Queue May/June 2007 Vol. 5 No. Queue May/June 2007 Vol. Linux Security Sins Vol. 5 No. 4 4 Standards-Based Middleware May/June 2007 API Design Matters Interview: Stonebraker ue.com and Seltzer www.acmque Your challenge: create rich, dynamic PC or mobile apps. Defy it: deliver value, not just data with Visual Studio® and Windows Vista.TM More tips and tools at defyallchallenges.com CONTENTS MAy/jUnE 2007 Vol. 5 no. 4 fEAtUrEs API Design Matters Michi Henning, ZeroC Should the authors of lousy APIs be held accountable for their crimes? 24 The Seven Deadly Sins of Linux Security Bob Toxen, Horizon Network Security Which ones is your company guilty of? 38 Toward a Commodity Enterprise Middleware John O’Hara, JPMorgan A look inside standards-based messaging with AMQP. 48 2 May/June 2007 rants: [email protected] ACM QUEUE COVERITY FINDS THE DEADLY DEFECTS THAT OTHERWISE GO UNDETECTED. Your source code is one of your organization’s most valuable assets. How can you be sure there are no hidden bugs? Coverity offers advanced source code analysis products for the detection of hazardous defects and security vulnerabilities, which help remove the obstacles to writing and deploying complex software. With Coverity, catastrophic errors are identified immediately as you write code, assuring the highest possible code quality—no matter how complex your code base. FREE TRIAL: Let us show you what evil lurks in your code. Go to www1.coverity.com to request a free trial that will scan your code and identify defects hidden in it. Your code is either coverity clean—or it’s not. Reticulitermes Hesperus, or Subterranean Termite—unchecked, property damage estimated at $3 billion per year. 7 Electron Micrograph, 140X 200 Coverity, Inc. All rights reserved. © CONTENTS KODE VICIOUS 8 dKVE thepA LoudmouthrtMEnts George V. Neville-Neil, Consultant GEEK@HOME 12 intErViEw Embracing Wired Networks Mache Creeger, Emergent Technology Associates A CONVERSATION WITH MICHAEL STONEBRAKER BOOK REVIEWS 56 AND MARGO SELTZER 16 Two generations of the database vanguard discuss SQL, startups, and stream processing. CALENDAR 58 CURMUDGEON 64 Alloneword Stan Kelly-Bootle, Author 4 May/June 2007 rants: [email protected] ACM QUEUE Publisher ACM Headquarters James Maurer Executive Director and CEO: John White [email protected] Director, ACM U.S. Public Policy Office: Cameron Wilson Editorial Staff Sales Staff Deputy Executive Director and COO: Patricia Ryan Managing Editor National Sales Director Director, Office of Information Systems: Wayne Graves John Stanik Ginny Pohlman Director, Financial Operations Planning: Russell Harris [email protected] 415-383-0203 Director, Office of Membership: Lillian Israel [email protected] Copy Editor Director, Office of Publications: Mark Mandelbaum Susan Holly Regional Eastern Manager Deputy Director, Electronic Publishing: Bernard Rous Walter Andrzejewski Art Director Deputy Director, Magazine Development: Diane Crawford 207-763-4772 Sharon Reuter [email protected] Publisher, ACM Books and Journals: Jono Hardjowirogo Production Manager Director, Office of SIG Services:Donna Baglio Lynn D’Addesio-Kraus Contact Points Queue editorial Assistant Director, Office of SIG Services: Erica Johnson Editorial Assistant [email protected] Michelle Vangen Executive Committee Queue advertising President: Stuart Feldman Copyright [email protected] Vice-President: Wendy Hall Deborah Cotton Copyright permissions Secretary/Treasurer: Alain Chesnais Editorial Advisory Board [email protected] Past President: Dave Patterson Eric Allman Chair, SIG Board: Joseph Konstan Queue subscriptions Charles Beeler [email protected] Steve Bourne For information from Headquarters: (212) 869-7440 David J. Brown Change of address Terry Coatta [email protected] ACM U.S. Public Policy Office:Cameron Wilson, Director Mark Compton 1100 17th Street, NW, Suite 507, Washington, DC 20036 USA Ben Fried +1-202-659-9711–office, +1-202-667-1066–fax, [email protected] Marshall Kirk McKusick George Neville-Neil ACM Copyright Notice: Copyright © 2007 by Association for Comput- ing Machinery, Inc. (ACM). Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or com- mercial advantage and that copies bear this notice and full citation on the first page. Copyright for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or fee. Request permission to repub- ACM Queue (ISSN 1542-7730) is published ten times per year by the lish from: Publications Dept. ACM, Inc. Fax +1 (212) 869-0481 or e-mail ACM, 2 Penn Plaza, Suite 701, New York, NY 10121-0701. POSTMASTER: <[email protected]> Please send address changes to ACM Queue, 2 Penn Plaza, Suite 701, For other copying of articles that carry a code at the bottom of the New York, NY 10121-0701 USA Printed in the U.S.A. first or last page or screen display, copying is permitted provided that the The opinions expressed by ACM Queue authors are their own, and are per-copy fee indicated in the code is paid through the Copyright Clear- not necessarily those of ACM or ACM Queue. Subscription ance Center, 222 Rosewood Drive, Danvers, MA 01923, 508-750-8500, information available online at www.acmqueue.com. 508-750-4470 (fax). May/June 2007 rants: [email protected] ACM QUEUE Montréal, Canada 2007 It’s not about objects (only)! ollaboration, diversity, and incubation / industry experts and their Cacademic peers gathering to improve programming languages, refine the practice of software development, and explore new paradigms—oopsla’s the premier conference for innovative and thought-provoking ideas, for seeking comment on works in progress, and (frequently, we’re proud to say) for presenting Turing Award lectures on significant works. Contribute to oopsla and you will be enriched as you enrich the world of software. Critical Dates Conference Chair March 19, 2007 Submission Deadline for Research Papers, Onward!, Richard P. Gabriel, USA Essays, Practitioner Reports, Educators’ Symposium, [email protected] and proposals for Tutorials, Panels, Workshops, and DesignFest® Program Chair David F. Bacon, IBM July 2, 2007 Submission Deadline for Posters, Demonstrations, [email protected] Doctoral Symposium, Onward! Films, Student Research Competition, and Student Volunteers Onward! Chair For more information, visit: http://oopsla.org Cristina Videira Lopes, UC Irvine [email protected] Palais des congrès de Montréal October 21–25, 2007 For information, please contact http://oopsla.org ACM Member Services Department 1.800.342.6626 (US & Canada) +1.212.626.0500 (global) email: [email protected] OOPSLA is sponsored by ACM SIGPLAN in cooperation with SIGSOFT KV the Loudmouth kode vicious A koder with attitude, KV ANSWERS o buy or to build, that is the question. Of course, it’s YOUR QUESTIONS. interesting enough to rarely that cut and dried, so this month Kode Vicious prevent your letter from MISS MANNERS HE AIN’T. T takes time to explore this question and some of its winding up with all those many considerations. He also weighs in on the validity of aforementioned enlarge- the ongoing operating system wars. Have an equally con- ment ads. troversial query? Put your thoughts in writing and shoot The buy-vs.-build, or as I like to think of it, the inte- an e-mail to [email protected]. grate-vs.-build question touches just about every part of a product. I like to say integrate because that can take into account using open source software, as well as buying Dear KV, software from a commercial vendor. Although many I was somewhat disappointed in your response to Unclear people might like to build everything from scratch—the Peer in the December/January 2006/2007 issue of ACM Not Invented Here school of software construction—that Queue. You answered the question, but I feel you missed is rarely an option in most projects because there is just an opportunity to look at the problem and perhaps too much to be done and never enough time. The prob- expand Unclear’s professional horizons. lems that need to be addressed are the cost of integration What requirement is being satisfied by having Unclear and the risks. build a P2P file-sharing system? Based upon the answer, it Cost in this case is not just that incurred in buying may be more effective, and perhaps even more secure, to a piece of software. Free or open source software often use an existing open source project or purchase commer- has high costs. The number of people on a local team cial software to address the business need. Indeed, if the required to maintain and integrate new releases of a com- definition of P2P is loose enough, encrypted e-mail would ponent is definitely a cost that must be accounted for. meet your security criteria and might solve the business Producing documentation is also a cost. For commercial problem. products the costs include those just listed, as well as any If Unclear is just a koding gnome, content to write money required to license the software in question. kode as specified and not ask why, then I withdraw my In reality, the cost could be seen as just one of the concerns. Otherwise, it seems to me that an opportunity risks involved when making the decision on whether to to teach Unclear, and your readers, was missed. integrate or build a component of a system. The risks of integrating a component include the likelihood that the company or project that provides that component will Dear BB, continue to exist, and whether the component owner will Perhaps I’ve missed the marketing hype around this,Sincerely, or change the system in a way that doesn’t agree with your it has wound up in my spam box like allBuyer those not alwaysads for a Builder product over time.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages68 Page
-
File Size-