Lori MacVittie’s posterous

As a child of the 80s's I lived under an umbrella of fear surrounding nuclear everything. Living fairly close to a nuclear power plant, we all heard the words "chain reaction" a lot, and though we didn't understand the science we did know that it was a Very Bad Thing^TM and like children in the 60's we were taught to hide under a desk in the event of a catastrophe.

However, reuse carries with it some fairly onerous consequences that can escalate to IT catastrophe status as well, among them those that come with any device or service becoming a single point of failure.

When one application suffers an outage it's a problem, but not a catastrophe. When five applications suffer an outage at the same time that's a catastrophe. Unfortunately if you're part of an organization in which SOA is being relied upon to provide the backbone of your application infrastructure, the "chain reaction" catastrophe scenario is a lot more likely to happen to you than it ever was to us in the 80's.

Reuse is a huge benefit, but it's also a huge risk. If a single service upon which multiple applications depend suddenly becomes unavailable, then all its dependent applications are also, necessarily, unavailable. A problem with a core business service can leave your entire business offline.

Read the rest at DevCentral

Modern load balancers (application delivery controllers) blend traditional load-balancing capabilities with advanced, application aware layer 7 switching to support the design of a highly scalable, optimized application delivery network. Here's what's different about the two technologies and the benefits of combining the two into a single application delivery controller.

Read the rest at DevCentral

Read the rest at DevCentral

We all know that SOA stands for Service Oriented Architecture, right? Gaurav Sharma over at Infosys-Oracle has another definition of SOA and it really fits well with both the business and IT goals surrounding SOA.

Gaurav redefines SOA as Scalable, Open, and Adaptable, and then walks through how Oracle solutions fit this definition. This actually makes a lot of sense, because open and adaptable are inexorably tied to SOA as an architectural methodology. SOA is built on open standards like SOAP, WSDL, and XML and its meta-data driven execution style is highly adaptable, making it flexible or, in the language of SOA and business goals, agile.

Read the rest at DevCentral

No, that's not a typo. That's the reality of virtualization terminology today: a single term means multiple technology implementations.

Server virtualization is used to describe at least two (and probably more) types of virtualization.

Read the rest at DevCentral

One of the most well-kept secrets in technology is the extensibility of HTTP. It's one of the reasons it became the de facto application transport protocol and it was instrumental in getting SOAP off the ground before SOAP 1.2 and WS-I Basic Profile made the requirement for the SOAP Action header obsolete.

Web browsers aren't capable of adding custom HTTP headers on their own; that functionality comes from the use of client-side scripting languages such as JavaScript or VBScript. Other RIA (Rich Internet Applications) client platforms such as Adobe AIR and Flash are also capable of adding HTTP headers, though both have limitations on which (if any) custom headers you can use.

Read the rest at DevCentral

Slashdot is discussing a recent rant regarding Mozilla FireFox 3's SSL policy regarding self-signed certificates. The rant claims that the policy is "bad for the web."

Nat Tuck Thu on Mozilla SSL policy bad for the Web

Mozilla Firefox 3 limits usable encrypted (SSL) web sites to those who are willing to pay money to one of their approved digital certificate vendors. This policy is bad for the web. Not only does it make users less secure overall by reducing the number of encrypted connections, it damages the basic principle of equality among web participants.

The problem is this: When a Firefox 3 user visits an encrypted web site with a self-signed certificate or a certificate signed by an unapproved (new or non-profit) provider, Firefox doesn’t show the page. Instead, it shows a scary "you are being hacked"-style warning that requires 4 clicks and an "add an exception" dialog box to bypass.

The author states that SSL is good for two things: authenticating web sites and encrypting communications. And I can't argue with that at all.  

Read the rest at DevCentral

Who is responsible for security in the cloud?

Let's say you just developed a web app through which customers can order widgets. You're pretty sure your widgets are going to be the hit of the year and you want to make sure that you don't suffer outages and performance issues like many retailers have in the past, especially around Black Friday. So you've decided to take advantage of the fact that a cloud computing provider can and will shoulder the responsibility for scaling your application even in the face of hundreds of thousands of customers knocking on your web site to order your widgets.

The question is who is responsible for worrying about compliance with regulations that may be pertinent to your application and its infrastructure? You? The provider? And if you're running in a cloud like Amazon or Joyent but using a third-party like RightScale to provide additional features, which one of them is responsible for compliance? Both? Neither? Just you?

Read the rest at DevCentral