|
Be on the wave or under it™
The News – 10/16/01
In
this Issue:
Web
Services On the Radar Screen
According to a July
InfoWorld survey of 500 readers involved with technology strategy and
technology buying, although only 6.4 percent are extremely familiar with Web
services, 75 percent of them rank Web services as a moderate-to-critical IT
priority for the next two years, and 66 percent will develop a Web services
strategy within a year. These findings seem to indicate that Web services are
more buzz than substance: Few of those surveyed really knew what they were
talking about, but most were ready to make plans.
The Web
services concept is still ill defined, but in general it refers to the ability
to assemble applications from component services that are available over the
Web. Web services are the glue that can integrate a legacy system, for example,
with new capabilities. Suppose you want to set up an intranet service to let
employees find out how much vacation time they’ve accrued. If the information
is on a mainframe, you can employ a Web service to interact with the mainframe
database, and another to format the data as a Web page. If later you want to
add an application to calculate sick days, you can reuse one or both
components. And if you decide to jazz up the service by adding a stock ticker,
you just plug in the appropriate Web service. Sounds great, but there’s much to be done
before application development is that easy.
The biggest problem with Web services involves a lack of standards and a
generally fuzziness of the concept. For example, 30 percent of the respondents
in InfoWorld’s survey claim to have already reaped the benefits of Web
services. This is odd, because only 6.4 percent are extremely familiar with
them. The various competing standards form a confusing alphabet soup: XML (eXtensible
Markup Language), DCOM (Distributed Component Object Model), RMI (Remote Method
Invocation), SOAP (Simple Object Access Protocol), WSFL (Web Services Flow
Language), ONE (Open Net Environment), UDDI (Universal Description, Discovery,
and Integration – see the TrendSpot for more
info), WSDL (Web Services Description Language), and CORBA (Common Object
Request Broker Architecture). There are other problems as well, most notably
the question of security and enforcement of business rules.
Perhaps the
biggest problem with Web services is the hype. The concept is being sold as a
new way to create applications rather than an easy way to integrate some
valuable services into an application. So far with Web services, there’s really
no groundbreaking going on in the way an application is built. Currently, Web
services are unlikely to be interchangeable Legos you can use to snap together
an application. You still need to do hard stuff like understand what the
problem is, what the users want, and how your system will flow and hang
together.
The list of
existing Web services at XMethods.com
serves to prove this point. You might be underwhelmed by the array of services
offered. Among the stupidest services are those that translate inches to
millimeters or Fahrenheit to Celsius. If you’re a programmer, and you’re too
lazy to look up the formulas for such simple transformations, I guess you’d be
stupid enough to solve the problem by making an inefficient Web request to get
the answer. Other Web services simply automate the retrieval of readily
available information, like stock quotes, newsgroup postings, or zip codes.
Still others seem to offer a little value, like a nucleotide sequence lookup or
a credit card validator. But there aren’t services that really provide
snappable application parts, like: Accept user’s login and password; Validate
against corporate LDAP database; Establish Virtual Private Network and session
credentials; and open a session log. That Web service might be useful, at least
more useful than one that “Provides Internet Time (ITime),
as defined by Swatch.” (Oh, don’t ask. If you don’t already know what ITime is,
you really won’t care to know.)
So, while Web
services are getting a lot of ink, it’ll probably be a while before the reality
lives up to the hype. Businesses should be wary of anyone selling this snake
oil as a panacea. Developing applications remains hard work, best left to
professionals. Web services can be a part of an application development effort,
and may even bring real value, but we’ve been around this block before with
other reusable code schemes. It remains to be seen if Web services can truly
accelerate the development process.
InfoWorld
Briefly
Noted
- Shameless
Self-Promotion Dept.: I’ve added a security news ticker to the StratVantage
Security Web page. It scrolls up to date information about viruses, worms,
hoaxes and other items of interest regarding computer security. Check it
out.
StratVantage
Security Resources
- Manufacturers
Move to Protect Critical Infrastructures: The National Center for Manufacturing Sciences
(NCMS) and the National Infrastructure Protection Center InfraGard Program
have established the first InfraGard Industry Association. I wrote about
InfraGard in the last
SNS. The new association, called the InfraGard Manufacturing Industry
Association (IMIA), aims to provide manufacturers and their supply chain
partners with communications, education, and collaborative project
services to help assure the security of critical business information and
manufacturing infrastructures.
NCMS
- Microsoft Finally Serious About Security?
I’ve got to give our buddies in
Redmond credit. After thousands of bugs and hundreds of virus attacks, they
finally appear to understand that security is important. However, their
marketing spin makes it seem like they’ve recently uncovered serious security
threats: “Internet security and the increased threat from computer viruses are
serious and growing issues that impact businesses around the globe, regardless
of platform.” Very true, and in the spirit of helping address these threats and
to benefit humanity, Microsoft announced the Strategic Technology Protection
Program, “to help customers get secure and stay secure.” “Part of the company's
ongoing security commitment, this program marks an unprecedented mobilization
of Microsoft's people and resources to proactively assist customers of any size
to secure their computing environments.” No, no, silly person, they’re not
paying to convert people to Linux! They’re going to help people get current and
stay current with the bewildering array of security bug fixes they issue each
month. Hey, it’s a start!
Microsoft
- Spears Hoax: Pranksters are getting
cleverer and cleverer. Tim Fries, a Saginaw, Mich.-based online comic
strip artist used a trick to make it look like CNN.com had a scoop: Singer
Britney Spears Killed in Car Accident. Fries claimed he was conducting
research as to how far and fast misleading information travels on the Web.
“With the recent terrorist attacks and such an increasing reliance on the
Internet as a trusted news source, misinformation could prove to be a
powerful weapon,” said Fries. The cartoonist used a quirk in the way Web
browsers handle URLs to direct users to mock-up of a CNN.com Web page at
an external site. Incredibly, the distribution of the special URL to just
three users of AOL's Instant Messenger chat software resulted in more than
150,000 hits to the fake site. The URL began with the characters
http://www.cnn.com, followed by "@" and the IP address of the
fake site Web site. Since browsers ignore anything to the left of an
"@" in a Web address, users were taken to the phony article but
assumed they were going to CNN.com. In this time of ever more outrageous
sounding real news, the ability of just one joker to spread disinformation
could move from merely annoying to incitement to riot.
Please, before forwarding any incredible news, check the source, and check
the Urban Legends Reference pages at www.snopes.com.
And no, blue
envelopes are not contaminated, and no mysterious Arab ex-boyfriend
forecast September 11 and a mall attack on
Halloween. Let’s keep it together, people.
Security
News Portal
- Gartner Says Ditch IIS or Face Risk: GartnerGroup has taken a very strong
position against using Microsoft’s Web server, Internet Information Server
(IIS), either on the Internet or even inside the enterprise. The analyst
firm has faced the fact that using the buggy, security hole-riddled IIS
instead of readily available and free alternatives increases the cost of
ownership.
Code Red also showed how easy it is to attack IIS
Web servers. Thus, using Internet-exposed IIS Web servers securely has a high
cost of ownership. Enterprises using Microsoft's IIS Web server software have
to update every IIS server with every Microsoft security patch that comes
out—almost weekly. However, Nimda (and to a lesser degree, Code Blue) has again
shown the high risk of using IIS and the effort involved in keeping up with
Microsoft's frequent security patches. Gartner recommends that enterprises hit
by both Code Red and Nimda immediately investigate alternatives to IIS,
including moving Web applications from other vendors to Web server software,
such as iPlanet and Apache. Although these Web servers have required some
security patches, they have much better security records than IIS and are not
under active attack by the vast number of virus and worm writers.
Sun has taken
advantage of these recommendations to announce a “trade up” program
to help businesses transition off IIS and onto its iPlanet Web server. It even
offers free software that allows programs written to IIS’ Active Server Pages
(ASP) API to run on Sun equipment. Sun has knocked $500 off its normal iPlanet
pricing as an incentive. As reported in a previous SNS, even the
insurance industry has taken notice of the problems with IIS, with one insurer
charging higher premiums for disaster insurance to businesses using IIS.
TechRepublic
- Making Copies to Ensure Availability: Sun Microsystems and Stanford
University said recently that the LOCKSS (Lots of Copies Keep Stuff Safe)
program – designed to protect the integrity of valuable electronic content
– is performing well in large-scale tests at 47 global locations. The
LOCKSS system is an open-source, Java-based, distributed content mirroring
system, designed to run on low-cost computers without central
administration. Computers continually monitor files on their hard disks at
random intervals. If files have been corrupted or altered, an automatic
caching system replaces them with intact copies derived from redundant
copies on other machines. This enables content providers to maintain
access to critical information.
Sun
- Too
Much Sun? At the
risk of overloading you on news from our buddies at Sun Microsystems, I
have to let you know about their collaborative effort with Lucent to
deliver unified communications via a mobile portal. Unified communications
has been the next big thing for a couple of years now. It promises to
allow you to access all your communications in whatever form you want. For
example, you can get your email, voicemail, and faxes all via the
telephone. The new service will allow users to browse the Web, check and
send voice and e-mail messages, initiate calls from their address book via
voice command, hear faxes, and attach e-mail to voicemail messages (and
vice versa) all via their cell phones. Messages can also be bookmarked by
voice command so users can easily jump back to them later. Sounds pretty
cool. Let’s see if it can fly in real life. (Disclaimer: I do indeed own
stock in Sun and would love to see it come up from under water.)
Sun
 I Want This Phone: Nokia has come out with another
cool phone. The Nokia 5510 is a music player, FM radio, messaging machine,
games platform and phone. It includes (of course) an Internet browser as
well as 64 MB memory to store up to 2 hours of music, the ability to
answer and end phone calls with the stereo headset while listening to
music, voice dial for 8 names, and 5 built-in games. The game
controller-like form factor will certainly attract the kids, while
business people will like the full keyboard (for two-fisted typing) and
the ability to send longer messages. Unfortunately, the phone won’t be
available in the US. Drat. (Pet Peeve, part XXIII: I’ve complained before about
Nokia’s Web site. Now wouldn’t you think when they announce a new phone
you could use their search capability, type in the model number, and find
the appropriate page? Nope.)
Nokia- Stupid
Quote Alert: I get
eMazing’s Stupid Quote of the Day email service, and most of the quotes
aren’t real winners. But last Wednesday’s brought a smile to my face:
"The department takes very seriously its responsibility to protect the
privacy interests of Americans who have been the subject of investigative
scrutiny."
- Justice Dept spokeswoman Susan Dryden, explaining that the Justice
Department invading your privacy and other people invading your privacy
are two completely different things.
PBS
Return
to Mike’s Take
|
.