The Rich Engineering Heritage Behind Dependency Injection

Andrew McVeigh takes us on a tour of the rich heritage behind dependency injection, what it represents, and tells us why its here to stay.

NetBeans 6: Matisse Updates

NetBeans 6 delivers great updates to the Matisse GUI builder. Spend a few minutes with Roman Strobl and get an expert briefing on what's new and what has changed. (sponsored)

Introduction to Groovy Part 3

In this, the third and final installation of Andres' Introduction to Groovy series, you learn about how Groovy handles variable numbers of arguments, named parameters, currying, and more about Groovy operators. Including, some new operators.

Easier Custom Components with Swing Fuse

Swing Fuse (actually just Fuse), is a framework designed to make it easier to create your own custom desktop components. In this article, Daniel Spiewak shows you how to get started and provides sample source code you can download.

Benchmark Analysis: Guice vs Spring

Willam Louth shows how he uses JXInsight Probes to investigate probable performance issues with code bases that he is not familiar with. He also highlights possible pitfalls in creating a benchmark, as well as in the analysis of results.

Replies: 7 - Pages: 1
Threads: [ Previous | Next ]

GEA?

At 1:02 PM on Nov 14, 2007, Werner Keil wrote:

Fresh Jobs for Developers Post a job opportunity

» DZone, Inc. seeks a DZone Developer Intern in Cary, NC
» Dieselpoint, Inc seeks a Senior Solution Engineer - Enterprise Search in Chicago, IL 60661

I know, to most people this probably sounds odd. Also a company famous for its "Let's do it ourselves" mentality may not really even briefly think of such an option to get their feet into the Large Enterprise sector, where only the likes of IBM, Oracle, Microsoft, SAP and maybe a handful of others are left as players.

This may have been true and not worth a thought, until their recent bold step into the Mobile world.
Of course the OS and other infrastructure for Mobile Services are probably not at all, what Google intends to deal with. At least most of their partners in the Open
Handset Alliance do of course.
And 90% of them or more at least when it comes to Mobile Operators (like T-Mobile, Telefonica and all their subsidiaries) are using BEA products already. Wheter it is the specialised SIP Server, Portal or just the Application Server. And plenty of new Web 2.0 type gadgets are based on technologies Google co-shaped already.

So unlike the DoubleClick deal for approx. 3 Bio. $ which is under heavy attack by both US and European trading watchdogs, a (theoretical) bid like this may well cost 2.5-3 times more (based on Oracle's offer so far) but neither look like a substantial monopoly at first (if so, BEA would have it already in some segments

) nor would it bring other companies like Oracle into a position, where at least the No. 1 DB Server on the market 'bundled' with the No. 1 App Server (both combined) could at least in certain segments of the industry seem like a monopoly (similar to bundling IE with Windows, just on the Server side)

Of course, BEA is not the type of startup, Google normally is used to swallow a few months after its inception (like Android, the company behind its Mobile SDK or even YouTube at a relatively young age)

On the other hand most of the company ideology and thinking at BEA is by many still somewhat compared to a Startup, despite the company just got 10 years old.
So taking this the way people work and think and their mindset e.g. towards Open Source clearly seems to match Google and BEA better than e.g. with IBM, BEA, HP or any other (potential) buyer.
Maybe the only other option that could be comparable outside the Mobile World would be RedHat/JBoss because of Linux (also like Marc Fleury suggested in a comment to the Oracle offer

) but then there is no Mobile involvement compared to BEA's products in this area.

Maybe a crazy idea?? Anyway, tell me what you think of it?

7 replies so far ( Post your own)

1 . At 3:24 PM on Nov 15, 2007, Ian Griffiths wrote:

Re: GEA?

Google is not in the same business: they are interested in gathering and centralizing information so as to target advertising and other messages accurately.

Oracle and BEA target the server world (even if they are web servers). They also have other products that interest people with databases and large infrastructures. They probably share and/or compete for the same customers.

IBM is more in line with them. But IBM already has a complete product line so they would only be interested in their customers.

2 . At 8:35 AM on Nov 17, 2007, Werner Keil wrote:

Re: GEA?

Thanks for the reply. That is a good point, but as I mentioned in the post, it's a bit of a crazy idea (but certainly not more crazy than e.g. Marc Fleury's comment on the Oracle offer, in which he asked to buy JBoss or RedHat instead

)
Beside Microsoft (who has nothing to do with Java, so they are out of discussion) Google's among the few companies big enough to afford similar offers.

HP on the other hand had been mentioned a few times, but except the case where Oracle should indeed become a Monopoly with a combination of their DB and BEA's server products (another point I would not underestimate, at least their PeopleSoft and similar purchases were different as there is still a SAP, but buying BEA there is like buying SAP in the ERP segment)
Of course as HP's CEO had just held a keynote at Oracle Open World next to Larry Ellison, any such option has probably been outruled or approved among the 2 of them there?;-)

Btw, what exactly in the Security area are you dealing with?

3 . At 2:23 AM on Nov 18, 2007, Ian Griffiths wrote:

Re: GEA?

Hi Werner,

> Btw, what exactly in the Security area are you
> dealing with?

I deal with programs that have to be very robust and where the data mustn't be compromised. For example, e-voting systems.

Most programs concentrate on protecting themselves from hackers by using SSL and firewalls. This leaves the data and system open to attack from inside the system (SSL lines are decrypted at the web server level).

Many attacks come from within the company/administration. In e-voting systems, the people most affected by the results of the vote are often within the organisation.

In practice, we ensure that data is encrypted from the browser to the database (and is stored encrypted). We have developed a framework that enforces full Java security to all code. In other words, you have to explicitly give the security policy for each Jar, otherwise it won't run. All code must be signed, otherwise we won't load it. And the framework checks constantly that no element of the system is changed from the outside. In other words, jars, files, etc. can only be created, modified by the framework.

Many years ago, I realized that very strict security policies ensure that the software is well structured (a developer cannot add a "quick and dirty" fix in one part of code that shouldn't be there: it won't have the permissions to run.

We have also done a lot of work in the framework to structure code so that modules only have visibility (through the classloader structure) on the classes it has the right to use that makes impossible for one module to use code from another without it being explicitly configured to do so. Through the use of abstract classes and/or annotations, we also force the developers to structure the program correctly.

Obviously, we also do all the traditional stuff (firewalls, proxy servers, HTTPS, Applets...) and analysis of the incoming stream to see if the client applet/javascript was tampered with.

Ian

4 . At 5:11 PM on Nov 18, 2007, Werner Keil wrote:

Re: GEA?

Ian,

Thanks a lot for the update.
e-voting, I hope, not for the US, particularly Florida ?

I was also wondering, as one of the big areas, Google does push into right now is the whole Social Networking complex.
And many developments and occasions there, most notably hijacking of celebrity profiles like Alicia Keys' flesh out thesis I posted elsewhere, that without working and widely accepted security and identity mechanisms all those Open Social Networking initiatives are prone to similar and worse exploits.

Of course for e-voting and other government and community programs this shall be nothing new ?

5 . At 5:29 PM on Nov 18, 2007, Werner Keil wrote:

Re: GEA?

Seems, other people had similar ideas recently:
http://www.news.com/5208-13580_3-0.html?forumID=1&threadID=32941&messageID=333419&start=-1

6 . At 1:46 AM on Nov 19, 2007, Ian Griffiths wrote:

Re: GEA?

Hi Werner,

> e-voting, I hope, not for the US, particularly
> Florida ? ;-)
No, mainly in Europe and specifically in Switzerland. Many decisions here are voted on and people vote a number of times each year. So adding online voting means people can vote even if they are away during the day or even on holiday abroad.
>
> I was also wondering, as one of the big areas, Google
> does push into right now is the whole Social
> Networking complex.
> And many developments and occasions there, most
> notably hijacking of celebrity profiles like Alicia
> Keys' flesh out thesis I posted elsewhere, that
> without working and widely accepted security and
> identity mechanisms all those Open Social Networking
> initiatives are prone to similar and worse exploits.
>
> Of course for e-voting and other government and
> community programs this shall be nothing new ? ;-)
One thing you realize very quickly when developing high-security software, is how easy it is to break most systems: you only need to get one thing wrong and the system can be compromised.

Before I went into this domain, I thought I knew a lot about security