Having long languished as the Rodney Dangerfields of the development process, build tools are finally getting some respect, especially as agile development techniques press hard on the lifecycle. Daily builds are a minimum, and more frequent integration is even better for steering the development process. Of course, you have to balance the cost of launching a build with the benefit of getting your change into the software right now; lower the cost and developers can start integrating and testing with previously unheard-of frequency.
It's oddgetting a complex build assembled and debugged is really a fairish software development task in itself, yet for many teams, managing the build is considered drudge work or even punishment ("He who breaks the build ... becomes its shepherd").
[click for larger image]
ElectricInsight slurps up the status info generated by ElectricAccelerator and turns it into graphics.
Electric Cloud, for those unfamiliar, makes a high-end distributed-build product that's designed to tame a massive build by farming pieces of it out onto an array of inexpensive computers. The company's flagship product, ElectricAccelerator, employs some crafty logic in figuring out dependencies, which are complex enough in single-stream build processes but approach the nightmarish when you throw in arbitrary numbers of execution threads on separate computers. ElectricAccelerator is also plug-compatible with GNU Make and Microsoft's nmake, so you don't have to pitch all of your existing build infrastructure.
Released along with ElectricAccelerator 3.0 is a brand-new tool called ElectricInsight, which slurps up the status info generated by Accelerator and turns it into graphics that the build manager can use to visualize the build's structure and performance as it actually occurs, revealing what happened when, and on which machine. (No more slotting "echo" statements through dozens of make files and slogging through the piles of output, folks.) ElectricInsight can help you identify errors as well as performance problems; you can figure out what's being serialized unnecessarily, or identify jobs that aren't being fired off into the cluster as they're supposed to. Contact Electric Cloud for pricing.
Electric Cloud, Inc., 2307 Leghorn St., Mountain View, CA 94043, Tel: (650) 968-2950, Fax: (650) 968-6000, www.electriccloud.com
Putting the 'Oriented' in SOA
A morsel of documentation here, some vendor hype there, a Web page or two ... I've tried to imagine what Service Oriented Architecture (SOA) is all about, but it's like trying to puzzle out a darkened room by waving a pencil flashlight around. If you're still in the dark, too, have I got a book for you! Thomas Erl's Service-Oriented Architecture: Concepts, Technology and Design (hereinafter SOA:CTD) is that rare bird, a comprehensively honkin' big compendium that's also readable. Often, tech books strive for broad coverage, but pay for it with organization that might charitably be termed "adventitious." SOA:CTD, by contrast, actually gives you a framework on which to hang your understanding. Erl describes SOA's evolution from Web service primitives to today's offerings. After explaining in detail how the technology works, he then walks you through how to make SOA work for you, paying a lot of attention to the up-front stages of analysis and design before dwelling on implementation details and case studies. SOA:CTD lists for $44.99.
An EKG for CVS
Open source Concurrent Versions System (CVS) revision-control software is in global use today; you can't beat the price; documentation and even support are widely available; and it bags a good healthy subset of developers' wish lists.
But no one has ever accused CVS of being especially easy to maintain. Even we unabashed Unix command-line geeks usually stick to a set of recipes, knowing that the toolset's power can hopelessly tangle a repository if thoughtlessly used. In particular, SCM vendor AccuRev noticed that CVS repositories can acquire duplicate tags for branches and individual file versions; it's also possible to create loops of circular tag references. As a service to the community, the company's created a free (as in beer) Perl script that can analyze your CVS repository for these problems.
OK, so it's a none-too-subtle plug for its product, as well: "Our tool doesn't need this." Speaking of AccuRev, the company's hinting strongly at a new product release early in 2006, but it wasn't available at press time.
Click here to download Health Checker for CVS . Find the usage guide at www.accurev.com/product/Using_Health_ Checker_for_CVS.pdf.
AccuRev Inc., 10 Maguire Rd., Lexington, MA 02421, Tel: (781) 861-8700, Fax: (781) 861-8704, www.accurev.com
Let's Be Honest
Let her and Falsehood grapple; who ever knew Truth put to the worse in a free and open encounter?
John Milton, Areopagitica, 1644
Actually, let's roll right past honest to blunt: Enerjy CQ2 is a product that collects Java code-quality metrics for each developer on a team. If this sounds like a classic piece of pointy-haired-bossware, think about it for a moment: Whether the Java you write is up to scratch or not, this will be known. If you analyze and fix it yourself, it's your little secret. But as time rolls on, your peers find out in code reviews, your rep among the test team soars or wallows, and lastly, you'll garner customer raves ... or bug reports. If your stuff sucks or rocks, you'll never hide it, at least not long-term. Me, I'd sooner find out early than lateless painful that way. CQ2 uses a database of 244 rules to analyze Java code, looking for little things like unused class members and big ones like compliance with Java 5.0. But what distinguishes it from some of its brethren is the ability to report how things are goingunit test coverage, say, or compliance with coding standards, and to report it by developer or as a trend over time. And, yes, you can run it on your own code before anyone else gets a peek, thereby motivating everyone to write Java they can be proud of. Pricing for Enerjy CQ2 starts at $25,000.
Enerjy Software, 900 Cummings Center, Ste. 326T, Beverly, MA 01915, Tel: (866) 598-9876, Fax: (978) 232-0146, www.enerjy.comRW
Solve Security Smugness
Have you ever noticed a certain smugness among Java developers? I'll admit to it: "Automatic memory management? Got it. Runtime range checking? That, too. Fine-grained security model? Since 1995." Thanks to the bytecode verifier, sandboxing for applets, range checking to defeat buffer-overflow attacks, security, is a nonissue.
Heh. Wouldn't that be nice! Actually, we Java hacks need to pay as much attention to security as our C++ brethren; Java just clears away some of the low-level knee-knockers. If you want to know the practices, techniques and patterns needed to shore up your software, check out Core Security Patterns: Best Practices and Strategies for J2EE, Web Services and Identity Management by Christopher Steel, Ramesh Nagappan and Ray Lai (Prentice-Hall, 2006). If you can swing the shipping cost, you'll get a cool thousand pages of practical security advice for developers working on enterprise Java applications. The authors include the obligatory tutorial on security basics, but also touch on more esoteric topics like the relevant law (including our pals Sarbanes-Oxley and HIPAA), identity management and single sign-on. Useful chapters on Java-specific security mechanisms, language-agnostic Web service policies and patterns are followed by detailed advice on designing security into your systems; an end-to-end case study and a survey of smart cards and biometrics. Core Security Patterns lists for $59.99.