NetKernel/News/2/43/August_26th_2011
search:

NetKernel News Volume 2 Issue 43

August 26th 2011

What's new this week?

Catch up on last week's news here

Repository Updates

The following update is available in the NKEE and NKSE repositories...

  • wink 1.18.1
    • Fixes a NPE in the GZip compression overlay if the response is a redirect after editing. Thanks to Joe Devon for reporting this.

The following new package is available in the NKEE and NKSE repositories...

  • NEW demo-xss-vectors 1.1.1
    • An illustrated discussion of Cross Site Scripting (XSS) attack vectors and shows examples of how ROC and NetKernel offers a coherent methodology to entirely eliminate XSS.

Cross Site Scripting (XSS) Vectors Demo/Discussion

Last week I started a discussion on how NetKernel and ROC provides a perspective from which it is relatively simple to isolate yourself from Cross Site Scripting (XSS) attack vectors.

This generated some good feedback - notably from Tom Geudens at Colruyt, Belgium, who, paraphrasing slightly, said "Hey Pete, this is interesting, but maybe you're the only one who understands what you're talking about, can you please give some examples."

So I've created a demo and an accompanying discussion. Its available through Apposite, search for demo-xss-vectors (if you don't see it then just resynchronize with the repos). The installation will require that you also have lang-javascript installed which is needed in one example in part 3.

After installation, the discussion and demos will be found here.

The discussion is broken down into three sections...

  • Part1 explores client-side attacks and shows typical defensive measures such as HTML encoding input state.
  • Part2 explores data-side attacks and show the defensive measures required.
  • Part3 shows how a very simple methodology, of moving development from the serialized domain (string composition), to the structured tree domain, eliminates both client and data-side vectors completely.

There are detailed interactive demos provided in each section.

As some additional context for the earlier article, Randy Kahle sent me this link...

http://www.html5rocks.com/en/tutorials/internals/howbrowserswork/

...to a contemporary analysis of modern browser architectures. As you'll see, my earlier assertion, that a browser is a "runtime for tree-structured" programs, is an accurate summary.

Talk OTUG: NetKernel and the Resource Oriented Computing Revolution - Minneapolis/St Paul, USA 20th September

If you're in the Twin Cities area I'll be giving a presentation to the OTUG group on the 20th September. Details and venue are here, the title and summary are below...

Title: NetKernel and the Resource Oriented Computing Revolution

Summary: In this talk we will introduce the ideas behind Resource Oriented Computing (ROC). We will show how they follow-on from REST and offer a general abstraction that works both between and within a software solution. We will use NetKernel to show illustrated examples.

We will show some surprising consequences of stepping away from code and thinking in terms of resources. Just as with the Web, software becomes extremely flexible and can progressively evolve. Rather surprisingly, introducing the ROC abstraction to transiently couple software resources, results in significantly faster and more efficient computation.

Biography: Peter Rodgers is an Architect of NetKernel and, with Tony Butterfield, is the originator of Resource Oriented Computing. He initiated the hard-core research that underpins ROC whilst at Hewlett Packard Labs in the 90s. It was while working at HP he was first exposed to classical enterprise software technologies and was staggered at how complex, brittle and inefficient the overall solutions were.

Peter was originally a Physicist and holds a PhD in Quantum Physics. Being a Physicist he has the disease of being compelled to understand the first principles of a problem. The brittleness and poor economics of classical software was a problem that demanded a first principles solution.

A Glimpse of the Elephant in the Room

If you read the section above, with the advertised talk and my biography, you might infer that ROC arose out of an implicit dissatisfaction with the conventional Object Oriented design philosophy. And you'd not be entirely wrong to assume that.

I have to confess, this is the "Elephant in the Room". For the longest time I've been holding off, but ultimately knew that we needed to position ROC explicitly and make a definitive statement about the nature of the conventional OO paradigm. But this is not that time. Its going to take some serious investment of time to do it justice.

However, this thought was rekindled by Brian Sletten pointing out this article to me...

http://www.xmltoday.org/content/when-acronyms-collide-soa-vs-oo

...which you'll see makes some steps towards describing the elephant. (I think the author would resonate with ROC but has probably not heard of it).

Of course, we ROCers are not proposing abandoning object oriented technologies. But, like this article, we are saying OO is the wrong paradigm for large-scale evolvable information solutions.

ROC is a complementary abstraction that breaks through OO's innate scale barrier.

Eventually we'll explain in depth why this happens - ultimately it is because OO has an absolute and intrinsic philosophical perspective on the nature of information. It stipulates hard atoms of absolute information bound up inside objects with intrinsic management of state.

ROC has a relative perspective, with information being extrinsic, abstract and contextually relative. In ROC information is nebulous and ephemeral, only solidifying to concrete representations just-in-time on-demand. In ROC, state is not manipulated, it is actually context which is changed to reveal and reify new state... but I digress...

For the moment, why don't we all get along? Your existing objects can be used and will continue to work in an ROC solution, but you'll also find you can reach beyond them and find a new larger perspective...

Go on, you know you want to...

Tom's Book v0.7

Hot off the press, here's a note I received from Tom Geudens...

The 'Practical NetKernel Book', also known as 'Hello NetKernel' and 'NetKernel in Action' is in its 7th iteration.

Chapter 4 has had a serious review and in Chapter 5 you'll find an entry level introduction to the visualizer.

I plan to work my way to a 1.0. version which should be ready by October 27th ... that's right ... together with the bootcamp in (my home) Belgium. All participants will receive a printed copy. I just might add a bottle of Belgian beer too ... who knows ;-).

You can download iteration 7 from

http://www.netkernelbook.org/serving/pdf/hello_netkernel_nk4-0.7.pdf

or if you want to follow along and have the latest 'build'

http://www.netkernelbook.org/serving/pdf/hello_netkernel_nk4.pdf

As always, your feedback and input is highly appreciated. You can send it to tom(dot)geudens(at)hush(dot)ai"

NetKernel Europe Bootcamp - Brussels, Belgium, Thursday 27th October 2011

Sponsored by Steria Benelux
Registration is open for the NetKernel Europe Bootcamp 2011

http://www.1060research.com/conference/NKEU2011/

The event takes place on Thursday 27th October.

If you want to take advantage of face-to-face opportunity we will also be around on both Wednesday 26th and Friday 28th for meetings etc.

We're looking forward to seeing you in Brussels. (As ever, it is entirely coincidental that this location is a world-renowned centre for hop-oriented beverages)

Reminder: Java 5 Support - End of Life Heads Up, October 2011

Java 5 support will reach end-of-life in October 2011. Please see the notice for details.

Please let us know if you have concerns or need assistance with planning/testing for this transition.

No News is Good News

A Corsican Ivory Tower

No news is good news, in which case, some good news for you. There will be no news letter next week. I'm taking a holiday. As is appropriate for a man who has been in self-imposed intellectual exile for ten years - I'm going to Corsica, a small island in the middle of nowhere (no funny comments).

See you in a couple of weeks...

Have a great weekend,

Comments

Please feel free to comment on the NetKernel Forum

Follow on Twitter:

@pjr1060 for day-to-day NK/ROC updates
@netkernel for announcements
@tab1060 for the hard-core stuff

To subscribe for news and alerts

Join the NetKernel Portal to get news, announcements and extra features.

NetKernel will ROC your world

Download now
NetKernel, ROC, Resource Oriented Computing are registered trademarks of 1060 Research

WiNK
© 2008-2011, 1060 Research Limited