Pages: pp. 11-14
Dr. Dobb's Journal
"Ruby on Rails," by Michael Swaine
Rails, a Ruby-based framework used to develop Web applications that "babysit" databases, is quickly becoming a Java alternative. At this year's Jolt Awards, for example, Rails received top honors for Web development tools and was the topic of Jolt's winning technical book selection, Agile Web Development with Rails. Bruce Tate, a respected member of the Java development community, further fueled Rails' credibility by describing in his book, Beyond Java (O'Reilly, 2005), a project rewrite that he anticipated would take four months using Java but took just four days and roughly one-fifth the lines of code using Rails.
Swaine says that developers are jumping on the Rails bandwagon because of its features, including a fully integrated Web application framework that needs only a Web server, database, and the Ruby base language, "a language that combines the uncompromising object orientation of Smalltalk with the immediacy of Perl, Python, or PHP."
13 April 2006
"Compressed Air," by Frank Bulk
Students' increasing desire for wireless access has prompted colleges and universities to tackle the challenge of dense wireless deployments in ways that help tomorrow's enterprise users address the same problems. They can't meet the volume of demand by simply installing another access point (AP) here and there. For one thing, signals interfere with one another when you get too many APs in a small area. Bulk says installing micro- or pico-cells can help the capacity problem by regulating output power to limit channel interference, but many older client cards don't support the proprietary standards that are part of such architectures. Northern Michigan University solved this problem by using Meru Networks' Wireless LAN Controller and several multiband, single-channels APs.
Channel assignment presents an even bigger challenge. Fred Archibald of UC Berkeley's School of Electrical Engineering and Computer Science says it's like a Rubik's Cube: changing one location requires a reassessment of the whole array's needs. Archibald's solution is to deploy one AP for every 3,000 square feet using Cisco's 1100 series thin-AP system, which allows for automatic channel selection.
27 April 2006
"Wireless: Resistance Is Futile," by Dave Molta
A recent reader survey about enterprise wireless local area networks (WLANs) shows that IT staffs are increasingly responding to users' demands for wireless service despite various concerns. At the two extremes, 25 percent of respondents reported zero access points (APs) installed, but 15 percent reported more than 100.
The highest-ranked benefits cited were added employee convenience and satisfaction, followed by higher productivity and business-process improvement. Security concerns were the biggest barrier to adoption, followed by a dearth of compelling business justification and concerns about standards.
6 June 2006
"A Moving Target," by Robert Lemos
Few antivirus firms have produced software to protect cell phones, largely because infecting cell phones still isn't that easy, but they might soon change their minds as evidence mounts that crimeware — malware that steals money or information — is becoming more widespread. The Red-Browser Trojan, for example, funnels money by connecting to premium-pay messaging services and sending out SMS messages, charging users up to US$6 per message. Another example is FlexiSPY, a surveillance program sold by a Bangkok firm as a way to spy on users without their knowledge. Lemos says that users can protect their cell phone data by transferring it to their PDAs, but most phones will remain vulnerable to viruses designed to steal money.
"Cell Phones Say Hi to Wi-Fi," by Wade Roush
The day when users can have a single phone number — and phone — for home, office, and mobile isn't that far off. At conferences in Las Vegas and Barcelona, Chicago-based BridgePort Networks demonstrated new phones that carry both Wi-Fi and cellular radios. The phones, made by Chinese manufacturer E28, allowed conference attendees to wander out of Wi-Fi range and seamlessly switch to a cellular network without dropping calls.
Competitors such as California-based Kineto Wireless are working on similar technologies. However, BridgePort says the conferences were the first successful live demonstrations of call "handovers" using the emerging voice call continuity standard, which bridges packet and cell switching.
27 April 2006
"IT Compensation Inches Back Up," by Rich Karpinski
In 2005, IT salaries and bonuses reached a new high, surpassing the previous peak established in 2001 at the tech boom's pinnacle. According to a survey of more than 10,400 IT professionals conducted by Network Computing and InformationWeek magazines, the average IT manager made US$99,000 in 2005, and the average staffer made $73,000. Factoring in bonuses, salaries grew 3 percent for staffers in 2005 and 4 percent for managers, the survey reports. In the latter job category, the largest compensation packages were in Web infrastructure, data mining and data warehousing, human resources IT, and enterprise application integration.
Visual Studio Magazine
Special Enterprise Edition
"Integrate SOA Portals with WSE," by Derek Harmon
Harmon walks through the creation of a human-resources hiring portal to demonstrate the "patterns for a successful SOA" and the architectural decisions behind creating a reliable, reuseable SOA that solves real-world business problems. He explains that a successful SOA depends on a service-oriented marketplace and aggregated external services. He also outlines how to apply a portal-integration pattern to aggregate Web services using Web Services Enhancements 3.0, as well as the ASP.NET 2.0 Web Parts framework.
13 April 2006
"Anti-Phish Posse Seeks Deputies," by Andrew Conry-Murray
To crack down on the proliferation of phishing, antispyware vendor Sunbelt Software and the CastleCops Web site have joined together to form the Phishing Incident Reporting and Termination (PIRT) Squad. PIRT aims to get volunteers to report new phishing incidents in an effort to have them eliminated as quickly as possible. Once an incident is reported and reviewed, PIRT notifies several sources, including the firm being phished, the ISPs hosting the phishing sites, and antiphishing toolbar companies.
"Hackers Strengthen Malicious Botnets by Shrinking Them," by Linda Dailey Paulson
Apparently, efforts to thwart "botnet" schemes that use computer networks to launch malware, denial-of-service (DoS), spam, or phishing attacks haven't scared off hackers. Instead, hackers have started reducing the number of infected computers they use in order to delay detection.
According to Mark Sunner, chief technology officer at MessageLabs, which provides messaging security and management, 2004 saw the size of botnets reach its peak, with several using more than 100,000 infected computers. Then ISPs figured out how to catch such attacks early on by monitoring traffic flow on their networks for telltale signs such as an unusual number of computers connecting to Internet relay chat (IRC) systems or visiting a given Web site. Sunner says botnets now average about 20,000 computers, a number that might not seem unusual to an ISP until it's too late.
"Recommendation Technology: Will It Boost E-Commerce?" by Neal Leavitt
Recommendation technology, which began to take shape in the early 1990s, is now a necessary part of any online retailer's business model — prompting users to consider purchasing other items based on their own online histories and those of other users who've purchased similar items.
Several types of recommender systems now exist: implicit engines generate recommendations based on multiple customers' activities on a firm's Web site; explicit engines give recommendations based on words entered by customers searching for products; content-based engines suggest items similar to customers' previously purchased products; and collaborative-based engines produce recommendations based on purchases by customers with similar preferences.
Leavitt points out that although all recommendation engines use data mining algorithms to look for patterns and relationships to predict future behavior, they generate suggestions using different methods, including rules-based and expert approaches, and Bayesian strategies that make statistically based choices on probability inferences.
"Scientists Develop New Digital-Content Protection Technology," by Linda Dailey Paulson
University of Maryland researchers have created a new digital-content protection technology to help fight the unauthorized use, copying, and distribution of multimedia and text files. The technology embeds a unique forensic code in a digital image, video, audio, or text file, identifying the authorized recipient and allowing the content owners to trace unauthorized users. Other uses include investigating and tracking corporate and government data leaks.
Unlike other "fingerprint" codes, which are too long to embed in parts of multimedia files, the University of Maryland technique turns a shorter IP-protection code into a small spreading signal, embedding multiple bits of a fingerprint code through overlapping parts of a multimedia file. Consequently, file sharers who obtain copies of large multimedia files have difficulty piecing together file parts that don't have the full code.
As commercially viable as the technology might seem, Ray Wagner, research vice president for Gartner Group, says he has "yet to see a forensic method that was not attackable."
"Web Services Interoperability Specifications," by Hamid R. Motahari Nezhad, Boualem Benatallah, Fabio Casati, and Farouk Toumani
Web services are becoming the technology of choice in service-oriented architectures (SOAs) because they simplify interoperability and application integration, as well as provide a way for developers to wrap existing applications to access them with standard protocols and languages.
Nezhad and his coauthors outline a conceptual framework that analyzes existing Web services technologies and their limitations, benefits, and goals. The framework, they say, can also help identify what tool support is required to leverage these technologies.
In addition, the authors summarize existing SOA standardization efforts. Although standardization is critical for achieving SOA interoperability, they argue that new frameworks are also needed to effectively use Web services and promote widespread adoption.
IEEE Distributed Systems Online
"Functionality Meets Terminology to Address Network Security Vulnerabilities," by Greg Goth
Seven years ago, MITRE engineers put together the Common Vulnerabilities and Exposures (CVE) dictionary, a standardized system for naming holes in network security. Although system administrators and vendors have embraced the effort, adoption of supporting infrastructure to allow more users to deploy CVE-compatible technology has lagged. However, in August 2005, the US National Institute of Standards and Technology (NIST) created the National Vulnerability Database (NVD), which updates CVE data in real time.
Although NIST developed the Open Vulnerability Assessment Language (OVAL) — a language that standardizes queries in a three-step XML-based process — for use with the NVD, industry has been slow to adopt it. "The big hurdle, and this has always been a hurdle, is trying to get enough OVAL queries," says Peter Mell, senior computer scientist at NIST and NVD project leader. Mell says one of the keys to achieving ubiquitous deployment of CVE-compatible technology is more completely automated auditing and configuration capabilities.
IEEE Pervasive Computing
"Web Browsing on Small-Screen Devices," by Zhigang Hua and Hanqing Lu
To address the challenges of surfing the Web on portable devices such as cell phones and PDAs, Hua and Lu present a project designed to leverage multiclient collaboration as a key component to the solution. Their system requires an "aggregation profile of display capacities of devices in an ambient environment." With their system, users' surfing drives collaboration among ambient devices, such as Bluetooth-enabled PDAs, cell phones, or digital watches.
To test their system, they used two smart phones and two pocket PCs with Bluetooth. Each ambient device contained the system's four components: a communication supporter to maintain communications among devices; an interaction watcher to observe the user's browsing interactions; a collaboration translator to parse those interactions into display updates on the ambient devices; and a collaboration performer to automatically display information updates on a client browser.
Hua and Lu also developed a two-level Web-browsing system, one for browsing within a Web page and another for browsing between pages. The system presents an index with links that lead users to display updates on the ambient devices.
IEEE Security & Privacy
"Should Indexing Be Fair Use? The Battle over Google Book Search," by Michael Lesk
When Google announced in 2004 that it would scan millions of books into a searchable online database as part of its Google Book Search, the publishing industry decried the decision, calling it copyright infringement. Earlier this year, a court ruled that the service was within the limits of the "fair use" doctrine.
Google Book Search has already scanned an estimated 500,000 books for indexing, which it says is fair use because it doesn't allow any books to be downloaded. Google scans three kinds of books: those in the public domain, which users are allowed to see in their entirety; books under a Google Books Partner Program, in which the publisher or copyright holder allows Google to show a few pages based on search results; and books still in copyright that have no agreement, in which only three lines from the book are shown based on search results.
In this article, Lesk examines what the current law says about the fair use issue and what might be good public policy. He reviews publishers' arguments and Google's responses. In the end, Lesk, chair of the Library and Information Science Department at Rutgers University, contends that Google's project doesn't appear to break copyright law and will most likely result in increased sales and interest in out-of-print books.