Thursday, December 22, 2011

Feedback and business software

If we look at business software (custom made or off the shelf), most of them rely of feedback mechanism but feedback mechanism is built into the process which is largely human driven not on the automatic path. This thought makes any process human intensive and resource hungry.
Any process can be represented as

In this system it has been assumed that system is perfect, input received by system are perfect and comply to specifications ( zero tolerance), System is perfect (Zero tolerance) and always work as though of ( not only as designed). But we do not live in utopia.
To accommodate imperfect world, feedback based systems are used.

Feedback systems are basis of control engineering.
Control engineering basic foundation can be summarized as:
1. A system that has no corrective feedback is likely to diverge from the desired output.
2. A system that tries to correct too quickly will likely overrun the mark and oscillate around the desired value.
3. A system that corrects too slowly will take a long time to reach the desired value, if it ever does.
4. A system with delayed corrective feedback will generally oscillate at a frequency related to the delay time.

From system thinking perspective, where cause and effect loop into feedback system, one can think of:

1. Stabilizing Loop: It leads to a balance. The more food I eat, and then the fuller I feel. The fuller I feel then the less food I eat.

2. Reinforcing Loop. This loop continues till some external agent intervenes. The more I think of food then the hungrier I get and the hungrier I get then the more I think of food.

3. Choice: This is not about loop but making a choice. Our machines are not intelligent (sic!) enough to make choice, so human (or living being) are invariably get involved in these type of system. I think about food and make a choice to eat food. Choice may lead to increase or decrease in effect.

4. Choice and Reinforcing Feedback: In some cases choice and reinforcing feedback combine and create an addictive effect. I think about money, I earn more money. I think more about money.

The clouds represent observable (and potentially measurable) quantities. A plain arrow indicates that an increase or decrease of one quantity influences a similar increase or decrease of the other.
If there is a dot on the arrow, then the effect is the opposite—an increase of one influences a decrease of the other.

With all of SOA and BPM why we are not able to deploy Stabilizing and Reinforcing Loop  mechanisms in business software?

2. Quality Software Management, Vol 1: Systems Thinking by Gerald M. Weinberg
3. The Fifth Discipline: The Art & Practice of The Learning Organization by Peter M. Senge

Wednesday, December 21, 2011

Top Tech trends of 2012

1. Android based devices
2. Rise of Java alternative but running on JVM languages
3. HTML5
4. Social networking Analysis
5. Big Data will rise further
6. Touch based computing devices
7. Voice operated devices
8. Spatial gesture sensitive devices
9. Merging of Gaming, Social Media and TV
10. Mobile payment
11. Flexible Screens
12. Walled garden approach for IT solutions in consumer space – Apple (iTune, iOS, ect), Window 8, etc
13. App Internet will rise to new heights


Tuesday, December 20, 2011

Prediction for remaining decade (2012-2020)

1. Android (and its derivatives) will be omnipresent in embedded, mobile and hand held devices.
2. In laptops/desktops, windows or some flavor of it will be preferred operating system.
3. SAAS and PAAS will prevail for small and big enterprise.
4. IAAS will thrive in enterprise data centers.
5. Fragmentation and Alternatives of Java and Enterprise Java (like Apache harmony, and Spring) will emerge stronger and official java from Oracle will loose its sheen due to lust for its monetization by Oracle.
6. Laptop, mobile and tablet will merge into one.
7. Indian IT workforce will shift from permanent job to contractual jobs like in USA.
8. 3G and 4G (BWA) will bring internet book in India over smart phone and tablets.
9. Developing countries will swept by telecom revelation like India in previous decade.
10. Gamification will engulf almost all experiences especially of social media.
11. Outsoucing will change from India focused to 2I + 1 (2 location in India and one elsewhere)
12. Apple will loose its grip on smart mobile phone market.
13. Application will be pervasive in devices and appliances like phones (mobile and fixed line), TVs, automobiles, refrigerators, disk (CD/DVD/BlueRay) players, and any computing device.
14. Fragmentation of Internet - There will be walls around country or region specific internet
15. Rise of china based technology companies.


Thursday, December 15, 2011

HiTech Marketing Rant

Even after more than a decade, “Inside the Tornado” still companies following advice illustrated. Take example of Fusion Middleware by Oracle.

Oracle Fusion Middleware is in middle of Tornado. Oracle Fusion Middleware is Gorilla of current time and replacing TIBCO – Gorilla of past.

No SQL (Big Data) is in initial state, any standard yet to emerge so not in the tornado. Only companies who are very enthusiastic about technology have adopted.

Though, Inside the Tornado very effectively suggest marketing strategy for products/solutions which have migrated from enterprise to consumer segment but it did not cover the solutions whose evolution has happened from C2C or B2C ( Auction, Social Networking, classified advertisements).

Geoffrey A. Moore should write a book where major focus should be eBay, Facebook, Twitter, LinkedIn, Gmail, FourSquare, Gowalla, MySpace, Hi5, Bebo, Amazon, iTune, Orkut, and other similar successful or not so successful phenomena (sic!).

Friday, December 9, 2011

Capacity Planning Playbook for Oracle Fusion Middleware

Capacity Planning Playbook for Oracle Fusion BPEL PM

Thursday, December 8, 2011

Security Gateway Comparision

Security Gateway Comparision

Friday, November 11, 2011

Book Review: The Future of Looking Back

Book Review: The Future of Looking Back by Richard Banks: Publisher- Microsoft Press: ISBN- 13: 978-0735658066

The Future of looking back is book which very clearly and concisely take you journey where you learn effects of technology on common people. The book is well written and easy read. Banks creates a world where he takes you slowly and see how transition is happening from physical to virtual, analog to digital.
In the end of each chapter, design challenges are fantastic and provide a quite peek into Bank’s designer brain.
This book is certainly good read.

Disclaimer: I did not get paid to review this book, and I do not stand to gain anything if you buy the book. I have no relationship with the publisher or the author.

One can get more information about book and related topics from:

1. Amazon:
2. Bank’s Blog:

Wednesday, October 19, 2011

Book Review: Privacy and Big Data

Book Review: Privacy and Big Data by Terence Craig and Mary E. Ludloff: Publisher- O’Reilly: ISBN- 13: 978-1449305000

Privacy and Bigdata is survey of privacy philosophy and laws in USA and Europe. Book covers privacy debate in very comprehensive way across USA and Europe.

Though book is short but very extensive in its approach and provides links to related material.

It cautions us about free stuff (sic!) on internet for which we trade our personal information and compromise privacy in pieces. With advent of techniques of information aggregation any one with sufficient resources and make profile and …

Book briefly touches Australia and Canada and completely ignores rest of world especially developing counties where privacy has very different meaning in culture as well as in law.

Book is must read for any internet entrepreneur to understand privacy laws in USA and Europe.

Disclaimer: I did not get paid to review this book, and I do not stand to gain anything if you buy the book.

One can get more information about book and related topics from:

1. Amazon:
2. Publisher – Oreilly:
3. Authors Blog:
4. Federal and Trade commission:
5. Wikipedia on Internet Privacy:

Friday, October 14, 2011

Book Review: Social Network Analysis for Startups

Book Review: Social Network Analysis for Startups by Maksim Tsvetovat and Alexander Kouznetsov: Publisher- Oreilly: ISBN- 13: 978-1449306465

One of the hot topics in business is Social Media and its effect on it. This has led to growth in Social Network Analysis.

As the name suggest book Social Network Analysis for Startup deals Social Networks’ Analysis but not for startups but for Beginners. If we take the name thing apart book is excellent introduction of Social Network Analysis in very simple language. Book not only talks theory but also give hands on practice sessions on the concepts using python (to be very precise NetworkX -

Book consists of seven chapters. Chapter one and two focuses on Basics of Graph theory. Chapter three, four and five talk about metrics in a Social Network. Chapter six discusses how “a thing” goes viral and what the characteristics of phenomena are. Final Chapter talks about volume of data to be dealt with in Analysis of Social Networks. Appendix A is about ethics involved while doing SNA and listing of APIs and software which can help in SNA. Appendix B is about installation of software (Python and more).

Book might have discussed NetworkX more in details to help understand the library in detail. I strongly recommend reading NetworkX documentation along with book.

With all of its flaws, book is fantastic for beginners in field of SNA. This book certainly be on my bookshelf for long time.

Disclaimer: I did not get paid to review this book, and I do not stand to gain anything if you buy the book.

Further reading: Few of the competing books are Social Network Analysis: Methods and Applications (, Linked: How Everything Is Connected to Everything Else and What It Means (, Networks, Crowds, and Markets: Reasoning About a Highly Connected World (, Social Network Analysis: A Handbook (, and many more.

One can get more information about book and related topics from:

1. Book’s facebook page:
2. Amazon:
3. Publisher -- Oreilly:
4. Author’s Linkedin page:
5. Author’s company’s site:
6. Wikipedia on Social Network Analysis:
7. Wikipedia on SNA tools:
8. List of SNA tools:
9. NeworkX: 

Wednesday, September 28, 2011

Friday, September 16, 2011

Typical API Design Goals

1. Clear separation in Content and Transaction API
2. Call on URL must be separate for regular site and API site
3. API site must be divided into two – test and prod
4. API site must be clearly demarked - json, rest and soap (, /api/rest, /api/soap).
5. Throttling/Rate Limiting for API calls must consider following factors
a. Time of call
b. Number of records per call
c. Number of calls per second using a API key (free and well as paid)
d. Hits per method/function
e. Test or prod API site
f. Content and Transaction API
g. IP address
h. Geographic Location
i. Specific Key may have enhanced SLAs/priority
j. Developer or Enterprise Key
k. Class of Enterprise – Platinum, Gold, Silver
l. Class of developer – MahaGuru, Guru, GuruBhai
m. Read or Write Call
6. API vs normal site traffic prioritization
7. API response caching ( not now but as application grow this should be pluggable)
8. Provision of deprecation of API
9. Versioning of API
10. Full backward compatibility
11. SSL/TCL availability for critical data – password, payment, etc
12. The call from client may be synchronous but internally it must go to queue (logical) and the requests must be served as per throttling priority  Example sfdc custom or enterprise WSDL
13. The outward call from must go to queue (logical) and then served synchronously to client ( will make synchronous call). Messages remaining in queue will die after certain amount of time. This time is not configurable by API users but by admins of  Example salesforce outbound message
14. To access API each developer must register and must be given key which identifies him/her.
15. To access user (normal site user – API should supply user credentials in secure fashion – SSL). Usage of OAuth needs to be explored.
16. Developer Key will be deactivated if not used for certain period of time.
17. If certain key tries to break throttling. First give warning, then deactivate for certain period of time and then deactivate permanently. Three Strike rule.
18. Reporting
a. Track overall API performance
b. Track API performance for each operation
c. Track API performance by developer
d. Track API performance by specific developer customers
e. Track API performance by client IP
f. Report on API usage by individual developer
g. Report on API usage by developer group
h. Report on API usage by specific developer customers
i. Ability to generate reports in multiple (i.e., CSV, PDF and HMTL) formats
j. Ability to integrate with an existing enterprise reporting system
k. API throughput report
l. API routing failure report
m. API utilization report
n. API availability report
o. API usage report
p. API availability report
q. API methods report
r. API response times report
s. API backend latency report
19. Billing & Metering and API integration
a. Support for Developers account
b. Support for Developers’ customers
c. Ability to bill specific API feature/function

Thursday, September 15, 2011

How to achieve Business Goals

1. Prepare API strategy which cater to developers in comprehensive fashion
a. Open API
b. Separation of Content & Transaction API
c. Major part of API should be free
d. Thorough but easy and efficient developer registration process
e. Developers should be able to showcase their work
f. Developer should be able to discuss and share issues/challenges (forum)
g. Comprehensive documentation (developers manual) – pdf book as well as Wiki
h. Over the time period 3rd party developers should be major contributor to API management.
i. Some mechanism like Java Bug Parade
j. Involve developers in documentation translation
k. Distribute small projects – tool specific like – SOAP UI, Sahi, etc
2. API must be marketed at/via
a. Company microsite at facebook, linkedin, twitter
b. API documentation – manual & presentations must be available at webapplication/platform, document repositories – scribd, slideshare, desi forums, etc
c. Sample applications must be available at mobile application development sites – android, iPhone, iPad, HTML5, etc
d. Sample application must be available at Webservices sites – java, c#, scala, .net, php, etc
e. API details must be available at and other similar sites
f. Conduct competition for innovative, most traffic generated web application
g. Pay application developer if that application develop uses paid API and generate certain amount of traffic over a time period.
3. No differentiation on the basis of end product (developed by 3rd party) licensing regime.
4. Developer portal
a. Discussion forum
b. Documentation
c. Bug Parade
d. Gamification ( Badge, enhanced role in management of API, etc)
e. Facility to showcase developers’ work
f. Enterprise and individual accounts

Wednesday, September 14, 2011

API Business Goals

1. Develop mobile applications, MS office plugins etc
2. Spur the 3rd party application development which can drive traffic and hence usage of web application/platform
3. Use it as marketing tool for developers
4. Collect analytic to design future strategy for platform/web application
5. Data collection about developers which can be utilized in future.

Monday, September 12, 2011

Book Review: Codermetrics Analytics for Improving Software Teams

Book Review: Codermetrics Analytics for Improving Software Teams by Jonathan Alexander: Publisher- O'Reilly: ISBN- 13: 978-1449305154

Codermetrics is the first book which takes the benefit of research and understanding in the area of professional sports and brings into software development.

This book is heavily influenced by Moneyball ( and The Blind Side ( by Michael Lewis (

This book is segmented into three parts. Part one: Concepts covers basics of coder related metrics and how and why the affect big picture of software development. Part two: Metrics lists various metrics developed by author for coders/developers and third part Processes explains how system to be developed to measure metrics developed in book.

As the name suggest this book is solely focused on coders/developers but if metrics developed in this book need to be successful then similar metrics need to be developed for other stakeholders of SDLC – like testers, support and maintenance developers, and business analyst.

Book is good attempt in exploring brand new area of software development and bringing in the learning’s from professional sports, it lacks in articulating few of the assumptions made while defining metrics. For example Chapter 4: Skill Metrics assumes that all tasks are of same size. And if tasks are of not same size then several of metrics needs re-definition. Also Chapter 5: Response Metrics has assumed that all software development is product related but reality is far from this.

Book is silent on statistical analysis of metrics. At most book does trend analysis which is very simplistic approach.

Though the ideas articulated by books seems to have very high potential and may get with agile very well but requires deep revision.

Disclaimer: I did not get paid to review this book, and I do not stand to gain anything if you buy the book. I have no relationship with the publisher or the author.

Further reading: This is the first book on the subject. I am not able find any book on the subject.

One can get more information about book and related topics from:

1. Book’s web presence
2. Amazon:
3. Publisher – O’Reilly
4. Review:

Friday, September 9, 2011

Book Review: The Art of Managing Professional Services

Book Review: The Art of Managing Professional Services by Maureen Broderick: Publisher- Prentice Hall: ISBN- 13: 978-0-13-704252-4

It is very difficult to find a good book on Professional services but The Art of managing Professional Services by Maureen Broderick fills that gap very efficiently and effectively.

This book covers diverse facets of professional services in very precise and concise fashion which makes is must read for leaders in Professional Services.

Book beautifully covers practices employed by variety of Professional services and then set best practices. Book is divided into eleven chapters.

1. Professional Services
2. Shared Vision, Values, and Culture
3. People
4. Portfolio
5. Services
6. Finance
7. Positioning
8. Partnership
9. Strategy
10. Structure
11. Style of Leadership

Each chapter focuses on one topic and details on that.

As I always look for improvements, this book also needs few. Book is very much focusing on USA based PS organization which totally ignores rest of world’s reality. Secondly book does not include any big player from software services.

Nevertheless, book presents good over view of PS and certainly it will be in my book shelf.

Disclaimer: I did not get paid to review this book, and I do not stand to gain anything if you buy the book. I have no relationship with the publisher or the author.

Further reading: A competing book is Managing The Professional Service Firm by David H. Maister at and Building Professional Services: The Sirens' Song (Harris Kern's Enterprise Computing Institute Series) by Thomas Lah ,Steve O'Connor, and Mitchel Peterson at

One can get more information about book and related topics from:

1. Book’s web presence
2. Amazon:
3. InformIT:

Thursday, August 18, 2011

Book Review: Gamification by Design

Book Review: Gamification by Design: Implementing Game Mechanics in Web and Mobile Apps by Gabe Zichermann and Christopher Cunningham: Publisher- O’Reilly: ISBN- 13: 978-1-4493-9767-8

Gamification is latest buzzword in It industry, particularly in product designing. Gamification by design book attracted me because it talks about the though process of gaming of business applications not of gaming systems.

Gamification is well written and easy to understand. It covers gamification from product design perspective not from developer perspective.

The book consists of eight chapters. Chapter one and two cover foundations and motivation part of gamification. Chapter three, four, and five cover game mechanics and dynamics. Chapter six is full of gamification case studies. Chapter seven talks of some coding about gamification and lastly chapter eight is tutorial on gamification.

Though book present the gamification in very lucid manner but nothing is perfect. It might have better if chapter seven has covered the logic of coding in terms of flow charts.

Nevertheless, book is excellent read and must be on my shelf for long time.

Disclaimer: I did not get paid to review this book, and I do not stand to gain anything if you buy the book. I have no relationship with the publisher or the author.

Further reading: Following books gives further insigh into gamification:
1. Game-Based Marketing: Inspire Customer Loyalty Through Rewards, Challenges, and Contests (
2. Total Engagement: Using Games and Virtual Worlds to Change the Way People Work and Businesses Compete (
3. Game On: Energize Your Business with Social Media Games (
4. Gamestorming: A Playbook for Innovators, Rulebreakers, and Changemakers (

One can get more information about book and related topics from:

1. Book’s web presence
2. Amazon:
3. Publisher – O’reilly
4. Author’s blog:
5. Review:

Thursday, August 11, 2011

Book Review: Securing the Cloud: Cloud Computer Security Techniques and Tactics

Book Review: Securing the Cloud: Cloud Computer Security
Techniques and Tactics by Vic (J.R.) Winkler: Publisher- Syngress: ISBN- 13: 978-1-59749-592-9

Securing the Cloud ion one more me too book on cloud computing. It is heavy on theory but light on practical. It covers cloud from beginners perspective and more interested in making checklist.

The book is divided into the following 10 chapters:

1. Introduction to Cloud Computing and Security
2. Cloud Computing Architecture
3. Security Concerns, Risk Issues, and Legal Aspects
4. Securing the Cloud: Architecture
5. Securing the Cloud: Data Security
6. Securing the Cloud: Key Strategies and Best Practices
7. Security Criteria: Building an Internal Cloud
8. Security Criteria: Selecting an External Cloud Provider
9. Evaluating Cloud Security: An Information Security Framework
10. Operating a Cloud

I do not find anything interesting in this book.

Disclaimer: I did not get paid to review this book, and I do not stand to gain anything if you buy the book. I have no relationship with the publisher or the author.

Further reading: Few of the competing book are Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance (, Cloud Computing Explained: Implementation Handbook for Enterprises (, and many more.

One can get more information about book and related topics from:

1. Amazon:
2. Review:
3. Itroduction:

Wednesday, August 10, 2011

Single point of failure: Partial Remedies

This post is in continuation of earlier blog. Here I have listed few of strategies and techniques which can be utilized to minimize the impact of single point of failures:

  1. SSO: Application users (for example users used for integration) should not pass through SSO mechanism.
  2. MDM: Employ distributed and segregated MDM on the basis of business objects. It means Customer Master and Partner Master should be running on two different MDMs.
  3. Use separate servers to preserve audit, log and error data. These servers must be separate from business servers. This technique is pretty good while employing in Integration (EAI and B2B) and BPM.

Tuesday, August 9, 2011

Limitations of Relational Database Systems

  1. Relational databases are based on relational algebra, which requires data to be stored must be modeled as relational only. This also means that, data read from RDBMS modeled back in its original model (say tree, graph, key value, or any other). This requires significant stress on computing resources.
  2. Columns of tables can only store similar data.
  3. Document storage (images, multimedia, business documents, XML, etc) is big sore point for RDBMS
  4. RDBMS is not real time system. It is poll based.

Wednesday, August 3, 2011

Information Lifecycle for Data Security in Cloud

Security Guidance for Critical Areas of Focus in Cloud Computing V2.1, Chapter on Information Lifecycle Management assumes very simplistic view on Data Security Lifecycle.

This view hides subtle lifecycle stages. Typically, Information follows following lifecycle:

In my view CSA should revise ILM and so the recommendations.

Tuesday, August 2, 2011

Monday, July 25, 2011

Book Review: Virtualization: A Manager’s Guide

Book Review: Virtualization: A Manager’s Guide by Dan Kusnetzky: Publisher- O'Reilly: ISBN- 13: 978-1449306458

First I am thankful of O’Reilly of providing me free copy of book before publication.

As title of book suggests, this book is not for techie. This thoughts is further reinforced by intended audience section of book.

Virtualization: A Manager’s Guide is pretty short and very lucid and easy read. Book covers virtualization model developed by author ( or his company) which seems to be pretty good.

The definition of virtualization given by book “Virtualization can create the artificial view that many computers are a single computing resource or that a single machine is really many individual computers” is very correct as most of the definition ignore the many computer part.

I am not going to keep this book in not bookshelf as this lacks technical rigor but certainly it is useful for someone who is not very technical but faces technical staff.

Disclaimer: I did not get paid to review this book, and I do not stand to gain anything if you buy the book. I have no relationship with the publisher or the author.

One can get more information about book and related topics from:

1. Amazon:
2. Publisher --
3. Review:
4. One more review:
5. Third Review:
6. Dan Kusnetzky:

Friday, July 22, 2011

Book Review: Art of Application Performance Testing

Book Review: Art of Application Performance Testing by Ian Molyneaux : Publisher- O'Reilly: ISBN- 13: 978-0596520663

This is the first book, I have read on performance testing after long years of development.

Book is straight forward and is fast read. Book covers lot but just touches the surface. This book is good to know basic concepts of Performance Testing but as person will be reading more and practicing more this book will be of little use.

Certainly this book is just stepping stone for any aspiring Load and Performance tester.

Book does not focus on any platform or tool.

Disclaimer: I did not get paid to review this book, and I do not stand to gain anything if you buy the book. I have no relationship with the publisher or the author.

Further reading: Software Performance and Scalability: A Quantitative Approach ( and Performance Testing Guidance for Web Applications ( are two books which might be interesting to you.

One can get more information about book and related topics from:

1. Amazon:
2. Publisher -- Oreilly
3. Review:
4. Second review:
5. Third review:
6. Webinar by author:

Wednesday, July 20, 2011

Single Point of Failure in Enterprise Computing

With SOA as central body of thinking, lots of enterprises are adopting:

  • Centralized Authentication system ( more fancy name is Single Sign On – SS0)
  • Master data management – MDM
  • Queuing services – generally JMS
  • Enterprise Service Bus – ESB
  • Integration utilizing Hub and Spoke system
  • Business Process Management (BPM) Engine

If you look very carefully in all of these systems has one underlying philosophy – Centralized logic and control. These component with fault tolerant and clustered deployment get benefits of distributive computing but still hardware is still co-located.

Does this mindset bring single point of failure in enterprise computing?

My take is: YES. How to minimize this – wait for future posts.

Saturday, July 16, 2011

Friday, July 15, 2011

Non Functional Requirements of Integration Projects (EAI and B2B)

  • No Data loss in any case. Data should be recoverable in integration layer.
  • Recovery should be automatic in majority of the cases in case of integration layer failure.
  • Replay of messages must be possible in all case of failure.
  • End systems to be integrated, should be decoupled in time, space and semantic.
  • Contingency path/scenarios (if deployment fails or integration is need to be rolled back after successful run in production after a while) must be defined and rehearsed.
  • There must be clear separation between Integration and Services.
  • Underlying integration service failure (like audit, logging, notification, error handling, etc) must not affect integration as well as enterprise services.
  • Audit, error notification, error repository should be deployed on separate servers/infrastructure from business services and integration.

Thursday, July 14, 2011

Forecast, Foresight and RoI

Whenever technical person take a business proposition to business owners in any typical business, the first question asked is “What is RoI?”
Is this question correct? Before reaching to answer let us consider few scenarios.

Scenario 1: Foo Inc has its HRMS developed in house. With growth in number of employees and globalization of business, current HRMS is not able to keep pace and requires frequent tweaks and hacks to do the job. This is leading to broken HRMS and potential disruption of services and day by day increasing cost while maintain the system. The proposals to change current HRMS by some contemporary HRMS – Self hosted or SaaS are in wild.

Scenario 2: Bar Corp is in groceries retail business and has stores across countries. Its PoS (Point of sales) system is working great and designed and developed in late eighties. The programming languge used is Basic C. Even today (2011), system is working fine for current needs. Bar Corp management has foresight for market in China, which has entirely different legal system, language requirements. Should Bar shift to contemporary technology?

Scenario 3: We are in 1990. QUX LLC is in investment banking. Its computer systems are rock solid and rely heavily on Mainframe. New technology and paradigm are emerging. Java on UNIX and distributive technology is seen as next game changer. Internet is seen as bright star on horizon. Should QUX LLC start evaluating Internet, Java and UNIX?

In the three scenarios built above will ROI justify the investment? In case of Foo Inc ROI certainly a justification but apart from ROI addition decision criteria comes into picture: Should employee data be on cloud or internal? In case of Bar Corp, lot of speculation and unpredictability comes into picture. Certainly RoI is the decision criteria here. For QUX LLC do I have to argue?

The picture is very clear, when ever forecasting is involved, ROI argument hold good but for foresight ROI is the criteria.

Wednesday, July 13, 2011

Book Review: Seven Languages in Seven Weeks: A Pragmatic Guide to Learning Programming Languages

Seven Languages in Seven Weeks: A Pragmatic Guide to Learning Programming Languages by Bruce A. Tate: Pragmatic Bookshelf: ISBN- 13: 978-1934356593

Why I read this book! Because book’s title is interesting. Book covers language spanning from object orientated, prototype, and functional and since ancient time of modern programming. Certainly book does not teach you 7 languages but gives you flavor of each. After tasting you can decide which one is suitable for your dinner.

Very nicely book cover seven languages though there will be conflicting views on selection of languages. Book introduces philosophies of these languages ( Prolog, Io, Ruby, Scala, Haskell, Erlang, and Clojure), basic syntax and main constructs. Book very carefully avoids unnecessary details like how to install, IDE, etc which can be found online very easily.

The last chapter “Wrap-up” serves you cocktail with distinct hint for each.

Certainly I am looking for more of these type of books covering various components of software – Operating system, IDE, etc.

Seven Languages in Seven Weeks will certainly be on my bookshelf for quick reference.

Disclaimer: I did not get paid to review this book, and I do not stand to gain anything if you buy the book. I have no relationship with the publisher or the author.

Further reading: One can get more information about book and related topics from:

One can get more information about book and related topics from:

1. Amazon:
2. Review:
3. Dr Dobb Review:
4. One more review:
5. The bulky review:
6. One more:
7. The second last:
8. The last review:

Tuesday, July 12, 2011

Security threats posed by public cloud computing

Criminal Use of Cloud Computing: The ease of the registration process for services opens up services to abuse by spammers, malicious code authors, and other criminal elements.
Solution: Strengthen verification process of the registration.

Insecure Application Programming Interfaces: Cloud computing services management and interaction interfaces have very coarse authorization which opens up security hole.
Solution: More granular authorization and multifactor authentication process.

Malevolent Insiders: The threat posed by a malevolent insider is not unique to cloud computing. However, the threat is inflated by the convergence of IT services and customers under a single cloud environment, economic scale and a lack of visibility into the hiring standards and practices of cloud employees.
Solution: Enforce strict supply chain management security and comprehensive background check of cloud employees. Also setting up legal framework to tackle such malicious scenarios.

Shared Technology Vulnerabilities: Cloud computing delivers services by sharing infrastructure. This opens up the entire system to security breaches.
Solution: Defense-in-depth strategy that includes computer, storage, and network security enforcement and monitoring

Data Loss/Leakage: The enhanced risk of destruction or loss of data, whether accidental or intentional, due to increased number of actors and interactions.
Solution: Encrypt data in transit and implement strong data backup and retention strategies. Granular authorization strategy.

Service Disruption: Due to large number of customers on cloud, service disruption or reduced QoS may enhance impact to manifold.
Solution: In-depth replication of infrastructure across location.

Account, Service, and Traffic Hijacking: Account, service, and traffic hijacking, such as phishing, fraud, and exploitation of software vulnerabilities, pose risks to any computer system. With cloud these risks increases due to large number of interactions and actors.
Solution: use strong authentication techniques and unauthorized activity monitoring. Granular Authorization.

Unknown Risk Profile: Due to outsourcing nature of public clouds risk of losing track of the security ramifications of cloud deployments are very true. Security by obscurity may be low effort, but it can result in unknown exposures.
Solution: Maintain detailed information about who is sharing the cloud infrastructure, as well as network intrusion logs, redirection attempts, and other security logs. Deeper engagement with cloud computing provider.


Monday, July 11, 2011

Characteristics of a Good API

  • Easy to learn
  • Easy to use, even without documentation
  • Hard to misuse
  • Easy to read and maintain code that uses it
  • Sufficiently powerful to satisfy requirements
  • Easy to extend
  • Appropriate to audience

Sunday, July 10, 2011

Benefits of API Driven Design

  • Saves development time in medium to long term
  • Reduces errors and debugging time.
  • Facilitates modular design.
  • Provides a consistent development platform.

Saturday, July 9, 2011

Why a Good API is difficult to Design

  • Forces designer to anticipate future usage of code.
  • Requirements are incomplete (may never be complete).
  • Requires abstraction.
  • Requires modularization of functional as well as non functional requirements
  • Requires in-depth skills in programming and design.
  • Loads initial investment in terms of money, time and intellect.

Friday, July 8, 2011

Software without API Design

  • +ves
    • Fast and easy to implement in small projects
    • Can serve as a starting point for API design. Agile!
    • No need to consider how code interfaces with other softwares.
    • Relaxed resource requirement in terms of intellect
    • Immediate results
    • -ves
      • Code has a limited (as opposed to general) functionality.
      • Code might not be reusable.
      • Code is evolution will be difficult so the functionality.

      Thursday, July 7, 2011

      SaaS Integration Challenges

      1. Security
      • Authentication
      • Data Encryption
      2. Volume of data transfer
      • Continual Basis (Real time)
      • Traffic Bust
      • Batch Mode
      3. Error and Exception Handling
      4. Contingency
      5. Data Migration
      6. Turnaround Time
      7. Cost proposition
      8. Support Organization

      Thursday, June 23, 2011

      Choreography in Business Systems

      Most of the current computer systems (from software perspective) work on two core principles:

      1. Deterministic Model
      2. Centralized control
      3. Feedback system
      4. Optimization at component/Sub System Level
      5. Evolution Proof

      Deterministic systems hate uncertainty. In most of the cases logic boundaries are predefined.

      Today’s most of business systems are built around centralized control where one piece of code directs others to act in particular fashion. In this scheme essentially all logic is confined at one place, interacting parties are just slave without brain. This approach keeps system simple on overall basis.

      Most of the business systems do not use feedback system (If they use, they go for periodic feedback not on continuous basis). More over today’s feedback systems assume that there is one correct way, if deviation occur feedback will try to correct the system. Essentially designer of system assumed a perfect correct position. System cannot go beyond that level of correctness.

      We simply assume that if individual components are optimized then system will be optimized. This thought does not leave any room for redundancy, fail over in the system. We like to make system as lean as possible to achieve high performance.

      Though we understand concept of evolution but in today’s computer system, evolution is creator driven.

      All of the five points mentioned above make today’s computer system not fit for Choreography. Choreography requires flexibility
      All the five points above mentioned make computer system rigid, high performing and evolution proof. For choreography systems should be based on Probabilistic Model, distributive control to contain error/exception conditions, evolving feedback system which is based on increasing correctness, system level optimization and open to evolution.

      1. Does business need such systems?
      2. Do we have capability in terms of sustenance of self evolving business processes?
      3. Do we have such high level of computing capability to support such system?
      So, do we need Choreography in business systems? Is SOA ready for Choreography?


      Wednesday, June 15, 2011

      Webservices for eighth grader

      Son: What is web service?

      Father: It is a mechanism for computer to computer communication. This communication is independent of make of computer and its operating system. So Windows machine can talk to Apple machine or to Linux machine without any heavy duty translation. Webservice enforces one language across variety of machines. More over this language is readable by humans as well.

      Son: Hmm… So which language it enforces?

      Father: Let me correct myself. Webservices do not enforce common language but common script. Like Devnagri and Latin are writing systems, scripts to various languages. Devnagri is used to write Hindi, Gujrati, Marathi, and other languages. Latin is for English, German, and French. For Webservices based communication Script is XML and various languages are WSDL, and SOAP. So XML is a system by which one can create new languages.

      Son: It is OK. But then how actual communication happens between computers using web services?

      Father: Let us make an analogy. You know, how we listen and how sound travels.

      Son: Little bit.

      Father: No problem. Let us build a scenario. You are asking questions and I am answering them. So you are Client or Customer and I am Provider or Server.

      Son: It is easy. One who asks question is Client and one who answers the questions is Server.

      Father: Perfect. Let’s move on. We are talking in English. So there is contact between me and you which says that you can ask only in English and I can answer in English. So there is contract between Client and Server. This contract in web services world is defined using WSDL – Web Service Description Language. WSDL also defines what questions a client can ask from Server. Because Sever cannot answer all questions in world, its ability is limited.

      Son: It is getting complicated, but still manageable.

      Father: Good. Now when I and you are talking we are using air as medium.

      Son: Yes, I know it.

      Father: In Webservices you can replace air by HTTP. Just think of browser address bar.

      Son: Oh! Yes. I see http with your blog address in browser address bar whenever I open browser on your laptop.

      Father: You are smart. One more thing, yours and my ears can hear sound if are within certain frequency range. Can you hear sound from dog whistle?

      Son: I know humans can hear sound waves which fall between 20 Hz to 20 KHz.

      Father: That’s good. You should get good grades in Science.

      Son:Thanks .

      Father: So, there should be something similar to frequency range. It is SOAP. This is something which defines how information is packed, flowing over air – HTTP.

      Son: Cool. It is very straight forward. Script which defines language is equivalent to XML. Contract between client and server is WSDL. Information pack is SOAP

      Father: Fantastic. Now you know what Web Services is.

      Monday, June 13, 2011

      Are we still living in Waterfall era?

      Project Closure Documentation

      While going through PMBOK about Project Closure Phase (Project Integration Management --> Close Project and Phase), I realized that output of this phase requires:

      1. Final Product, Service, or Result Transition ( very obvious)
      2. Organizational Process Assets Update ( again very natural)
             a. Project Files: Documentation resulting from the project’s activities
              b. Project or phase closure documents: Documentations indicating successful or not closure of project
              c. Historical Information: Historical information and lesion learned.

      At closure look reveals a glaring gap (especially for software oriented projects), there is no wish list for next iteration. Both Functional and non functional (technical as well) are important. This gets more spot light with agile methodologies.

      A close survey of various Software service providers ( USA as well as Indian biggies) reveals same gap in their mandatory and recommended documentation list as well.

      Does it reveal that we are still living in Waterfall era?

      Sunday, June 12, 2011

      WSDL Architectural Patterns

      While working with Webservices, we all invariably encounter WSDLs. As Software architect and Designer I have noticed four distinct types of WSDLs.
      1. A business entity do various operations

      2. A business entity do one operation

      3. One operation for various entities

      4. Various operations for various business entities

      Each pattern has its own pros and cons. Except option 3, all are widely used. Salesforce Enterprise WSDL follows option 2 while Oracle AIA is big fan of option 2. Lots of home grown applications in enterprises uses option 2.

      For detailed list of operations in webservice refer:

      Friday, June 10, 2011

      Contemporary non function requirements of a Software Product – Part 2

      With feedback of my blog readers and my learnings, I have added few of the # 27 to # 32) non functional requirements.

      In any software product one has functional and non-functional requirements. It is always easier (is it so?) to identify and define functional requirements. But not so easy to define non functional. With increasing experience of software development communities, traditional non functional requirements like availability, usability, robustness ( becoming commodity. But with changing business and technological landscape, new set of non functional requirements are emerging.

      1. Open API ( synchronous and/or asynchronous)
      a. Remote Object
      b. Service (for example)
      i. SOAP based Web Service
      ii. REST Based Web Service
      iii. JSON based web service
      2. Multiple Channel Access (for example)
      a. Connected Desktop (web browser)
      b. Disconnected Desktop
      c. Mobile application
      d. RSS/Atom
      e. WAP
      f. Mobile browser
      3. 3rd party/partners can build on your platform/product
      4. Product as vehicle for 3rd party content
      5. User as editor of relevant content
      6. Content is made available to user when it is ready (push mechanism or at least reactive alert)
      7. User add ancillary data ( like rating, reviews, ranking, link submission, recommendations, etc)
      8. Settings/configurations can be exported and imported
      9. Allow product to run as slave as well as master while integrating with other applications
      10. User as owner of identity
      a. Published Privacy policy with some control to end users
      b. Authentication and authorization using industry wide acceptable standards ( like OpenID, facebook Id, google ID, Yahoo ID, etc)
      11. Variable licensing options (for example)
      a. Transaction based
      b. Revenue sharing
      c. User based
      d. Fixed onetime cost
      e. Time based
      f. Cloud compliant
      g. Processor based
      h. Virtualization compliant
      12. Social Networking features
      13. Serving high band width as well as low band width environment
      14. Information and data search capability
      15. Domain Specific language
      16. Framework for customization
      17. Support distributive SDLC with multiple out sourcing partners
      18. Hardware independence
      19. Place for online advertisement ( like google ad)
      20. Open to migrate to cloud or to non cloud deployment
      21. User Analytics
      22. Dash board
      a. Users
      b. Administrators
      c. Maintenance and support staff
      23. Hooks to monitoring tools
      24. Early release and flexible design & architecture to modify
      25. Concepts of Roles and Permissions (Identity Management)
      26. Multiple Browser compatibility
      27. Reporting Requirements
      28. Audit Tracking
      29. Multiple level of authorization
      30. Certification Requirements
      31. Compliance Requirements
      32. Automated Unit testing just after deployment


      Tuesday, May 24, 2011

      Software Product Strategy Types

      1. No Strategy
      2. Shortsighted: Time duration is very small, some time just next step of No Strategy
      3. Tunnel Vision: Narrowly focused
      4. Too Broad: Opposite of Tunnel Vision
      5. Follow the leader
      6. Peripheral Integration: Integrate related and unrelated product lines/platforms to define a new product line/platform
      7. Rat Race: Just running for me too products
      8. Ahead of Time: Envisioning a product line/platform which is ahead of time in terms of availability of infrastructure, availability of supporting systems, cultural and societal acceptability
      Practically in any successful product company a mix of above strategy types remain in practice.

      Monday, April 18, 2011

      Migration of Applications to Cloud

      To migrate an application to cloud there are 4 possible options:

      1. Rehost: Redeploy the application on HaaS (Hardware as a Service) such as Rackspace or IaaS (Infrstructure as a Service) such as EC2 virtual machines.

      2. Refactor: Tweak existing application (usually web application) to run on IaaS platform (such as Amazon EC2.

      3. Rebuild: Rewrite your application (usually web application) and then port it to cloud (utilize SaaS – Software as a Service such as, PaaS – Platform as a Service such as Windows Azure). You may also utilize Haas and/or IaaS.

      4. Replace: It is clear slate approach. Maximum flexibility is available. One can choose to use SaaS (such as, Paas (Microsoft Azure, Google AppEngine,, and/or IaaS (such as Amazon EC2).

      So which one are you doing?

      Monday, April 4, 2011

      Varity of Type Definition in a Web Service

      In most of WSDLs of enterprise class one finds very simple definitions of types.

      But this approach has one serious flaw, if source like to change (generally add) type system, service has to change. To manage changes at source system, multiple versions of a service crop up in enterprise environment. But the good part of this approach is that one looking at types in WSDL can understand the types easily and least documentation is required for attribute/parameters.

      To overcome the changing number of attributes/parameters and containing changes in source and target systems only (not in the system which facilitates exposure of functionality as service – web service) one can follow one of the following approaches:

      Approaches 2 and 3 have their own set of challenges. Understanding of types is not intitutive and needs documentation with greater details.

      Wednesday, March 9, 2011

      Tuesday, March 8, 2011

      When not to use Scrum

      1. When team size is big ( more than 10)
      2. When deadlines are fixed for fixed features
      3. When multi vendor team is involved and especially part of team is not co-located
      4. Onsite and offshore teams has inconvenient time differences
      5. When pigs do not have decision making authority
      6. When Enterprise Integration need to be executed with implementation of Enterprise Information System.
      7. Offshore teams consist of fresher (very typical scenarios with IT offshoring companies).
      8. Product vision and architecture is not ready.

      Saturday, March 5, 2011

      Book Review: Cloud Security: A Comprehensive Guide to Secure Cloud Computing

      Book Review: Cloud Security: A Comprehensive Guide to Secure Cloud Computing by Ronald L. Krutz & Russell Dean Vines: Publisher- Wiley: ISBN- 13: 978-0470589878

      As the name suggests this book covers security aspects related to Cloud. But book fails to add any substantial to the subject. Book is just collection of IT security concepts appended by cloud.

      I do not recommend this book.

      Disclaimer: I did not get paid to review this book, and I do not stand to gain anything if you buy the book. I have no relationship with the publisher or the author.

      Further reading: Competing book are Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance By Tim Mather and Cloud Application Architectures: Building Applications and Infrastructure in the Cloud by George Reese

      One can get more information about book and related topics from:

      1. Amazon:
      2. Publisher -- Wiley