StratVantage Consulting, LLC — Mike’s Take on the News 09/18/01
Clipped from: http://www.stratvantage.com/news/101601.htm
The News – 10/16/01
In this Issue:
Web Services On the Radar Screen
According to a July InfoWorld survey of 500 readers involved with technology strategy and technology buying, although only 6.4 percent are extremely familiar with Web services, 75 percent of them rank Web services as a moderate-to-critical IT priority for the next two years, and 66 percent will develop a Web services strategy within a year. These findings seem to indicate that Web services are more buzz than substance: Few of those surveyed really knew what they were talking about, but most were ready to make plans.
The Web services concept is still ill defined, but in general it refers to the ability to assemble applications from component services that are available over the Web. Web services are the glue that can integrate a legacy system, for example, with new capabilities. Suppose you want to set up an intranet service to let employees find out how much vacation time they’ve accrued. If the information is on a mainframe, you can employ a Web service to interact with the mainframe database, and another to format the data as a Web page. If later you want to add an application to calculate sick days, you can reuse one or both components. And if you decide to jazz up the service by adding a stock ticker, you just plug in the appropriate Web service. Sounds great, but there’s much to be done before application development is that easy.
The biggest problem with Web services involves a lack of standards and a generally fuzziness of the concept. For example, 30 percent of the respondents in InfoWorld’s survey claim to have already reaped the benefits of Web services. This is odd, because only 6.4 percent are extremely familiar with them. The various competing standards form a confusing alphabet soup: XML (eXtensible Markup Language), DCOM (Distributed Component Object Model), RMI (Remote Method Invocation), SOAP (Simple Object Access Protocol), WSFL (Web Services Flow Language), ONE (Open Net Environment), UDDI (Universal Description, Discovery, and Integration – see the TrendSpot for more info), WSDL (Web Services Description Language), and CORBA (Common Object Request Broker Architecture). There are other problems as well, most notably the question of security and enforcement of business rules.
Perhaps the biggest problem with Web services is the hype. The concept is being sold as a new way to create applications rather than an easy way to integrate some valuable services into an application. So far with Web services, there’s really no groundbreaking going on in the way an application is built. Currently, Web services are unlikely to be interchangeable Legos you can use to snap together an application. You still need to do hard stuff like understand what the problem is, what the users want, and how your system will flow and hang together.
The list of existing Web services at XMethods.com serves to prove this point. You might be underwhelmed by the array of services offered. Among the stupidest services are those that translate inches to millimeters or Fahrenheit to Celsius. If you’re a programmer, and you’re too lazy to look up the formulas for such simple transformations, I guess you’d be stupid enough to solve the problem by making an inefficient Web request to get the answer. Other Web services simply automate the retrieval of readily available information, like stock quotes, newsgroup postings, or zip codes. Still others seem to offer a little value, like a nucleotide sequence lookup or a credit card validator. But there aren’t services that really provide snappable application parts, like: Accept user’s login and password; Validate against corporate LDAP database; Establish Virtual Private Network and session credentials; and open a session log. That Web service might be useful, at least more useful than one that “Provides Internet Time (ITime ), as defined by Swatch.” (Oh, don’t ask. If you don’t already know what ITime is, you really won’t care to know.)
So, while Web services are getting a lot of ink, it’ll probably be a while before the reality lives up to the hype. Businesses should be wary of anyone selling this snake oil as a panacea. Developing applications remains hard work, best left to professionals. Web services can be a part of an application development effort, and may even bring real value, but we’ve been around this block before with other reusable code schemes. It remains to be seen if Web services can truly accelerate the development process.
- Shameless Self-Promotion Dept.: I’ve added a security news ticker to the StratVantage Security Web page. It scrolls up to date information about viruses, worms, hoaxes and other items of interest regarding computer security. Check it out.
StratVantage Security Resources
- Manufacturers Move to Protect Critical Infrastructures: The National Center for Manufacturing Sciences (NCMS) and the National Infrastructure Protection Center InfraGard Program have established the first InfraGard Industry Association. I wrote about InfraGard in the last SNS. The new association, called the InfraGard Manufacturing Industry Association (IMIA), aims to provide manufacturers and their supply chain partners with communications, education, and collaborative project services to help assure the security of critical business information and manufacturing infrastructures.
- Microsoft Finally Serious About Security? I’ve got to give our buddies in Redmond credit. After thousands of bugs and hundreds of virus attacks, they finally appear to understand that security is important. However, their marketing spin makes it seem like they’ve recently uncovered serious security threats: “Internet security and the increased threat from computer viruses are serious and growing issues that impact businesses around the globe, regardless of platform.” Very true, and in the spirit of helping address these threats and to benefit humanity, Microsoft announced the Strategic Technology Protection Program, “to help customers get secure and stay secure.” “Part of the company’s ongoing security commitment, this program marks an unprecedented mobilization of Microsoft’s people and resources to proactively assist customers of any size to secure their computing environments.” No, no, silly person, they’re not paying to convert people to Linux! They’re going to help people get current and stay current with the bewildering array of security bug fixes they issue each month. Hey, it’s a start!
- Spears Hoax: Pranksters are getting cleverer and cleverer. Tim Fries, a Saginaw, Mich.-based online comic strip artist used a trick to make it look like CNN.com had a scoop: Singer Britney Spears Killed in Car Accident. Fries claimed he was conducting research as to how far and fast misleading information travels on the Web. “With the recent terrorist attacks and such an increasing reliance on the Internet as a trusted news source, misinformation could prove to be a powerful weapon,” said Fries. The cartoonist used a quirk in the way Web browsers handle URLs to direct users to mock-up of a CNN.com Web page at an external site. Incredibly, the distribution of the special URL to just three users of AOL’s Instant Messenger chat software resulted in more than 150,000 hits to the fake site. The URL began with the characters http://www.cnn.com, followed by "@" and the IP address of the fake site Web site. Since browsers ignore anything to the left of an "@" in a Web address, users were taken to the phony article but assumed they were going to CNN.com. In this time of ever more outrageous sounding real news, the ability of just one joker to spread disinformation could move from merely annoying to incitement to riot.
Please, before forwarding any incredible news, check the source, and check the Urban Legends Reference pages at www.snopes.com . And no, blue envelopes are not contaminated, and no mysterious Arab ex-boyfriend forecast September 11 and a mall attack on Halloween. Let’s keep it together, people.
Security News Portal
- Gartner Says Ditch IIS or Face Risk: GartnerGroup has taken a very strong position against using Microsoft’s Web server, Internet Information Server (IIS), either on the Internet or even inside the enterprise. The analyst firm has faced the fact that using the buggy, security hole-riddled IIS instead of readily available and free alternatives increases the cost of ownership.
Code Red also showed how easy it is to attack IIS Web servers. Thus, using Internet-exposed IIS Web servers securely has a high cost of ownership. Enterprises using Microsoft’s IIS Web server software have to update every IIS server with every Microsoft security patch that comes out—almost weekly. However, Nimda (and to a lesser degree, Code Blue) has again shown the high risk of using IIS and the effort involved in keeping up with Microsoft’s frequent security patches. Gartner recommends that enterprises hit by both Code Red and Nimda immediately investigate alternatives to IIS, including moving Web applications from other vendors to Web server software, such as iPlanet and Apache. Although these Web servers have required some security patches, they have much better security records than IIS and are not under active attack by the vast number of virus and worm writers.
Sun has taken advantage of these recommendations to announce a “trade up” program to help businesses transition off IIS and onto its iPlanet Web server. It even offers free software that allows programs written to IIS’ Active Server Pages (ASP) API to run on Sun equipment. Sun has knocked $500 off its normal iPlanet pricing as an incentive. As reported in a previous SNS, even the insurance industry has taken notice of the problems with IIS, with one insurer charging higher premiums for disaster insurance to businesses using IIS.
- Making Copies to Ensure Availability: Sun Microsystems and Stanford University said recently that the LOCKSS (Lots of Copies Keep Stuff Safe) program – designed to protect the integrity of valuable electronic content – is performing well in large-scale tests at 47 global locations. The LOCKSS system is an open-source, Java-based, distributed content mirroring system, designed to run on low-cost computers without central administration. Computers continually monitor files on their hard disks at random intervals. If files have been corrupted or altered, an automatic caching system replaces them with intact copies derived from redundant copies on other machines. This enables content providers to maintain access to critical information.
- Too Much Sun? At the risk of overloading you on news from our buddies at Sun Microsystems, I have to let you know about their collaborative effort with Lucent to deliver unified communications via a mobile portal. Unified communications has been the next big thing for a couple of years now. It promises to allow you to access all your communications in whatever form you want. For example, you can get your email, voicemail, and faxes all via the telephone. The new service will allow users to browse the Web, check and send voice and e-mail messages, initiate calls from their address book via voice command, hear faxes, and attach e-mail to voicemail messages (and vice versa) all via their cell phones. Messages can also be bookmarked by voice command so users can easily jump back to them later. Sounds pretty cool. Let’s see if it can fly in real life. (Disclaimer: I do indeed own stock in Sun and would love to see it come up from under water.)
I Want This Phone: Nokia has come out with another cool phone. The Nokia 5510 is a music player, FM radio, messaging machine, games platform and phone. It includes (of course) an Internet browser as well as 64 MB memory to store up to 2 hours of music, the ability to answer and end phone calls with the stereo headset while listening to music, voice dial for 8 names, and 5 built-in games. The game controller-like form factor will certainly attract the kids, while business people will like the full keyboard (for two-fisted typing) and the ability to send longer messages. Unfortunately, the phone won’t be available in the US. Drat. (Pet Peeve, part XXIII: I’ve complained before about Nokia’s Web site. Now wouldn’t you think when they announce a new phone you could use their search capability, type in the model number, and find the appropriate page? Nope.)
- Stupid Quote Alert: I get eMazing’s Stupid Quote of the Day email service, and most of the quotes aren’t real winners. But last Wednesday’s brought a smile to my face:
"The department takes very seriously its responsibility to protect the privacy interests of Americans who have been the subject of investigative scrutiny."
– Justice Dept spokeswoman Susan Dryden, explaining that the Justice Department invading your privacy and other people invading your privacy are two completely different things.
Return to Mike’s Take