ALM Rules of Engagement

If you've been reading the pages of Redmond Developer News lately, you know that application lifecycle management (ALM) is an increasingly active arena for solutions providers. Borland famously bet the farm on ALM when it decided to shift away from the developer tools business in 2006. More recently, software configuration management (SCM) vendor CollabNet has extended its Subversion product to incorporate ALM features.

But adopting ALM takes a lot more than simply deploying tools. After all, enabling a successful ALM strategy means tapping into existing software development and business processes, while doing it in a way that does not prove prohibitively rigid or difficult.

It's a tricky balancing act that Macehiter Ward-Dutton Principal Analyst Bola Rotibi says needs to be well thought-out. For those embarking on an ALM initiative, Rotibi offered some key "rules of engagement." Her list includes:

  • Get professional help and support from the outset.
  • Work from a coherent strategy and vision.
  • Invest in mature tools and platforms that offer modular implementation (and licensing) with strong usability features.
  • Develop a small and steady modular roadmap.
  • Establish a repository and configuration management strategy.
  • Define clearly existing processes and goals.
  • Evaluate potential failure points and strengths.
  • Invest in education and training for the IT delivery team and business heads.
  • Implement a measurement, QM and risk-mitigation framework.
  • Build support for proactive and reactive processes.
  • Start off small and build out.

Are you embarking on an ALM initiative, and if so, what challenges have you encountered in the effort? E-mail me at [email protected].

Posted by Michael Desmond on 08/26/2008 at 1:15 PM0 comments

Talking Up Apple

Growing up with my younger brother, we used to engage in a dangerous game of sorts that we called DefCon 1. The goal of the game was to annoy your sibling as much as possible, without having him actually haul off and hit you. Granted, the contest was far less dangerous than some of our favorite pastimes, which included Yard Dart dodging and toboggan rides in the woods. But my brother is a large man, and if I screwed up I was likely to be sporting a few bruises.

So when I called out Apple for its control-freaky nature in Tuesday's column, I figured I might have crossed the line and earned a punch in the arm. After all, the Apple community is notorious for nothing, if not its passion. Surprisingly, I received some nuanced replies.

Bill responded by noting that there's "a fine line between protecting your infrastructure and investment and surreptitiously guiding or vetting the experiences and options of your customers." As Bill noted in his response, Microsoft and plenty of other companies have stomped all over that line. While he defended Apple products, he agreed that efforts to over-control the platform can be damaging:

"Your caution is appropriate, I believe. It is mitigated for me by the positive experiences I have had with Apple products. For the most part, they simply support what I want to do more transparently."

Others were less understanding.

"To criticize Apple for the built-in kill switch is hypocritical by an industry that Microsoft created with its activation and WGA [Windows Geniune Advantage]," wrote Mark from California. "Yes, they [Apple] are control freaks regarding their IP and their platform, but so is Microsoft with its products and even more so."

Mark has a valid point. Microsoft drew sharp criticism from us for a failure that caused its WGA validation service to malfunction last year, threatening the reliable operation of enterprise software. And I've long been critical of restrictive digital rights management (DRM) and license-enforcement systems, if only because those systems inevitably place enormous burdens on law-abiding customers.

So while I'm more than willing to paint both Microsoft and Apple with the same broad brush, when it comes to issues relating to IP and platform control, I still contend that Microsoft's more federated approach provides more elbow room for developers and users alike to ply their own way -- as flawed as that way may seem to iPod, iPhone and Mac owners.

"If I had to register every piece of software I developed with Apple, for my own use on my equipment, I would be royally PO'd," wrote Matt from Yakima, Wash. "I honestly don't see the draw for an Apple developer. I can make any app I want for a Pocket PC or Windows workstation and never have to worry that Microsoft will ban my program from running."

That sound you hear may be me losing another round of DefCon 1. E-mail me at [email protected] with your thoughts.

Posted by Michael Desmond on 08/21/2008 at 1:15 PM0 comments

Is Apple Onto Something?

Last week, Apple surged past Google with a market cap of just over $157 billion. I suppose now is an appropriate time to make a confession: I never liked Apple Computer.

For all the fantastic industrial and consumer design, slippery-smooth hardware and software integration, and tightly evolved product development, Apple to me has always been a company that just can't quite get it right. And by "right," I mean not demand complete control over everything on its platforms.

We got a nice reminder of that habit when it was alleged that the new 2.x firmware for the Apple iPhone includes a provision to call home and check for unauthorized applications on the handset. As reported in Engadget, iPhone hacker Jonathan Zdziarski said the firmware features a blacklisting system that may be able to remotely disable applications.

Never mind that Apple says the blacklist is to identify apps that should be denied access to the iPhone's CoreLocation framework, which provides support for GPS and other geo-located applications. The company's long history of rigidly controlling its ecosystem has people assuming the worst. And honestly, even after Apple's statement, it's hard to blame them.

The culture of control is etched into the DNA of Apple executive management. Consider the fate of Power Computing, a clone-maker that built a humming business in the mid-1990s selling Mac OS-compatible systems. The company was in the midst of its best year when Steve Jobs returned to Apple in July 1997. By September, Apple had bought up key Power Computing assets and shut down the clone business.

Now Apple is making a splash in the arena of mobile application development, with its AppStore service that gives developers a one-stop shop for making software available for iPhones. You can read about this in our Aug. 15 cover story by Senior Editor Kathleen Richards. If AppStore can do for mobile apps what iTunes did for digital music, we'll be looking at a dramatically changed marketplace in the next few years.

And honestly, I'm not sure how I feel about that. Because as slick and compelling and inventive as Apple the hardware and software company can be, I worry about the culture of control in Cupertino.

Do I worry too much? E-mail me at [email protected].

Posted by Michael Desmond on 08/19/2008 at 1:15 PM8 comments

Silverlight: A Good Thing, Served Badly

If you've been reading Redmond Developer News, you know that the Beijing Summer Olympic Games currently underway in China may be of particular interest to .NET application developers. You see, Microsoft decided to use the games as a platform to showcase its Silverlight rich Internet application platform.

Go to and you'll land at a rather busy-looking portal page with links to all sorts of Olympics-related news, video and schedules. Silverlight's role in all this is as the delivery platform for streaming video of events. For followers of less-than-marquee sports (I'm talking to you, badminton fans), the site is a huge benefit.

The problem is in the execution. First of all, the interface is terribly complex and convoluted for something intended for a broad consumer audience. Just making sense of where to find the video can be a bit tough. There's a "Video" link along the top, but it's unclear if that's where all the latest and greatest video event coverage is. Navigate by sport, and you're presented with no clear Video section.

Second, there's the issue of the player itself, which launches in a second browser window. The Standard Player offers a smaller window and a busy array of tabs, links and ads for navigating content. Click the Enhanced Player icon to achieve higher resolution, and you get a more soothing interface and larger video window. But I was disappointed that the Video window itself couldn't scale. YouTube offers a full-screen mode -- why can't Microsoft and NBC?

Finally, the enforced delay on streaming televised events is...well, it's maddening. It's hard enough to know whether events taking place halfway around the world are actually broadcast live or on tape delay. Now we have to guess at when the online video of an event that may or may not have taken place will arrive?

My experience with the Silverlight streaming video, overall, has been good. There's been just a few, brief pauses in the stream. The resolution is good enough for desktop viewing. And I definitely appreciate that this channel delivers so much action that would otherwise never see the light of broadcast day on NBC or even its sundry satellite channels (MSNBC, CNBC).

But Microsoft should be less than satisfied with the way the video experience itself has been packaged. Redmond, of all companies, knows that it's not technology that wins markets -- otherwise, Windows would never have ousted IBM OS/2 as a desktop operating system.

Have you had a strong development effort undone by bad marketing or packaging? Tell me your tale at [email protected].

Posted by Michael Desmond on 08/14/2008 at 1:15 PM7 comments

Visual Studio 2008 SP1 Lands

So Visual Studio 2008 Service Pack 1 (SP1) is finally here. And as service packs go, VS08 SP1 is a pretty big deal.

The new bits do more than simply clean up flaws and holes in the shipping versions of Visual Studio and .NET Framework 3.5. As John Waters' story reveals, SP1 adds important new features, from innovative data-handling technologies to game-changing design-time tooling.

You could argue that calling this release a simple SP1 entirely understates the importance of the latest versions of Visual Studio and .NET Framework. Look no further than SP1's support for language integrated query (LINQ) and the ADO.NET Entity Framework (EF). These technologies promise to literally change the way developers work with data.

In fact, as Gartner Analyst Mark Driver noted, the EF introduces an object relational mapping (ORM) toolset to Microsoft-bound developers.
"It replicates what people like to do with Hibernate. LINQ to Entities is as close as you're going to get to Microsoft's ORM facility any time soon," Driver said.

Ultimately, the data and scalability improvements of SP1 could help make the .NET Framework enterprise-ready in the eyes of large development organizations. But Forrester Analyst Jeffrey Hammond has some misgivings about the pile-up of redundant tooling and resources that could complicate decision making for development managers.

"This richness of choices is something that can create confusion among developers," Hammond said, noting that developers can use the .NET client runtime, Silverlight 1.1 or 2, or the Web Parts Framework to build rich client interfaces. "Microsoft needs to continue to support developers to help them make the right choices among all the options they now have."

What are your impressions of VS08 SP1 and the updated .NET Framework 3.5? Are you planning to move to the new tooling soon? Let me know at [email protected].

Posted by Michael Desmond on 08/12/2008 at 1:15 PM0 comments

Iron Chef Competition at Black Hat Cooks Up Security Goodness

Brian Chess has forgotten more about application security than I'll ever know. The founder and chief scientist of security solutions firm Fortify Software was a speaker at the Black Hat information security conference that concludes today in Las Vegas. He also served as host of the Iron Chef: Fuzzing Challenge security cook-off at the conference, which offered attendees a creative alternative to the usual 60-minute PowerPoint presentation format.

Chess admits that the Iron Chef format -- cribbed from the popular cable TV show of the same name -- hardly imitates real-life conditions. Under the format, two security experts have 60 minutes to discover and exploit a code flaw in an open source multimedia server application. One contestant is armed with static analysis tools, while the other uses random fuzz testing. At the end of the hour, the experts present their findings and work to judges, who select a winner.

"Like the 'Iron Chef' TV show, it's utterly ridiculous that you can take what a chef does and present it as a competition based on what they do in an hour," admitted Chess, who said the format lets "the audience feel like they were more involved and have some fun."

He said the Iron Chef format was valuable in letting attendees see how the vastly different approaches could be used toward the same goal.

"By far, my favorite comment from anybody yesterday came from Window Snyder. She's the chief security person at Mozilla and she was one of the judges," Chess said. "She came away with a much better understanding of the capabilities of static analysis and that was a really good deal."

In an e-mail exchange, Snyder wrote: "Fuzzing has been very successful for us and found lots of vulnerabilities. My experience with static analysis has been that there are so many false positives that it can be difficult to get any real value out of it. I was impressed that these guys were able to identify what appears to be a significant issue in such a short period of time using static analysis tools, and it made me reconsider whether it was time to take another look at these tools."

One thing the session illustrated is the need for security professionals and developers to find a common ground in crafting more resilient software. Chess said that application developers must incorporate security best practices in their work, even as they partner with security experts. The growing challenge of securing software demands a blended approach.

"There are two functions here and it is irreducible," Chess said. "We need to have software developers who will do their best to build the right thing. And then we need people to come and verify that they did build the right thing."

Is your organization doing enough to make security part and parcel of software development? Let me know at [email protected].

Posted by Michael Desmond on 08/07/2008 at 1:15 PM0 comments

SharePoint: Take It Outside

As far as I know, my father cannot count to three. Growing up, when my younger brother and I began to fight, my dad would simply begin to count, loudly, and we would sprint downstairs. To this day, I don't think my father has ever counted all the way to three.

I bring this up because a recent Forrester report about Microsoft taking SharePoint online reminded me of one of my father's favorite phrases: "Take it outside!" Wrestling in the den? Take it outside! Fighting over the remote control? Take it outside! Facing keen opposition from services-savvy competitors? Yeah, take it outside.

My father's angry bellows must have echoed off of Mt. Rainier, because the execs in Redmond have thrown open the shrink wrap to launch online offerings like Office Live, Windows Live services and, most recently, SQL Server Data Services (SSDS).

Forrester Research recently published a report, "SharePoint Shoots for the Cloud," that makes a pretty strong case for Microsoft's new SharePoint Online offering. Typical of SaaS implementations of shrink-wrapped solutions, SharePoint Online offers a low barrier to entry, at the cost of limited features, customization and integration.

In the case of SharePoint Online, organizations get what Forrester's Rob Koplowitz called "commoditized collaboration," with a feature set that roughly mirrors that of Windows SharePoint Services found in Windows Server 2008. As an on-ramp to selling full-on Microsoft Office SharePoint Server (MOSS) licenses, SharePoint Online seems like an interesting strategy.

What's more, there's little opposition from IT orgs. According to the report, fully 40 percent of surveyed enterprise and SMB organizations say they already use SaaS for collaboration tasks such as e-mail, IM, Web conferencing and team workspace.

From a development perspective, SharePoint online offers a way for companies to test the waters and determine, at least in a limited fashion, what they really want to do. And if your IT management is rigorous enough, the approach can prevent wildcat SharePoint Server installations from producing integration and migration headaches down the road.

At the end of the day, however, my father's advice only gets you so far. Because it's the content management, forms handling and business intelligence features of the full-blown SharePoint Server that let corporate developers add value. And until your organization is willing to make an investment to bring all that in-house -- and to manage it effectively -- the opportunities remain pretty limited.

Is your company looking at SharePoint Online, and if so, why? Let me know at [email protected].

Posted by Michael Desmond on 08/05/2008 at 1:15 PM0 comments

LINQ Skeptic

Anyone who has spent more than a few hours in front of late-night TV has seen the unintentionally funny commercial for the Hair Club for Men. You know, the one where the company president proudly announces: "I'm not just the president, I'm also a client."

Well, Paul Kimmel, longtime enterprise application developer and author of the new book LINQ Unleashed for C# (Sams Publishing, 2008), has had a hair club moment of his own. Only in Kimmel's case, it's over the Language Integrated Query (LINQ) data access technology introduced as part of .NET Framework 3.5 and Visual Studio 2008.

Kimmel, you see, was more than a little skeptical about LINQ when he first heard of the technology. To his mind, LINQ couldn't fix what was already wrong with SQL, which he felt lacked the simplicity and consistency of natively object-oriented code. But when he set to work to write LINQ Unleashed for C# (in part, he said, to get a "continuing education"), something funny happened.

"I just decided to give LINQ a second look, and as I started to explore and use it, I realized it was a well-conceived extension of the architecture and tightly integrated," Kimmel said. "They really didn't just glom this on here. It was really an evolutionary progression of features and capabilities."

Today, Kimmel is using LINQ in a limited fashion in some of his enterprise development projects for Electronic Data Systems (EDS). But he expects that we'll all be seeing a lot of LINQ in the future. The benefits, he said, are just too great to ignore, especially when developers are struggling with so many different data access approaches.

"Once you know how to do a left join or how to use aggregation or something like that, it is pretty much the same, regardless of the technology you are hitting," he said. "That homogenization of knowledge, where I have to learn one set of grammar for all these different technologies, is a tremendous lever for what I need to learn to be productive in the enterprise."

Kimmel said it will be some time before LINQ gains widespread adoption. After all, the industry is still waiting for LINQ to Entities to emerge in its final form. But Kimmel thinks the technology could help attract developers to .NET.

"The LINQ technology has so many useful tools surrounding it that most developers are going to be interested, and it may be the thing that moves the VB6 guys to .NET," Kimmel said, noting: "Nothing is going to get the FoxPro folks out."

Are you a LINQ skeptic, and if so, why? E-mail me at [email protected] and let me know what you think is wrong -- or right -- about LINQ.

Posted by Michael Desmond on 07/31/2008 at 1:15 PM10 comments

Power Down

It's no secret that power consumption is a worrying issue among datacenter managers. As system hardware becomes cheaper and energy costs continue to rise, IT managers might find that they'll spend more to power and cool a system over its lifetime than to actually buy it.

Which is why guys like Dan Pritchett, a technical fellow at eBay, has moved beyond thinking about transactions per second (TPS) with his applications to focusing on transactions per second per watt (TPS/w).

"One of the primary challenges we started to face in 2006 was power. The datacenters were maxed out and we were still running at capacity," said Pritchett, who noted that local municipalities were often physically incapable of delivering enough power to meet eBay's growing energy needs.

Power consumption and efficiency are hardly new; mobile platforms have obsessed about these issues for years. But the need to reduce power consumption in server and even client applications has become acute enough that some development organizations are actively seeking ways to do more with less -- be it in the datacenter or on the desktop.

Check out this interesting article, titled "The Case for Energy-Proportional Computing," for more on the energy consuming habits of modern servers.

Virtualization has played a huge role in datacenter operations, enabling companies like Google and eBay to maintain ample hardware redundancy while driving up utilization -- a key for energy-efficient design.

But dev shops can do more, Pritchett said. He urged dev managers to look to established best practices and to focus on efficient, scalable designs. At eBay, for instance, databases are always sharded -- split into smaller pieces -- to produce optimal scaled performance. "Those things definitely come at a cost," Pritchett said. "But if you are wanting to move into hundreds of millions of entities in your system, and you're wanting to deal with tens or hundreds of millions of transactions per day, that's what you are going to move to."

He also urged developers to work toward parallel programming, so that fully threaded code can work efficiently across multicore processors. "I think going forward this is definitely going to be a huge issue. We are going to start having to leverage the parallelization of the hardware into the app space," he said.

Are you worried about the energy efficiency of your apps? E-mail me at [email protected].

Posted by Michael Desmond on 07/29/2008 at 1:15 PM0 comments

Open Source on .NET: Ignored and Embraced

On Tuesday I wrote about a conversation I had with Shaun Walker, founder of the popular open source DotNetNuke Web application framework for .NET. I wrote about Shaun's experience founding DotNetNuke and what it's like to be an open source developer working under .NET.

Based on some of the comments to this entry, I think people might be misreading the context of the interview. As is clear from the original post, Walker has enjoyed outstanding access and guidance from Microsoft -- specifically through the Developer Division (DevDiv) under Scott Guthrie. In fact, it was Guthrie himself who hooked Walker's team up with key people in Redmond.

When Walker said his team was being ignored, he was speaking specifically of other groups in Microsoft -- among these being the open source group led by Sam Ramji. Walker said Ramji's group seems most interested in luring non-.NET (read: Linux)-based open source developers and projects over to the Microsoft platform. Native .NET developers -- including DotNetNuke -- just aren't on Ramji's radar.

And that, Walker thinks, is a shame. DotNetNuke has benefited hugely from the attention lavished on it by the DevDiv, but Walker believes there are scores of worthy, .NET-based projects that are just not getting the support they need.

"We're hoping that over time that attitude will change and they will provide more support for native open source application vendors," Walker told me.

Walker isn't alone in this sentiment. Back in April, Coding Horror blogger Jeff Atwood spoke at length about his frustrations with how Microsoft treats open source developers. He went so far as to say that "open source projects are treated as second-class citizens in the Microsoft ecosystem."

Walker, for his part, believes Microsoft is heading in the right direction. "I do think it is going to improve over time. Like anything that is immature, it does take some time to figure out how to coexist peacefully and collaborate successfully," he said.

Do you think Microsoft is doing enough for native .NET open source developers? What would you like to see Microsoft do to improve its efforts to serve this group? E-mail me at [email protected].

Posted by Michael Desmond on 07/24/2008 at 1:15 PM4 comments

Q&A with Shaun Walker: Welcome to Bat Country

"We can't stop here. This is bat country!"

Few lines of prose not written by Douglas Adams have made me laugh out loud the way this brilliant scene from Hunter S. Thompson did. The quote, of course, comes from the epic desert driving scene in Thompson's novel Fear and Loathing in Las Vegas. The author and his attorney are barreling down a desert highway, so pumped full of drugs and chemicals that the author begins hallucinating badly.

I thought of this moment, remarkably enough, while talking with Shaun Walker, the creator of the popular DotNetNuke open source Web application framework for .NET. Back in 2001, Walker had started tinkering with a Microsoft sample application, called the IBuySpy Portal, designed to illustrate to developers the value of the then-nascent .NET Framework.

Walker shared his work -- which he called the IBuySpy Workshop -- with other developers on the ASP.NET community forums, quickly drawing an active following. It became clear to Walker, and to Microsoft, that he was onto something big.

"I released the original IBuySpy Workshop on Christmas Eve 2002. Within a couple weeks, there were 5,000 downloads," Walker recalled. "I realized, 'Oh, there is really a need for this kind of application here.'"

Three months later, Walker was in Redmond, meeting face-to-face with Scott Guthrie, who's now the corporate vice president of Microsoft's .NET Developer Division (DevDiv). That meeting, five years ago, illustrates that Microsoft is no stranger to leveraging open source development.

"The DevDiv division at Microsoft is very open, and specifically Scott Guthrie is very innovative and kind of visionary when it comes to emerging software development trends," said Walker, who recalled that Guthrie was working hard to build "a larger, more loyal, more passionate developer community around the .NET platform."

The message to Walker in 2003 was clear: Bats or no bats, we can't stop here.

Today, DotNetNuke is the largest open source project for the Windows platform, and among the most popular open source projects on any platform. Walker credits the active partnership with Microsoft's DevDiv group for helping keep his project rolling. But he's ambivalent about Microsoft's treatment of .NET open source developers overall.

"Microsoft has a lot of divisions in the company and I think each division treats open source differently," he said, describing Sam Ramji's Open Source Software Lab group as "a marketing division" that seems to ignore .NET-based OSS developers while working overtime to lure Linux projects to Windows.

By the same token, Walker noted, the Office division responsible for SharePoint development seems to largely ignore DotNetNuke, despite its competitive threat in the arena of Web publishing, collaboration and document management.

Walker's experience is enlightening. As Microsoft struggles to adapt to open source development, services-based software and cloud computing, it's important to keep in mind that Redmond is no monolith. Far from it, the company can be stubbornly, frustratingly, diverse.

"I don't think we're being treated as a threat," Walker said. "We're being ignored. Embraced by some, ignored by others."

Posted by Michael Desmond on 07/22/2008 at 1:15 PM7 comments

ISO Denies OOXML Appeal

Back in the heat of the democratic presidential primary race, I used to joke that newly-minted front runner Barack Obama was running against the reanimated zombie corpse of Hillary Clinton. For months, it seemed, Obama would score an emphatic victory, only to give Clinton new life a week or so later with a sub-par result. Obama's failure to close out Clinton helped produce an unnecessary, months-long chase that nearly destroyed both candidates.

The lesson is simple: Let a candidate or an issue or a problem linger long enough, and it will take on a life of its own and strangle you, like something out of a Sam Raimi movie.

The International Organization for Standardization (ISO) has apparently decided not to make that mistake.

Back in April, the Office Open XML (OOXML) file format specification earned enough votes to gain ratification as an ISO standard. Four nations -- Brazil, India, South Africa and Venezuela -- later filed appeals alleging flaws in the process. Under the ISO process, OOXML was set aside while the appeals were reviewed. Now it appears the ISO is recommending that those appeals be denied.

Industry watcher Andy Updegrove, who blogs extensively about technology standards issues at and co-founded the Digital Standards Organization, last week obtained a letter indicating the group's recommendation. He says the decision to ignore the valid complaints of member companies exacerbates a process that had been overwhelmed by the high-stakes OOXML effort.

"What we have seen is that the system really isn't that healthy when it comes to a hotly contested standards war. When that happens, rules and processes that may work well in a collegial environment can break down badly," Updegrove said in an e-mail exchange. "In my view, though, it goes deeper than this, however, in that I think that some of the judgments made by ISO in managing the process were terrible -- such as scheduling a one week Ballot Resolution Meeting to resolve 1200 issues."

The problem, Updegrove said, is that the ISO directives provide no mechanism for appealing ISO judgments. And Updegrove, for one, believes the ISO likes it that way.

"What I think you see here is a portrait of a comfortable management that has made some terrible calls, and yet is protected by rules that make them almost immune from being called to task," he complained. "Hundreds, if not thousands, of standards professionals around the world have been put through the wringer during this process, and those that have gone through the domestic heat to file appeals are now being told that their job is simply to take whatever they are told to do, no matter how ill-considered those requirements may be."

All that may well be true. But I think there may be another, more existential reason for the ISO's recommendation. The organization did not want to create the reanimated zombie corpse of the OOXML standards fight. The first go-around was bad enough.

Posted by Michael Desmond on 07/15/2008 at 1:15 PM1 comments

Upcoming Events