Web Development

Vol. 5 No. 5 – July/August 2007

Web Development

Interviews

A Conversation with Joel Spolsky

Joel Spolsky has never been one to hide his opinions. Since 2000, he has developed a loyal following for his insightful, tell-it-like-it-is essays on software development and management on his popular Weblog “Joel on Software” (http://www.joelonsoftware.com). The prolific essayist has also published four books and started a successful software company, Fog Creek, in New York City, a place he feels is sorely lacking in product-oriented software development houses.

A Conversation with Joel Spolsky

What it takes to build a good software company

Joel Spolsky has never been one to hide his opinions. Since 2000, he has developed a loyal following for his insightful, tell-it-like-it-is essays on software development and management on his popular Weblog “Joel on Software” (http://www.joelonsoftware.com). The prolific essayist has also published four books and started a successful software company, Fog Creek, in New York City, a place he feels is sorely lacking in product-oriented software development houses.

Spolsky started Fog Creek not with a specific product in mind, but rather to create a kind of software developers’ utopia, where “programmers and software developers are the stars and everything else serves only to make them productive and happy.” So far, he has succeeded. The company has maintained a 100 percent employee retention rate while shipping several profitable software products. Its latest release, Fogbugz, is a comprehensive, Web-based project-management system that uses a technique called EBS (evidence-based scheduling) to help software developers better predict their release dates.

Articles

Building Secure Web Applications

In these days of phishing and near-daily announcements of identity theft via large-scale data losses, it seems almost ridiculous to talk about securing the Web. At this point most people seem ready to throw up their hands at the idea or to lock down one small component that they can control in order to keep the perceived chaos at bay. 

Building Secure Web Applications

Believe it or not, it’s not a lost cause.

GEORGE V. NEVILLE-NEIL, CONSULTANT

In these days of phishing and near-daily announcements of identity theft via large-scale data losses, it seems almost ridiculous to talk about securing the Web. At this point most people seem ready to throw up their hands at the idea or to lock down one small component that they can control in order to keep the perceived chaos at bay. 

Before going any further, let me first define the three main problems that people are trying to solve by building secure Web applications:

by George V. Neville-Neil

Kode Vicious

Gettin' Your Head Straight

Dear KV, One of the biggest problems I have is memory. Not the RAM in my computer, but the wet squishy stuff in my head. It seems that no matter how many signs I put up around my cube, nor how often I turn off all the annoying instant messaging clients I need to use for work, I can't get through more than 15 minutes of work without someone interrupting me, and then I lose my train of thought. If this happens when I'm reading e-mail, that's not a problem, but when working on code, in particular when debugging a difficult problem in code, this makes my life very difficult. What tricks are there to being able to maintain a train of thought without moving up the side of a mountain?

Gettin’ Your Head Straight

A koder with attitude, KV answers your questions. Miss Manners he ain’t.

Kode Vicious is hungry. He sustains himself on your questions from the software development trenches (and lots of beer). Without your monthly missives, KV is like a fish out of water, or a scientist without a problem to solve. So please, do you part to keep him sane (or at least free from psychotic episodes), occupied, and useful. Send your koding conundrums and other questions to kv@acmqueue.com, and if we print your letter, we’ll thank you with a nifty orange mug and an incredibly bright LED flashlight keychain.

Dear KV,

by George V. Neville-Neil

Articles

Phishing Forbidden

Phishing is a significant risk facing Internet users today.1,2 Through e-mails or instant messages, users are led to counterfeit Web sites designed to trick them into divulging usernames, passwords, account numbers, and personal information. It is up to the user to ensure the authenticity of the Web site.

PHISHING FORBIDDEN

Current anti-phishing technologies prevent users from taking the bait.

NAVEEN AGARWAL, SCOTT RENFRO, and ARTURO BEJAR, YAHOO!

Phishing is a significant risk facing Internet users today.1,2 Through e-mails or instant messages, users are led to counterfeit Web sites designed to trick them into divulging usernames, passwords, account numbers, and personal information. It is up to the user to ensure the authenticity of the Web site.

Browsers provide some tools (e.g., URL, SSL indicators, and optional toolbars), but these are limited by at least three issues:

by Naveen Agarwal, Scott Renfro, Arturo Bejar

Curmudgeon

Some Swans are Black

You may well expect from my title that I’m about to plumb the depths of Nassim Nicholas Taleb’s theories on catastrophe and quasi-empirical randomness. I, in turn, expect that you’ve already read (or certainly read of) Taleb’s best-selling The Black Swan—The Impact of the Highly Improbable (Allen Lane, 2006) dealing with life’s innate uncertainties and how to expect or even cope with the unexpected. Coping involves learning that the right answer to some problems is, “Don’t know.” I was tempted to end my column right here in order to prove something or other about our many failures in predicting the future, compared with our occasional successes in “postdicting” the past.

Some Swans Are Black

…and other catastrophes

Stan Kelly-Bootle, Author

You may well expect from my title that I’m about to plumb the depths of Nassim Nicholas Taleb’s theories on catastrophe and quasi-empirical randomness. I, in turn, expect that you’ve already read (or certainly read of) Taleb’s best-selling The Black Swan—The Impact of the Highly Improbable (Allen Lane, 2006) dealing with life’s innate uncertainties and how to expect or even cope with the unexpected. Coping involves learning that the right answer to some problems is, “Don’t know.” I was tempted to end my column right here in order to prove something or other about our many failures in predicting the future, compared with our occasional successes in “postdicting” the past.

Who knows? Your “great expectations” about my ensuing discourse could be unexpectedly frustrated. Speaking of Charles Dickens’s novel, recall that he did leave us a choice between a sad and a happy ending, hoping to please both romantics and realists. In fact, neither group emerges really satisfied since the ploy destroys the basic notion of a narrative unfolding as a credible mirror of real life. Dickensian reality has characters behaving against a precisely described Victorian social milieu. Either ending might be taken as plausible in the absence of the other, yet the readers are allowed to play deus ex machina or diabolus ex machina to suit their fancies. Nowadays, more in keeping with Taleb’s view of life’s vicissitudes, we find hyperlinked novels where the reader/browser can click away to trigger plot diversions at almost any point in the story.

by Stan Kelly-Bootle

Articles

Usablity Testing for the Web

Today’s Internet user has more choices than ever before, with many competing sites offering similar services. This proliferation of options provides ample opportunity for users to explore different sites and find out which one best suits their needs for any particular service. Users are further served by the latest generation of Web technologies and services, commonly dubbed Web 2.0, which enables a better, more personalized user experience and encourages user-generated content.

Usability Testing for the Web

Today’s sophisticated Web applications make tracking and listening to users more important than ever.

VIKRAM V. INGLESHWAR, YAHOO!

Today’s Internet user has more choices than ever before, with many competing sites offering similar services. This proliferation of options provides ample opportunity for users to explore different sites and find out which one best suits their needs for any particular service. Users are further served by the latest generation of Web technologies and services, commonly dubbed Web 2.0, which enables a better, more personalized user experience and encourages user-generated content.

Although there is considerable debate over the definition of Web 2.0 (and much criticism of it being merely a marketing buzzword), the term is useful in distinguishing key innovations, such as weblogs, social bookmarking, tagging, wikis, RSS feeds, Ajax, Web APIs, and online Web services, that have significantly altered the Web user experience since the 1990s.

by Vikram V. Ingleshwar

Voyage in the Agile Memeplex

Agile processes are not a technology, not a science, not a product. They constitute a space somewhat hard to define. Agile methods, or more precisely 'agile software development methods or processes', are a family of approaches and practices for developing software systems. Any attempt to define them runs into egos and marketing posturing.

Voyage in the Agile Memeplex

In the world of agile development, context is key.

PHILIPPE KRUCHTEN, KESL and UBC

Agile processes are not a technology, not a science, not a product. They constitute a space somewhat hard to define. Agile methods, or more precisely agile software development methods or processes, are a family of approaches and practices for developing software systems. Any attempt to define them runs into egos and marketing posturing. For our purposes here, we can define this space in two ways:

By enumeration. Pointing to recognizable members of the set: XP (extreme programming), scrum, lean development, DSDM (Dynamic Systems Development Method), Crystal, FDD (feature-driven development), Agile RUP (Rational Unified Process) or OpenUP, etc. (though some would claim RUP to be anti-agile).

by Philippe Kruchten