on Nov 27; topic is the use of DataPower @ Gdf-Suez

IAAS players: open-source vs. commercial

While spending time in traffic jams on the E19 on my way to customers in Brussels, listened to an interesting episode of the CloudComputingPodcast by David Linthicum: James Staten of Forrested gave his view on the different IAAS cloud offerings. This interview was trigger by an article written by James Staten. Interesting to hear James evaluate and categorized all the major players.  Below some notes I made while listening to the podcast.

• Open source
• Eucalyptis
• Clean room implementation of EC2
• Was very popular
• Eucalyptis moved focus from community to building up company and lost focus
• http://www.openstack.org/

• Joint project of Nasa & Rackspace, compatible with the Amazon API's
• Just arrived in time to take over the momentum of Eucalyptis
• Maturing technology, still important code chunks of code required to be added by vendors
• Expected to become very solid
• Not generating a lot of revenue but generating a lot of attention
• Vendors need to wait for Openstack to become more mature; how long will vendors have patience for Openstack to generate revenue and profit?
• Many commercial vendors contributing code to it: Rackspace, IBM, VMWare, Redhat, Cisco, Dell, HP, ... (10 million dollar)
• Adoption of Openstack is still low, Rightscale just recently move to OpenStack for its own cloud offering
• The "Linux of the cloud world": kernel will become strong with all contributions coming back
• Participants want to make large revenues with it or at least weaken their competitors; in particular HP and IBM have long standing reputations to contribute back to the communitry
• Smaller participants will position themselves in specific niche markets
• Openstack is an open source project, not an open source standard
• Cloudstack

• Cloudstack is more mature
• Cloudstack was acquired by Citrix
• Only one big distributor: Citrix
• Citrix donated Cloudstack to the Apache community
• Ready to generate revenue now
• Lacks the "momentum" of Openstack
• Commercial leaders
• Amazon AWS 
• Supported by large like Accenture & Deloitte
• Also still maturing,but further down the road
• VMWare vCloud Director
• 
  
• Managed services provided by Deloitte, Accenture and other

What to bet on for now? Amazon on the public side and VMWare on the private side. Openstack may mature - similar to Linux - in 2 or 3 years. Amazon is a strong player but not yet a dominator of the public cloud market.  But in the private cloud world, most customers are still doing static virtualizaton, "still a lot of ground to be taken".

This podcast was really good, recommended!

Message formats: death of XML?

SOAP web services are becoming old-fashioned.  The REST approach is really taking off.  A lot of things are moving in the world of protocols and data serialization:

• JSON
• YAML
• Google Protocol buffers
• Avro

And a long list of other message formats. This evolution brings a "have seen, done that" feeling.  I remember very well the CORBA and (D)COM wars, with the respective binary protocols. And the use of IDL (Interface Description Language) to describe message formats/structures.

XML has its strengths (Internationalization, human readable, schema language) and its weaknesses (verbose, complex, XML namespaces). But XML is - eh was - a well accepted message format, supported by all sorts of tools, in particular ESB's.

In the REST vs. SOAP debate, I often get the argument that SOAP is complex.  When sticking to the basics, SOAP is a very basic envelope around an XML data structure. 

<soap:Envelope>

  <soap:Body>

    <GetPhoneNumberInfo>

      <PhoneNumber>0479273658</PhoneNumber>

    </GetPhoneNumberInfo>

  <soap:Body>

<soap:Envelope>

Yes, it is document/literal wrapped style, but complex?

Had Javascript (soap.js?) been there from the start to ease the live of Web developers, things might have looked differently.  The use of the (ugly) DOM model to represent and manipulate HTML page structures is accepted.  But the use of XML for message payloads is not acceptable.  With JSON being the big winner.

OK, XML may be getting outdated.  But please, let's come up with a widely accepted, well standardized alternative.  And let's stick to the human readable alternatives, life of all the IT support people is already challenging enough.  And let's make the security guys happy - and ourselves - with well defined schema language(s) !  Maybe Schematron?

Note: Remember well how my colleague Luc Gevaert came up with a human readable, compact message format for service oriented solutions.  We implemented the "Generieke Middleware Laag" at Interpolis in 1998/1999 and the "Generieke Service Laag" at Rabobank in 2000/2001.

Note: A related topic on my to-do list is translation between JSON and XML, not a trivial subject.

ZeroMQ - 0MQ

Had heard the name "ZeroMQ" a couple of times, but now I dove a bit deeper into it.  First learning point: it is ØMQ rather than zeromq.  Second finding: ØMQ is not Message Oriented Middleware like WebSphereMQ, all the JMS implementations or MSMQ.  ØMQ is rather a library for building all sorts of distributed applications.  Contrary to MOM, it is fully distributed and does not rely on a central broker.




Didn't experiment with ØMQ, but browsed the ØMQ guide.  The guide goes quite rapidly in depth.  Must confess that I did not fully succeed in grasping ØMQ.  I found the zeromq API - the manpages - to be more comprehensible.  There's also a complete book in the works at O"Reilly.

ØMQ is written in C++ and the examples in the docs are C oriented.  Fine with me, brought me back 10 or 12 years: remember well implementing a "Generic Service Layer" with Netweave, in C at Rabobank.  The Netweave NWDS API was largely based on callbacks and therefore also asynchronous.

Another no-broker messaging solution I've workd with is Tibco RendezVous.  Tibco is also a high speed messaging solution.  Differences between ØMQ and Tibco: RV focuses exclusively on pub/sub and supports persistent messages by stored messages in transit in its ledger file.

ØMQ is largely driven by Pieter Hintjens of iMatix, iMatix acquired ØMQ and in particular the brand from ØMQ's developer Martin Sústrik (company FastMQ).  iMatix and Pieter Hintjens developed AMQP for JPMorgen but turned away from it in favor of ØMQ.  There's an interview with Pieter Hintjens available on FLOSS Weekly.  And as his name already suggested, Pieter Hintjens is indeed from Belgium.

Beginning of 2012, there was a split in the ØMQ world: Martin Sustrik and Martin Lucina created their own company again - Crossroads I/O - and created a fork of zeromq.  We'll need to watch how things evolve in zeromq land.


Note: while learning about ØMQ, I also saw a lot of criticism on AMQP.  Another topic to explore in the future: how is the AMQP protocol doing?  And what are its strengths and weaknesses?  Is is really too complex?

SHA-3... from Belgium

While enjoying listening to another episode of SecurityNow, the "explainer-in-chief" touched upon the topic of the new hashing algorithm SHA-3.  Approximately 10 years ago, the US standardization organization NIST selected a new symmetric encryption algorithm, AES or Rijndael, to replace the old 3DES algorithm.  Rijndael was invented by 2 Belgian scientists from the University of Leuven, Joan Daemen and Vincent Rijmen.

NIST had launched another competition, this time to select a new hashing algorithm. SHA-2 is not broken, but it seems that NIST wanted another hashing algorithm based on completely different technology. If either SHA-2 of SHA-3 would be broken, the other would no be impacted.

Nice to note that 3 Belgians and an Italian came up with SHA-3, congratulations! SHA-3 or "Keccak" is based on the sponge algorithm (very good reading material before going to bed...).

Zookeeper for ESB

From colleague Marc Kimpe, I received a link to an introductory Hadoop-As-As-Service article on InfoQ.  One of the things that struck me, was the use of all the other Apache projects that are combined with Hadoop, in particular Zookeeper.

Zookeeper is a centralized service for maintaining configuration information, naming, providing distributed synchronization, and providing group services.  Yahoo uses Zookeeper to maintain configuration data for its Yahoo! Message Broker (had never heard of it, can't find detailed info on it).

Would any ESB be using Zookeeper?  Yes, AdroitLogic UltraESB and Talend ESB are.  UltraESB for its configuration data.  Talend ESB uses Zookeeper primarily as a Service Locator.

And these 2 ESB's brought me (back) to esbperformance.org, where the performance of open source ESB's is benchmarked.  Unclear how neutral esbperformance.org is, but interesting to see how some ESB's simply fail and how the driver behind the latest execution round - UltraESB - also is the "winner".  From the AdroitLogic website I learn that the company was founded by a number of ex- WSO2 employees.s

If any Flemish students would be interested to do an internship on ESB Performance, take a look at the "I8C stages", and contact me if motivated.

Hadoop for spying you?

Just watched the Youtube video "Introducing Apache Hadoop: The Modern Data Operating System".  Interesting presentation given by Amr Awadallah of Cloudera at Stanford University.

During the Q&A round, Mr Awadallah referred to one of their customers - Skyboximaging - that is setting up a large scale Hadoop infrastructure.  Skyboximaging will be launching small, low cost satellites that can monitor all sorts of things happening on the ground, so to provide up-to-date information - HD Video and photographs - about how things look on the ground.

This up-to-date information can be used for all sorts of purposes.  But Mr Awdallah also referred to some nice use cases: how many cars are on the parking lot of your competitor, what is being loaded into trucks.  "Everything you can see from the key is public".  And Hadoop will be used to process these large volumes of data, so help the spying!

Slide from a presentation given at Hadoop world in 2011.

Dennis Attinger

Today I had to say goodbye to a very good friend of mine, Dennis Attinger.  Dennis was an enterprise and integration architect at Philips.  Through my partner Luc Gevaert, I got in touch with Dennis.  As the program manager for application integration at Philips Corporate IT, Dennis took up the challenge to come up with a cross-division integration solution.  Main customer was the Corporate Treasury department who wanted to streamline the management of assets and funds.  I really had fun working on this "PAIS" project from 2001 until 2004.  Java, JMS messaging, Tibco RV connectivity, MQ connectivity, file polling, message level security, LDAP as a distributed configuration repository etc.

Dennis was really visionary regarding technology.  He was one of the drivers to introduce Tibco at Philips.  He drove the use of JMS messaging with distributed agents to exchange the payment messages.  He was the one to seriously consider ebXML as an option for B2B and internal integration (divisions talking to one another is also B2B)

I remember Dennis as a very good friend.  Every year we got together: Frank, Stephan, Xander and myself.  Below a picture of Dennis and myself at JavaOne 2003 in San Francisco.

Dennis, goodbye!  I wish Dennis's family good strength in these difficult times.

Cloudscape - the cloud overview

Reference was made to a great overview of cloud providers during the latest CloudComputingShow podcast. Great picture!

Best wishes for 2012!