Issue No.01 - January/February (2006 vol.10)
Published by the IEEE Computer Society
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MIC.2006.7
Review of Internet-related stories in IEEE Computer Society and trade press.
Programming and Development
"AJAX Bubbles, Can it Shine?" by Andy Dornan
In an effort to reassure critics, some start-ups have posted early versions of their products for testing. Applications include Writely.com, for viewing and editing .doc files; NumSum.com, for a Web-based spreadsheet; Kiko.com, for a calendar and contact database; Meebo.com, an interface to all four major instant messaging networks; Zebra.com, groupware that behaves like Outlook; and Thinkfree.com, which gives users an office suite compatible with Microsoft.
"New Tactic for Fighting Malware," by Sebastian Rupley
Most businesses shield PCs from malware by installing software patches and rebooting. However, that can mean costly downtime for businesses with numerous PCs to patch. Determina, a security software firm, recently announced LiveShield, technology designed to eliminate the need to reboot after applying software patches. Instead of patching programs on disks, LiveShield inserts replacement code for programs running in memory. Consequently, the application holds down the "digital fort until a convenient patch time arises" and rebooting is more convenient.
"How Bad Is Intrusion Detection?" by Gary McGraw
McGraw asserts that neither of the current network-based approaches used in intrusion-detection systems works very well. The more common approach uses signatures of known attacks to root out new ones. As a result, McGraw says, the newest attacks easily avoid them. The much-rarer anomaly-based approach learns what "normal" system behavior is, and then finds anything on the network that doesn't fit the norm. The anomaly-based approach is seldom used because there usually aren't "normal" system users, so such a system often mistakenly targets and inconveniences legitimate users as a result. McGraw suggests that the answer lies in shifting attention from data packets to "worrying more about the behavior of the applications that eat the data." He claims that using intrusion-detection technology to monitor what's happening inside an application itself provides a more useful paradigm. However, the primary drawback to that strategy is that it can't be applied to off-the-shelf applications, so its use is limited to customized applications.
"Which Web Services Protocol?" by Eric A. Hall and Peter Saint-Andre
Today, most Web services are designed with some kind of XML over HTTP. The most common alternative to HTTP is the Extensible Messaging and Presence Protocol (XMPP), also known as Jabber. Given that Web services are becoming more ubiquitous in enterprise applications and that HTTP might not be the right choice for every job, the magazine asked Hall and Saint-Andre to debate the relative merits of using HTTP and XMPP.
Hall, president of the Network Technology Research Group, went to bat for HTTP. He says it's "lightweight, fast, efficient, and has a whole universe of infrastructural support behind it." HTTP is especially useful for Web services that need to support large numbers of lookups over public networks, he says, but it also meets the needs of most public services.
Saint-Andre, executive director of the Jabber Software Foundation, suggests that XMPP is the better choice. Although he acknowledges that XMPP won't replace HTTP anytime soon in most service-oriented architectures, he argues that it would work better for next-generation Web service applications because of its unique set of abilities — strong client and server authentication, built-in compression, and fast message exchange over long sessions.
"Amazon Web Services,"by Ashish Muni and Justin Hansen
ScanZoom, an application from the firm Scanbuy, lets camera phone users launch on-the-spot price comparisons and product reviews by simply taking a photo of a barcode.
Muni and Hansen, the application's developers, explain how Amazon's freely available Web services API helped make ScanZoom a reality. They used Amazon's E-commerce Service (ECS), which provides access to all its product pages as XML. They found ECS simple to integrate into their system because Amazon provides a Web Services Description Language (WDSL) that they connected to their C#.NET development environment. Muni and Hansen also explain that for consistency across different applications, they opted to use SOAP rather than Representational State Transfer (REST) — the architectural style used on the World Wide Web and various other distributed hypermedia systems.
Dr. Dobb's Journal
"XML-Binary Optimized Packaging," by Andrey Butov
Although XML is undoubtedly a success as a metalanguage, the difficulty of encoding XML documents with binary data remains a significant challenge because not all data domains are suitable for XML's text-based requirements.
Several approaches exist for addressing the problem of including binary data in XML documents. Butov claims that one of the most interesting is "XML-binary Optimized Packaging" (XOP), which the W3c published as a recommendation in January 2005. He describes the method, which involves placing an XML document inside an XOP package, as well as explains some common arguments against it, including that it optimizes only Base64-encoded data. He ultimately concludes that XOP is a worthwhile approach, in part because it puts the burden of dealing with binary data inclusion into the XOP specification rather than keeping it at the application level.