API Design

Vol. 5 No. 4 – May-June 2007

API Design

Articles

API Design Matters

Why changing APIs might become a criminal offense.
After more than 25 years as a software engineer, I still find myself underestimating the time it will take to complete a particular programming task. Sometimes, the resulting schedule slip is caused by my own shortcomings: as I dig into a problem, I simply discover that it is a lot harder than I initially thought, so the problem takes longer to solvesuch is life as a programmer. Just as often I know exactly what I want to achieve and how to achieve it, but it still takes far longer than anticipated. When that happens, it is usually because I am struggling with an API that seems to do its level best to throw rocks in my path and make my life difficult. What I find telling is that, after 25 years of progress in software engineering, this still happens. Worse, recent APIs implemented in modern programming languages make the same mistakes as their two-decade-old counterparts written in C. There seems to be something elusive about API design that, despite many years of progress, we have yet to master.

API: Design Matters

Should the authors of lousy APIs be held accountable for their crimes? Why changing APIs might become a criminal offense

Why changing APIs might become a criminal offense - Should the authors of lousy APIs be held accountable for their crimes?

Michi Henning, ZeroC

After more than 25 years as a software engineer, I still find myself underestimating the time it will take to complete a particular programming task. Sometimes, the resulting schedule slip is caused by my own shortcomings: as I dig into a problem, I simply discover that it is a lot harder than I initially thought, so the problem takes longer to solve—such is life as a programmer. Just as often I know exactly what I want to achieve and how to achieve it, but it still takes far longer than anticipated. When that happens, it is usually because I am struggling with an API that seems to do its level best to throw rocks in my path and make my life difficult. What I find telling is that, after 25 years of progress in software engineering, this still happens. Worse, recent APIs implemented in modern programming languages make the same mistakes as their two-decade-old counterparts written in C. There seems to be something elusive about API design that, despite many years of progress, we have yet to master.

Good APIs are Hard

We all recognize a good API when we get to use one. Good APIs are a joy to use. They work without friction and almost disappear from sight: the right call for a particular job is available at just the right time, can be found and memorized easily, is well documented, has an interface that is intuitive to use, and deals correctly with boundary conditions.

by Michi Henning

The Seven Deadly Sins of Linux Security

Avoid these common security risks like the devil.

The Seven Deadly Sins of Linux Security

Avoid these common security risks like the devil

Bob Toxen, Horizon Network Security

The problem with security advice is that there is too much of it and that those responsible for security certainly have too little time to implement all of it. The challenge is to determine what the biggest risks are and to worry about those first and about others as time permits. Presented here are the seven common problems - the seven deadly sins of security - most likely to allow major damage to occur to your system or bank account. If any of these are a problem on any of your systems, you will want to take care of them immediately.

These seven deadly sins are based on my research and experience, which includes too many people who wait until after their Linux or Unix systems have suffered security breaches before they take action to increase system security, and on forensics analysis and discussions with systems administrators. Most of these sins and their solutions also apply to Macs, Windows, and other platforms.

by Bob Toxen

Toward a Commodity Enterprise Middleware

Can AMQP enable a new era in messaging middleware?
AMQP (Advanced Message Queuing Protocol) was born out of my own experience and frustrations in developing front- and back-office processing systems at investment banks. It seemed to me that we were living in integration Groundhog Day - the same problems of connecting systems together would crop up with depressing regularity. Each time the same discussions about which products to use would happen, and each time the architecture of some system would be curtailed to allow for the fact that the chosen middleware was reassuringly expensive.

Toward a Commodity Enterprise Middleware

Can AMQP enable a new era in messaging middleware? A look inside standards-based messaging with AMQP

John O'Hara, JPMorgan

AMQP (Advanced Message Queuing Protocol) was born out of my own experience and frustrations in developing front- and back-office processing systems at investment banks. It seemed to me that we were living in integration Groundhog Day - the same problems of connecting systems together would crop up with depressing regularity. Each time the same discussions about which products to use would happen, and each time the architecture of some system would be curtailed to allow for the fact that the chosen middleware was reassuringly expensive.

From 1996 through to 2003 I was waiting for the solution to this obvious requirement to materialize as a standard, and thereby become a commodity. But that failed to happen, and I grew tired of waiting.

by John O'Hara

Interviews

A Conversation with Michael Stonebraker and Margo Seltzer

Over the past 30 years Michael Stonebraker has left an indelible mark on the database technology world.

A Conversation with Michael Stonebraker and Margo Seltzer

Relating to databases

Over the past 30 years Michael Stonebraker has left an indelible mark on the database technology world. Stonebraker’s legacy began with Ingres, an early relational database initially developed in the 1970s at UC Berkeley, where he taught for 25 years. The Ingres technology lives on today in both the Ingres Corporation’s commercial products and the open source PostgreSQL software. A prolific entrepreneur, Stonebraker also started successful companies focused on the federated database and stream-processing markets. He was elected to the National Academy of Engineering in 1998 and currently is adjunct professor of computer science at MIT.

Interviewing Stonebraker is Margo Seltzer, one of the founders of Sleepycat Software, makers of Berkeley DB, a popular embedded database engine now owned by Oracle. Seltzer now spends most of her time teaching and doing research at Harvard, where she is full professor of computer science. She was kind enough to lend us her time and travel down the Charles River to speak with Stonebraker, her former Ph.D. advisor, at MIT’s striking Stata Center.

Curmudgeon

Alloneword

Errors, deceptions, and abmiguity
Three years ago, to the very tick, my first Curmudgeon column appeared in ACM Queue to the rapturous, one-handed claps of the silent majority. Since then my essays have alternated intermittently with those of other grumpy contributors. With this issue (muffled drumroll), I'm proud to announce a Gore-like climate change in the regime that will redefine the shallow roots of ACJ (agile computer journalism, of which more anon). The astute ACM Queue Management (yes, there is such - you really must read the opening pages of this magazine!) has offered me the chance to go solo. For the next few Queues, at least, I am crowned King Curmudgeon, the Idi Amin of Moaners, nay, Supreme General Secretary of the Complaining Party! "I am Sir Oracle, and when I ope my lips, let no dog bark!" Or rather, under the new dispensation, I command you to bark back via curmudgeon@acmqueue.com with your own pet peeves or counter-moans, which I promise to print if printable (subject to as light an editing as the Law dictates).

Alloneword

Errors, deceptions, and ambiguity

Stan Kelly-Bootle, Author

Three years ago, to the very tick, my first Curmudgeon column appeared in ACM Queue to the rapturous, one-handed claps of the silent majority. Since then my essays have alternated intermittently with those of other grumpy contributors. With this issue (muffled drumroll), I’m proud to announce a Gore-like climate change in the regime that will redefine the shallow roots of ACJ (agile computer journalism, of which more anon). The astute ACM Queue Management (yes, there is such—you really must read the opening pages of this magazine!) has offered me the chance to go solo. For the next few Queues, at least, I am crowned King Curmudgeon, the Idi Amin of Moaners, nay, Supreme General Secretary of the Complaining Party! “I am Sir Oracle, and when I ope my lips, let no dog bark!”1 Or rather, under the new dispensation, I command you to bark back via curmudgeon@acmqueue.com with your own pet peeves or counter-moans, which I promise to print if printable (subject to as light an editing as the Law dictates).

I also plan to pose posers and ask FUQs (frequently unanswered questions), as was my wont in the Unix Review Devil’s Advocate columns of yore (1984-2000). As then, huge, literally invaluable prizes are offered for your answers and selected responses that meet my unpublished “Rules & Regulations.” Suffice it to say that the customary bribes are encouraged; friends and relations enjoy traditional nepotistic advantages (in the old days my mother inevitably won the white Rolls-Royce convertible); and tedious accuracy scores lower than cunning disinformation. An ongoing challenge goes out to readers who encounter risible misprints and howlers in the computer literature, not excluding my own usually deliberate mishtakes.

by Stan Kelly-Bootle

Opinion

Corba: Gone but (Hopefully) Not Forgotten

There is no magic and the lessons of the past apply just as well today.

Corba: Gone But (Hopefully) Not Forgotten

There is no magic and the lessons of the past apply just as well today.

Terry Coatta

Back in the June 2006 issue of Queue, Michi Henning wrote a very good condensed history of CORBA and discussed how some of its technical limitations contributed to its downfall. While those limitations certainly aided CORBA's demise, there is a very widespread notion that the ultimate cause was the ascendance of Web Services, a notion that is compounded with the further belief that Web Services' dominance of the distributed computing landscape is indicative of its technical superiority to the systems that preceded it, such as CORBA and DCOM.

Having worked in distributed systems for a number of years—indeed far enough back in time that building a distributed system meant actually packing bits into UDP packets with lovingly hand-crafted C code—I think this assumption is unwarranted. Worse, it indicates a failure to appreciate the aspects of these previous systems that were well-engineered. This is a symptom of a "silver bullet" mentality that sees Web Services as a radical departure from the past that will finally remove the complexity from designing and building distributed systems.

by Terry Coatta

Embracing Wired Networks

Most people I know run wireless networks in their homes. Not me. I hardwired my home and leave the Wi-Fi turned off. My feeling is to do it once, do it right, and then forget about it. I want a low-cost network infrastructure with guaranteed availability, bandwidth, and security. If these attributes are important to you, Wi-Fi alone is probably not going to cut it.

Embracing Wired Networks

Even at home, hardwiring is the way to go

Mache Creeger, Emergent Technology Associates

Most people I know run wireless networks in their homes. Not me. I hardwired my home and leave the Wi-Fi turned off. My feeling is to do it once, do it right, and then forget about it. I want a low-cost network infrastructure with guaranteed availability, bandwidth, and security. If these attributes are important to you, Wi-Fi alone is probably not going to cut it.

People see hardwiring as part of a home remodeling project and, consequently, a big headache. They want convenience. They purchase a wireless router, usually leave all the default settings in place, hook it up next to the DSL or cable modem, and off they go. Ease and convenience are the selling points, but there are certainly tradeoffs to consider. As the IT expert of last resort for family, friends, and sometimes their family and friends, here are some of my experiences with Wi-Fi in the home.

by Mache Creeger

Articles

Getting Bigger Reach Through Speech

Mark Ericson, vice president of product strategy for BlueNote Networks argues that in order to take advantage of new voice technologies you have to have a plan for integrating that capability directly into the applications that drive your existing business processes.

Getting Bigger Reach Through Speech

Developers have a chance to significantly expand the appeal and reach of their applications by voice-enabling their applications, but is that going to be enough?

MIKE VIZARD: Hello, and welcome to another edition of the ACM Queuecast, with your host, Mike Vizard. Joining me today to talk about telephony development in technology such as SIP is Mark Ericson, director of product strategy for BlueNote Networks. Mark, welcome to the show.

MARK ERICSON: Thank you, Mike.

Kode Vicious

KV the Loudmouth

What requirement is being satisfied by having Unclear build a P2P file-sharing system? Based upon the answer, it may be more effective, and perhaps even more secure, to use an existing open source project or purchase commercial software to address the business need.

KV the Loudmouth

A koder with attitude, KV answers your questions. Miss Manners he ain’t.

To buy or to build, that is the question. Of course, it’s rarely that cut and dried, so this month Kode Vicious takes time to explore this question and some of its many considerations. He also weighs in on the validity of the ongoing operating system wars. Have an equally controversial query? Put your thoughts in writing and shoot an e-mail to kv@acmqueue.com.

Dear KV,
I was somewhat disappointed in your response to Unclear Peer in the December/January 2006/2007 issue of ACM Queue. You answered the question, but I feel you missed an opportunity to look at the problem and perhaps expand Unclear’s professional horizons.

by George V. Neville-Neil

Articles

Managing Collaboration

Jeff Johnstone of TechExcel explains why there is a need for a new approach to application lifecycle management that better reflects the business requirements and challenges facing development teams.

Managing Collaboration

Jeff Johnstone of TechExcel explains why there is a need for a new approach to application lifecycle management that better reflects the business requirements and challenges facing development teams.

MIKE Vizard: Hello and welcome to another Premium Edition of the ACM Queuecast, with your host, Mike Vizard. This edition of the Premium Queuecast is brought to you by TechExcel, which is the leading provider of tools that bridge the gap between product development and service and support, and today we'll be talking to Jeff Johnstone, who's the senior director of sales. Jeff, welcome to the show.

JEFF Johnstone Welcome -- it's good to be here.

The Yin and Yang of Software Development

The C/C++ Solution Manager at Parasoft explains how infrastructure elements allow development teams to increase productivity without restricting creativity.

The Yin and Yang of Software Development

How infrastructure elements allow development teams to increase productivity without restricting creativity

MIKE VIZARD: Hello and welcome to another premium edition of the ACM Queuecast with your host Mike Vizard. This edition is sponsored by Parasoft, the leading provider of tools for automating the management of the software development process.

Joining me today is Sergei Sokolov, Solutions Manager, for C++ Plus at Parasoft, and we're going to talk about the yin and yang of application development and how to bring some structure to what's inherently a process driven by innovation.

Interviews

Google Talk

Although Google remains relatively mum about its ambitions in the area of speech recognition, Mike Cohen, head of the company's efforts in this area and a co-founder of Nuance Communications, says that speech recognition will increasingly play a bigger role in all Web-based applications going forward. But for developers to be successful in this space, they will need to get in touch with their inner persons more than ever if they hope to create applications that ordinary people will actually use.

Although Google remains relatively mum about its ambitions in the area of speech recognition, Mike Cohen, head of the company's efforts in this area and a co-founder of Nuance Communications, says that speech recognition will increasingly play a bigger role in all Web-based applications going forward. But for developers to be successful in this space, they will need to get in touch with their inner persons more than ever if they hope to create applications that ordinary people will actually use.

SOA Testing

As developers move to build applications that span service-oriented architectures, many of them underestimate the testing challenges associated with building and maintaining applications that can comprise hundreds of different Web services. Developers need a robust set of testing tools and a systematic approach to testing to prevent errors from being introduced or, worse yet, propagated throughout the system. Wayne Ariola, vice president of corporate development for Parasoft, in a conversation with Queuecast host Mike Vizard, highlights some of the more common miscues associated with SOA and discusses best practices for building SOA applications.

As developers move to build applications that span service-oriented architectures, many of them underestimate the testing challenges associated with building and maintaining applications that can comprise hundreds of different Web services. Developers need a robust set of testing tools and a systematic approach to testing to prevent errors from being introduced or, worse yet, propagated throughout the system. Wayne Ariola, vice president of corporate development for Parasoft, in a conversation with Queuecast host Mike Vizard, highlights some of the more common miscues associated with SOA and discusses best practices for building SOA applications.