Pages: pp. 12-15
Dr. Dobb's Journal
"AJAX & Record Locking," by David Perelman-Hall
A common problem in multiuser Web applications occurs when two users edit an application record at the same time, resulting in lost data. Because the database locks the record within the database, users can't tell if someone else is editing it. If the server could push information about a locked record to two or more users trying to change the same record, this problem could be avoided; however, no workable Web-oriented push technology currently exists.
To edit content, users assigned to editor or administrator roles must request the editable page via an Edit button in the user interface. View-only pages contain an AJAX call that first runs in window.onload and then in a windowsetTimeout loop, so that when an editor requests a locked page, an alert indicates which page is locked, which user is currently editing it, and removes the Edit button from the interface. Once the locked record is released, the windowsetTimeout function restores the Edit button to the waiting editor.
Software Development Times
1 October 2006
"Where Does Ruby Fit in the Enterprise? Bruce Tate Talks the Business of Ruby," by Alex Handy
Software Development Times interviewed Bruce Tate, coauthor of Ruby on Rails: Up and Running, about how to use Ruby on Rails in an enterprise environment. Tate says Ruby currently works best for "green-field, database-backed Web applications with moderate scalability requirements" — a sizeable share of applications used for Java.
He adds that developers are starting to experiment in other areas, such as those that require greater scalability or in applications without database backing. Tate says Ruby on Rails has moved from an "edge product" into the mainstream over the past year. In that time, he says, several major innovations have occurred for Web services, AJAX, and the Active Record implementation.
3 August 2006
"Let's Make a WiMax Deal," by Dave Molta
A new partnership between Intel, Motorola, and entrepreneur Craig McCaw has created a huge new player in the broadband wireless networking arena. In July, Clearwire, a broadband wireless Internet provider that McCaw owns, dropped a planned US$400 million initial public offering after receiving $900 million in investment money from Intel Capital and Motorola Ventures. Clearwire will soon begin using Intel's Mobile WiMax (802.16e) technology and begin a supply partnership with Motorola for proprietary broadband wireless network access equipment.
5 September 2006
"RFID's Future Competitor," by Natali Del Conte
Hewlett-Packard (HP) recently unveiled Memory Spot, a tomato-seed-sized memory chip that carries media or data. The Memory Spot could be future competition for radio frequency identification (RFID) tags because HP's chips are smaller, less obtrusive, and feature a higher bandwidth than RFID tags. The Memory Spot transfers data at 10 Mbits per second and can store up to 4 Mbits. The chip has an integrated antenna, whereas RFID tags have an onboard antenna that makes them larger.
Proposed applications include sending digital postcards with moving pictures and sound, attaching resumes to business cards, and including product catalogues with merchandise. And unlike most RFID tags, the data on Memory Spot is rewriteable.
To transfer data, the chip requires a physical connection between it and a reader. HP has yet to develop a Memory Spot reader, but hopes that mobile phone and PDA companies will adopt the technology. Howard Taub, vice president of HP Labs, says, "A PDA is a good reader because it's got a screen and audio and video capabilities, but cell phones are the perfect readers. […] But cell phones are not designed for this yet, so the cell phone companies would have to decide if they want to be part of the ecosystem." HP estimates that Memory Spots could cost US$1 each and expects commercial applications to arrive in two to five years.
The Globus Consortium Journal
"Globus Incubator Project: GridShib," by Von Welch and Frank Siebenlist
A new project called GridShib ( http://dev.globus.org/ wiki/Incubator/GridShib) aims to give users of Shibboleth — a middleware product that helps universities share Web resources — access to highly scalable grid resources using only their local campus authentication.
Welch and Siebenlist began work in early 2005 on GridShib, which lets users get an X.509 certificate based only on Shibboleth authentication and use that same certificate to access the grid service, thus leveraging existing user information for authorization.
The tool contains several components: a product that lets Shibboleth authentication translate into X.509 certificates; an attribute name-mapper plug-in that sends queries about grid attributes back to Shibboleth; and several extension points that let grid services query Shibboleth, receive attributes formatted in Security Assertion Markup Language (SAML), and then parse them.
Welch and Siebenlist say their biggest challenge is that their users already have established campus identities, but the grid knows them by a different set of X.509-distinguished names. As a result, they're working to find a way to correlate names with X.509 certificates.
31 August 2006
"XSS Vulnerabilities Abound," by Andrew Conry-Murray
Cross-site scripting (XSS) vulnerabilities, in which a dynamic Web page accepts and displays malicious input from users, have jumped into the spotlight lately due to a few high-profile attacks. In a recent attack on Netscape.com, attackers created a pop-up message encouraging users to check out a malicious site. MySpace. com has been hit, too, and a security vendor claims to have discovered more than a half-dozen possible XSS vulnerabilities at two unnamed social networking sites. Conry-Murray suggests that Web developers run a Web application vulnerability scanner to eliminate the most obvious XSS vulnerabilities.
"NWC Interview: Arthur W. Coviello Jr., CEO of RSA Security," by Robert Hertzberg
In an interview with Network Computing, Arthur W. Coviello Jr., chief executive officer of RSA Security, says he hopes his company's pending US$2.1 billion acquisition by storage behemoth EMC ushers in a new era in which security is no longer "bolted on" but instead is "built in." He says he doesn't believe in the theory that terrorists want to execute an attack to "bring down the Internet," in part because the Internet has demonstrated its resiliency. Coviello also says he supports California's new law requiring businesses and governments to notify customers when their private information has been compromised, and believes a comparable federal law should be on the books.
5 September 2006
"Keeping Web Miners Safe," by Robert Lemos
Similar to miners using canaries to detect carbon monoxide or methane, companies such as Microsoft and McAfee are running virtual PCs — software systems that emulate a PC's hard drives, memory, and processors — to explore potentially dangerous areas of the Web and catalog malicious sites. Once malicious code infects a virtual PC, the management server running the virtual software records the originating site's address, erases the virtual PC, and sets up a new virtual PC to start the process again.
To malicious software, the virtual PCs look and act like normal PCs; Trojans, spyware, and viruses infect the PC, unaware that it's a controlled and sterile environment. Microsoft, for example, uses virtual PCs to map out the links to malicious sites, a portion of the Internet its researchers call the ExploitNet. McAfee's SiteAdvisor uses the resulting data to create its Web site ratings.
Unfortunately, Lemos writes, some attackers are meeting this challenge by writing code designed to detect virtual PCs and delay discovery by not infecting them with malicious code.
28 September 2006
"An End to Web Services Confusion on the Horizon," by Bruce Boardman
If you're involved with Web services, you know that a complex, sometimes confusing, set of overlapping management standards governs them. However, help is now on the way in the form of an alliance that includes Hewlett-Packard, IBM, Intel, and Microsoft.
The four companies sponsored a white paper released earlier this year that advocates a single interoperable standard, and they're working together to combine existing standards in response to customers' calls for a simpler solution.
The alliance seeks to iron out conflicts between the Organization for the Advancement of Structured Information Standards (OASIS; www.oasisopen.org) Web Services Distributed Management (WSDM) standard and the Distributed Management Task Force's (DMTF's; www.dmtf.org) WS-Management standard, as well as six lesser-known standards, including WS-Transfer, WS-Enumeration, WS-Eventing, WS-MetadataExchange, WS-ResourceFramework, and WS-Notification.
It won't be easy: both OASIS and the DMTF recently released new versions of their standards, so companies must support both standards separately until the single standard is achieved. Because the project is private, a smaller number of people need to sign off on concepts and commercial concerns, such as time and product issues, but current estimates predict it will take at least another two years before the single standard is complete, and even longer for it to make its way into the mainstream.
"DIAL Eases Mobile-Content Development," by Linda Dailey Paulson
Device Independent Authoring Language (DIAL), a new markup language in development by the W3C, could help solve the difficulties of producing content to run across a variety of wireless devices.
DIAL, which could get final approval next year, would help create a single version of Web sites and applications that an array of cellular phones, PDAs, and other mobile devices could access, thus saving considerable time and money.
DIAL is based on both existing and pending standards, including extensible HTML (XHTML) version 2.0, cascading style sheets, and Media Queries, a proposed W3C standard that lets developers precisely tailor a document's style. DIAL also works with another proposed W3C standard, DISelect (Content Selection for Device Independence), which lets content authors fine-tune content delivery to multiple mobile platforms.
"New Game Helps the Blind Access Web Sites," by Linda Dailey Paulson
Researchers at Carnegie Mellon University have created an online game that they hope will eventually make Web sites more accessible to the blind and visually impaired.
"Phetch" asks a participant to write a caption describing an online image, then each of the other participants searches a database of related images to find one they think best matches the caption. The first player to find the right image wins. Several games are played to determine the best caption for each image; factors including how quickly players find the photo based on the text help determine the winner. The game operates on a university server, which saves all the best descriptions and corresponding images in plaintext so a system used by a blind or visually impaired person could convert data easily into Java, XML, or whatever format required.
In one week of experimenting, 130 players generated 1,400 captions; the research team's goal is to produce captions for at least 1 million images.
"Collaborative Spam Filtering Using E-Mail Networks," by Joseph S. Kong, Behnam A. Rezaei, Nima Sarshar, Vwani P. Roychowdbury, and P. Oscar Boykin
Although everyone agrees no silver bullet exists for stopping spam, Kong and his colleagues have developed a distributed spam-filtering system that shows promise in beating spammers at their own game — one that harnesses the same attributes of email network and service infrastructure that spammers abuse.
This collaborative system leverages email networks' topological properties to provide a more efficient and scalable solution than client-based alternatives. It lets users query all their email clients to see if another user on the system has labeled a suspect message as spam. The system is message-based and distributed, and therefore latent, letting users make these queries without clogging the network.
The system uses two important mechanisms to exploit the topological properties of so-called social email networks: the novel percolation search algorithm and the familiar digest-based indexing scheme.
Large-scale simulations succeeded in a near-perfect score for detecting spam while minimizing bandwidth costs.
IEEE Distributed Systems Online
"Delay-Tolerant Network Technologies Coming Together," by Greg Goth
Until recently, work done by the Delay Tolerant Networking Research Group (DTNRG), which was founded in discussions about TCP/IP's inadequacies for deep-space and interplanetary communications, didn't garner much notice. But thanks to the explosion of wireless networks and the corresponding need for standards for systems in "disconnected environments" in which a device and user aren't connected, its work is slowly becoming more high profile.
Because front-line military networks are one of the most apparent applications for delay-tolerant networks (DTNs), DARPA is leading most of the funding for DTN research. But this work has possible commercial applications as well, including mobile networks in areas with very little infrastructure or sensor networks that are vulnerable to weather or power loss.
Whereas traditional end-to-end networks assume a stable network environment, DTNs assume eventual connectivity and offer store-and-forward capabilities. The most basic difference between DTN architecture and that of the Internet is the "bundle," a data unit that's the base of DTN communication. On the Internet, packet-based communication organizes data into packets and then divides and transmits them to an endpoint that the protocol assumes is always connected. In DTNs, the bundle overlay layer sits between the transport layer and the application layer and sends bundles over networks that acknowledge and provide for intermittent connectivity.
IEEE Pervasive Computing
"An Empirical Study on Voice-Enabled Web Applications," by Shuchih Ernest Chang and Michael S.H. Heng
As consumers continue to rely on the Internet and their mobile phones, pressure to combine the two in a useful, easy-to-use fashion is mounting. And because speaking is a more efficient way to communicate than using a mobile phone's tiny keyboard, the use of voice-enabled Web applications appears to be an ideal way to do this.
However, as Chang and Heng point out, consumer acceptance depends on users' feeling that an application is both easy to use and useful. As a result, the authors suggest that studying consumer responses to voice-enabled Web systems could significantly aid the development of successful business applications. To demonstrate this, Chang and Heng created a voice-enabled application and then surveyed users to explain their reasons behind accepting or rejecting the application.
They built a prototype of a self-service meal-ordering system, using a voice server to allow for the reaction of voice applications using XML, VoiceXML, and Java. The server transformed XML-based data into two kinds of information: data formats that HTTP servers support and VoiceXML speech.
The "technology acceptance model" the authors used to study consumer reaction also analyzed the information collected via online questionnaires. The survey discovered several things of use to developers: users found a system "friendly" if they could work at their own pace; users were more accepting if they could access a system through popular devices; users who had fun were more satisfied; and although users considered security and speed important, those factors didn't affect whether they found a system to be more useful or easy to use.