Up to Blog Posts in Curl Blog

Curl Blog

4 Posts tagged with the platform tag
Richard Treadway
2

Recently PaloAlto Networks published a survey Social Networking Usage Explodes In Businesses Worldwide that found 27 different social networking applications in use across 95% of the participating organizations.  The survey findings are based on actual analysis of application traffic, not survey questions. The following chart from the report shows that the most prominent use is Instant Messaging at 50%.

Enterprise 2.0 Application Usage

 

The survey makes the point that applications are not threats ? yet they carry risks.

 

"The adoption of Enterprise 2.0 applications is being driven by users, not by IT. The ease with which they can be accessed, combined with the fact that newer (younger) employees are accustomed to using them, points toward a continuation of this trend. The somewhat disconcerting fact is that users do not take into account the business and security risks that these applications present. Looking at the 202 Enterprise 2.0 applications found, 70% can transfer files, 28% are known to propagate malware, and 64% have known vulnerabilities."

 

Enterprise 2.0 Application Characteristics

 

All this points to increased security risks as more enterprise 2.0 applications see more pervasive adoption.  As we have previously pointed out it is important that developers and IT operations both understand best practices with regard to security.  Jeffrey Hammond points out in his paper on Securing Rich Internet Applications that is is important to understand the 3 Attack Surfaces: Server-side, Communication-stream and Client-side.  In this post I'll focus on the client-side. 

 

RIA frameworks use a Sandbox model the protect clients from malicious code.  It is important to realize however that not all sand boxes are created equal.  While Ajax, browser based applications use the browser's sandbox, RIA frameworks like AIR, Silverlight and Curl use their own security model and permit access to the local machine.  It's natural that developers want to take advantage of the broader capabilities at RIA frameworks offer over the browser based sandbox but they need to be aware of how their decisions effect the vulnerabilities that these frameworks introduce.

 

To give administrators and application developers the most control over security for creating and deploying Enterprise 2.0 applications Curl supports both un-privileged and privileged modes executing in the browser and on the desktop.  This is in contrast to AIR that allows only un-privileged in the browser and only privileged on the desktop.  The follow table shows the differences between Curl and AIR privilege options.

Curl Adobe Security Comparison

 

 

Curl Desktop applications use the same security model as Curl applets that run in the browser.  Additionally un-privileged applets can access their own area on the local disk to offer improved performance and a better user experience but present a much lower risk profile   This also means that application developers can write un-privileged applications that make use of local storage and run both in the browser and standalone on the desktop.
2 Comments Permalink Tags: programming, platform, forrester, enterprise_ria, enterprise2.0, security, air, adobe
Jnan Dash
0

My take on Cloud Computing

Posted by Jnan Dash Mar 3, 2009

It's not new that computers have been going through mutation - from mainframes to minis to PC to hand-held devices and smart phones now. With each step, the architecture has become more distributed. Now we are back to "centralized"  computing, as more activities move to the data centers, which are becoming  factories for computer services on an

industrial scale. Software is supposed to be delivered as "services" from such data centers. But wasn't this the theme of  SaaS (Software as a Service) offerings such as SugarCRM and SalesForce.com?

 

The answer is yes. SaaS, computing grids, multi-tenancy, and cloud services such as Google mail, are all precursors to  "cloud computing". As per the Economist magazine, 69% of Americans are connected to the web and use some kind of cloud service such as web-based mail and online data storage. Google has been pushing this model via Gmail, spreadsheet, and documents. These services will come in 3 layers - infrastructure, applications, and periphery (where they will meet the real world). I read somewhere that there are 70,000 data centers in the US, out of which 30% are no longer in use. Also, only 6% of the server capacity is used. This excess unused capacity is also pushing for the cloud model.

 

Amazon is considered the pioneer in this movement, with their S3 (Simple Shared Storage, storage rented from the cloud at cheap cost), and EC2 (Elastic Computing Cloud, processing cycles are available as and when needed). So the other players like Microsoft and Google are building huge data centers. Microsoft is adding 35000 servers a month, while Google has 36 data centers with about 2 million servers. The new data centers are being located in states like Washington and Oregon with low-cost electric power.

 

Cloud computing seems like a logical post-SaaS step, where measured, monitored, business process can be made available to clients. The current economic climate is also pushing the theme of "more with less" and cost savings as key principles. The days of under-used inhouse data centers are over. The new mantra -  web as the platform architecture, application modernization with web-based dynamic UI, and software available as cloud services. With the proliferation of hand-held devices and smart phones, the cloud computing model makes sense.

 

 

0 Comments 0 References Permalink Tags: platform, framework, cloud
Jnan Dash
0

I had briefly reported from the Web 2.0 Expo last week. Here is an overall summary of the event.

 

I have been going to all the Web 2.0 events since they started back in 2005. It's quite remarkable how fast the attendance has grown. There used be just one conference in November. Due to its popularity they made it into two events - We 2.0 Expo in April and Web 2.0 Summit in October. The one in the fall tends to be much more technical. The expo is broader and the attendance is much larger. The success of this event has prompted the organizers (O'Reilly & company) to have similar events in New York, Tokyo, and Europe since 2007.

 

 

 

For those who are confused by the term Web 2.0,  you are in good company of many.  Ambiguity is the name of the game here. The phrase Web 2.0 was coined to explain the evolution of the Web to being a serious platform for the future applications, as opposed to the first phase (Web 1.0) where static pages were delivered and user-interactivity was quite limited. Also it was architecturally poor and slow to perform with all the page refreshes. Web 2.0 deals with asynchronous access to servers, polling data to the client cache for continuous feeding (e.g. Google Maps), hence it feels like a local desktop application. The phrase Ajax was coined 2 years ago to highlight the asynchronous aspects, even though the underlying technology remains the same - HTML, Javascript, CSS, DOM, XML,..

 

 

 

During 2005 and 2006, almost all the attendees at the Web 2.0 events were young kids working on start-ups like Flickr, YouTube, MySpace, etc. During last year's Web 2.0 Summit, the first session was with Marc Zuckerberg, the 23 year old who founded Facebook. The same night, the dinner guest was the 73-year old Rupert Murdoch, head of News Corporation and owner of MySpace. During my first attendance back in 2005 Fall, I felt like a fish out of water. There were no large enterprises including my former employers like IBM or Oracle. I could not recognize anyone from my generation. No gray hair from the client-server era. But it was lots of fun watching the kids re-invent the same issues some of us had worked on years back.  Topics like stateful applications, transactional integrity, secure commits to the database, good scalability when numbers rise fast, were all being revisited. I call this "Back to the Future". So all the discussions centered around the "consumer space". It's like the boom-years of 1997-2000 when Jeff Bozos of Amazon said, "profit,? I spell that as Prophet." People started talking about another "bubble" around Web 2.0. No one seemed to care about "monetization" or "business value".

 

 

 

Zimbra got a standing ovation in the fall of 2005 when it displayed its email with pop-ups as you mouse thru the content. Yahoo bought Zimbra for $300m, but its future inside Yahoo is clouded as much as Yahoo's own future. This year, I noticed a remarkable shift. Suddenly large enterprises are everywhere. IBM had a big booth. So did Oracle. Juniper networks, HCL, Nokia, all had large booths. Even the sessions were full of speakers from large corporations. The classic "social-networking-is-the-future" crowd was also there, but they seemed less in number.

 

 

 

This is good for us at Curl, as we position our solution for the enterprise, serious to deploy the business-critical applications on the new web platform. We gave over 120 demos to visitors in our booth. Many of the visitors asked serious questions this time. Some have tried to implement complex visualization apps. via Adobe Flash, or via one of many Ajax frameworks, but were highly disappointed with scalability and functions. Programmer productivity is a key factor. Rapid prototyping is also crucial for creating proof points. Gone are the days of long development cycle. Getting users involved during the design process is key to success. Cul renders itself well to these approaches.  We need to continue aggressively with our "awareness campaign" for the enterprise crowd.

 

 

 

In summary, I was not that surprised with the evolution of Web 2.0 towards more "enterprise focus". The same phenomenon was also visible at the AjaxWorld in New York during March. There were more discussions on "building RIA outside Ajax", as people realize the deficiencies of Ajax frameworks.

0 Comments 0 References Permalink Tags: ria, curl, enterprise_ria, platform, curl_blog
Mike
8

What makes Curl such a great programming platform? Here are seven things.

 

Single Platform: The Curl RTE is the same on every platform, in any browser. No need to work around browser quirks and bugs.

 

Security: Curl has a security model that prevents unprivileged applets from doing arbitrary things on your computer. For safety's sake, we think that most applets should be unprivileged. For commonly needed but potentially insecure operations, such as reading or writing a file, the RTE will ask the user for permission before allowing the operation. This is better than always preventing it and also better than not allowing it at all. It is of course possible to grant applets full privileges, but it's not a step to be taken lightly.

 

 

Speed: The Curl RTE compiles an applet to machine code so execution is fast. As an applet is downloaded from your web site it is compiled and evaluated incrementally. Any expression that produces output is shown immediately in the web browser. Class definitions, procedures, packages, and so on are compiled and cached, so subsequent downloads are faster than the first one.

 

 

Software Engineering: Curl is the kind of language you want if you are serious about software engineering. Strong type checking is enforced, though you can declare a variable to be of type "any". The language supports multiple inheritence. It has parameterized types (generic classes), as well user defined macros. It doesn't force you to put everything into a class. Development is fast too, because of the large number of useful APIs provided and because the compile time type checking helps you eliminate errors early. Plus when debugging, you don't have to "build" anything. Just edit and reload in the browser.

 

 

Single Language: The Curl language is suitable for all of the things that go into a modern web application: Classes, algorithms, data, expressions, events and handlers, text, graphics, forms, tables, and everything else can be expressed in the same language. You don't need to use a messy combination of XML, JavaScript, HTML, ActionScript, and various other languages and formats.

 

 

Server deployed: A Curl applet is distributed simply by putting it on a web server. It is updated by updating the files on the web server. It can be is as easy as updating a static web site.

 

 

Service Oriented: A Curl applet is the ideal consumer for web services and API's. Any SOAP endpoint can be turned into a Curl package and called directly. REST API's can also be easily handled. Both synchronous and asynchronous requests are supported.

 

 

We'll be talking more about these and other advantages of the Curl platform over the next few weeks. Let us know if any of them is of particular interest.

 

 

If you're a web developer, download the free IDE (which also installs the RTE if needed) and give Curl a try. You can use Curl for any programming project, even if you aren't planning to deploy it on the web. If you need to do any kind of computation and user interaction, Curl makes it easy. There are extensive examples in the Developer's Guide to get you started.

8 Comments 0 References Permalink Tags: platform, programming, curl_blog

Actions

Popular Blog Posts