Saturday, July 18, 2009

Perspectives: Revenue

Sri Lanka'a GDP in 2008: Approximately $41B (page 16 of 2008 annual report)

Italian Mob annual revenue (2008): Approx. $167B.

LTTE's annual profit (according to Jane's Defense) in 2007: $200-300m. I remember reading somewhere that it was $300-400m but can't find the reference. Assuming a profit margin of 20%, that's at least $1.5B annual revenue.

Walmart 2008 revenue: $401B.

IBM 2008 revenue
: $104B.

Monday, July 13, 2009

Brain-friendly SOA security

Prabath Siriwardena, who leads all of WSO2's security work, including the Identity Server product, recently gave a summer school program on SOA security. These slides give the best no-nonsense, to-the-point, simple explanation of all of security that I have ever seen. Prabath covers authentication, authorization, WS-Security, WS-Security Policy, XACML, OpenID, Information Cards, WS-Trust, STS and more in one smooth story style presentation:
Don't believe me? Start clicking through the slides above and tell me you can stop before you got to the end!

Sunday, July 12, 2009

Three SOA Case Studies

Paul had given a talk at QCon in London earlier this year discussing some use cases that we've dealt with with our customers. He has some very useful anti-patterns towards the end of the talk!

Thursday, July 9, 2009

Google's new OS project, SOA and stateless computing

The new Chrome OS is an interesting development indeed from Google.

The Chrome browser is pretty much an OS already - each tab is a separate process and they use shared memory to load the common code etc. etc. .. its a mini-OS. If you think about the work Chrome (the browser) does, its pretty much depending on a few low level system calls to do memory management and process scheduling plus the windowing system for graphics. So the proposed strategy of run that on a cut-down Linux kernel plus rewrite the graphics system certainly makes sense. The venerable X Window System (of MIT Project Athena fame .. early 80s!!!) has seen its time IMO and a rewrite and a rethink is in order. It would not shock me if the new system is more like NeWS, Sun's original Network Window System (think Display Postscript), one of Jim Gosling's inventions before Java. (Java is sorta the same thing .. at least in the applet days and when it was conceived as the Green project; the server-side success of Java was almost accidental. Funny how the world turns, eh?!) The beauty of that architecture in the now "network is the computer" world is that it makes it better for remote computing - you can do more granular work on the server and push down work to the client. Video for example can be built into the windowing system itself.

One can also easily argue that you really do have to rethink the entire security architecture of an OS to really make a "Web-safe OS" and one which is an instant-on experience like a TV instead of traditional computer. The use of a Linux kernel surprises me there - why be constrained by the Unix security model? I'm guessing that that decision was motivated by the daunting challenge of getting drivers written for a totally new kernel - at least by going with Linux have a pretty good likelihood that everything from digital cameras to USB disks etc. that people have and will plug into the Gnetbook will work in our lifetime.

Of course we've heard the "Microsoft killer" argument a few times .. first Netscape with Netscape and then Sun with Java. However, unlike Netscape's wishful-thinking and Sun's brain-dead JavaOS project which attempted to write an OS in Java (what were you thinking Sun?), the Google guys are not afraid to get their hands dirty and write real code in a real language (C, of course).

There's no doubt that a rethink of fundamentals of computing are in order for the network age. Google seems well positioned to take a crack at that problem and possibly make it take off due to their dominating presence and global "cool kid" brand value.

Not to seem like I'm trying to sell WSO2 stuff in this blog entry, but this approach of "client=browser=access to services on the net" fits perfectly with our vision of the enterprise back-end: that its all about services and ONLY services. Even on the front-end, we're moving towards gadgets being the only UI and are working on taking the gadget dashboard stuff we've done and making a total gadget server which is like a portal server except that instead of crappy server-side JSR 168 portlets, you just have client side gadget that talk directly to back-end services (in the enterprise and outside). Oh yeah, with Chrome I expect Google will provide an easy way to (safely) get rid of this cross-site browsing restriction nonsense; IMO that is an "old Web" thing that just needs to go away as it doesn't fit with the model any more. So in many ways, a pure Web client platform is the perfect counterpart to a service-oriented enterprise.

Here's a funny thing though - Microsoft tried to get the world to accept that a browser is inextricably tied to the OS .. and got KILLED for it (and are still paying for it in crazy EU land). Google does the same thing (except further - the browser *is* the OS) and it seems the world is very happy. Ah, how wonderful it must be the company that does no evil ;-). (Other than reading all my mail and monitoring every click I do of course.) To be fair to Google though, all technology success is a "right thing, right place, right time" thing and Microsoft was probably too far ahead of the curve to say the browser is indeed part of the OS. Google's timing is much better and in any case, this is new OS .. not a new OS that must be able to run any browser.

I'm beginning to believe more and more in a world of "stateless computing", by which I see my laptop and netbook and phone and all simply being a "throwaway" device to get to my data and services on the net. In WSO2 we use Google Apps (email, calendar, intranet sites, shared docs), SVN (all code) and run all our common stuff on EC2. What I have on my laptop is pretty much a local cache only - well with Gears you can nearly get there .. it caches enough for my experience to be "good enough". Even on the server side, we now have an internal cloud (based on Xen) where anyone can go to an intranet portal and fire up a server with the OS/software config they want and get a dynamic host name etc. and use it. (We'll be open sourcing that code soon.) That has been a totally liberating experience in terms of how we think about getting a server with some config; now its "just do it". BTW anyone who thinks the concept of "internal cloud" doesn't make sense is, in my book, an idiot.

I was thinking of going back to a desktop computer (netbooks are only good for little stuff; sorry the small keyboard and screen don't cut it for me for 24x7 use) with a big screen + a 3G connected netbook for access from other places. However, with the internal cloud stuff, I'm now thinking of getting two "nettop"s (like this totally cool looking puppy from Acer), attaching it to large monitors at office and home and a netbook to carry around. The nettop+screen works like an old X Terminal (!!!) with my real computers being personal "servers" running in the internal cloud. (Yeah I will be running an internal cloud at home too.)

That's stateless computing - if those $250 boxes give way, no problem throw it away and buy a new one. And total cost: 2 x 24-30" monitor (< $600), 2 x nettop ($500), 1 x netbook ($300) < $1500 for access and shared servers for the cloud. At home I can run that on boxes I already have or for say $1000 by a quad core box with 8GB memory plus 1TB mirrored and have a pretty safe world. In office we're running the internal cloud on 3 old Dell 1U boxes with 2 dual core processors each and each with 8GB. We can keep adding every old box we have to that cloud (soon with Zeroconf). Oh yeah, if I need public cloud servers I've got Amazon EC2.

That's liberation. Liberation from "shit my disk died and I've lost it all", from "shit my computer crashed" and more shits ;-).

Will desktop apps go away? No way. While Google Docs are usable, its nothing when compared to Open Office (which itself is nothing when compared to Microsoft Office, but that's a different blog). However, its "good enough" for quite a few scenarios and I suspect will become sufficiently better (with the improved proprietary extensions from your friendly neighborhood Google).

May you live in interesting times.

Thursday, July 2, 2009

Oracle's "componentized" SOA suite

Yesterday Oracle announced a major refresh of their middleware platform - basically the result of merging in BEA to Oracle. Some stuff (like getting rid of OC4J and using WebLogic would've been a no-brainer "thank god we're done with that" decision) but other stuff must've been quite painful, especially for the people involved!

From their press release:
Oracle SOA Suite 11g delivers a complete, integrated and hot-pluggable SOA platform that enables next-generation business applications by simplifying service access, integration, orchestration, Complex Event Processing (CEP), monitoring and management.
Wow, that's a mouthful. Given that WSO2 is also in the business of building "complete, integrated and hot-pluggable SOA platform", I thought wow let me see what's so hot about Oracle SOA Suite 11g. So I thought let me check this out and visited their download site to see whether I can get my hands on that beast.

  • Basic download: 1.5GB
  • Required components:
    • WebLogic Server: 600-800MB
    • Repository Creation Utility: 280-360MB
    • Oracle Database: 1.7-2.3GB
    • JDeveloper: 934MB-1GB
  • (Let's ignore all the optional components)
So, in order to try out their SOA Suite, I need to download somewhere between 5GB and 6GB of stuff. Um, wow?

Yes we know imitation is the best form of flattery but that's on the order of 20x the size of ALL of our platform. Yes yes I know Oracle is so much bigger and better and more powerful, but 20x better??

BUT, remember who the consumer of this stuff is: the poor brain-hurtin' developer. When I first started doing Java stuff (with JDK 1.0.8 in '94 I think), I knew every class in the JDK public APIs and quite a bit of internal stuff. Today, no Java developer even knows all the junk that's in the JDK. On top of that throw in 5-6GB of stuff and you'll have developers committing suicide!!!!!

SCA, the foundation on which Oracle's suite is built, was an abstraction layer designed to overlay JEE and WS-*. What?? Isn't that what WS-* can do too? Yep, but IBM and BEA weren't happy with losing JEE's place in the world .. and SCA was born. OK I am simplifying a bit but I do know the history as I was in IBM at the time :-).

Today's biggest problem for developers is not lack of choice of tools. There are 7 of everything. How can the average developer handle 5-6GB of stuff and figure out where to get started? That's if they were able to get it all installed.

If this is the best the Java world can offer SOA developers then Microsoft and .Net people will be very happy - they know how to make things simple for developers!

Luckily there's always WSO2 Carbon and our SOA products :-).

Or, you can always wait for Oracle 12g, the composition of Oracle, BEA and Sun.

Wednesday, July 1, 2009

WSO2 sponsoring OSCON

We've decided to sponsor OSCON 2009 .. if you are coming there and want to look us up please drop by! As always we have lots to tell you about what we're doing and our customer success stories and more!