Coyote Gulch's favorite conference, the Colorado Software Summit has issued the annual call for papers. If you are a Java programmer this is the place to be. Here's the 'Ol Coyote's coverage from 2002, here, here, here, here, here, and here.

2003 coverage here, here, here, here, here, here, and here.
7:31:52 AM    

Simon Phipps has a weblog and mentions Coyote Gulch in a post today. He links to another CSS attendee and lecturer, Bill Dudney and attendee and lecturer dIon Gillard. I see a weblogging Birds of Feather session brewing next year. Heh.
6:52:43 AM    

Introduction to Grid Programming with the Globus Toolkit Version 3 - Michael Brown, IBM Linux Integration Center

Mr. Brown outlined a brief history of the Globus Project. Version 3 is entirely implemented in the Java language and is Open Source. Major contributors include, Argonne National Labs, the University of Chicago, the University of Southern California, and Northern Illinois University. Sponsors include, DARPA (of some fame regarding the Internet itself), the U.S. Department of Energy, the National Science Foundation, and NASA. Corporate supporters include, IBM, Microsoft, and Cisco.

According to Mr. Brown Grid Computing is really just a new word for distributed computing. There are five classes of grids, Computation, Data Virtualization, Business Intelligence, Analytics, and High Availability. Of course an organization may mix and match these models according to their own needs.

The Globus Tookit Version 3 (GT3) mandates that grid services are built with SOAP over HTTP. The groups involved in GT3 have a goal of creating a platform neutral, standards based techonology that is capable of heterogenous deployment.

The Global Grid Forum has developed two specifications, Open Grid Services Architecture (OGSA) and Open Grid Services Infrastructure (OGSI). The goals of the organization are to provide a grid framework, leverage existing standards and create services that are heterogenous, dynamic, searchable, callable by any system on the grid, and independent of any implementation.

One cool outcome of the OGSI are stateful Web services. Normally Web services do not have state. In a grid environment state is important because services can be long-running, can be used in a chain of operations, and implementors need to be able to query, pause, and stop jobs. Another eyecatching feature of GT3 is the end to end security baked in on top of industry standards. GT3 employs message based security based on WS-Security and XML Signature at the SOAP level. Security can be per session or per message. It supports SSL and X.509 certificates and is based on the Java Authentication and Authorization Service (JAAS).

Mr. Brown demonstrated downloading GT3, installing and configuring. This is all greatly simplified and automated by the implementors. They even provide startup scripts for Windows and Linux (which work on Mac OSX also). GTK3 can run in Tomcat if you choose. Mike closed his talk by demonstrating an ad hoc grid set up with some of us in the audience that had wireless computers. We downloaded a Java client from his laptop, tweaked a shell script, and joined his grid. Very cool.

Colorado Software Summit 2003 - Wrap-up

Attendance at this year's summit reflected industry and government financial woes. There were less attendees than last year and the future of the conference is a little shaky at this time. If you're a Java programmer please feel free to contact me at jworr@operamail.com. I'll be happy to let you know why the Colorado Software Summit is a great investment in your skill set and knowledge.

Adios to all my new and old CSS friends.
6:55:09 AM    

The Economics of Open Source: Free to Choose Again - Simon Phipps, Sun Microsystems, Inc.

Mr. Phipps started out by saying that we are living in a massively connected era. Everybody is as reasonably connected as they want to be. The connected infrastructure has become something that we take for granted. Web Services are becoming part of the fabric of computing. This rapid evolution has happened in only a decade.

He cited the success in the evolution of the Internet as being enabled by shared, open, royalty-free standards. This works because we have a growing number of connections with a linear cost of connecting. He is worried that the industry is losing sight of this vision, allowing a few large companies to drive the Internet away from the open royalty-free infrastructure that has existed until now.

Simon went on to state that he believes that Sun was correct with their slogan, "The network is the computer." He believes that, if the network is the computer then software would become services, software would be licensed on scale not implementation details, system stakeholders would be enfranchised in development and software would be created by an enfranchised community. If the network is the computer then we need Open Source Software (OSS) and Web Services (WS).

He went on to describe the Open Source methodology as "Agile development done by a community." He mentioned a whitepaper by Yochai Benkler that argues that Open Source is a new mode of production and that OS applies outside of software to other areas. According to Mr. Phipps, OSS is extremely structured and controlled and is not a free for all. OSS leads to very high quality, loosely-coupled software. One of the most important aspects is the right to fork a project. OSS is facilitated by commons-creating licenses. The community is essential and it is the OSS licenses that facillitate the community. The best OSS projects implement recognise open standards in an interoperable way. He sees the future communities around OSS as being massive.

Mr. Phipps maintains that cost won't be the primary driver for OSS. OSS adopters will soon be turning to integrators to package and support OSS, instead of trying to do it themselves. When asked about the reasons behind OSS adoption the number one factor cited is choice and freedom. The next reason is quality. OSS is like eXtreme Programming on steroids, stable and reliable code, with mass inspection. The third reason for OSS adoption is that it is more secure. Security through obscurity has been totally discredited. Cost of course is also a reason for switching to OSS. This isn't because OSS is free, it's due to the costs being shared and controlled by the community. OSS is all about community development. Openness is a product of open standards, software portability, interoperability, and open licensing.

Mr. Phipps oulined some of the benefits that Sun Microsystems has realized from their ventures in OSS. The community is the chief asset, savings take time to realize, software quality is better, lock-in is avoided, and there is no single dominant force. OSS is the methodology of the massively connected era. Standards plus OSS equals freedom. The watchword of OSS is not "free" but "freedom."

The Web Services Programming Model: JAX/RPC and JSR 109 - Denise Hatzidakis, Perficient, Inc.

Ms. Hatzidakis started out explaining that there are three parts to a web services solution, a programming model, a deployment model, and a web services engine. JAX/RPC and JSR-109 are the Java standard programming model and deployment model. JAX/RPC defined the statnd Java APIs for XML based RPC. It defineds a standardized mapping model from Java artifact, client APIs to acces a web service for non-container based clients and a handler model. She walked us through a WSDL example and explained the features of JAX/RPC and how they relate to JAXB. She continued with an explanation of roles under JSR-109 and much of the mechanics of implementing under the spec. An interesting point that I caught for the first time was the 3 possible client UI's for SOAP, Static, Dynamic Proxy, and DI. Static is used when you know the service location is unlikely to change. Dynamic Proxy allows you to use a service endpoint interface without a generated stub class. Dynamic Invocation is used when you need to determine the service location.

What's New in the Servlet and JSP Specifications - Bryan Basham, Sun Microsystems, Inc.

Mr. Basham reviewed the current J2EE programming model so that we were sure to understand what effect the changes in JSP 2.0 and Servlets 2.4 would have. He highlighted some of the history of both specs. He then went into to changes to the Servlet spec. Since it is mature and stable the changes are a refining only. Changes have been made to the web event model, filters and request dispatchers, deployment descriptor. The single thread model has been deprecated.

JSPs have been changed more significantly. There is now a jsp-config tag structure in web.xml for readability and clarity. Changes have been made to the Expression Language to make it easier to output XML from a JSP and also to make it easier for non-Java programmers to code JSPs. There are two new tag alternatives, Simple Tag Handlers and Tag Files. Classic tags are the richest of course but the new tag alternatives are also meant to simplify programming. Changes also include alignment with JSP 2.0 and the addition of pre-defined functions in the Expression Language.

JNDI - Noel J. Bergman, DevTech

I've attended presentations by Mr. Bergman in each of my 4 years here at the summit. They are always full of info, well organized, and chock full of good code to use later, when I get back to my office. He went through most of the capability in the JNDI spec very quickly in order to get to the main demo. In the main demo he used JNDI to constructed an LDAP directory using, in combination, many of the JNDI operations. He then used the directory he created and demonstrated how to query the data including forcing exceptions and returning no data.
1:31:03 AM    

J2ME Case Study - David Moskowitz, Productivity Solutions, Inc.

The focus of David's talk was how his team enabled a large firm to realize the benefits of making information available anywhere, anytime, to anyone. The company was losing market share in some markets, stagnant in others, and profitability was being impacted negatively. They wanted a competitive edge and were looking to David's team to provide it. Since information anywhere, anytime, necessarily means mobile devices the team had two choices. First they could attempt a daily sync of data on the mobile device. Secondly they could process real time requests with current data. The wireless value proposition includes helping to manage supply and demand, timely response to the customer, and it adds a new dimension to high-tech, high-touch, customer relationship managment. Winning in the wireless space happens when information is available where and when it needs to be.

The team ran into some problems when dealing with small devices. They determined that they had to move nearly all of the processing back up the stack to the server. Small devices are consumer devices not computers. They have limited memory, and limited means for input, and small display sizes. David discussed the CLDC and MIDP. He laid out a few design principles for MIDP UI design. Constantly think of the end user. Use a simple traversing and selection metaphor. Design the app to be usable in all devices with a consistent look and feel across devices. They used SSL and TLS for encryption along with 1-way and 2-way authentication depending on the needs. SMS was the transport chosen. They had to deal with online and offline connectivity, designing for the inevitable loss of network connections. They chose messaging on the server side to integrate the existing applications. The only new application was the CRM app itself. Make good use of emulators for testing since the devices can be very slow.

Writing Java Applications for Mobile Information Devices - James E. Osbourn, Riverpoint Group, LLC

James introduced J2ME and focused on MIDP 2.0. J2ME includes embedded systems for appliances and set-top devices that are nearly PCs, cell phones and PDAs. Two configurations are specified for J2ME, Connected Limited Device Configurations (CLDC), and Connected Device Configuration (CDC). CDC specifies a minimum of 512KB of ROM and 256KB of RAM and a network connection. In addition a full JVM must be supported. CLDC mandates only 160-512KB of memory. You are usually dealing with a slow connection and a small screen. CLDC also uses a Java Kilobyte Virtual Machine (KVM). Many of the hardware manufacturers give you native API's that are accessible from Java but may limit the distribution of your software. The focus of the lecture was on the Mobile Information Device Profile (MIDP) for CLDC.

MIDP apps are called Midlets. J2ME requres cross-compiling, that is you compile on one platform and run on another platform. Make sure that you don't optimize during the early coding. Watch your application run and then optimize. You are required to pre-verify the bytecode prior to moving it to the device.

James demonstrated getting a reference to a display, adding commands, titles and tickers. He explained that it's a good idea to process commandActions in a separate thread from the system's event handling. He showed examples for coding text boxes, alerts, forms, images, imageItem, DateField, ChoiceGroup, Gauge and lists. He explained that traversal can be device dependent and what to do during and after traversal. He showed Record Stores and the code for accessing them and sharing them. He explained that you can keep read-only data in a resource file accessing it with getResourceAsStream().

Advance Features in Java Applications for Mobile Information Devices - James Osbourn, RiverPoint Group, LLC

This presentation built on James' previous talk. He introduced connectivity (http, https). He showed examples of the J2ME Canvas for drawing shapes, text, and images along with demos of Blitting, Clipping, and Animating. He introduced the Game API, Sound and Music APIs. He also mentioned performance tuning techniques. Best practices include using GET instead of POST, use a separate thread for network address.

There were several demonstrations of the graphics capability in J2ME. James drew text, lines, set font attributes, and drew images. He mentioned the game actions built into MIDP 2.0 and the GameCanvas class. He demonstrated layers and tiled layers and went into some of the built in special effects. As regards performance, skinny and fast is important, write code for clarity and maintainability first then optimize if necessary. Benchmark then improve.

Patterns Are for More than Code: Building a Real-life Web Service Application - David Moskowitz, Productivity Solutions, Inc.

David went into the patterns he identified and used in his team's project with a large firm. The business problem was to provide information anywhere, anytime, to anyone. This became a cross-boundary problem where they had to integrate systems across department and organizational boundaries. They decided to use a service-based approach since using distributed objects can be very complex.

Some of the patterns (best practices) employed: Services should be designed to communicate with each other with minimal coupling. Each service should be self-contained. Identify service types and make them as consistent as possible. Know how the services communicate with each other before choosing physical dsitribution boundaries. Keep coupling low & no chatty interfaces. Minimize the number of data formats. Abstract policy from the main app. Determine the type of layering you will enforce. You must consider multiple platforms. Separate process from input. Design for online and offline connectivity. The real issues have absolutely nothing to do with technology. Security is not an afterthought. Use tested proven security systems instead of "rolling your own." Never trust external input. Assume external systems are insecure. Enable only needed attributes. Security by obscurity isn't. Use asynchronous messaging if possible. You can't use old-school thought to solve service-based problems. Everything prior to service-based thought is old-school.
6:45:09 AM    

Making Web Services Secure: An Introduction - Kelvin Lawrence, IBM

Kelvin is the Co-chair of the OASIS Web Services Security Committee. He started his presentation saying that the goal of the committee is to foster strong and reliable interoperability along with security. He dealt with security at the SOAP message level. The seven aspects of security are, Identification, athentication, authorization, integrity, confidentiality, auditing, and non-repudiation. Kelvin stated the shortfalls of browser-model security and why HTTPS isn't enough. The talk included a review of SOAP. The WS-Security model makes use of existing XML security standards like, PKI, W3C XML Signature, W3C XML Encryption, W3C XKMS (key management service), OASIS SAML (Secure Authorization Markup Language), and OASIS XACML (Access Control Markup Language). Basically WS-Security has added parts to the SOAP message.

Portlets (JSR-168) - Dave Landers, BEA Systems, Inc.

JSR-168, the Portlet specification, was finalized a few weeks ago. Dave explained what a portal is and how portlets relate. Portals aggregate content and portlets are that content or mini-applications. Dave explained that a portal application is part of a WebApp. Portlets cans use Servlets and JSPs to generate markup fragments and they have access to other Servlet container services, along with J2EE services if the WebApp is in a J2EE container. Portlets generate markup fragments, not web pages. Standard Portlets should be portable across Portal vendors. There is a related spec from OASIS called Web Services for Remote Portlets that is not part of JSR-168.

Struts Controller in Action - Gary D. Ashley Jr., 3rd Millenium Visions, Inc.

Gary introduced the Struts framework from the Jakarta Project. He mentioned that version 1.1 includes support for modules and plugins and is now integrated with Tiles. JSTL and EL are also supported in the new version. There is a 1.2.x version in the wings also. Modules help you divide up your project. Plugins provide an extension point to add or enhance functionality. Tiles is a powerful templating engine that allows you to assemble presentation pages from components. Gary mentioned some of the main elements in configuring Struts, including, web.xml, struts-config.xml, tiles-config.xml, validation-config.xml, and messages-text.properties. He then went on to show how these files worked to enable the functionality of his sample application. He demonstrated Digester and Action Mapping.

Web Services and Mobile Devices - Peter Haggar, IBM

Peter is part of a research group inside IBM that has been building Web Services for mobile devices for a year or so. Their work is the foundation for the IBM Web Services Toolkit for Mobile Devices. He demonstrated web services running on Blackberry and Palm devices. He showed samples using Java and C. Mobile devices fall into three categories. WAN (Wide Area Network) with connections to cellular services, LAN (Local Area Network) utilizing 802.11x, and PAN (Personal Area Network) using Bluetooth. Right now no devices exist that can roam through all three. There exists a plethora of features and devices and that limits portability and drives application design. Firewall tunneling is a problem as is security and performance, and a limited range of UI components.
6:44:16 AM    

I came over to the Keystone Conference Center early today to get a wi-fi connection for blogging, e-mail, and other important stuff. The first 4 CSS attendees into the center this morning, were all running Macintosh laptops. Heh. I wonder if anyone else is blogging CSS? E-mail me at jworr@operamail.com.

The wi-fi network isn't working in all locations. Bummer.

Wayne Kovsky announced that 18 countries are represented here at CSS 2003. Cool.

Opening Keynote - John Soyring, IBM

The opening keynote was presented by John Soyring from IBM. He touched on the econmomic realities today. Notably, spending is increasing but project size is smaller, so sales staffs are having to work much harder to close the same amount of business as a few years ago. Consumer confidence is picking up.

There is an uptick in jobs especially for those with deep skills. Entry and intermediate level programmers are not in as much demand, in fact, much of this is moving off shore. IBM is looking for Solution Architects, Business Process Integrators Portal Designers, Legacy Integrators and experts in Performance Analysis and Tuning.

Mr. Soyring always gives his predictions. He says that last year he underestimated the popularity of portals. Businesses are building employee portals first, then business to business, next they will be going back to the business to consumer portals but in a much different way then the .dot com's did it.

Another hot area for employment is Security and Privacy. There is a move to find software that will enforce privacy policies.

There is also a need orchestration and provisioning software that can work across heterogenous hardware.

IBM was dragged into Linux by their customers according to Mr. Soyring, "And we thank them." They are seeing a trend to Linux on desktops amongst some of their customers so there is an opportunity there. Many government organizations are moving to Linux on the server and desktop. He mentioned Banco de Brazil, Russia, UK, and Munich. Cost is the first mover. However, many orgainzations, including IBM, have determined that the feature set in MS Office is largely underutilized by the vast majority of users. Open Source is commoditizing the software stack.

Grid computing will drive virtualization. Most UNIX servers run at very low processor utiliztion rates and this is driving consolidation efforts. Grids give an organization the opportunity to use idle cycles or perhaps sell them. He cited the grid built by IBM for this year's US Open Tennis tournament. When the grid was idle IBM donated the processor power to research in protein folding (cancer research).

IBM's mainframes are enjoying brisk sales to organizations using them to consolidate servers. There is a demand for older programmers with COBOL and PL-1 skills to maintain existing apps and port them to J2EE.

The big success story for J2EE is of course E-bay. 400 million page views a day along with several application changes a week, all while the application runs.

E-business on demand is dependent on open standards. Much of the standards based software is Open Source. The only practical way to go is the standards route. The second part of E-business on demand will be businesses paying for just the computing power they need. This will lead to more flexible and efficient business processes. Third we need better technology to manage systems in a fashion similar to the autonomic nervous system.

Mr. Soyring then went on to advise developers on their directions in education. He told us to start to learn Agile Software development techniques focusing on the Agile Manifesto. He thinks that Aspect Oriented Programming has a place in letting tools generate code wherever possible. His recipe for the successful developer includes, best practices, deep skills, and professional certification. He also reminds us that to be successful we must devote several weeks a year to training and learning.

The Web Services Stack - Denis Hatzidakis, Perficient, Inc.

Denise's talk tried to make sense out of the acronym soup that make up the web services stack by asking, "What is a web service?" She discussed service oriented architecture where systems are conceived from a process-centric perspective based on vendor-independent standards. She went through the web services stack, foundation, messaging, description and discovery, security, reliability, enterprise, user experience, and interoperability. She talked about the major standards players, OASIS, W3C, WS-I, IETF and UN/CEFAC. A good deal of her presentation was on WS-I. They have established interoperability testing tools. She talked about the components that make up a SOAP message (SOAP is a protocol not a transport). They include the SOAP envelope, header, and body. She showed how WSDL (Web Services Discovery Language) is used to enable dynamic discovery of services along with UDDI.

Developing Interoperable Web Services for the Enterprise - Simon Nash, IBM

Mr. Nash also started out by asking, "What is a web service?" I guess no one knows. He presented the W3C definition, "A Web service is a software system designed to support interoperable machine-to-machine interaction over a network. It has an interface desciibed in a machine-processable format. Other systems interact with the Web service in a manner prescribed by its description using SOAP-messages, typically conveyed using HTTP with an XML serialization in conjuction with other Web-related standards." In his presentation Mr. Nash took a detailed look at WSDL, SOAP, and UDDI by showing the Java code for a simple Web service along with the XML pieces.

JAXP: Beyond XML Processing - Bonnie B. Ricca, Sun Microsystems, Inc.

Ms. Ricca presented the new JAXP api that brings together many aspects of XML processing including SAX, DOM and XSLT. JAXP allows the developer to process XML in a vendor neutral way along with standardizing the code necessary for that processing. She explained the strengths of SAX, DOM and XSLT and how JAXP leverages those strengths. JAXP then is basically an abstraction layer around SAX, DOM, and XSLT that allows the developer to plug in any Java XML parser or XSLT parser. She went on to demonstrate how to use the SAX parser, the DOM parsers, create a new DOM document, bootstrap using JAXP, and perform a translation with SAXP. She showed schema validation, validation against a DTD, and transformation with validation.
8:03:45 AM