IBM grabbed headlines last week when it unveiled its new System zEnterprise 196 mainframe. Something of a hybrid, the new mainframe combines the POWER7 and System x servers into one box, and the servers share resources through a common, virtualized platform.
Cool as this new hunk of iron is (and it's way cool: 60 percent faster than the z10, which it replaces, holds 3 Terabytes of RAM, and processes at 50 BIPS), what caught my attention was the upgrade to Rational Developer for System z IDE. Better known as RDz, this multi-platform environment for building, testing, and deploying zEnterprise applications comes with a new System z Unit Test feature. Developers using RDz can run the zOS on their laptops, write code for the mainframe, and now test that code.
"For our mainframe customers whose development teams were working with 30-year-old ISPF tools that ship with the mainframe, Rational Developer for System z brought them a laptop-driven development environment that set them free," Scott Searle, IBM Rational's not-usually-so-poetic marketing program director, told me. "Instead of working late into the night when the mainframes had some downtime, they could work with code anywhere, anytime on their laptops."
This version of RDz also comes with a new set of compilers designed to help customers update applications designed to work on older systems so that they can take advantage of the zEnterprise architecture.
RDz is aimed at COBOL and PL/I programmers, and I couldn't help wondering just how many codederos out there were learning and working with those languages today. Searle informed me that the current population of COBOL developers is about two million strong, and he says IBM expects it to grow -- with a little help. Thanks to an IBM initiative, COBOL is being taught in 400 colleges and universities around the world, he said, mainly in India, China and Eastern Europe.
"The big success story is India," Searle said. "We don't know the exact numbers in India, but we feel that it's in the neighborhood of 50,000 COBOL developers, and they're young and excited to be working on the mainframe."
But Searle suggested looking at the state of COBOL development today in another way: "We have customers who have been able to build up their COBOL developer populations with the help of a modern IDE," he said. "If you were a young college kid used to a modern IDE and you had to go in and learn ISPF, with all of its memorized prompts and commands, you'd hate it; it's not just boring, it's overwhelming. But Java developers learn modern IDE interfaces, and our customers find that they can work with COBOL just as well in that kind of environment."
These IBM customers also found that it's much harder to teach masters of the venerable, 50-plus-year-old COBOL to work with Java, Searle added.
And I shall resist here the childish impulse to say anything about old dogs and new tricks.
For more on the latest release of the Rational Developer for System z IDE, check out IBM's alphaWorks Web site, the COBOL Cafe online community and The Mainframe Blog.
Posted by John K. Waters on July 27, 20109 comments
Today, the Open Web Application Security Project (OWASP) announced the availability of the first major release of its new O2 Platform.
The O2 Platform is, as the project's Web site describes it, "a collection of open source modules that help Web application security professionals maximize their efforts and quickly obtain high visibility into an application's security profile." The OWASP is a not-for-profit organization focused on finding and fighting the causes of insecure software.
The idea is to provide a high level of visibility into an application's security profile by automating "application security knowledge and workflows." An overview of the available modules is available via PDF download.
The guy leading the O2 Platform project is Dinis Cruz, whom I last interviewed about two years ago.The then-pony-tailed (haven't seen his hair lately) security consultant with the Portuguese accent and the London address was known for his fondness for showing conference attendees just how easy it is to bypass the built-in security mechanisms of the .NET and Java runtimes.
Cruz is all over the OWASP. He's the chair of the OWASP Connection Committee, a member of the OWASP Board, and a participant in the OWSAP Global Projects Committee. And he really wants you to try out the new O2 Platform. On his blog, he writes, in bold text, "This is the moment when I'm asking you to PLEASE TRY IT."
He needs feedback, he says, and input on "what you like, what works, what doesn't work, what could be improved." He adds: "There is enough functionality + capabilities + power in this version of O2, that I finally have the confidence to make this direct request for you, knowing that no matter what area of Web Application Security you are involved in, there will be an O2 Script/Module/Tool that will make you more productive."
I couldn't track him down for today's blog, so I thought I'd recall a conversation I had with Cruz in 2007, during which we discussed the security of the Web and the overall responsibly of the developer to create secure software.
"We're now in the process of building a world in which all the code we run on our Web sites has the power to access all of our assets from our desktops and servers," he said. "From a security point of view, this is a very bad development. But we shouldn't use the developers as the scapegoats. They often simply don't have enough visibility into what they are creating to evaluate the security of an application…. It's very hard for the developers to understand all the inputs and everything they need to run their applications. So we need to change the paradigms so that the developers can see what the hell's going on under the hood."
Cruz is a knowledgeable and, though he maybe doesn't always mean to be, funny guy. Don't miss his blog entry "I'm looking for work (O2 related work:) ) and O2's Commercial Ecosystem," in which he declares "I'm probably the only guy in the world that today really knows how to get the most power out of O2," but adds that, of course, he doesn't scale.
You can find out lots more about the OWASP in general here.
Posted by John K. Waters on July 12, 20100 comments
So, I'm talking recently with Mike Milinkovich, exec director of the Eclipse Foundation, about this year's ginormous Eclipse Release Train -- 39 projects, 33 million lines of code -- when he mentions that, of the 490 committers, 108 were individuals. That seemed like a lot of unaffiliated code contributors to me, but he said that this was a growing trend.
"The bulk of these individuals are focused on a couple of areas in Eclipse, particularly modeling," he told me. "Lots of individuals are contributing to the Eclipse modeling project, I think in part because they can make a bit of a reputation for themselves within the Eclipse modeling community and make a living through consulting by leveraging what they've built at Eclipse. That sort of small-scale individual ecosystem is starting to become very prevalent in parts of the broader Eclipse community."
He then pointed me to Dr. Ed Merks, who has been the technical lead of the Eclipse Modeling Framework (EMF) project from its inception. EMF is a subproject of the top-level Eclipse Modeling project, which Merks also leads.
Merks worked for IBM about 18 years, and he was there when Big Blue bought Object Technology International (OTI) and began developing Eclipse. At the time, he was working on some modeling-related technology that would eventually become the EMF.
Two years ago, Merks left IBM, moved back to his hometown of Vancouver, and struck out on his own with a one-man firm called Macro Modeling. He now helps clients to "exploit the power of the open source software available at Eclipse in general and the best-of-breed technology of the Eclipse Modeling Project in particular.
He says he's making a good living as an EMF consultant -- better than he thought he would. He's got some good clients. He's the modeling project lead for Itemis, a German company focused on IT-industrialization and model-driven software development. And he's also working with CloudSmith porting the EMF runtime to the Google Widget Toolkit.
Merk agrees with Milinkovich about the rise in individual contributors to the EMF project. "I think there's room for exponential growth," he says. "I'm seeing the big players like IBM and Borland have stepped aside, and the smaller players and individuals have a lot of room to push this stuff forward. There really is no good open alternative to the EMF."
But he adds that European companies are currently much more interested in modeling than U.S. companies. "Modeling generally has a bad reputation in North America, because it's associated with the OMG and UML, and it's seen as this heavyweight, model-driven architecture," he says. "People are highly resistant to it -- which I understand. When I started, I didn't like the stuff, either. But the thinking has evolved, and there a lot of misconceptions about it that I spend a lot of time correcting."
And yet interest in EMF is growing among U.S. defense contractors and NASA, Merks says. He also points out that EMF is used by a large and growing number of Eclipse projects, including XML Schema Definition (XSD), Unified Modeling Language (UML), and Web Tools project (WTP). And related projects, including the Graphical Modeling Framework project (GMF) and the Generative Modeling Tools project (GMT), are adding to the Eclipse Modeling project. "It's like an onion now, with many layers and EMF at its core."
Book plug: Merks is also co-author of "EMF: Eclipse Modeling Framework (2nd Edition)," which he wrote with Dave Steinberg, Frank Budinsky and Marcelo Paternostro.
Posted by John K. Waters on June 30, 20100 comments
Simon Phipps is a man with a mission… Well, a new mission. The former open source evangelist for Sun Microsystems has always been kind of missiony. His new cause: proving that "open source continuity" is a reality. His vehicle for that mission: ForgeRock, a company formed by erstwhile Sun execs to provide "reliable stewardship" for OpenSSO, an open-source access management and federation server platform.
OpenSSO was a Sun-sponsored open-source project, the stewardship of which went to Oracle when it was acquired. But Big O has shown little interest in the technology. Earlier this year, the company declared that OpenSSO was "not strategic," and later removed OpenSSO Express as a download.
Enter ForgeRock, which was founded in February by Lasse Andresen, former CTO of Sun's Europe, Middle East and Africa (EMEA) region, Herman Svoren, former Sun Sales exec (EMEA). Phipps joined the company in May.
The goal of the company, which is headquartered in the U.K. and Norway, with subsidiaries in the U.S., is to be what Phipps calls "a pure-play, open-source ISV."
"It's not our goal to aggregate copyright, or to sell some sort of open-core product with some secret sauce that the customer has to buy," he says. "We bug-fix, sustain, and innovate on the code bases we're looking after. And we've committed to continuing the same roadmaps that the community was expecting."
Phipps's personal goal is to prove that open source projects can survive the neglect of a sponsoring company.
"People talk about open source continuity and say theoretically that the community lives on even if their sponsor goes away," he says. "I believe that we are the first major attempt to prove that open source continuity is a reality."
In May, the company unveiled its I3 ("eye-cubed") Open Platform, an identify management suite built from OpenAM (which is based on OpenSSO), OpenESB, OpenIdM and OpenPortal (which is based on LifeRay).
Since its launch, the company has snagged some noteworthy customers, including Betfair, the world's largest online gambling service provider; NBS AS, Norwegian state railway company; and SwissSign, the identity solutions subsidiary of Swiss Post.
Open source is Phipps raison d'être. He's a director of the Open Source Initiative (OSI) and board advisor of Open Source for America. And he blogs like a madman on the topic on his Wild Webmink Web site.
"The thing about a real open source project, as opposed to a canned project that is being micromanaged by a company that wants to wrap itself in the open-source flag, is that anybody can access the source code and do anything they wish with it, as long as they obey the license terms," Phipps says.
They can even partner with other communities. In June, ForgeRock announced that it would be working with Japan's Open Source Solution Technology (OSSTech) on joint development of the OpenAM ID management software.
No reaction yet from Oracle on ForgeRock's activities. I'll let you know what they say when they call me back.
Posted by John K. Waters on June 30, 20100 comments
Please join us in welcoming back the WatersWorks blog -- a return of an old favorite here on ADTmag.com. In this blog John K. Waters will regularly cover a variety of topics of interest to application developers working with a variety of languages, IDEs and frameworks. Check out the first few posts (above).
If there's a topic you'd like to see John cover, be sure to let him know by posting in the comments or drop him an e-mail at john(at)watersworks.com.
-- ADTmag.com's Editors
Posted on June 29, 20100 comments