Mono for Macs

When I heard that Novel was set to unveil version 2.0 of its Mono Tools for Visual Studio, I was looking forward to chatting about the release with the manic Miguel de Icaza, original leader of the open-source Mono project, vice of Novell's Developer Platform group and super-fun interviewee. But Miguel was welcoming his first daughter into the world (¡felicitaciones!), so Mono product manager Joseph Hill pitched in for the briefing.

Hill is a former independent .NET developer/consultant and early Mono enthusiast, so he has an in-the-trenches perspective on the value of Mono. "As a .NET guy jumping into the middle of a Linux company, I've been able to say, here's what I think a Visual Studio developers are going to need to see to get interested in this." (BTW: It's Joseph not Joe, a preference with which I, as another guy saddled with a name made famous by someone else, sympathize.)

Mono, of course, is an open source implementation of the .NET Framework based on C# and the Common Language Runtime (CLR). Mono Tools for Visual Studio is a commercial add-in for the VS integrated development environment (IDE) designed to allow developers to write .NET apps for non-Windows platforms, including Linux, BSD and Solaris.

When Novell launched version 1.0 last November, the company focused on .NET developers targeting Linux, Hill said. "We created this module that would allow .NET developers to use familiar Visual Studio environments to design, code and maintain multi-platform applications," he said. "But what we were mainly interested in with 1.0 was getting them to Linux."

The 2.0 release expands the scope of the add-in to support VS developers targeting Mac OS X. It turns out, Hill says, that the developers Novell hears from who are interested in adding one more platform want that platform to be the Mac OS.

"We got a lot of flak for not creating a version that allows .NET developers to build and deploy for the Mac," Hill said. "As a Linux company, we're not exactly driven to enrich Apple's ecosystem, but as a company that likes to please developers, we really had to respond to the demand. Mac OS X really behaves more like Linux, so there's a pretty good chance that, if you make a .NET application Mono-compatible and it works on a Mac, it's probably just going to work on Linux as well."

This version of Mono Tools for Visual Studio also supports a relatively new debugging framework for Mono called the soft debugger. Unlike Mono's hard debugger, which takes control from the outside and acts as an all-knowing and controlling program, the soft debugger works cooperatively with Mono. Where the hard debugger can debug both managed and unmanaged applications, the soft debugger can debug only pure managed apps.

"The hard debugger is very powerful," Hill explained, "but the approach we took made it very Linux specific. It's one of the reasons that 1.0 didn't have support for the Mac. In fact, porting the debugger to Mac proved to be a very difficult process. Our engineers came up with a different approach that allows us to get the debugger running easily on any platform that Mono runs on. The soft debugger isn't as powerful as the hard debugger -- it can't stop the world and allow you to inspect everything -- but it debugs more kinds of applications and is generally more reliable."

This version of Mono Tools for Visual Studio also provides additional support for Windows. "This turns out to be a pretty big deal for guys who are developing something they want to be cross platform," Hill said. "It allows them to quickly test, debug and isolate issues on Windows; you couldn't do that in 1.0."

Mono Tools for Visual Studio 2.0 is available now.

Posted by John K. Waters on August 9, 20100 comments


Testing Mainframe Code on Your Laptop

IBM grabbed headlines last week when it unveiled its new System zEnterprise 196 mainframe. Something of a hybrid, the new mainframe combines the POWER7 and System x servers into one box, and the servers share resources through a common, virtualized platform.

Cool as this new hunk of iron is (and it's way cool: 60 percent faster than the z10, which it replaces, holds 3 Terabytes of RAM, and processes at 50 BIPS), what caught my attention was the upgrade to Rational Developer for System z IDE. Better known as RDz, this multi-platform environment for building, testing, and deploying zEnterprise applications comes with a new System z Unit Test feature. Developers using RDz can run the zOS on their laptops, write code for the mainframe, and now test that code.

"For our mainframe customers whose development teams were working with 30-year-old ISPF tools that ship with the mainframe, Rational Developer for System z brought them a laptop-driven development environment that set them free," Scott Searle, IBM Rational's not-usually-so-poetic marketing program director, told me. "Instead of working late into the night when the mainframes had some downtime, they could work with code anywhere, anytime on their laptops."

This version of RDz also comes with a new set of compilers designed to help customers update applications designed to work on older systems so that they can take advantage of the zEnterprise architecture.

RDz is aimed at COBOL and PL/I programmers, and I couldn't help wondering just how many codederos out there were learning and working with those languages today. Searle informed me that the current population of COBOL developers is about two million strong, and he says IBM expects it to grow -- with a little help. Thanks to an IBM initiative, COBOL is being taught in 400 colleges and universities around the world, he said, mainly in India, China and Eastern Europe.

"The big success story is India," Searle said. "We don't know the exact numbers in India, but we feel that it's in the neighborhood of 50,000 COBOL developers, and they're young and excited to be working on the mainframe."

But Searle suggested looking at the state of COBOL development today in another way: "We have customers who have been able to build up their COBOL developer populations with the help of a modern IDE," he said. "If you were a young college kid used to a modern IDE and you had to go in and learn ISPF, with all of its memorized prompts and commands, you'd hate it; it's not just boring, it's overwhelming. But Java developers learn modern IDE interfaces, and our customers find that they can work with COBOL just as well in that kind of environment."

These IBM customers also found that it's much harder to teach masters of the venerable, 50-plus-year-old COBOL to work with Java, Searle added.

And I shall resist here the childish impulse to say anything about old dogs and new tricks.

For more on the latest release of the Rational Developer for System z IDE, check out IBM's alphaWorks Web site, the COBOL Cafe online community and The Mainframe Blog.

Posted by John K. Waters on July 27, 20109 comments


Securing Software: OWASP Releases O2 Platform Beta

Today, the Open Web Application Security Project (OWASP) announced the availability of the first major release of its new O2 Platform.

The O2 Platform is, as the project's Web site describes it, "a collection of open source modules that help Web application security professionals maximize their efforts and quickly obtain high visibility into an application's security profile." The OWASP is a not-for-profit organization focused on finding and fighting the causes of insecure software.

The idea is to provide a high level of visibility into an application's security profile by automating "application security knowledge and workflows." An overview of the available modules is available via PDF download.

The guy leading the O2 Platform project is Dinis Cruz, whom I last interviewed about two years ago.The then-pony-tailed (haven't seen his hair lately) security consultant with the Portuguese accent and the London address was known for his fondness for showing conference attendees just how easy it is to bypass the built-in security mechanisms of the .NET and Java runtimes.

Cruz is all over the OWASP. He's the chair of the OWASP Connection Committee, a member of the OWASP Board, and a participant in the OWSAP Global Projects Committee. And he really wants you to try out the new O2 Platform. On his blog, he writes, in bold text, "This is the moment when I'm asking you to PLEASE TRY IT."

He needs feedback, he says, and input on "what you like, what works, what doesn't work, what could be improved." He adds: "There is enough functionality + capabilities + power in this version of O2, that I finally have the confidence to make this direct request for you, knowing that no matter what area of Web Application Security you are involved in, there will be an O2 Script/Module/Tool that will make you more productive."

I couldn't track him down for today's blog, so I thought I'd recall a conversation I had with Cruz in 2007, during which we discussed the security of the Web and the overall responsibly of the developer to create secure software.

"We're now in the process of building a world in which all the code we run on our Web sites has the power to access all of our assets from our desktops and servers," he said. "From a security point of view, this is a very bad development. But we shouldn't use the developers as the scapegoats. They often simply don't have enough visibility into what they are creating to evaluate the security of an application…. It's very hard for the developers to understand all the inputs and everything they need to run their applications. So we need to change the paradigms so that the developers can see what the hell's going on under the hood."

Cruz is a knowledgeable and, though he maybe doesn't always mean to be, funny guy. Don't miss his blog entry "I'm looking for work (O2 related work:) ) and O2's Commercial Ecosystem," in which he declares "I'm probably the only guy in the world that today really knows how to get the most power out of O2," but adds that, of course, he doesn't scale.

You can find out lots more about the OWASP in general here.

Posted by John K. Waters on July 12, 20100 comments


Eclipse Modeling Maven Merks on EMF

So, I'm talking recently with Mike Milinkovich, exec director of the Eclipse Foundation, about this year's ginormous Eclipse Release Train -- 39 projects, 33 million lines of code -- when he mentions that, of the 490 committers, 108 were individuals. That seemed like a lot of unaffiliated code contributors to me, but he said that this was a growing trend.

"The bulk of these individuals are focused on a couple of areas in Eclipse, particularly modeling," he told me. "Lots of individuals are contributing to the Eclipse modeling project, I think in part because they can make a bit of a reputation for themselves within the Eclipse modeling community and make a living through consulting by leveraging what they've built at Eclipse. That sort of small-scale individual ecosystem is starting to become very prevalent in parts of the broader Eclipse community."

He then pointed me to Dr. Ed Merks, who has been the technical lead of the Eclipse Modeling Framework (EMF) project from its inception. EMF is a subproject of the top-level Eclipse Modeling project, which Merks also leads.

Merks worked for IBM about 18 years, and he was there when Big Blue bought Object Technology International (OTI) and began developing Eclipse. At the time, he was working on some modeling-related technology that would eventually become the EMF.

Two years ago, Merks left IBM, moved back to his hometown of Vancouver, and struck out on his own with a one-man firm called Macro Modeling. He now helps clients to "exploit the power of the open source software available at Eclipse in general and the best-of-breed technology of the Eclipse Modeling Project in particular.

He says he's making a good living as an EMF consultant -- better than he thought he would. He's got some good clients. He's the modeling project lead for Itemis, a German company focused on IT-industrialization and model-driven software development. And he's also working with CloudSmith porting the EMF runtime to the Google Widget Toolkit.

Merk agrees with Milinkovich about the rise in individual contributors to the EMF project. "I think there's room for exponential growth," he says. "I'm seeing the big players like IBM and Borland have stepped aside, and the smaller players and individuals have a lot of room to push this stuff forward. There really is no good open alternative to the EMF."

But he adds that European companies are currently much more interested in modeling than U.S. companies. "Modeling generally has a bad reputation in North America, because it's associated with the OMG and UML, and it's seen as this heavyweight, model-driven architecture," he says. "People are highly resistant to it -- which I understand. When I started, I didn't like the stuff, either. But the thinking has evolved, and there a lot of misconceptions about it that I spend a lot of time correcting."

And yet interest in EMF is growing among U.S. defense contractors and NASA, Merks says. He also points out that EMF is used by a large and growing number of Eclipse projects, including XML Schema Definition (XSD), Unified Modeling Language (UML), and Web Tools project (WTP). And related projects, including the Graphical Modeling Framework project (GMF) and the Generative Modeling Tools project (GMT), are adding to the Eclipse Modeling project. "It's like an onion now, with many layers and EMF at its core."

Book plug: Merks is also co-author of "EMF: Eclipse Modeling Framework (2nd Edition)," which he wrote with Dave Steinberg, Frank Budinsky and Marcelo Paternostro.

Posted by John K. Waters on June 30, 20100 comments


Simon Phipps: An Open Source Evangelist Forges On

Simon Phipps is a man with a mission… Well, a new mission. The former open source evangelist for Sun Microsystems has always been kind of missiony. His new cause: proving that "open source continuity" is a reality. His vehicle for that mission: ForgeRock, a company formed by erstwhile Sun execs to provide "reliable stewardship" for OpenSSO, an open-source access management and federation server platform.

OpenSSO was a Sun-sponsored open-source project, the stewardship of which went to Oracle when it was acquired. But Big O has shown little interest in the technology. Earlier this year, the company declared that OpenSSO was "not strategic," and later removed OpenSSO Express as a download.

Enter ForgeRock, which was founded in February by Lasse Andresen, former CTO of Sun's Europe, Middle East and Africa (EMEA) region, Herman Svoren, former Sun Sales exec (EMEA). Phipps joined the company in May.

The goal of the company, which is headquartered in the U.K. and Norway, with subsidiaries in the U.S., is to be what Phipps calls "a pure-play, open-source ISV."

"It's not our goal to aggregate copyright, or to sell some sort of open-core product with some secret sauce that the customer has to buy," he says. "We bug-fix, sustain, and innovate on the code bases we're looking after. And we've committed to continuing the same roadmaps that the community was expecting."

Phipps's personal goal is to prove that open source projects can survive the neglect of a sponsoring company.

"People talk about open source continuity and say theoretically that the community lives on even if their sponsor goes away," he says. "I believe that we are the first major attempt to prove that open source continuity is a reality."

In May, the company unveiled its I3 ("eye-cubed") Open Platform, an identify management suite built from OpenAM (which is based on OpenSSO), OpenESB, OpenIdM and OpenPortal (which is based on LifeRay).

Since its launch, the company has snagged some noteworthy customers, including Betfair, the world's largest online gambling service provider; NBS AS, Norwegian state railway company; and SwissSign, the identity solutions subsidiary of Swiss Post.

Open source is Phipps raison d'être. He's a director of the Open Source Initiative (OSI) and board advisor of Open Source for America. And he blogs like a madman on the topic on his Wild Webmink Web site.

"The thing about a real open source project, as opposed to a canned project that is being micromanaged by a company that wants to wrap itself in the open-source flag, is that anybody can access the source code and do anything they wish with it, as long as they obey the license terms," Phipps says.

They can even partner with other communities. In June, ForgeRock announced that it would be working with Japan's Open Source Solution Technology (OSSTech) on joint development of the OpenAM ID management software.

No reaction yet from Oracle on ForgeRock's activities. I'll let you know what they say when they call me back.

Posted by John K. Waters on June 30, 20100 comments


The WatersWorks Blog Returns to ADTmag.com

Please join us in welcoming back the WatersWorks blog -- a return of an old favorite here on ADTmag.com. In this blog John K. Waters will regularly cover a variety of topics of interest to application developers working with a variety of languages, IDEs and frameworks. Check out the first few posts (above).

If there's a topic you'd like to see John cover, be sure to let him know by posting in the comments or drop him an e-mail at john(at)watersworks.com.

-- ADTmag.com's Editors

Posted on June 29, 20100 comments