Here's a provocative statistic: Within a group of leading companies that includes Microsoft, PayPal, Salesforce, Nokia, Sony Mobile, and Visa, the average ratio of full-time software security specialists to developers is 1.4/100. That's one of the findings in the recently published fifth edition of the software-security "measuring stick" known as the BSIMM (Building Security In Maturity Model).
A "maturity model" describes the capability of an organization's processes in a range of areas, from software engineering to personnel management. The Capability Maturity Model (CMM) is a well-known example from software engineering. The BSIMM (pronounced "bee-simm") is the first maturity model for security initiatives created entirely from real-world data.
The BSIMM was developed as a tool to help organizations evaluate their software security programs by comparing them to the programs of other companies. It's based on data collected by its authors through interviews and direct observations of the most successful large-scale software security programs. Although those programs use different methodologies and terminologies, they're described in a uniform way in the BSIMM via a framework, called the Software Security Framework, which provides a common vocabulary and allows for apples-to-apples comparisons.
So, is that ratio of software security pros to developers the right one? That's not a question the BSIMM was designed to answer, says one of its authors.
"The BSIMM is based on the study of real practices as they exist," explained Gary McGraw, CTO of security consulting firm Cigital and author of eight books on software security. "It describes those practices; it's not a prescriptive model. But it's real data, not hunches and guesses, so I can go to the board and say, here's you, and here are the other 26 firms that look like you that we've measured before. And I can say, it looks like you're the slowest zebra. And then we have a conversation about that."
BSIMM-V includes data from 67 participating companies, up from the 51 included in the fourth edition. The number of companies has grown every year since the first edition was published in 2008; that one was based on studies of nine software security initiatives. BSIMM-V describes the work of about 3,000 people, collectively, McGraw said.
As a measuring stick, the BSIMM allows an organization to compare and contrast its own software security efforts with those of its peers. As the report puts it, "You can then identify goals and objectives of your own and look to the BSIMM to determine which additional activities make sense for you."
BSIMM's authors argue that highly mature initiatives are well rounded, carrying out all of the 12 core practices described by the model, including: strategy and metrics, compliance and policy, architecture analysis, code review, security testing, penetration testing, and configuration management. The model also describes how mature software security initiatives evolve, change, and improve over time.
During the course of their investigation, the researchers have observed a total of 112 activities related to software security. These are actions carried out or facilitated by the software security group within an organization as part of a practice, and each activity is directly associated with an objective. The researchers added two new activities in the last edition of the BSIMM based on their observations in the field: simulate software crisis and automate malicious code detection. BSIMM-V adds another new activity: operate a bug bounty program.
Keep in mind that what the BSIMM is describing is security activities around software development, specifically. The computer security industry as a whole is growing fast, McGraw noted, at a rate of about 8.9% per year, generating between $20 and $40 billion in revenue annually. And while software security accounts for only 10% of that growth, he said, that segment is growing more than twice as fast: 20% per year, by some estimates. "I like to think of us finally as the pinky fingers on the two hands of computer security," McGraw said.
The BSIMM was originally developed by Cigital and Fortify Software (since acquired by HP). The two most recent editions of the study were authored by McGraw; Sammy Migues, Director of Knowledge Management and Training at Cigital, and Jacob West, CTO of Fortify Products in HP's Enterprise Security group. The first three BSIMMs were authored by McGraw, Migues, and Brian Chess, distinguished technologist at HP (and co-founder and former chief scientist at Fortify).
BSIMM-V is available for download. It is distributed free under the Creative Commons license.
Posted on 12/12/2013 at 10:54 AM0 comments
Enterprise interest in Big Data and associated analytics software has sparked intense interest in Apache Hadoop, the open source framework for running applications on large data clusters built on commodity hardware, and something of a flood of tools for developers working with it. But as an applications market emerges in this space, the next Big Thing for Big Data is likely to be app-oriented middleware.
That's an insight Tony Baer, principal analyst at Ovum, shared with me when I talked with him recently about Continuuity's recent Reactor 2.0 release, which the Java toolmaker billed as the first scale-out application server for Apache Hadoop.
"It is inevitable that applications will be developed that run against Big Data," Baer said, "and as that occurs, it will be necessary to have an application layer that allows developers with Java and other languages to develop apps that run against it."
Baer's prediction makes perfect sense, and it's one reason Java jocks might want to keep an eye on Concurrent, the company behind the open source Cascading project. Cascading is a Java application development framework for rich data analytics and data management apps running across "a variety of computing environments," with an emphasis on Hadoop and API compatible distributions.
"Big Data is moving to the next phase of maturity and it's all about the applications," the company says on its Web site. "The applications process the data and extract the value at scale and we believe that there must be a simple, reliable and consistent way to build, deploy, run and manage these data driven applications."
Concurrent characterizes Cascading as "a rich Java API for defining complex data flows and creating sophisticated data oriented frameworks," and it claims more than 110,000 user downloads a month. Its published user list includes Twitter, eBay, Square and Etsy, among others.
The San Francisco-based company recently announced Cascading 2.5 with new support for Hadoop 2 and YARN, the next-gen Hadoop data processing framework (sometimes called MapReduce 2.0).
Chris Wensel, Concurrent's founder and CTO, has argued that developing and building applications on Hadoop has proven to be difficult, despite the framework's rapid enterprise adoption. "With Hadoop 2, the community has addressed many concerns, paving a clearer path for enterprise users," he said in a statement. "At Concurrent, we're dedicated to forging a simpler path to mass Hadoop adoption by delivering a framework for building powerful and reliable data-oriented applications supporting data driven business models -- quickly and easily. Our support for Hadoop 2 was an easy decision, as we continue to be an integral part of the Hadoop and Big Data ecosystem, providing solutions that simplify application development and management for the enterprise."
As a Java-based framework, Cascading fits naturally into JVM-based languages, including Scala, Clojure, JRuby, Jython and Groovy. And the Cascading community has created scripting and query languages for many of these languages. The company's extensions page offers a growing list of user contributed code.
Cascading 2.5 is publicly available and freely licensable under the Apache 2.0 License Agreement.
Posted by John K. Waters on 12/04/2013 at 2:45 PM0 comments
The annual Dreamforce conference finally reached street-blocking proportions this year, with a reported 120,000 attendees registering for Salesforce.com's biggest event, winding down this week at San Francisco's Moscone Center. (I remember when it barely took up an auditorium and a hotel hallway.) Attendance-wise, the 2013 edition of the event crushed this year's Oracle OpenWorld, which drew an estimated 60,000 to the same venue in September -- if those numbers are accurate. City officials are dubious, because the conference center can only hold about 60K. And yet, the Salesforce event sprawled beyond Moscone into nearby hotels, including the Palace on Market Street and the Intercontinental at Fifth and Howard. And a bunch of people attended online.
But who's counting?
The event's turnout probably says more about the rise of cloud computing than Salesforce itself. Although, to be fair, the San Francisco-based hosted CRM giant has been a significant driver of that rise. More important than attendee numbers. The company now claims nearly a million-and-a-half developers, which is double the number from a year ago. That's something everyone should be counting.
The company hopes to crank that number even higher with its newly announced Salesforce1 development platform. Launched at the Dreamforce show, Salesforce1 isn't just a massive rebranding of the company's Force.com dev platform, says IDC analyst Al Hilwa, but the launch of a major mobile effort into enterprise mobility.
"Salesforce has been working on this for some time and is now putting together a set of APIs to expose many aspects of the platform to developers," Hilwa told ADTmag. "The company is preparing for the big dive into the Internet of Things (IoT) the industry is expected to make. The mobile stack which connects to Salesforce has been completely updated to allow integration with the backend Salesforce platform.
Salesforce is billing the latest incarnation of its development platform as "the first CRM platform for developers, ISVs, end users, admins, and customers moving to the new social, mobile, and connected cloud." The platform was built "API-first," the company said, and comes with ten times more APIs and services. The company promised to make such ISVs as Dropbox, Evernote, Kenandy, and LinkedIn available on the platform.
The update of Force.com includes an update of its Visualforce component-based user interface framework to Visualforce1. As the company put it in a press release, "With Salesforce1, the more than 10 million Visualforce pages and custom actions are mobile-enabled."
"Enterprise mobility is happening today as companies are investing most of their new application development efforts on mobile related projects," Hilwa added. "IoT, however is still nascent and will be embraced first in the consumer space over the next two years."
Another notable piece of Dreamforce news was the announcement of a teamup between Salesforce and HP to create the "Salesforce Superpod," which is a dedicated instance of the Salesforce multi-tenant cloud running on HP's "converged infrastructure" technology, which manages equipment across an entire data center.
"This deal is noteworthy because of what it says about Salesforce and its strategy to reach higher up into the enterprise," Hilwa said. "Salesforce has determined that it is already extremely successful in the small to medium sector, but that there is still a lot of opportunity in the Global 1000 set. Large companies prefer to run dedicated computing environments, or even private clouds. The HP Salesforce deal brings this type of solution inside the Salesforce cloud. We are at the point now where Salesforce is letting go of multi-tenancy as the only defining criteria of its as-a-Service offerings."
BTW: Salesforce commissioned what has been reported to be the largest inflatable structure ever erected in North America to cloak Howard Street between the north and south wings of the Moscone Center. It was very cool.
Posted by John K. Waters on 11/21/2013 at 3:02 PM0 comments
Oracle wants to make it easier for Java developers to leverage the combined power of CPUs, graphics processing units (GPUs), field programmable gate arrays (FPGAs) and digital signal processors (DSPs) -- so-called heterogeneous computing -- and the database giant has thrown in with other organizations in an industry consortium to do it.
Oracle was among several industry leaders to announce plans to join the Heterogeneous System Architecture Foundation (HSAF) at this year's 2013 AMD Developer Summit. The not-for-profit consortium of system-on-a-chip vendors, OEMs, academics, ISVs and others is developing royalty-free specifications for system architectures that combine different kinds of processors. The foundation's goal is to make it easier to write code for these multi-breed systems, and to grow a heterogeneous compute ecosystem based on an industry standard.
Among other things, the Foundation is defining "key interfaces" for parallel computing with CPUs, GPUs, DSPs and other programmable and fixed function devices to create "the next foundation in general purpose computing," the group explains on its Web site. "Most importantly," the group says, "we are driving to bring greater developer productivity to heterogeneous computing by removing many of the barriers of traditional heterogeneous programing so they can focus on their algorithms and not managing system resources."
"Joining the HSA Foundation represents the next step towards bringing heterogeneous computing to millions of developers, as well as the introduction of new server and cloud programming paradigms," said Nandini Ramani, VP of development in Oracle's Java Platform group, in a statement. "Our work with the HSA Foundation will help provide Java developers with the ability to quickly leverage GPU acceleration, and explore how the Java Virtual Machine (JVM), as well as the Java language and APIs, might be enhanced to allow applications to take advantage of heterogeneous compute."
The HSAF is currently working on several standards projects: the HSA Platform Systems Architecture Specification version 1.0; an update of the HSA Programmer's Reference Manual: HSAIL Virtual ISA and Programming Model, Compiler Writer's Guide, and Object Format; the HSA System Runtime Specification Draft Specification; and the HSA Tools project. The Foundation has published the AMD IOMMUv2 Architectural Specification and the first version of HSA Programmer's Reference Manual: HSAIL Virtual ISA and Programming Model, Compiler Writer's Guide, and Object Format
The Foundation is reaching out to a specific group of developers with its new Open Source Developer Program, also announced at the conference. With this program, the Foundation is aiming to drive developer productivity in heterogeneous computing environments. The idea is to free developers from the need to manage system resources in these environments (so they can focus on their algorithms) with core tools, runtimes, and simulators designed to allow coders to access HSA technologies. The program will also seek to provide documentation and tools designed to accelerate the development of apps on top of HSAF runtimes technologies, and just generally provide devs with a place to contribute to open source HSAF tools and runtimes.
No launch date has been announced for the Open Source Developer Program. A "coming soon" message is currently posted on the Web site.
Posted by John K. Waters on 11/20/2013 at 9:42 AM0 comments
How do enterprise developers extend their corporate apps to the ever expanding universe of mobile devices with the least amount of pain? Visual dev tool maker Sencha made the argument this week for the less-coding-is-more approach provided by Sencha Architect, the latest version of which the company just released.
Sencha Architect 3, just announced this week, is part of a suite of solutions for developing "universal" apps from a single code base, explained Jeff Hartley, vice president of Sencha's products and services group. The visual app builder is designed, essentially, to provide best-practice code without requiring much in the way of actual coding.
"This release is about minimizing development complexity, while still allowing for plenty of extensibility to our frameworks and customization of the application," Harley told ADTmag. "It allows developers to focus more on user needs than the intricacies of coding user interface stuff, and reduces the potential for errors the goes with coding by hand."
Architect 3 comes with three new feature sets: Project Templates, User Extensions, and Theming and Styling. The new Templates feature gives developers access to a "gallery" of common templates and layouts for creating projects -- everything from introductory layouts for those new to the company's frameworks to fully fledged example applications. Projects created in Architect 3 can be saved as templates and shared via a personal template gallery.
"We've seen situations a lot in the wild," said Gil Gordon, Sencha's senior product manager, "where a guru type in an enterprise is the one driving the framework decisions, while others are coding the business logic and taking the designs from the designers and making them real in the product. We think Architect will help these folks to work together better when they can share Templates and use them as starting points."
There are about 18 Templates currently available in the gallery for each framework, Gordon said. The company plans to add more Templates in the future for different verticals.
The new User Extensions feature allow developers to customize the company's Sencha Touch and Sencha Ext JS frameworks. Architect 3 makes it easy to add extensions -- little bits of code packaged for reuse -- as first-class toolbox components, including both home-made extensions and extensions from the growing ecosystem of extensions built on Sencha frameworks.
Sencha's frameworks support CSS and come with a selection of canned themes. The new Theming and Styling capabilities in Architect 3 allows users to control CSS from directly within the tool to establish the appearance of an application.
Architect 3 is now a tool that can be used by both developers and designers, Harley added. "Everything they make is sharable with other people on their teams," he said. "This release is not just about individual developers, but about expanding its ability to help facilitate development within teams."
Sencha bills its Architect tool as "the ultimate HTML5 app builder," and really drives home the idea in this announcement that HTML5 is becoming the de facto standard in the enterprise for building Web and mobile applications.
"HTML5 has proven to be an ideal development language to tackle the fragmented world of multiple operating systems and browsers, and hundreds of mobile devices and desktops," said Michael Mullany, CEO of Sencha, in a statement. "Sencha Architect 3 empowers developers to create robust applications through a complete app-building experience, providing the kind of control, flexibility and ease of use that produces high quality apps faster."
Posted by John K. Waters on 11/14/2013 at 3:35 PM0 comments
Ready for a shot of "Vitamin V"? If you're one of those Java jocks with no access to a local User Group, that's just the professional supplement you need, say the folks at Zeroturnaround's RebelLabs. The Java toolmaker's research and content organization has launched a new virtual Java User Group (vJUG) that aims to provide "a central online hub of Java-related knowledge, accessible to developers everywhere regardless of location," according to the company.
Although it was officially unveiled Tuesday, this online version of the real-world social component of the Java community already has almost 400 member signups. The vJUG initiative is sponsored by RebelLabs and it was launched by the company's technical evangelist, Simon Maple. "Whether you don't have access to a local Java community, your current JUG isn't active, or you are simply looking to expand your network, vJUG is the modern solution for today's developer," Maple said in a statement. "You can think of us like a supplement for existing JUGs, 'Vitamin V' if you will…."
JUGs have long been a valuable community resource for Java professionals, not to mention a great place for cheap beer and pizza. These volunteer organizations create opportunities to share information and to network with other Java practitioners. Most have some kind of Web presence, of course, and there are virtual groups out there. But the essential purpose of a JUG has been to get people together, in the flesh. (And to drink beer and eat pizza.)
"We're not looking to steal the spotlight [from] local JUGs," Maple said, "which we love. In fact, the opposite: we want to work with JUGs to expand the benefits of membership and give the community more content, ideas and reach."
And yet, in its announcement, RebelLabs sort of damns the status quo with faint praise. To wit: "While traditional Java User Groups act as the main official Oracle/Java-endorsed vehicle for collaboration, conversation, and various opportunities within local developer communities, vJUG provides a central online hub of Java-related knowledge, accessible to developers everywhere regardless of location."
And then there's a comment in the press release that I think is attributed to Oliver White, head of RebelLabs (the punctuation makes that unclear): "Local Java communities benefit most from remaining tight-knit, and we're excited bring support to a community that some say has lost much of its former strength and voice. Through vJUG, we hope to reinforce the global JUG community with more interaction, stronger networks and a louder voice."
The Java community can always use more resources and opportunities for interaction, and if vJUG fills a real need, it should get a big thumbs up. And I get that they're going for a global version of the local organizations, an entity that "aims to close the geographic constraints among Java developers around the world."
I'm not sure, however, about this idea that the existing JUGs are losing their "strength and voice." According to Patrick Curran, chair of the Java Community Process (JCP), the recent success of the Adopt-a-JSR program has been largely due to the efforts of JUGs around the world. In fact, as I reported last month, that program is considered "JUG-lead," and was the brainchild of two user groups: the London Java Community in the U.K. and SouJava in Brazil. Both are voting members of the organization, which gives them a pretty big voice. The list of participating JUGs also includes GoJava (Brazil), Houston JUG (US) and Chennai JUG (China).
Also, it's hard to get excited about virtual beer and pizza.
BTW: The java.net Web site maintains a nice list of JUGs and JUG resources.
Posted by John K. Waters on 11/05/2013 at 4:37 PM0 comments
Earlier this month GitHub, the hosted collaboration platform that all but defined "social coding," launched a new portal site designed to encourage governments and public organizations to connect and share best practices. The new government portal is "dedicated to showcasing the amazing efforts of public servants and civic hackers around the globe," the company says.
The new portal was just announced, but we got an early peek when San Francisco Mayor Ed Lee revealed that the city's municipal code would be posted on the GitHub platform on September 30 during the grand opening of GitHub's new South of Market headquarters. Lee used the event to kick off the city's second annual "Innovation Month," which celebrates the burgeoning tech-industry presence in San Francisco. (The festivities officially started on October 11.)
Posting SF's municipal code on GitHub will make it easier to navigate the dense layers of laws and amendments that affect the city's streets, parks, vehicles, building activities, land use, and public safety, Lee said. More access fosters greater understanding, he said. But more to the point, making the code available in "modern, programmer-friendly formats" opens a new, extremely creaky door to innovation.
"One of the things we're doing together is to get data out of the hands of bureaucrats, who just seem to want to sit on it and protect it...to where people can really use it," the mayor said.
GitHub has deep roots in San Francisco. The founders started their enterprise almost six years ago, the story goes, in a bar just a block from their new offices. The company's new digs, a restored dried fruit storage facility that withstood the 1906 earthquake and fire, includes a ground-floor space set aside for tech talks, meetups, and non-GitHub activities. The company hopes the space will foster what CIO Scott Chacon called "the serendipitous interactions that result in companies like ours."
"I don't think GitHub would exist if it weren't for the vibrant tech culture that exists here," Chacon said. "And we wanted to give back to that community."
From those roots a big organization has grown. The company has expanded its staff from an initial handful of employees to 210 today. More than 4 million users are currently collaborating on GitHub on 8 million projects, and the site sees 16 million unique visitors every month, according to the company.
GitHub, has become one of the world's most popular social coding sites. As I've pointed out before in this space, developers love the Git distributed version-control system developed by Linus Torvalds, and GitHub has played no small role in the growth of that popularity. The service has also enjoyed endorsements from the likes of the Eclipse Foundation, which has begun to allow the hosting of its projects on GitHub to attract new and maturing projects.
The company points to a number of existing GitHub projects now incorporated into the new Government portal, including the Treasury Board Secretariat of Canada's Web Experience Toolkit, which allows for the creation of a set of shared templates for all government Web sites; and the City of Chicago's invitation to coders to issue pull requests from its Open Data Portal of bike routes, bike racks, pedway routes, street locations, and building footprints.
The new GitHub offices also include what I'm pretty sure is a unique reception area: It's a replica of the Oval Office, but instead of the Seal of the President of the United States, the rug features the company's multi-armed feline mascot/logo, the Octocat.
CEO Tom Preston-Werner explained the design to me at the office ribbon cutting: "Who are you if you're sitting on one of those couches in the real Oval Office? You're someone very important, and that's exactly how we want visitors to GitHub to feel."
I understand that a few industry wags have used this whimsical design as an example of high-tech-company wastefulness. I think it offers a peek into the workings of some creative minds.
Posted on 10/21/2013 at 10:29 AM0 comments
When the Java Community Process (JCP) set out four years ago to take advantage of the Oracle acquisition to implement some much needed reforms, the Java standards organization started with what JCP Chair Patrick Curran referred to as the "low-hanging fruit."
That first Java Specification Request, JSR 348, was all about transparency, participation, agility and governance. It was approved without much fuss. A year later, the JCP sought to merge the two JCP Executive Committees (ECs) -- the SE/EE EC and the ME EC -- under JSR 355. That plan was also approved.
By 2012 the JCP was ready to reach a bit higher in this metaphorical fruit tree, into a tricky tangle known as the Java Specification Participation Agreement (JSPA). Issuing JSR 358 ("A major revision of the Java Community Process") around last year's JavaOne, the JCP started the process.
Reworking the JSPA is a much bigger challenge than anything the JCP has done so far in this multi-year makeover, so no one expected the organization to be finished by this year's JavaOne. JCP Chair Patrick Curran was on hand again at this year's event, and he reported that there has been progress, but offered no specifics.
"The JSPA is big, and it's scary," Curran said. "And you have to be careful what you touch. It's just like modifying legacy code. Sometimes you don't know why some language is in there, so you've got to be careful."
The JSPA sets forth the basic legal structure that allows companies and individuals to participate in the development and distribution of specifications, reference implementations, and technology compatibility kits (TCKs) within the JCP. The current version was created in 2002 through JSR 99. A lot changed in the decade that followed, and sponsors of JSR 358 argue that it's high time for the JCP "to revise this document to ensure that it meets our current needs."
Part of the reason the JCP is working to reform its sign-up contract is that the organization wants to make it easier for individuals to participate in the community, Curran said.
"They're the ones who are actually doing the work," he said. The JCP wants to attract more individual members, he said, because they produce JSRs that are more likely to fit the real needs of Java developers, and decrease the number of "ivory tower" JSRs.
Toward that end, the JCP launched the "Adopt a JSR" program, which encourages individual members of the community to "adopt" a spec request by following its progress, supporting its expert group, and/or reporting back to the wider community on its progress and evangelizing its benefits.
The primary vehicle for the Adopt-a-JSR program is the Java User Groups (JUGs), which can reach out to their memberships and promote participation. In fact, the program is considered "JUG-lead," and was the brainchild of two user groups: the London Java Community in the UK and SouJava in Brazil, who approached the JCP with the idea. Both are voting members of the organization. The list of participating JUGs also includes GoJava (Brazil), Houston JUG (US), and Chennai JUG (China).
The program has been very successful, Curran said: 11 JSRs have been adopted so far, and 18 JUGs are contributing to the Java EE spec.
"This is one of the best things to happen to the organization," Curran said. "It has added some great energy and real enthusiasm."
Posted by John K. Waters on 10/09/2013 at 10:51 AM0 comments
The San Francisco-devouring tandem tech shows, Oracle's OpenWorld and JavaOne, attracted more than 60,000 attendees last week -- and bunch of vendors displaying new and improved tools and toys. Here are a few announcements that caught my attention, though not many headlines, as I scurried back and forth between the two:
Azul and MS Open Tech Launch Zulu
One announcement that did grab some press attention concerned a development in the evolving partnership between Java runtime maker Azul Systems and the Microsoft Open Technologies group (MS Open Tech). The two companies launched Zulu, an OpenJDK build for Windows Azure. The free, open source JDK is integrated with MS Open Tech's Windows Azure Plugin for Eclipse Java tooling. It's Java SE 7-compliant, verified using Java SE 7 OpenJDK Community TCK (Technology Compatibility Kit). And it works with Jetty Java and Tomcat servlet containers. The two organizations first announced the collaboration back in July. Azul is best known as the maker of Zing, a 100 percent Java-compatible JVM. MS Open Tech is an independent subsidiary of the software giant focused on open source.
Oracle Partners with Freescale on the IoT
Great attention was paid at this year's events to the Internet of Things (IoT). Arguably, the biggest news to come out of either show in that category was Freescale Semiconductor's announcement of a team-up with Oracle to support Java as the IoT standard. Freescale plans to join the Java Community Process (JCP) and work with Big O to "drive standard technical specifications for the Java platform." The semiconductor maker will focus initially on Java for resource-constrained processing platforms, the company said -- that's things like the low-cost, small geometry microcontrollers that provide the embedded intelligence for IoT-enabled products. Nandini Ramani, vice president of development in Oracle's Java Platform group -- one of the execs who's deeply into embedded systems (pardon the pun) -- said that "Freescale has the expertise and insight necessary to help Java evolve and thrive in the IoT era."
Engine Yard Supports Java
Engine Yard, a provider of Platform-as-a-Service (PaaS) for Ruby on Rails, announced new support for Java at the show. The San Francisco-based company founded on the Merb open source framework for Ruby development offers its customers the option of deploying their applications in Ruby, PHP, Node.js, and now Java. The company also revealed that Oracle will become one of its Infrastructure as a Service (IaaS) providers. The company cited recent findings published in the August 2013 Forrester Research, Inc. report entitled "Who Are The Enterprise Cloud Developers?" to support its decision to add Java to its list of supported languages. Forrester researchers concluded that Java is the most popular programming language for corporate app development and for cloud app developers.
CloudBees Provides for the 'Cloud-Extended Enterprise'
Java Platform-as-a-Service (PaaS) company CloudBees unveiled a new set of capabilities at this year's show that will support its "cloud-extended enterprise" strategy. As industry buzz phrases go, this one isn't bad. It well characterizes the notion of taking "full advantage of the public cloud to accelerate application development and delivery, while continuing to make use of existing on-premise IT assets in a secure manner." The list of enhancements included a new ability of CloudBees-hosted Jenkins users to connect via a VPN to on-premise development resources (source code repositories, test databases, and other dev artifacts). Security Assertion Markup Language (SAML) support for enterprises ID and access management. And a new data migration and sync service called WEAVE@cloud, which has been extended to further simplify the RUN@cloud deployment PaaS.
Tomitribe Supports TomEE
A Santa Monica-based company you might not have heard of, Tomitribe, launched a set of enterprise services for the Apache Foundation's TomEE application server at the show. TomEE (pronounced "Tommy") is a lightweight and "nimble" version of Apache Tomcat aimed at the Java Enterprise Edition (Java EE) Web Profile, a subset of Java EE APIs focused on web app development. The Tomitribe website describes the company as "a dedicated Apache TomEE support company." The company was founded in 2013 by TomEE co-creator David Blevins. "Our goal is to help developers build on what they already know and shine on new projects using Apache TomEE," said Tomitribe VP of sales and marketing Theresa Nguyen, in a statement.
Universal SDK Uses 'Build Cloud'
IntraMeta Corp. unveiled "nuvos," a one-and-done universal software development kit (SDK) at the show, along with its associated subscription-based cloud build and test service. The "build cloud" makes it possible to write an app in Java using your favorite development environment with no additional SDKs. The nuvos cloud builds and tests the app for multiple platforms, and you upload a fully native app to popular app stores. The company says nuvos users can leverage pre-integrated connectors to such services as Facebook, Twitter, and Twillio. And they can create their own adapters to existing web services, such as enterprise applications. The promised result of this build-cloud strategy is a system that allows devs to publish to native mobile, native desktop, smart devices, or HTML5 from one codebase.
Terracotta Announces JCache Java Spec
JSRs don't usually spend much time on the front page, but news that JSR-107 has made it through the public review stage should have. This is the spec request for Java Temporary Caching API (JCache), which specifies the semantics for the temporary, in-memory caching of Java objects. Apparently, the JSR languished for years until Terracotta and Oracle began funding it recently. Terracotta is probably best-known for its commercial development of Ehcache, a widely deployed open-source Java caching solution. Terracotta also announced that BigMemory, its flagship in-memory platform will be fully compliant with the spec early next year.
JFrog Snags a Duke's Choice
JFrog earned a second Duke's Choice Award at this year's show for its Bintray social platform for storage and distribution of software libraries. The San Francisco-based maker of the cloud-based Artifactory binary repository manager may be the only software company to snag a Duke's Choice twice. (JFrog won in 2011 for Artifactory.) The company's Bintray is a cool system designed to allow developers to publish, download, store, promote, and share open source software packages. It's billed as a fully self-service platform, which gives developers full control over their published software and how it's distributed. It currently hosts nearly 70,000 software packages, the company said. JFrog Bintray was also named Community Choice winner, an honor bestowed by developer community votes.
The JavaOne technical keynote featured a two-inch thick tablet device based on the credit-card-size, single-board Raspberry Pi computer running Java SE Embedded 8. The interface is powered by JavaFX on top of Oracle's Raspbian (a Debian remix custom built for the device), and apps built for the device are exposed as JavaFX OSGi modules. It's not an actual product yet, but rather a set of free plans. It's not ready for prime time, but Oracle says it's working on pre-made kits. The device isn't exactly pretty, but it is a cool innovation to put in the hands of do-it-yourselfers.
Posted by John K. Waters on 10/02/2013 at 11:37 AM0 comments