whatknows :: do you?

June 25, 2007

AJAX Insecurities

Filed under: Technology — Jed @ 6:15 am

ajax.jpgIf your organization is anything like mine, many people don’t know what to make of the AJAX revolution. It seems we are at a tipping point. The web is now saturated with AJAX enabled applications, and development platforms now use these techniques sometimes with out developer knowledge (think .NET and the “god” object). It is not surprising that your enterprise security folks are beginning to take notice.

Last week I attended a training on web security at the SANS Institute where a substantial amount of time was spent on the “problem” of AJAX. I was stunned. The SANS Institute was presenting the security hurdles as so large, so unique, that enterprises should question its adoption. Ever since the introduction of AJAX, the internet has been abuzz with security related concerns, but what for?

I had the fortune of designing the first AJAX application at the AAMC. It was the MCAT Registration system which took a cue from Google Maps and represented test centers spatially and temporally by using a calendar/map combo interface. Registrants could search for test dates and locations via a DHTML interface and then query seat availability with a traditional AJAX call.

This project had numerous difficulties for every predictable reason (new platform, insufficient capacity testing, multiple external and synchronous web services), but amidst flooded database pools and Apache connection timeouts, people were desperate to know why we had used AJAX. These questions were baffling. For my team, it was the equivalent of asking “why did you use images?”

(more…)


June 10, 2007

Have you seen my community?

Filed under: Personal — Jed @ 8:35 pm

Capitol Pride – sponsored by Bud Light, Mayor Fenty, 32 candidates for positions I didn’t know existed, Haagen Dazs that no one will eat, and a poster featuring Hillary Clinton’s face. Where did my community go?

Trish, who is a stunning new addition to my life, agreed. From South Carolina, she is much more accustomed to the grass roots type of gay community that I grew up with in Salt Lake City. Instead, yesterday’s parade was a series of moving billboards. It is bewildering to look around and see an endless sea of people who have somehow been collectively relegated to marketing targets. It is troubling because this is exactly what we wanted.

I remember my first Pride. I was scared to have my photo taken by the newspaper, uncertain how my parent’s would react if the Jone’s next store became aware of my “phase.” But we weren’t there to hide, and cameras or not, personal ethics were involved. Salt Lake’s Pride is started with the traditional Dykes on Bikes, but it is quickly followed with a Pride flag that stretches for at least a city block. Pride officianados know that it is customary to throw money into the flag as it passes, honoring the drag queens who first threw coins at police men and ignited our fight for equal rights. Salt Lake’s version was created by a local family who lost their son, and touched by the story I volunteered to help carry the flag. It wasn’t act of pride that first year, but rather hope for self-acceptance.

Over the years, my love for Salt Lake’s Pride grew. I would go to march and support my friends, thrilled as those who had made such an impact on my life all gathered to cheer each other on in a culture that wished we would disappear. But with the oppression gone, has my community left with it? Perhaps I still don’t understand D.C., or I don’t quite grasp how to create family in such a large and now seemingly arbitrary LGBTQ(l, m, n, o, p) designation. It might just be a by-product of D.C.’s famously transient nature.

Parades are fun, but is the fight over? Did we win? What were we fighting for? The struggles of my childhood have evaporated with the years, and this generation seems to enjoy a normalization guaranteed by the Will & Grace effect. The fight for marriage falls flat as we question the sanity of marriage in the first place, AIDS has been demoted to history, and I can’t help but feel we are all on the edge of an existential crisis.

Perhaps Salt Lake was just a set of training wheels: “I march, therefore I am.” This is pretty much how the equation worked. Without the training wheels, perhaps now the hard work can begin.


June 9, 2007

The BBQ? Put it in the ornamental grass.

Filed under: Personal — Jed @ 8:56 am

Last night was amazing. Amazing food, amazing drinks, but most importantly amazing people.

When people in the ’09 class of CCT started to meet through various online avenues (so Web 2.0), the logistics of moving to DC dominated most conversations. Having the luxury of already living in DC, and able to bypass what is nothing short of a nightmare, I focused on other logistics: BBQs.

Moving is always rough, but from my perspective it is the landing on the other side that always catches you unexpected. I was fortunate to form a couple close relationships quickly after moving to DC, but it was nothing compared to the social networks to which I was accustomed. To top it all off, some CCTers were moving to DC early and without even classes to act as distraction, I set out on a mission. “We have to have a BBQ the minute you get here!”, I said to Sarah one day on Facebook.

This was of course a ridiculous thing for me to say. I live in a basement condo with only a small patch of ground cover/ornamental grass in front. Events like these, however take on a life of their own, and before I knew it there was an Evite in my inbox inviting me to grill in my own “front yard.” After many nights of preparation and shopping, Friday arrived, I went to pick of the grill and Juliet (grill-maven, honestly the one who fed us), and whip everything together last minute.

(more…)


June 6, 2007

Zend/PHP Paper Proposals

Filed under: Technology — Jed @ 7:17 am

Zend will be holding its annual conference in San Francisco this year. Zend/PHP Conference and Expo 2007 (or ZendCon for short) promises to bring together the best of the PHP community. Sessions will be attended, drinks will be shared, geeky questions posed (Do you know what interpolation is?), and life lessons learned.

I have submitted two abstracts for paper presentations, included below. They are both exciting topics that take mature development practices from other technology vendors and communities (primarily Adobe and Java), wrapping them up for the stabilizing PHP community.

AJAX Components written in PHP (submitted with Brett Harris)

Web 2.0 has made UI development more complicated. With these emerging techniques, developers lack a set of cohesive tools with which to develop these new applications. This results in ad-hoc solutions consisting of poorly written code and little documentation. Templating systems are accepted as the best way to separate user interfaces from business logic. Web 2.0 is moving us away from this traditional separation as more business logic moves to the client side. AJAX libraries provide the means for this redistribution, but have yet to be integrated with PHP templating systems. This session will discuss blending AJAX and PHP templates into reusable UI components, and the benefit of a componentized front-end. Audience members will be shown our approach towards building a cohesive toolset that simplifies development by standardizing the front-end resulting in easily maintained and documented code.

Test Driven SOA

SOA presents challenges for web services and their consuming applications. Developers relinquish control over crucial functionality when they depend on web services developed by someone else. In this session, I will discuss the use of test-driven practices and design patterns for developing service consuming applications. I will focus on the use of mock objects to mimic the behavior of actual services and explain how mock objects can be used to aid parallel development, functional testing, and debugging. Attendees will learn how to isolate external dependencies and how to simulate different behaviors of external services. These advantages will be demonstrated using an example release iteration of an application using mock objects.