Quick question for you: What matters most, the client or the server?
Answer: Neither—they are really only useful as a whole. A client without a
server is usually little more than an non-functional wire frame, and a server
without a client is simply unrealized potential. Bring them together though,
and you have something of lasting value. So neither matters more, and in fact
each matters a lot less than half.
In the API world, this is an easy point to miss. The server-side always
wields disproportionate power by virtue of controlling the API to its
services, and this can easily foster an arrogance about the server’s place
in the world. This effect is nicely illustrated by Twitter’s recent
missteps around developer management.
The problems for Twitter all began with a blog entry. Blogs are the
mouthpiece of the platform. Tucked away within an interesting entry about
Cloud Expo on Ulitzer Technology Review has published an interview with
cryptography pioneer Whitfield Diffie that is worth reading. I had the great
pleasure of presenting to Whit down at the Sun campus. He is a great
scientist and a gentleman.
In this interview, Diffie–who is now a visiting professor at Royal
Holloway, University of London–draws an interesting analogy between cloud
computing and air travel:
“Whitfield Diffie: The effect of the growing dependence on cloud computing
is similar to that of our dependence on public transportation, particularly
air transportation, wh... (more)
Skill at computing comes naturally to those who are adept at abstraction. The
best developers can instantly change focus—one moment they are
orchestrating high level connections between abstract entities; the next they
are sweating through the side effects of each individual line of code.
Abstraction in computing not only provides necessary containment, but also
offers clear boundaries.
There is also something very liberating about that line you don’t need to
cross. When I write Java code I’m happy to never think about byte code
(unless something is going terribly wrong). And whe... (more)
True story from the consulting trenches: the operations staff had left hours
ago, shaking their heads and reluctantly leaving the consultants to resolve a
problem with their code. It was well past midnight, in the middle of winter,
in a town many time zones from home. The project was late. Altogether, this
was an awkward situation that you probably know well.
The consultants - falling into that murky classification of not quite
outsider, nor regular employee - worked from hobbled accounts; the security
staff were pros and took their charge seriously. By 2:00 a.m., the group was
Enterprise PKI has a bad name. Complex, costly, difficult to deploy and
maintain - all these criticisms have dogged this technology since it first
appeared. To the dismay of so many CIOs, few applications have stepped up to
make effective use of PKI. But this may soon change: Web services promotes a
security model that demands the flexibility that an enterprise PKI deployment
The Trend Away from Channel-Level Security
If you lumped all the existing, production-level Web services applications
together, and categorized their security models, you would probably discover