Archive for November 2008
Scrum Backlog Templates
Here are two useful backlog templates provided by Agile Software Development. Both of them are in Excel format (XLS). Check them out:
Detect Replay Attacks in your Web Services
Many threats that are common to distributed systems are common to Web services as well. There are a few specific threats associated with the Web services processing model, such as:
- Message replays: An attacker may re-play an entire message or a part of a SOAP message.
- Man in the middle attack: An attacker may view and modify a SOAP message without the knowledge of either sender or the receiver.
- Identity spoofing: An attempt to construct credentials that seems to be valid but not.
- Denial of Service (DOS) attacks: An attempt to make a system expend its resources so that valid requests cannot access a service.
- Message alteration: An attempt to alter a message compromising its integrity.
- Confidentiality issues: Access to confidential information within a message by unauthorized parties.
Dimuthu wrote an interesting post about how to prevent replay attacks using WSF/PHP. He also shows how to detect them using WS-Addressing and WS-Username token headers.
How to kill an idea, or help it grow
It is far easier to kill an idea than to encourage it and turn it into a useful solution. Be on a constant watchout for putting down an idea too early without understanding the positive reasons for it being suggested. Hopefully you will see that there are many ways in which you can be constructive.
To kill an idea, say:
- It’s not part of your job
- That’s not what we do here
- Costs too much
- Against the company policy
- It’s not budgeted, maybe next year
- Let the other department handle that
- It is not our problem
- Why would you do something like that?
- We have been doing it another way for a long time and it works fine
- If it’s so good, why hasn’t someone suggested it already?
- Has anyone else tried it successfully?
- We have tried that before and it didn’t work
- Is anyone crazy enough to try that?
- We’re already doing that
To help an idea, say:
- Yes, and…
- Great, let’s try it
- How can we make time to see if it will work?
- What resources would we need to do it? Tell me more
- How can we make it work?
- What are the advantages?
- How can we remove the dis-advantages?
- What can I do to help this happen?
- I like it
- That sounds interesting, tell me more
- How can we convince everyone else?
Create Clickable Wireframes
I found an interesting web-hosted application called ProtoShare that allows you to create clickable and working wireframes very easily. It has all the HTML elements you would need to design a web application, like headers, text areas, form interaction and even drop-down XHTML menus. Once you have a design, you can share it with others. It also creates a basic, linkable template that allows you to preview usage flow and overall experience.
This screencast demonstrates how ProtoShare can be used to create wireframes.
Getting Started With Message Queues
When you’re building an infrastructure that is distributed all over the internet, you’ll come to a point where you can’t rely on synchronous remote calls that, for example, synchronize data on 2 servers:
- You don’t have any failover system that resends messages if something went wrong (network outages, software failures).
- Messages are processed over time and you have no control if something goes overloaded by too many requests.
Even if you don’t have to send messages all over the Internet there are enough points of failures where something can go wrong. You want a reliable and durable system that fails gracefully and ensure.
Solutions
Dropr
Dropr is a distributed message queue framework written in PHP. The main goals are:
- Reliable and durable (failsafe)-messaging over networks.
- Decentralized architecture without a single (point of failure) server instance.
- Easy to setup and use.
- Modularity for queue storage and message transports (currently filesystem storage and curl-upload are implemented).
Beanstalkd
Beanstalkd is a fast, distributed, in-memory workqueue service. Its interface is generic, but was originally designed for reducing the latency of page views in high-volume web applications by running most time-consuming tasks asynchronously.
It was developed to improve the response time for the Causes on Facebook application (with over 9.5 million users). Beanstalkd drastically decreased the average response time for the most common pages to a tiny fraction of the original, significantly improving the user experience.
Zend Platform Job Queues
Job Queues is an approach to streamline offline processing of PHP scripts. Job Queue Server provides the ability to reroute and delay the execution of PHP scripts that are not essential during user interaction with the Web Server. Job Queues improve the response time during interactive web sessions and utilizes unused resources.
Memcached as simple message queue
In this post, Olly explains how to use memcached as a simple message queue:
Some months ago at work we were in the need of a message queue, a very simple one, basically just a message buffer. The idea is simple, the webservers send there messages to the queue, the queue always accepts all messages and waits until the ETL processes request messages for further processing. As the webservers are time critical and the ETL processes aren’t you need something in between.
Links
Yahoo! announces its Open Strategy
Yahoo! is in the process of releasing its Open Strategy with the goal of connecting more people in more ways than ever before.
Y!OS is a platform at it’s core, accessible via an API layer by applications that can be built by anyone and run on or off of Yahoo!. Y!OS can be used to completely rewire Yahoo!, putting an open architecture at Yahoo!’s core and adding a horizontal social dimension across Yahoo! and beyond.
There are three major goals to Y!OS:
- Creating a social dimension
- Opening Yahoo! (both data and application UI)
- Rewiring Yahoo! properties with a new architecture built on this new Open Platform.
Neal Sample & Cody Simms walk you through the entire Y!OS platform.
Zend Framework: Autoloading for better Performance
Many discussions have come up in the recent past about how ZF should increase the libraries base throughput. One of the suggestions that comes up is whether or not requiring the autoloader, and consequently removing calls to require_once, is a good thing.
The following posts explore these possibilities:
