Emergent Path is growing! We have added two new team members in the last couple of months and I wanted to give them a warm welcome.

 Babak Parvizi comes to us after a year at RIA consulting standouts Cynergy Systems, and several years as a bioinformatics software developer at biotech firm Invitrogen. Babak has a background in biotech sciences and has also spent several years doing software development with Perl, Java, Flash, and Flex. Babak joins Emergent Path as a Senior Software Consultant to lead our RIA consulting and product development efforts.

Abraham Mathew comes to Emergent Path after seven years of experience in the entertainment industry, where he built DVD games and did DVD authoring for high-profile media clients like Fox, WHV, BBC, SnapTV, Lions Gate, NewLine, and Disney. He also has prior consulting experience with Java, Oracle, and PowerBuilder. Abraham joins Emergent Path as a Software Developer, building Flex, Java, and ColdFusion applications. 

Welcome to Babak and Abraham.

Yesterday, Foundstone security consultant Dean Saxe gave a great talk on web application security. Dean covered well-known security vulnerabilities like SQL injection and XSS attacks, and he covered less well-known issues like man-in-the-middle SSL certificate attacks that could expose users to hacks on a seemingly secure site.

Software developers need to know about these issues so they can learn to build applications with a focus on security. Business users need to know about these issues so they can understand potential threats to their businesses.

Security is a set of trade-offs based on risk level and risk tolerance, and everyone concerned should understand the risks in their applications.

I love the NFL. Let's get that right out there. The players, the personalities, the strategy, the matchups - it's an amazing game, and an amazing business. Having said that, I think the NFL is hanging onto tradition without reason, and it is hurting the franchise.

What am I talking about, you might ask? The league announced that the Rams, holders of the 2nd pick in this weekend's draft, could not negotiate with any plaers prior to their selection on draft day, even thought the Dolphins have already signed the 1st pick, offensive tackle Jake Long.

NFL draft weekend is an anachronism that needs to end. Why limit the negotiations? Let players start negotiating with teams as soon as they like. My understanding is that some of the owners are afraid of cutting down on the media coverage (and advertising opportunities) of NFL Draft if they allow negotiations outside the first pick before draft day.

I think the NFL is being shortchanged. for the draft, and so are the fans. I suggest allowing the process to start after the NFL Combine and run until the end of April. The league should cover the entire process, end to end, through a social network on nfl.com as part of NFL Network. Link in the NFL Network channel, mobile Internet, SMS, and other social networks, and you have daily coverage of the draft for weeks on end. That kind of highly targeted Web traffic (based on profiling all users of the social network) is worth gold to advertisiers. The NFL needs to make the Web 2.0 transition and build an emergent Web-based system around the draft, and the league in general. 

What's more, turning the draft into a multi-week saga will appeal to what fans really want - drama. The league is trying to attract more female fans, well here is the opportunity. The human drama, player by player, of the NFL Draft is more exciting than any contrived "reality" TV show. Let the fans experience what the players experience, up close and personal. 

If you work in the knowledge economy, especially in a technical field, odds are you know one or more people who telework.  The trend toward telework has become a wave in this decade. What are the drivers toward telework? Lower costs and better lifestyles are reasons cited by people I talk with about why they prefer to work remotely rather than trek to an office everyday. Environmentalists are getting into the picture, too. On CNet, a recent post talks about the green benefits of telework. 

Whatever you think about the causes for telework, it seems the trend is here to stay. I see it as a natural evolution of the workplace. In the late 19th century to mid-20th century, the industrial economy pushed tens of millions of people into factories. In the latter half of the 20th century, the rise of the knowledge economy pushed millions more into offices. In the early 21st century, we are witnessing the rise of the connected economy and a shift in the traditional office model. At forward-thinking companies like IBM, there is a lower emphasis on physical presence and a greater emphasis on productive work output.

Personally, I am a big fan of telework. I see no reason for the employees of a company to congregate in offices everyday. Most of the arguments I hear in favor of office work have to do with communications and management. Communications issues can be solved with technology, and we will continue to see business communications evolve to meet the demands of telework. Management issues need to be addressed with better management practices. I have always thought that making everyone come to an office for a certain number of hours per day is a poor subsititute for actually monitoring and measuring their productive work output.

Furthermore, the digital economy is a different animal than the industrial and knowledge economies. In this economy, we increasingly deal with bits rather than physical things. There is no machine press to operate, no paper document to send to a colleague. I can just as easily share bits with someone halfway around the world as in the next cubicle. So why should we limit the physical presence of employees, and therefore our potential talent pool, to a small geographical area? There are good reasons in certain situations (mentoring junior employees comes to mind), but those reasons a finite.

Noting all this, I would like to announce that Emergent Path is hiring for two positions, a Senior Consultant and a Junior Developer. Both position are telework positions. The Senior Consultant position is available to anyone in a major metropolitan area of the United States.  The Junior Developer position is open only to someone local to San Diego, but it is a telework position. If you are interested in learning more or know someone who would be a good fit for us, please direct inquiries to careers@emergentpath.com.

As I noted earlier, I dropped my attempts to use a SoHo NAS product in favor of building a NAS from spare parts and a couple of extra items (an SFF case, SATA card and extra drives). The total cost of the DIY NAS was about $700, and it did involve some time for configuration. Cost-wise, if you are billing your time, it probably comes out to a wash to go DIY or buy the Netgear ReadyNAS NV. The ReadyNAS NV is a step above the products I tested in cost, features, and functionality.

However, I have found other uses for the new NAS that make the configuration effort worthwhile, at least for me. We have been running an installation of SugarCRM, but a little while ago we had to re-purpose the machine it was running on, and we had not taken the time to re-install SugarCRM anywhere else. Enter the DIY NAS, a full-featured Ubuntu 7.1 server. In a couple of hours, we were able to install and configure a base deployment of SugarCRM Community Edition. (If you have worked with a CRM system, you know that installation and configuration is just the beginning of the effort for building and maintaining an effective  system). I expect theSugarCRM system to be low traffic in the short term, so pulling double-duty as a file server and CRM application should be fine. Long term, we will need to port the CRM system to more powerful hardware, but for now we have added significant capability to our business at minimal cost. We may also set up the NAS as our local LDAP server in the office, though as a small business we are not yet at the point where domain services are a real necessity. 

For small business, the combination of ever-faster computer hardware and open source software provides a low-cost avenue to business automation that was once the province of huge corporations. Today, any mom-and-pop shop with some technical skills or a few thousand dollars for consulting services can deploy enterprise-class business automation solutions. In one sense, it signals a loss of competitive advantage for big enterprise, and it knocks down an argument for scale in business, which is the cost and complexity of such solutions. There are still lots of other reasons why scale matters, but it is interesting to see how IT evolution has become an equalizer for small businesses.

Apple just released a big patch bundle for OSX, 88 patches in all, 105 MB You can read about the full details in an article on the Register   I wonder if the "big bang" patch release system set up by Apple is related to the release cycles of open source projects like Apache, OpenSSH, and ClamAV? 

 I like the idea of releasing fewer patches with more frequency, but I don't know if Apple has that luxury. Ubuntu has a six month release cycle, and I see some packages missing a release on occasion if their project teams are not on the same schedule. I wonder if it would be possible to get major open source vendors on a common release schedule? Maybe they try, I am going to ask someone from an Ubuntu team and see what they say. If you know the answer, drop me a comment, I would love to know.

One thing I know for sure is that Ubuntu is big, REALLY big, 17015 packages and counting at the moment. Even if only ten percent of those packages are being actively worked, that represents an enormous logistical challenge to get all the project team to hit specific targets. Ubuntu contributors are using collaboration software, especially emergent systems like wikis and blogs, which are great for software projects. I'd love to see someone attempt to build metrics around the use of these collaborative tools in the development of Ubuntu, because it is such a big open source project and it provides both transparency to make it easy to study and enough size to provide both a really good sample of data and scaling evidence from projects large and small. 

My first week using Ubuntu on the desktop has, overall, been a very good experience. Over the last ten years, I have tried several times to switch from Windows to Linux using a variety of distros and strategies. In the past, there have always been deal-breakers - critical applications that would not work on Linux, or that were sufficiently hard enough to deal with that I felt the tradeoff was just not worth the trouble.

This time around, I am happy to report, much has changed. Ubuntu is, in my estimation, now a perfectly acceptable alternative desktop OS for certain situations.  It is not (nor do I expect it to be) a 100% replacement for Windows or Mac OS X. As a friend in the Linux world once said, it is really hard to compete with a company that spends billions of dollars a year on R & D. Still, for all its limitations (and there are limitations), desktop Linux is now a workable everyday solution.

Hardware Support

The major challenge for Linux on x86 hardware is, as it has been for years, providing good hardware support for the vast universe of x86 hardware available in the market. On this front, Linux has made huge gains in the last five years, both from a distro standpoint (see Ubuntu's restricted driver manager) and from a vendor standpoint. Hardware vendors are no longer totally blind to the Linux phenomenon. In fact, I have been able to find usable drivers for all of the hardware I have in current use, including the printing and scanning functions of my Brother MFC-9700. 

Nevertheless, driver support still lags behind Windows. ATI display drivers have become notorious for their spotty Linux compatibility (are you listening, AMD?) . Linux does not support motherboard-base RAID systems (called fake-RAID by the Liunx crowd because the on-board RAID chipsets use motherboard resources for actual operation). 

Even in situations where drivers are available, downloading, installing, and configuring them is not the job of a novice. It took me several hours to properly configure my MFC-9700 so I could both print and scan with it. Let's just say that unless you are comfortable in a Linux command shell, adding this kind of functionality to your system is not in the cards right now.

If you are looking to migrate away from Windows, either individually or as a strategic move for your business, take the time to investigate vendors who supply hardware that is certified (and supported) on Linux. Dell, with its certified Ubuntu offering, is now the big dog  on the block in the desktop Linux market. Dell also sells systems with Red Hat Enterprise Linux, so they have experience in this market, and realistically, Dell is only going to offer products that they are 100% sure they can support. 

If you are more adventerous, you can install Ubuntu on almost anything, and hardware support for add-on cards and peripherals is very good, but be prepared to spend a lot of time browsing the Ubuntu forums, blog sites, and vendor sites, and keep a Terminal window open, because you are going to need it.

Functionality Gap

I have, in the last week, added support for almost everything in my system, although there is a qualification to that statement. I switched from an Intel-based system powered by an Asus P5W DH Deluxe tweaker motherboard and an ATI x1900 PCI-E video card because of reported (and experienced) compatibility issues with Linux. My new hardware profile is an Asus MN2-MX motherboard with an AMD CPU and a Geforce 7200GS series video card.

So what is working now? First, I added support for my Bose Companion 3 USB speaker system. If you haven't heard these Bose sound systems, get to your local electronics store (Frys has them on display) and take a listen. The sound quality beats every other PC-based sound system out there, hands down. The system recognized the presence of USB audio right away, but I couldn't get any sound. After digging through the Ubuntu forums and some other sites, I figured out that I had to disable the on-board sound support from the Ubuntu config files and set the USB audio as the default audio system. Once I did that (and it sounds easier than it was), everything started working immediately.

 I also managed to get my 160GB iPod Classic mounted  (listening to The Clash - London Calling right now), although it was little trickier than I thought from my first look at the blogs. Apple changed the iPod database recently enough that older software meant for older iPods was not working for my Classic. A couple of hours later, I got the necessary software installed, but I still could not see my iPod. A quick check of hardware using the dmesg command revealed that my iPod was attached to the system as /dev/sdc1, but it was not mounted. Mounting a drive is easy, though:

#sudo mount /dev/sdc1 /media/ipod

After mounting the volume, my iPod appeared and Amarok (my music player of choice because it can use MySQL/Postgres to store its database) was able to import the database from my iPod and play all of my music.

I have not re-visited the problem of synching with Windows Mobile. I might just wait a little while and see how Windows Mobile support shapes up in Hardy Heron (Ubuntu 8.04). 

Somewhat unexpectedly, I was able to add full support for my dual monitor setup, including installing and configuring the awesome Compiz Fusion UI for Gnome.  I probably spent an entire day on this solution, though, so consider your time factor before you make the move to install it. Compiz Fusion is an Aero-like UI for Gnome that uses your system's 3D rendering engine to provide cool visual effects. Take a look on YouTube for some cool examples of what you can do with Compiz Fusion. 

Limitations

There are, alas, still applications that are not available for Linux. The most important missing application, purely for compatibilit issues with web sites, is Internet Explorer. My wife's primary business web site is an IE-only affair at the moment, so for her, Linux just isn't a realistic option right now.

Some network services may be complicated by the use of Linux in heterogenious environments. If you are looking at replacing a set of Windows desktops with Linux, do your homework first. Get a couple of machines set up and see how well they play with domain services, network shares, network printers, and the like.  Providing sufficient support for Linux desktops in an enterprise environment is going to be dependent on having certified hardware and software solutions (check out Dell) and a trained IT support staff that can solve issues like getting network printers and shares to work with these new systems. All in all, the support costs are probably still going to outweigh the benefits of throwing off the Windows licensing model for desktops, but that's a judgement that IT execs will need to make for themselves.

As I last posted, I have been thinking about wiping my desktop and switch to Linux. I almost took the plunge back into a Linux desktop, but before I did I decided to catalog all the programs I would still need to run in Windows. Very quickly, I realized that switching to Linux outright was not really an option at this point. I use too many Windows-only programs for various things to make it an easy move.

That doesn't mean Linux is totally out. I could run Linux and still run Windows in a virtual machine. (Having mastered the art of KVM on Linux, I am going to find ways to make it work for me). But I am still confronted with the very unappealing prospect of spending 2-3 days re-building a machine that works perfectly well. As a techie, I am itching to make the move. As a business owner, I can't think of a more wasteful way to spend my time than re-imaging a machine that serves my needs just fine. 

What I did instead was a lot less time-consuming, and got me out of the "new car itch" mode I was in just a couple of days ago. I downloaded a program called the Vista Transformation Pack that grafts a Vista-style UI layer on top of Windows XP. If you are using XP rather than Vista but are jealous of those cool Vista widgets and themes, I suggest you check it out.

I recently installed Ubuntu 7.10 (server x64) on a server I have. I added Gnome desktop for ease of use dealing with administrative tasks (no one will ever convince me that remembering commands like "sudo chown -R user:group /var/whatever" beats have a nice friendly GUI, but I digress).

I have been very pleased with Ubuntu 7.10 with Gnome. It can still intimidate the uninitiated (s, but it seems that someone has finally got the Linux desktop right. Furthermore, I am stunned at how fast some operations are compared to Windows XP (although there are plenty of areas where Gnome still gets poor grades compared to Windows).

I am seriously considering wiping my desktop and dropping in Ubuntu, then adding a virtual machine with XP for any necessary stuff. I haven't dug deep enough to consider all the implications of the move, and I don't really have the time right now to deal with it, but I find myself frustrated with Windows bloat and looking for an alternative. I'm not a Mac guy (and I'm not replacing my hardware anyway) so Linux seems like the best and only option at the moment.

The biggest obstacle I see is driver support fr my ATI video card. The saga of Linux drivers for ATI has been well documented; it suffices to say that dual monitor support and high resolution, high performance, stable drivers are not exactly a sure bet with ATI cards. Is it worth it? Probably not right now, but that's more because of the driver issue and my general lack of free time than issues with Linux. Maybe I trade in my ATI card for some nVidia gear. 

Anyone else using Linux on the desktop? I'd love to hear how it is working out, especially with multi-monitor support. I'm not a gamer (at least not in the last few years), but I need high-res and good performance from a multi-monitor setup.  

More generally, I am wondering about the possibility of using Linux as a standard developer desktop for the organization, but if I can't make it work for my own use, I'm not going to force it on anyone else. 

In the last two parts of this series, I covered why you should consider running ColdFusion in 64-bit mode and what steps you would need to take the get the basic installation set up and runinng. In this post, I will cover the steps necessary to configure the system to run in production mode.

Running JBOSS as a service

The first thing you need to do to run in production mode is have JOBSS run as an auto-starting service in Windows. You can use SrvAny to run any executable as a service in Windows. In the case of JBOSS, though, you need to have better integration with the application than SrvAny can provide. I decided to use the Java Service Wrapper, a bit of open source software from Tanuki Software. At the time, there was no native 64-bit Windows compiled binary on the site, but I managed to find someone who had successfully compiled the binary for 64-bit Windows, and he was gracious enough to share it with me.

The wrapper, at its most basic, uses a conf file to configure the Java application service. It provides a lot more power for integration at the application layer if you choose to use it, but for my purposes, basic integration was fine.

The wrapper configuration file contains the configuration information for the Java application, such as heap size and other JVM options, and all the information for the Windows service. You can see my wrapper.conf file to get a sense of how to configure JBOSS using this tool.

The wrapper allows you to configure several important aspects of the environment, including heap size, logging location, application log size and rotation, and the timeout values for application shutdown and JVM exit. Because memory can take time to dump during application shutdown, these last two settings are very important for an application configured with a large heap. In this case, you can see in the file that the heap is set to 12 GB for both min and max, providing plenty of headroom for memory-hungry applications at scale.

Adding the service is as easy as setting up the wrapper confgiruation file and running an executable to install the service with the configured options. If you want to use the Java Service Wrapper, dig into the details on the web site.

Integration with Apache

Unless you want to serve your application directly out of the built-in JBOSS web server, you will probably be integrating with Apache HTTP Server. I first integrated with IIS 6. I found the process extremely difficult (I still don't know exactly what I did that got the solution working), and ultimately it failed to meet my needs. By contrast, I found Apache integration easy and very flexible. My method of Apache integration consisted of setting up mod_rewrite in Apache and adding a rewrite rule to forward all ColdFusion requests to a specific port and path where my application lives.

RewriteEngine On
RewriteCond   %{REQUEST_URI}   ^/(.*)(\.cfm|\.cfc)
RewriteRule   ^/(.*)   http://localhost:8080/myappPath/$1   [P]

 Note in the configuration that you would need to add additional extensions that you might be using beyond cfc and cfm if you wish for them to be forwarded to CF for processing. Port 8080 is where JBOSS is serving my application. myappPath is a Windows symlink to a shared storage device where my application code lives. Windows Vista contains the mklink.exe command that adds symlinks. For earlier versions of Windows, the Windows Resource Kit contained a tool called linkd to create junction points in NTFS volumes. Using this tool, you can create a symlink that points to a directory outside the JBOSS directory and map it to a path inside the cfusion.war folder in JBOSS where ColdFusion lives.

Ultimately, this means that JBOSS is in fact serving the application out of its web server, and Apache is acting as a forwarding proxy to JBOSS. In my case, using Apache as a proxy allowed me to continue to use the shared storage device for the application code respository and still serve the application at the root context to the user, e.g. www.myapp.com/, instead of www.myapp.com/myappPath. That ability might not be a big deal for new installations, but for the migration of existing applications, especially applications with hardcoded links to locations based on the application root, it is essential in order to maintain the integrity of the application.

Those are the basic configuration steps involved in getting the srever ready for production. Beyond these steps, there are steps to take in tuning and slimming JBOSS. I will cover that process in the next installment.