Thoughts on today's hottest topics in information technology. In this edition:

• IT Conversations
  • Anne Thomas Manes, Burton Group
  • Paul Baush, author of Amazon Hacks
  • IT Conversations goes on Hiatus
• Web Services
  • Hogan: Behind the Curtain at WS-I
  • Vogels: Web Services Are Not Distributed Objects
  • Schneider: The Madness?
  • Morphy: The End of Systems Integrators?
  • Orrin: Web Services Hackers
• Web Hosting
  • Prettijohn: Hosting Companies under Attack?
  • Bond: About SOBIG.f
  • Kaye: What's the Point?
• Doug's Presentations
• Subscription and Contact Info

IT Conversation with Anne Thomas Manes. Network World named Anne one of the 50 most powerful people in networking. Hear her insights in the all-new IT Conversation:

1. When will security and reliable messaging be part of web-services products?
2. Which web-services vendors offer the best interoperability?
3. Is the web-services specification process effective or a disaster?
4. Will the EAI vendors survive the shift to open protocols for integration?
5. Will SCO's Linux lawsuits destroy open source's GPL?
6. Is C# "Java--the next generation?"

[stream--download--discuss, 6.2 mb, 27 minutes, recorded 8/18/03]
Posted Tuesday, August 19, 2003 11:03:24 PM

This IT Conversation with Anne contains so many valuable insights, it's worth a more detailed summary than most. Here are some of the things Anne has to say:

• Advanced Web Services. Anne expects to see WS-Security implemented in software products in 6-12 months. Reliability in the messaging layer will take more than a year.
• Interoperability. Older products don't interoperate well. Anne recommends the products from Systinet, The Mind Electric, IONA, and CapeClear because they provide the best Java/.NET interop. She says to stay away from Apache SOAP, which was replaced by Apache Axis. Anne is a big fan of WS-I's Basic Profile.
• Web-Services Protocol Development. We spoke at length about the unusual way in web-services protocols have been developed. As Anne pointed out, web services are all about interoperability, so there was no way to have implementations in advance of the standards--the traditional sequence for standards development. We agreed that progress has been extraordinarily rapid, despite some in the press who complain that it's taking too long.
• Scalability. I asked her about the lack of real-world scalability testing, and Anne pointed out that we need real-world applications before we can really understand scalability. She specifically mentioned gigabit Ethernet and proposals for compressed XML as technologies that will obviate some of the current inefficiencies of XML.
• The Future of EAI Vendors. Because good EAI software includes much more than connectivity, it's fairly sticky. By way of comparison, Anne pointed out that even though WebSphere and Web Logic are both based on J2EE, you wouldn't likely switch from one to the other unless you had a specific problem with your current product or its vendor. Good EAI software is equally sticky.
• SCO's Linux Lawsuits. Anne is "very disappointed" with the current situation. She's particularly worried that IBM has raised the issue of the General Public License (GPL) and that SCO is therefore challenging GPL's validity. If the courts finds against the GPL concept, the entire open-source community will be affected.
• Novell's Acquisition of Ximian. Novell picked up GNOME and Mono, but the latter is the more interesting. Microsoft put C# and the Common Language Infrastructure (CLI) into the public domain. These are now ISO/ECMA standards. Mono is an open-source Linux implementation of CLI, which means that compiled (bytecode) versions of C# programs can be run on Linux. Anne says that "C# is Java--The Next Generation." If programmers are willing to develop under Windows, C# and Mono may offer them true portability.

Posted Wednesday, August 20, 2003 12:09:17 AM

IT Conversation with Paul Bausch. In the latest IT Conversation web-application developer and co-creator of Blogger talks about his new book from O'Reilly in which he says Amazon.com is an application. Paul dives into Amazon.com and brings up its buried treasures. Whether you're just a frequent book buyer, an author, publisher, bookseller, or just want to make a few extra dollars referring traffic to Amazon, Paul's new book has it all.

[stream--download--discuss, 2.4 mb, 11 minutes, recorded 8/27/03]
Posted Sunday, August 31, 2003 4:00:17 AM

IT Conversations on 3-6 Week Hiatus for Upgrades. As many of you have observed, the quality of our telephone recordings leaves something to be desired. Over the past four months we've tried a variety of telephone "hybrids" (devices that isolate caller and studio audio) but with little success. We finally tracked down the problem using some fancy equipment to analyze our phone lines. We discovered that our lines suck for the same reason we can't get DSL: we're 22,000' from the telco central office. By the time the audio gets to our studio, we've lost about 28dB and we've picked up a whole lot of induced noise and hum. It's so bad that we've had to cancel a number of interviews after recording them. Yes, what you've heard are the good ones.

We're going to halt future recordings until we can solve the quality problem. FYI, we're pursuing two solutions. First, we've ordered digital phone service, based on IP telephony, from the local cable company, Comcast. We're betting even money it will work. Our concern is that the latency and jitter of IP telephony will wreak havoc with our DSP-based hybrids. The hybrid manufacturers can't tell us what to expect--they've never tried it. Plan B is to use ISDN. We're more confident this will work, but it's also more expensive. Not only do the lines cost somewhat more, the interface equipment is also substantially more expensive. But if IP telephony doesn't do the trick, ISDN is the direction we'll take.

Depending on our success--wish us luck!--we'll be back on the air with new IT Conversations by the end of September.

Thanks for your patience and continued support.
Posted Sunday, August 31, 2003 5:06:18 AM

Read Any Good Books Lately? With IT Conversations on hiatus for a few weeks, I'm going to spend some time revamping its web site and planning new shows. In particular, I want to interview authors of the most interesting books for IT professionals.

If you've recently read (or written) a book whose author you think I should consider for a future IT Conversation drop me a line with the details. Even if your own book. Don't be shy.
Posted Monday, September 01, 2003 3:10:33 PM

Hogan: Behind the Curtain at WS-I. John Hogan, news editor at SearchWebServices.com, spoke with some of the members of WS-I's board about what happened along to way to WS-I's new Basic Profile 1.0. WS-I isn't a standards body. Instead, they've released this important document that tell us which of the many standards to use and how to combine them if we want to develop interoperable services. From Hogan's interview:

• "The working group dropped the idea of SOAP encoding interoperability in favor of XML Schema as the type system for Web services."
• "Fully 44% of the [interoperability] issues we tackled, of the 200-odd issues, were around the WSDL specification," [Chris Ferris, chairman of the Basic Profile working group and a senior software engineer at IBM] said. The working group had to clarify WSDL and "clean up the ambiguity aspects of it," such as how to use it with SOAP and the Universal Description, Discovery and Integration (UDDI) registry.

• Don't use DTDs or processing instructions. They're out!
• Use HTTP POSTs, not the new Extension Framework.
• IP port 80 is acceptable, although not ideal.
• The handling of HTTP status codes is explained.
• Cookies are permitted as a way to manage state, but only only under certain circumstances. All XML Schema must be derived from http://www.w3.org/2001/XMLSchema.

Read and use the WS-IBP. You'll be gald you did. WS-IBP is a huge help to us all. Highly recommended.
Posted Wednesday, August 20, 2003 4:02:15 PM

Vogels: Web Services Are Not Distributed Objects. This is an excellent article by Werner Vogels to be published in IEEE Internet Computing. Trust me...one of the best. His six misconceptions:

• Web services are just like distributed objects.
• Web services is RPC for the Internet.
• Web Services need HTTP.
• Web services need web servers.
• Web services are reliable because they use TCP.
• Web services debugging is impossible.

Werner writes well, too. I recommend his weblog, and I'm looking forward to his new book.
Posted Monday, September 01, 2003 3:05:20 PM

Schneider: The Madness? Jeff Schneider of Momentum Software is on a rant about an article in Web Services Journal written by two IBMers, John Medicke and Thomas Pack. Jeff sees this as another in a stream of articles telling the world that coarse-grained services are the only way to go. He wants us to acknowledge that fine-grained services are okay when latency is not an issue, specifically for local systems (i.e., within a box, cluster, or LAN) or even when widely distributed systems are linked in such a manner that latency isn't an issue. He points out recent Microsoft WSE and IBM WebSphere enhancements that optimize local service calls by bypassing sockets (the transport, essentially) and even XML.

Jeff makes some good points, but not to the extent that I think Medicke and Pack are wrong. First of all, can we really use the label "web services" for local interfaces that neither use XML nor talk over a wire? I think not. They're degenerate cases. Second, Jeff refers to latency and usability as the criteria for selecting the coarseness of an interface. I accept that, so long as "usability" includes maintainability and what Medicke and Pack refer to as an "outside in" approach. I agree with the IBMers that a well-designed SOA should, for example, minimize the need for client applications to help maintain the state of the service. And the best way to do that is to move entire documents rather than create and manage a session to exchange little bits of information.

I used fine-grained interfaces all the time--probably 100x more frequently than I use those that are coarse-grained. But I don't consider the former to be web services or part of an SOA.
Posted Monday, September 01, 2003 1:56:05 PM

Morphy: The End of Systems Integrators? Erika Morphy in CIO Today Manazine writes, "The short answer: Not likely.

"The longer answer: There are other competitive and market-development pressures that are eroding systems integrators' stranglehold on IT budgets."
Posted Saturday, August 30, 2003 9:42:58 PM

Orrin: Web Services Hackers. "The essence of this attack is to exploit a mechanism of the XML parser in order to access resources outside the current document," [Steve Orrin, CTO at Sanctum Inc.], explained. "This can be used to attack the current server, other servers, or to download data from the current or other servers." [Source: ADTmag.com]
Posted Thursday, August 28, 2003 7:57:18 AM

Loosely Coupled--Now Available as a PDF (at a 63% Discount)

Entire book: US$14.95 Major parts (4 total): US$5.95 each Individual chapters (21 total): US$1.95 each

As an alternative to the hardcopy edition, you can now download my latest book in PDF format at a substantial discount using PayPal or BitPass. From the time you purchase the eBook version, you have 7 days during which you can download the content up to 10 times. The PDF files can be printed, but the text cannot be copied or modified.

Amazon.com Review of the Week:

Prettijohn: Hosting Companies under Attack? "The recent spate of distributed denial of service attacks has diversified, with some attackers apparently now targeting hosting companies." [Source: Netcraft]
Posted Friday, August 29, 2003 4:52:35 AM

Bond: About SOBIG.f. Julian Bond has compiled a list of Frequently Unanswered Questions about the recent SOBIG.f virus outbreak.
Posted Sunday, August 24, 2003 3:14:27 AM

Kaye: What's the Point? "eBay confirmed Thursday that it experienced a power outage in its Web hosting facility [Qwest in Santa Clara, CA] that resulted in the entire auction service being down for nearly three hours." It's all about interrupted power, pipe, and ping. If hosting services can't guarantee the juice, customers won't outsource. [Source: The WHIR]
Posted Saturday, August 23, 2003 10:41:04 AM

Presentations, Conferences, and Webcasts