A Loosely Coupled Cloud
"Build loosely coupled systems." That was one nugget of recurring advice given last night by Jorge Noa, CTO of HyperStratus when he spoke at a meet-up titled "Amazon EC2 Cloud Computing and Application Design" held at HackerDojo (see slides here - pdf and I also found the same slide show already online here as an O'Reilly Media Slideshare).
After a review and comparison of various IaaS, PaaS and SaaS services, the talk then focused on details of Amazon's overall cloud offering. Finally he finished out the presentation with a discussion of software developer best practices - the primary reason I attended. More time spent on software development would have been a big plus in my view, but I can understand that he felt the need to get everyone in the room up to speed on Amazon's platform. It was a big crowd.
Cloud Computing Development Best Practices
The ten best practices Jorge espoused were:
- Build cloud apps, not apps in the cloud
- Virtualize the application stack
- Design for failure and nothing fails
- Design for scalability
- Loose coupling lets you maximize plug and play
- Design for dynamism
- Build Security into every component
- Leverage native cloud storage options
- Leverage best cloud Management Tools
- Don't fear cloud constraints
Of those ten, the two points that gave me the most pause for contemplation were to "build loosely coupled systems" and to "build security into every component."
Build Loosely Coupled Systems
"Build loosely coupled systems" brought a flash from the past, triggering a memory of a distributed operating systems class I had in the 1990s. The concept of loosely coupled systems was new for me back then and made a big impression, so I dug out my old textbook (yes, I kept them all!) to refresh my memory. The textbook was "Modern Operating Systems" by Andrew S. Tanenbaum.
Saying Goodbye to Transparencies and Roundies
and goodbye to pitiful SEO, too...
After several years of experimenting with css rounded corners and transparency and the various perplexing cross-browser issues, I've redesigned this website and even moved it over to a new platform. Gone are the strange hoops I needed to jump through to add new stories to this site.
Here's one last glimpse of the original Geek on the Loose:
I've also put a lot of effort into trying to follow good SEO principles on the new site. It may not have been obvious, but the old site was created before I had studied up on SEO and probably violated every major principle. It was a real SEO train-wreck. It will be very interesting to find out if I've learned anything or not.
Parallelism and Abstraction in Java
Here's an interesting parallel programming interview with Intel's Paul Guermonprez covering threads, JSR166y, and Hadoop. I particularly enjoyed the Hadoop discussion at the end.
The discussion focused on efforts to separate Java programming from the nitty gritty details of threads. This separation allows a greater number of developers to successfully program for parallel environment by removing focus on the technical details, and thus reducing the knowledge required to write the code. There's also some coverage of the benefits of the higher level of abstraction of functional programming and how the functional programming style is being incorporated into the Java concurrency model. The text has this:
The future will be functional programming or won't be at all.
Intellectually, I applaud these efforts. Emotionally, I feel some loss.
My first introduction to threads was in a systems programming class, using the C language and Pthreads library. Pthreads blew my mind, or maybe it was lack of quality in the lectures. Either way, determined not to be defeated by Pthreads, I went out and bought a stack of books on Pthreads and threads in general and set out to wrap my mind around threads. It worked, but along the way, I learned that I loved the challenge and so I embraced concurrency and parallelism with much enthusiasm. This knowledge that I've accumulated will always be of great value, but as I move toward programming threads at further and further abstractions, I'll lose that close connection to the internals, and I'm a little saddened by that.
Martin Odersky and Josh Suereth at Scala BASE Tonight
I'm looking forward to a Scala BASE meeting tonight that is headlined by Martin Odersky and Josh Suereth.
From the announcement email:
Professor Martin Odersky is the director of the LAMP group at EPFL, the creator of the Scala programming language, and author of Programming in Scala.
Josh Suereth hosted the first Scala Lift Off East in Reston, VA and has been involved with lots of Scala projects including scala-tools.org, scala-arm, scala-io, scala-jigsaw, and scala-lolz.
Found: Nice OWASP Top 10 Cheat Sheet
I discovered this very useful, developer-centric cheat sheet for the OWASP Top 10 for 2010 (go directly to the pdf). It's nice and concise and gets straight to the simplest code fixes that will work. Memorize it and your code will be better than it was before. Better, stronger, faster...
Here's the current OWASP 2010 Top 10 list (this is release candidate 1, so it could change):
- Injection
- Cross Site Scripting (XSS)
- Broken Authentication and Session Management
- Insecure Direct Object References
- Cross Site Request Forgery (CSRF)
- Security Misconfiguration
- Failure to Restrict URL Access
- Unvalidated Redirects and Forwards
- Insecure Cryptographic Storage
- Insufficient Transport Layer Protection
If you are a developer and you don't know what some of these security risks are 
and how to avoid them in your code, then you should be reading this: OWASP Top 10 2010 RC1 (pdf).
safe to click,
no evil Javascript on these links
Menu
