Who’s On Phirst

There’s a lot of politically-motivated talk these days about creating green jobs, green-collar jobs, green industries, even a green economy. Sounds great, but many people wonder if we can do it, how will we do it, and what is the answer. The answer is, we’re already doing it. The US is currently a global powerhouse in the greenest of green industries, and it is not some short term “feel good” category like pouring concrete to make windmills. It is SOFTWARE. Computer software is as green as it gets. Programs that do amazing things that are created from thoughts and good processes. No by-products, no carbon (except maybe the exhalation of engineers), no pollution, not even plastic discs or cardboard boxes anymore (think downloads). This is the greenest industry the planet has ever seen and may be the greenest ever. Yet, where is the software targeted stimulus, the special treatment for immigrants that are programmers, the incentive for college kids to study computer science, the “earmarks” and the special programs? It seems ridiculous that as the world’s leading technology innovator, we don’t prioritize investing heavily in our nation’s software programming assets – and help grow the industry to three times its current size. Or 300 times, for that matter.

Software is currently, or soon will be, as pervasive as plastic and steel -- embedded in every product and service offered the world over. Consider the iPhone -- a great product and ground-breaking invention. Sure, it’s got a sleek and sexy interface and feels great in your hand, but its bigger value lies in the software that downloads and plays your music, maps locations via GPS, and even allows you to do online banking. What was once just a mobile phone has now become a sophisticated software platform for next-generation application development, opening new doors of revenue opportunity and convenience for people around the world.

The list goes on. From automobiles, airplanes and power plants, to farming, banking and health care, software permeates every aspect of our lives.

Are we so shortsighted and beholden to the special interests of “old industry” that we would rather create a generation of ditch diggers and concrete pourers, than a generation of knowledge workers and software specialists? Hold on, I know what you’re saying, “We can’t all excel in math and programming to be in the software industry.” That’s ridiculous. I have never written a line of code in my life and I have been in the software industry since 1983. Yes, we need programmers, but there are hundreds of other job roles that support the software industry. That’s like saying that only aeronautical engineers work in the airplane and airline industries. Every industry now relies on software. I am not talking about just Microsoft, Oracle and Google. There are thousands of software jobs in banking, in transportation, in construction, in shipping, in (place any industry name here). Most of the world’s software actually ISN’T from the likes of Microsoft. As I said earlier, it is pervasive.

So write your Senator, send an email, comment on a blog. Whatever you do, spread the word. The answer to the green job problem is right in front of us -- and it’s SOFTWARE.

In Green
Comment (0) Read More...

The first time I installed IBM WebSphere XD, I was shocked. Right there, in the IBM Admin Console were the words "JBoss" and "WebLogic". What the heck is going on here?

The reality of Java Enterprise is that pretty much every company has multiple Java Application Server vendors. Typically, that is dictated by vendor solutions.

For example, our buddies at Zilliant (Hi, Chris and David!) make a pricing solution that runs on JBoss. When they go to implement the solution, they also provide the hardware and software. This makes perfect sense for them because they are able create a controlled environment for their application. And, it makes great sense for their customers because the Zilliant support team considers the entire stack part of their solution. That means, if there's a bug in JBoss, the Zilliant team will get a JBoss patch out to the customer.

Another example of a vendor dictated Application Server is some other friends of ours at Vignette (Hi, Brad!). Some Vignette products run on WebLogic. So when a customer purchases them from Vignette, they get WebLogic as part of the solution. And, like Zilliant, Vignette supports the WebLogic Application Server running underneath their products.

Of course, IBM is well aware of this. That's why they have created a mechanism to incorporate all of those disparate Application Servers into one place. XD will help you provide virtualization and health and resource management for applications that might have usage spikes, such as a payroll run on the last day of the month.

Lucky for you, Phurnace anticipated the same proliferation of Application Servers across the enterprise long ago. That's why we support them all: WebSphere (SA/ND/XD), WebLogic and JBoss (AS/EAP). So, using Phurnace Deliver and WebSphere XD is a perfect combination. Use XD to manage the resources and use Phurnace Deliver to manage the configuration. All in one place.

In Untagged 
Comment (0) Read More...

An interesting development today in the world of automated application deployment -- Oracle plans to acquire mValent, a configuration management vendor located in Boston. mValent, the cat of the configuration management market (as in 9 lives), was originally a CMDB vendor, then positioned themselves differently, then again, then again, and finally, as application configuration automation. They have been a long time partner with Oracle as well as with OpsWare (acquired by HP). The acquisition announcement shows that automated configuration is becoming a hot topic. This validates that there are real challenges in the current processes around application configuration and that the challenges are now serious enough to get the attention of Oracle. We see it every day. Our customers and prospects tell us they feel the pain each time a new app, a new patch, or a new release requires deployment from dev to test to production. Too often, custom scripting or some hacked together scripting-framework is the norm.

My bet is that Oracle will evolve the mValent Integrity product to be surrounded by and dependent on Oracle-only products. Where does that leave the huge customer base that relies on other middleware offerings like IBM WebSphere, RedHat JBoss, BMC Bladelogic, HP Server Automation, IBM Build Forge, etc.? Oracle has this habit of forcing you to go back to their well (and making it tough if you don’t like the water). Phurnace is now the only vendor-neutral automated deployment vendor. And, we still plan to support all of the releases of WebLogic (Oracle’s web app server).

The discomfort of application deployment and configuration is real and most companies are just now realizing that there is a way to ease that pain. Oracle, with this acquisition, has said it is OK to admit the problem. So now I ask you, please go do something about it. Act. Look at both Oracle/mValent and at Phurnace Deliver™. Either choice is better than what you are probably doing today. Although I think Phurnace is the better choice.

In Untagged 
Comment (2) Read More...

If you ever watch “Pimp My Ride” you can relate to this statement: "We heard you liked frameworks so we put a scripting framework on top of your application server so you can write code while you write code." During every episode of “Pimp My Ride”, Xzibit will install something into the now pimped ride that is relevant to something the owner enjoys doing. The one episode I saw had him installing turntables and a mixer in a hatchback because the car owner was an aspiring DJ. It made me think about those of you that want a scripting framework. It seems just as ridiculous.

In my last blog posting, I said that scripting was bad and you should just stop. The most common reasons why most Java EE admin’s still script include job security, hacking scripts for hacking’s sake, and inability to affect change in your organization.

Frankly, these are absolutely horrible reasons to script. But, I’ve seen something worse than scripting: script frameworks.

First, I want to point out how absolutely ridiculous it is to purchase or build a scripting framework in the first place. First, the entire reason you are using a Java Application Server is because it cuts down on the code you have to write. For example, back in the day, you had to create your own security, persistence, messaging, you-name-it framework. With Java EE, you don’t need to do that. It’s built into the API and Application Server for you. But, because of the configuration headaches, you are simply reintroducing any costs that were saved by writing less code. Shame on you for trading one head ache for another.

Second, the idea of writing code that does not generate revenue or cut costs, is just bad business. Think of it like this: why do construction companies rent scaffolding and not just buy it? Because it’s not their core competency. Managing, constructing and breaking down scaffolding will never make money for a construction company. But, it’s necessary for other revenue generating tasks, like brick laying or façade work. So, there is no reason to have scaffolding techs on duty when an outside company can provide better resources than the construction company can. So, construction companies use outside scaffolding company to not only deliver the scaffolding to the job site, but they also provide support for maintenance, reconfiguration or final pickup.

Look, times are rough. The tech industry is getting hit hard by layoffs. However, if you think that you will be the last one laid-off because of your position as the Script Guru, you are mistaken. I would argue that you might be the first; here’s why. Companies that are exposed to Phurnace for the first time, immediately start doing calculations on how they become more effective and efficient with Phurnace. Typically, that will mean utilizing the existing resources to perform more tasks with less resources. We see new customers begin tasking their resources with larger levels of responsibility. This could include the updated disaster recovery plan that has been languishing, or the upgrade to WAS 7 everyone wants because WAS 5.1 support is now costing so much more than in the past. But, if you have been simply the “Script Monkey” for the past several years, your kung-fu is rusty.

If you really want to stand out, offer your manager an alternative to scripting. Provide an ROI model that shows how adopting Phurnace Deliver can save your company hundreds of thousands a dollars yearly. Show how the time to value is in days, not months.

Of course, that does sound like more work. But, don’t worry; we have account managers that can do that for you. Heck, you can even say it was you that put it together. We promise not to tell.

So, save your company money and save yourself some headaches. Don’t buy into a scripting framework.

In Scripts
Comment (1) Read More...

In my previous post, "Automatically generate XPath Expressions in Java,” I showed you how you could use Java to automatically generate XPath expressions from a single xml document or a group of XML. So now you have your XML files and the XPath expressions to validate them…but how do you do it?

Below is a sample Java class for verifying your XML using XPath expressions. Enjoy!

In Xpath Expressions, XML
Comment (0) Read More...

Data center automation and transformation are in the news again as CIOs look for ways to cut spending in their companies. A survey recently published reveals that 84% of technology organizations have this on their list to control costs and reduce business risks. From the report: “Today’s CIOs are challenged more than ever to control costs and quickly achieve returns on technology investments. According to the study, respondents named reducing operational costs (31%) as their top driver for 2009 DCT spending. Enhancing security (29%) followed as a close second.”

The survey reports the type of projects companies would implement independently to achieve specific technology goals are:

• Automation – 64%
• Green IT – 60%
• Operations management – 59%
• Virtualization – 59%
• Business continuity – 58%

An important point on automation that I need to make: Automation of tasks or individual projects can be addressed without embarking on a major IT re-architecture campaign. This is why, I believe, that automation is ranked so high. Small and manageable steps may be taken in this area even while IT staffs are stretched or even reduced.

Deployment automation is the most likely place to start. Customer facing applications are even more important during these tough economic times and they must be maintained and updated. Automating this process and getting customer-applications moved out into production quicker and with fewer errors makes so much sense, and it will be a driver for reduced costs.

Please read the survey results, your peers have identified the cost savings opportunities. Consider it friendly advice; advice worth taking.

In Data Center Automation
Comment (0) Read More...

I am including a copy of a recent InformationWeek article in my blog this time. The article talks about errors in programming that can lead to security breaches in applications. Apparently a government-sponsored software assurance initiative has been formed. This is positive news in our fight for cyber security. I personally believe that the threat of a coordinated cyber attack is as likely as another 9-11 type physical attack. A large scale cyber attack could cause serious disruption of business and worsen this already stagnant economy. I urge all IT organizations to look into their development practices and at their applications to assure that they are secure. The IW article points out common areas that are vulnerable. This must be a priority for IT executives today.

Although it may not be politically correct in some circles to openly declare that our civilization is under attack, I will say that it is. There are organized and often state-sponsored enemies of western civilization that have made it their mission to disrupt or destroy our way of life. The battlefront is varied and it is dynamic. Cyber security should be of concern to all of us. Think of it as a vulnerable and exposed “supply line” that is analogous to the supply lines that stretched far behind battlefields of old. Those supply lines could be attacked and cut off, therefore limiting a force’s ability to function. The analogy holds true for cyber lines today. We are exposed.

It is not just about firewalls and filters, but it is about HOW code is written and HOW it is deployed. Errors can be dangerous. Not just frustrating, but downright dangerous. You should remove as many errors from your processes as possible. My advice to IT managers is to spend time and resources eliminating errors. Not only will it save your company money, but it could be an active defense for ALL of us.

InformationWeek Article:
By Thomas Claburn
Jan. 12, 2009
URL: http://www.informationweek.com/story/showArticle.jhtml?articleID=212701491

25 Most Dangerous Programming Errors Exposed

By publicizing these common programming errors, the participating organizations hope to make software code, and by extension the nation's cyberinfrastructure, more secure.

Experts from more than 30 U.S. and international cybersecurity organizations plan to disclose the 25 most dangerous programming errors on Monday, at a media event in Washington, D.C.

The CWE/SANS Top 25 List was compiled with help from organizations and individuals including Apple, CERT, Microsoft, Oracle, Red Hat, and Symantec, to name a few. It is managed by The SANS Institute and Mitre, and funded by U.S. Department of Homeland Security's National Cyber Security Division and the U.S. National Security Agency, both of which also contributed to the development of the list.

CWE stands for Common Weakness Enumeration, a government-sponsored software assurance initiative.

By publicizing these common programming errors, the participating organizations hope to make software code, and by extension the nation's cyberinfrastructure, more secure. Just two of these errors led to more than 1.5 million security breaches in 2008, according to the groups.

"This activity is an important first step in managing the vulnerability of our networks and technology," said Tony Sager, director of the Vulnerability Analysis Office at the National Security Agency, in a statement. "We need to move away from reacting to thousands of individual vulnerabilities, and focus instead on a relatively small number of software flaws that allow vulnerabilities to occur, each with a general root cause. This allows us to then target improvements in software development practices, tools, and requirements to manage these problems earlier in the life cycle, where we can solve them at large scale and cost-effectively."

The hope is that the errors list will serve four major purposes: To make software more secure for buyers by requiring that vendors certify their software is free of these top 25 errors; to incorporate awareness of these errors into software testing tools; to provide information necessary for educators to teach more secure programming techniques; and to provide a guide for employers to determine the abilities of programmers to write code free of these errors.

"The first two errors on the Top 25 are improper input validation and improper output encoding, and they earned the top rating for good reason," said project editor Steven Christey of Mitre in a statement.

"In 2008, hundreds of thousands of innocent, and generally trusted, Web pages were modified to serve malware by automated programs that burrowed into databases using SQL injection," he said. "The attack worked because countless programmers made the exact same mistake in their software. In a 2005 incident exploiting these same two errors, a teenager used a cross-site scripting attack to create a worm that hit the profiles of over 1 million MySpace users in less than a day, causing a temporary outage for the entire site."

The Top 25 List consists of three categories of programming errors: Insecure Interaction Between Components (nine errors), Risky Resource Management (nine errors), and Porous Defenses (seven errors). Examples of errors in the respective categories include: CWE-20: Improper Input Validation; CWE-119: Failure to Constrain Operations within the Bounds of a Memory Buffer; and CWE-285: Improper Access Control.

For the complete list and explanatory information, visit sans.org/top25 or cwe.mitre.org/top25.

In Untagged 
Comment (0) Read More...

My family and I took a last-minute New Year's vacation this year to Angel Fire Resort, in New Mexico for a few days of skiing. We drove from Austin to Angel Fire, stopping in Clovis, New Mexico, both going out and coming back. On the way back to Austin, we stopped for a delicious family-style meal at Allen Family Style Meals, in Sweetwater, Texas. If you ever get near this place, you have to stop and try it out, if you like an incredible Southern-style home-cooked meal.

Angel Fire is a great place to ski for both beginners and intermediates, with lots of green and blue runs, most of which are nice and wide. The area had received snow fall during Christmas, and still had a significant base of 40+ inches. The skiing was great, although we did experience wind gusts on the last day of up to 50 MPH. The wind was so strong, in fact, that my daughter was stopped in her tracks while skiing straight downhill! Skiing is something that we enjoy a lot, as it is an activity that all four of us can do together. My kids can handle almost all the greens and blues, and my wife and I can ski all the greens, along with some of the blues. This gives us a wide enough range of courses to try, to avoid boredom of doing the same runs over and over.

We have been skiing to New Mexico at least once a year since 2003, but the last couple of times have been particularly enjoyable, as my wife and I have discovered the joy of parallel turn skiing. Previously, we sort of muddled through by using, the "wedge", or snowplow turn technique, which is effective for easy runs, but less effective for steeper courses. Wedging down a hill is also hard on the inside of the knees, as they are under almost constant strain. Skiing parallel greatly reduces strain on the knees, since the turn is affected by rolling the skiis, and shifting your weight from once side to the other. When skiing with the parallel turn, the moment of truth for me is when you come out of the turn, pointing your skis downhill in order to begin setting up for the next turn. To me, it is basically a controlled fall down the hill for a couple of seconds, and it doesn't take long to build up speed. While this is a bit frightening for a low-level intermediate skier like myself, it is also exhilarating for that couple of seconds. This process of falling and turning allows you to really control your speed, which is best way to prevent nasty falls.

This same sort of thing happens in an Agile, iterative software development environment that we practice at Phurnace. The turn is akin to the period of planning that takes place before the iteration, where you control your speed and recover, while the fall downhill is the iteration itself, where your use your speed to make progress in getting down the mountain. Without proper execution of both of these segments, you will most likely end up in an Epic Fail, which can cause injury to both your physical and emotional well-being. On the other hand, non-iterative development is like trying to do that wedge down a steep hill. Since you are in a constant attempt to control your speed, you can't get down the mountain as fast, and inevitably you wear out, unless of course, you have the knees of my ten-year old daughter.

So, in skiing, or software development, remember, you have to try to fall down the hill, if you are going to make the most efficient effort to achieve your goal.

In Untagged 
Comment (0) Read More...

Hello readers, sorry for the lack of new content over the holiday break. We decided to give all of our contributors some time off from writing. We are back now and will have some great content throughout the new year.

On another note, we have a webinar coming up in 2 weeks. I know cost cutting is on everyone's mind so this presentation will discuss how Phurnace can help you find immediate savings in your IT budget.

1/22/09 Webinar - Stop the Scripting and Cut Your IT Spending - Deployment Automation with Phurnace

Date: Thursday, January 22, 2009
Time: 11:00CST
Presenters: Daniel Nelson, Vice President of Products, Phurnace Software

Worried about your IT Budget? You should be. Budgets are being slashed. But there IS a place to find immediate savings. This is the time to learn about Phurnace and deployment automation. Stop the scripting and reduce costs instantly. This webinar will provide an overview of why automation should be used to fill the gap between development and IT operations. We will present Phurnace Deliver™, an innovative software tool that speeds app deployments and automates the configuration of IBM WebSphere®, Oracle WebLogic®, and RedHat JBoss®.

We will also discuss several examples of how customers are putting Phurnace Deliver™ to use. We will explain how companies have implemented a uniform, fully automated build and deployment process without the use of scripts or manual intervention:

• Preview configuration changes
• Keep logs of configuration and code deltas
• Compare configurations across servers
• Manage the often chaotic process of deploying complex enterprise applications.

Please click here to register.

In Untagged 
Comment (0) Read More...

When designing your own custom WebSphere Portal themes and skins, after initially creating them in the Portal Admin Console and in the file system of your WebSphere Application Server, it is important to update your WebSphere Portal EAR file with your new themes and skins. Otherwise, your new themes and skins can be overwritten or deleted whenever the WebSphere Portal EAR is updated. So, what do we need to do to add our shiny new custom themes and skins to the WebSphere Portal EAR file? Unfortunately, this involves a little bit of scripting with wsadmin and EARExpander. This is all documented in the IBM online help. If you don't want to do this manually every time, you end up with a shell script for Linux or Cygwin (or similar DOS batch file) that looks something like this to update a new skin called qaThinSkin and a new theme called qaIBM:



This can be quite tedious and error-prone (and subsequently, costly) if you are constantly tweaking your skins and themes and need to move them from QA to production. This is where Phurnace WebSphere Portal Deliver can help. After you have initially created your custom skin and theme, Deliver can snapshot your WebSphere Portal configuration. Then we can use the Portal Configuration Packager Wizard to pare down the configuration to just the custom skin and theme.



Then copy your custom theme and skin to your Deliver client, keeping the same directory structure as they would be under the wps.war directory on your WebSphere Application Server:



Next we add the local directory for our themes and skins to the Deliver server profile, in the Portal tab.



Now we can make updates to the JSPs or GIFs on our Deliver client and then do a Portal Install to the WebSphere Portal application server to see the updates. You can even use our Portal Copy feature to transfer your custom themes and skins from your QA environment to your production environment. With no more time spent scripting, you can actually use your time for more important things like designing your custom skins and themes, and let Phurnace WebSphere Portal Deliver do all the deployment work for you.

In WebSphere Portal
Comment (0) Read More...