Tuesday Oct 21, 2008

Comet @ Ajax World 2008 West


Jim and I presented on "Using Comet to create a Two-Player Web Game" at Ajax World 2008 West yesterday. The talk explained the basic concepts of Comet, showed how a Tic Tac Toe game can be easily created using code walkthrough and then talked about future directions. The slides are available here and the code can be downloaded here.

A similar sample that can be deployed on Rails and Grails is described here. It uses GlassFish's support for multiple dynamic languages and associated web frameworks.

One of the benefits of delivering first talk in the morning is the ability to attend different sessions during the day. Of the different sessions I particularly enjoyed listening Bill Scott on Crafting Rich Web Interfaces.The talk explained six principles of rich web interaction with set of design patterns and real world examples. The slides are available here. All other sessions were mostly product pitches with very little value for developers.

Here are some pictures from the show:


And a complete album is available at:




Technorati: conf ajaxworld comet glassfish

Wednesday Oct 15, 2008

"Using Comet to Create a Two-Player Web Game" @ Ajax World




Jim and I are speaking at Ajax World next week on Using Comet to Create a Two-Player Web Game.

The session walks through the process of creating a Tic Tac Toe game that can be played over the Internet using Ajax and Comet. In the process, it explains the general Comet concepts using APIs specific to the GlassFish Application Server. It also highlights the multi-lingual capabilities of GlassFish v3 by deploying a similar application using Ruby-on-Rails.

Here is the list of other Sun sessions:
The complete schedule shows a list of all the sesssions.

Technorati: conf ajaxworld comet glassfish

Monday Apr 14, 2008

jMaki Webtop on GlassFish - Ajax World Keynote Video


jMaki Webtop is a light-weight Mashup Framework based on jMaki widgets. The webtop was demonstrated at Ajax World East 2008 keynote. The key features are:
  • Simple & easy to use (runs in browser)
  • Extensible (add your own widgets & gadgets)
  • Manageable (create users)
  • Persistent (Google Gears on the client, Database on the server)
  • Shared (read-only views can be shared with other users)
A 30-minute video of the Ajax World keynote session is available here and shows webtop in action :) The keynote deployed the webtop as a WAR file on GlassFish. A live PHP version of webtop is available at jmaki.com/webtop.

You can download the entire source code from the subversion repository and run it yourself.

Technorati: conf ajaxworld newyork glassfish jmaki

Friday Mar 21, 2008

Ajax World East 2008 - Day 2 Report


I delivered my Maki as an Ajax Mashup Framework talk and the slides are available here. Lots of attendees came by afterwards and told me that they enjoyed the demo. The talk showed how jMaki Webtop provides a lightweight mashup framework that runs in the browser. Here is a pictorial representation of the demo shown:

GlassFish jMaki Webtop

jMaki Webtop is basically a jMaki widget that can be embedded in a JSP or PHP page. This widget provides the framework for managing widgets and users, ability to persist the Webtop on client-side using Google Gears or server-side using backend database, layouts and other functionality. In JSP case, the widget uses JPA for performing all the CRUD operations with the back-end MySQL database. The resulting WAR file is deployed on GlassFish (can be any other Servlet container as well). If you are interested in a Java version of Webtop then the recommended path is:
  • Create services & widgets using NetBeans
  • Deploy them on GlassFish
  • jMaki webtop for widget deployment & customization
It really is an evolution of jMaki - using all the infrastructure that has built over 2 years. You can experience it yourself at jmaki.com/webtop which is running a PHP version of the app. See the coverage here. The code will be available soon!

I attended few more talks and took notes in some of them to share:
See below for notes from some of them.

Can we fix the Web ?

This was an early morning talk (7:30am) and I reached few minutes late. But it was basically talking about JavaScript vulnerabilities such as
  • Script injection
  • No difference between user & guest scripts
  • Scripts exempt from same-origin policy
  • No modularity (global access to everything on the page)
And also DOM vulnerability because every node in the tree has access to every other node. This lacks modularity and causes a potential security risk.
Doug recommended 3-step plan to fix the Web:
  • Safe JavaScript subset
    • JSLint.com provides a safe subset of JavaScript that removes all features that are unsafe or suspect such as no global vars or functions
    • Google Caja & Cajita provide a similar subet but they use transformation instead of validation
  • Minor browser improvements
    • Scripts are exempt from same-origin policy. This allows a dynamic <script> tag to make a GET request from a server. Instead use JSONRequest (part of json.org).
    • ES4 (the upcoming JavaScript standard) is not good enough because it maintains backwards compatibility and adds complexity.
  • Major browser improvements
    • Replace JavaScript & DOM in browsers. The approach is to start with JSLint and add safe features as required.
    • The Object Capability System (where objects are given explicit access to be used) needs to be enforced to make it secure.
In Doug's opinion, if the Web is not fixed then JavaFX, Silverlight & AIR (all vastly superior but lacking adoption) will displace the web.

The second talk was on Accelerate Ajax development with Appcelerator by Appcelerator CEO.

The talk started with a "not too long back" introduction of the technology space. Well, it started with 1991 and the timeline (and associated technology advances in that year) kept shuffling 1995, 1989, 2001 .... and so on. Jeff talked about how/why Tim Berners Lee invented WWW and covered a myriad of terms after that including but not limited to - Web 1.0, Netscape, Mosaic, marc Andreeeseen (sp?), Java, java Web Start, Applets, W3C, CGI, J2EE, JCP, C#, JBoss, SOA, JavaFX, Silverlight, AIR and many others. For a 50 minute talk, that was quite a long introduction.

After that introduction, he word "Ajax" was mentioned almost 30 minutes (8:51am to be precise) in the talk. And then the word "Appcelerator" was mentioned at 9:06am. Finally, I realized that I'm in the right talk ;)

Appcelerator like to pitch themselves as RIA + SOA company and allows true decoupling of the rich client from it's services. Their services is very similar to jMaki but they use event handling + Ajax + DHTML to achieve it. They also run on Ruby, PHP, Java and other languages.

All in all, it was a good walk through the memory lane!

The next one was REST & Ajax Reconciled.

The talk explained the basic concepts of REST - Resource, URI, Representation, URL & Methods (GET, PUT, POST & DELETE). It also explained the idempotency and safety of each method type. Overall a good decent introduction.

Then it explained the limitations with current web-based forms:
  • The URIs in the action attribute cannot be changed dynamically
  • Most browsers recognize only GET/POST methods
  • Limited ecodings - for example generating JSON encoding requires extra work.
It provided a REST framework checklist:
  • Does it have resource-based approach ?
  • Acknowledges existing of representation ?
    • need multiple of them
  • Solid engineering & community support ?
The three frameworks discussed in the talk were:
  • Apache Cocoon - based on XML pipelines & URL patterns, powerful but steep learning curve
  • RESTlet - Like Servlet for REST, good for existing model
  • Apache Sling - Based on JCR with server-side scripting support
The talk did not mention anything about Jersey which is turning out to be a great implementation and very well meets all the critieria mentioned above.

The speaker recommended Apache Sling with ┬Ájax for all REST + Ajax needs. But I'd strongly encourage you to have a look at Jersey. The JSON representation generated out of Jersey can now be directly consumed by jMaki as described here - a true combination of REST & Ajax :)

And then the last talk where I took notes is Understanding the Top Web 2.0 Attack Vectors. I'll provides notes from the last 5 slides of the talk which essentially captured the essence. These slides talked about fundamental issues with Ajax and described concerns and possible attacks in each issue. I'll need to understand some of these attacks better myself but at least I have a list to begin with :)

Here you go:
  • Client-side
    • Concerns
      • Transparency
      • Cross-domain communication
      • Exposed business logic (View Source)
      • Local & Offline data storage
    • Attacks
      • Cross-site scripting, DNS Rebinding
      • Business logic bypass
      • Variable tampering
      • Protocol hijacking
      • Function clobbering
      • JavaScript hijacking
  • Protocols
    • Concerns - new protocols on top of HTTP
      • SOAP
      • XML-RPC
      • REST
    • Attacks
      • Traditional
        • Man-in-the-middle
        • Spoofing
      • Recursive Payloads
      • Schema Poisoning
  • Information Sources
    • Concerns
      • Integrity
      • Transient
      • Diverse (RSS, Blogs, Email, ...)
    • Attacks
      • Untrusted content
      • Poisoned Cache (HTTP Response Splitting Vulnerability)
      • DNS Issues
  • Information Structure
    • Concerns - Variations of data structure
      • RSS
      • Atom
      • JSON
      • Serialized data
    • Attacks
      • Malicious injection
      • Parser implementations
  • Server-side Issues
    • Concerns
      • Architecture Weaknesses
      • Multiple languages & implementations
      • Increase & fragmented attack surfaces
      • Unknown request origin
      • Authorization & Authentication in complex environment
    • Attacks
      • Traditional
        • Information disclosure, Logical attributes, Denial-of-service
        • Command Injection
          • LDAP, SQL, XPath etc.

OpenAjax Alliance talk about Gadgets & Widgets was nice. The alliance is working on creating standards for widget metadata, communication across widgets and other similar tasks. The goal is to enable successful adoption of open and interoperable Ajax-based Web technologies.

Dave Ferraiolo (from OpenAjax) particularly expressed thanks to jMaki for deriving the first set of Open Ajax Data Model specs from jMaki data models.

That's it!

Check out some of the pictures:






The complete album is available at:


I had to leave at the end of Day 2 because of unfavorable health condition. But I'm glad at least I could deliver my talks :) Now I need to be back-in-shape before my upcoming trip next Tuesday!


Technorati: conf ajaxworld newyork glassfish netbeans ria sun web2.0 jmaki

Tuesday Mar 18, 2008

Ajax World East 2008 - Day 1 Report


Ajax World East 2008
started earlier today.

I delievered my "Web 2.0 Application development using jMaki" and the slides are available here. There were several demos shown in the talk (using NetBeans and GlassFish) and they are all accessible at the links mentiond below:
Several other related demos are available here. Luckily I could deliver without much hassle inspite of having a high fever and cough! I hope I can hold at least until tomorrow morning when the big preso is scheduled @ 11:35am.

Anyway I attended 3 more talks today and took notes to share:
See below for notes from each talk.

The first talk I attended was: Picking the Right Technology for Enterprise Rich Internet Applications. I got little late and the session was packed with attendees standing way outside the room so I joined them.
The session talked about AIR, Silverlight & JavaFX as three possible technologies for Enterprise RIA. Per the talk, here are the basic criteria for RIA tools requirement:
  • Seamless deployment on client
  • High penetration of runtime
  • Web browser independence
  • Fast client/server communication protocol
  • Robust security
Of course, this session was given in Ajax World so pros/cons of Ajax were dicussed:

Pros of Ajax Cons of Ajax
No deployment required Ajax apps are browser depdendent
100+ Frameworks 100+ Frameworks
Open Source, no need to purchase software license Expensive due to long cycle, skilled developers demand top rate
JavaScript is an interpreted language, entire source code can be viewed using "View Source"
Network communication speed is not optimizedf for Ajax requests

And then basically it talked about the three technologies and their pros & cons are well captured in the slides.

The second session I attended was Performance Tuning your Ajax Applications. This was an interesting session and I learned a few tricks. Interstingly we have implemented quite a few of these performance enhancements in jMaki already.

Improving the performance of Ajax applications require tuning the following parameters:
  • Number of requests
    • Reduce number of JavaScript files that are loaded. This is the most important since each request to the backend adds extra cost. Even when the scripts are cached, the browser still makes a request (unless Since-Modified header is set correctly).
    • Typical approaches are to concatenate the files at dev time or at runtime based upon request.
    • Dev time approaches
      • Ant - concat all JS files using <concat> task
      • Dojo - Run Rhino over all provide/requires and then concatenate the files
      • Command-line
    • Run time approaches - Concatenation happens depending upon the request. Cons are:
      • Server-side dependent
      • Makes it harder to distribute code
      • Server is loaded as concatenation happens on server (mitigated with caching)
      • Works for <15 JS files
      • Does not track dependency
  • Size of requests
    • Remove white spaces and comments (Packer, Dojo, YCompresser, SafeCompress, ShrinkSafe are some of the tools)
    • Shorten the variable names
    • Gzip the code
    • Semicolon is optional but needed if you remove EOL (careful when compressing the code)
      • Drastically reduces the file size (e.g. Apache XAP reduced the file size from 330 kb to 70 kb)
      • Lots of gzip tools
      • Need to put appropriate headers so that browsers recognize gzipped content
    • Coding Style
      • Single line "if" and "for" do not need "{ }"
      • Combine var declarations into a single var such as var x=1, y = 2;
      • Use JavaScript style object
  • Time of requests
  • Time of initial code completion
    • Minimize the time that is executed @ start up
    • Bring the data once the initial page is loaded
    • Show images telling users that something is going on
      • Distracts user from the time it's taking
  • Other tips
    • Don't write your own parser  - use the native parsers
    • "If" statement optimization
    • Use the native facilities like getElementById() or getElementByTagName()
    • Consider different approaches of DOM creation
      • Tail Recursion
      • Setting the value in innerHTML
    • Consider JSON over DOM for object graph traversal - JSON could be much faster
Similar tips can be used for CSS as well.

My third talk of the day was Performance Paradigm of a Mashup World.

This talk given by Vice President of Webmetrics and laid a special emphasis on "Collaborative Monitoring" for performance measuring any mashup. This process involves not only monitoring your own application, but also setting up agents that measure performance with other services being invoked in the mashup, their further partners and so on. It also talked about a layered approach of using:
  • Standard monitoring - HTML page load time, DNS request processing time, etc.
  • Pixel Mapping monitoring - required mainly for GUI intensive application
  • Web services monitoring - Used for partner monitoring
This was further clarified using a 6-step process:
  • Know your apps
  • Learn where the points are in your ecosystem
  • Measure your perspective
  • Monitor your APIs
  • Collaborate within your organization
  • Collaborate with your partners & customers
That's it!

Check out some of the pictures:


The expo hall opens tomorrow and Sun's booth is right between the ballroom and the main door to expo hall, can't miss us ;)

The complete album is available at:


The Internet connection at the Roosevelt hotel is painfully slow inspite of charging $14.95/night where as most of the "modern" hotels offer free wireless :(

Technorati: conf ajaxworld newyork glassfish netbeans ria sun web2.0 jmaki

Sunday Mar 16, 2008

Ajax World New York 2008 - This Week



Sun Microsystems is a Gold sponsor of Ajax World East 2008. The event kick starts in New York City tomorrow and you can see the complete agenda here.

From Sun speakers, you'll hear how jMaki, GlassFish Comet, GlassFish and NetBeans provide an easy-to-use and industry-grade platform to develop and deploy Rich Internet Applications. Here is the list of Sun sessions:

Here is my wish list of sessions that I'd like to attend:

Tuesday, Mar 18
Picking the Right Technology for Rich Internet Applications Track 5 2:00 - 2:45pm
Ajax Applicability: When should Ajax be used ? Track 2 2:50 - 3:35pm
RIA Approach for Web 2.0 Development using jMaki Track 3 3:40 - 4:25pm
Wednesday, Mar 19
Opening Keynote: Can we fix the Web ? Opening Keynote 7:30 - 8:20am
Think Fast: Accelerate Ajax Development with Appcelerator Session 2 8:25 - 9:15am
REST and Ajax Reconciled Track 6 9:20 - 10:05am
Enterprise Comet: Real-Time or Real-Time Web 2.0 ? Session 4 11:00 - 11:30am
jMaki as an Ajax Mashup Framework Session 5 11:35 - 12:05pm
Understanding the top Web 2.0 Attack Vectors Track 3 12:10 - 12:55pm
Building Web 2.0 Applications with Project Zero Track 3 2:05 - 2:50pm
Ajax and Social Computing for the Enterprise Session 7 2:55 - 3:30pm
Aptana IDE: Your unfair advantage for Ajax etc. Track 3 5:20 - 6:05pm
SYS-CON.TV Power Panel: The Business Value of RIAs Session 10 6:10 - 6:55pm
Welcome Reception 6:30 - 8:30pm
Thursday Mar 20
RIA Adoption in 2008: Risks, Rewards, Challenges & Opportunity Opening Keynote 8:00 - 8:50am
Ajax and Rails Track 6 8:55 - 9:40am
Now Playing: Desktop Apps in the Browser Session 3 9:45 - 10:15am
DreamFace: The Ultimate Framework for Creating Personalized Web 2.0 Mashups Session 4 11:55 - 12:25pm
Securing Ajax Development and Testing Track 6 12:30 - 1:15pm
Asynchronous Ajax for Revlutionary Web Applications Track 3 2:15 - 3:00pm
Saving your Investment: Transforming J2EE Applications into Web 2.0 using GWT Track 4 3:05 - 3:50pm
Building Scalable Ajax Applications using GlassFish Comet Track 4 5:30 - 6:15pm
SYS-CON.TV Power Panel: What Lies Beyond AJAX? Session 9 6:15 - 7:00pm

It's only a wish list cause I'll be spending time at Sun booth in the Expo Floor as well and this is New York City ;)

See ya there!

Technorati: conf sun ajaxworld jmaki glassfish mashups comet netbeans ria

Travel Schedule - Next 5 weeks

Here is my travel schedule for next 5 weeks:

Mar 17-21 Ajax World, New York Web Application Development using jMaki
Mar 25-26 The Server Side Java Symposium, Las Vegas Rails powered by GlassFish & jMaki
Mar 27 Developer Update, St Louis Westport DoubleTree, FREE event Open Source Web Services stack in GlassFish
Mar 28 Developer Update, Kansas City, FREE event Rich Internet Applications and GlassFish
Apr 16-19 FISL, Brazil Web 2.0 Application Development using jMaki and
Asynchronous Ajax for Revolutionary Web Applications

Stop by and say hello if you are present at any of the events. You'll hear about different GlassFish technologies:
  • How Metro provides enterprise-grade open source Web services stack for meeting all your needs
  • How jMaki allows you to create Rich Internet Applications
  • How Rails applications can be powered by GlassFish & jMaki
  • Asynchronous Ajax that allows you to scale your applications tremendously
  • And any other topic that you are interested in :)
Drop a comment if you are interested in a run or meal together ?

Technorati: conf glassfish metro webservices netbeans jmaki ajax newyork lasvegas stlouis kansascity brazil fisl ajaxworld tssjs

Thursday Jan 24, 2008

jMaki and Asynchronous Ajax @ Ajax World, New York 2008

The jMaki session at the upcoming Ajax World East 2008 is featured on Web2Journal.

Enjoy several jMaki screencasts before the talk :)

Jean-Francois is also speaking on Asynchronous Ajax for Revolutionary Web Applications - He is a great speaker and interesting topic too!

If you want to speak, the Call For Paper for Ajax World closes tomorrow (Jan 25, 2008).

Technorati: conf jmaki ajaxworld web2journal

Wednesday Jan 09, 2008

jMaki @ Ajax World, New York 2008

Ajax World 2008 - New York City

Sun Microsystems is a Gold sponsor of Ajax World 2008, New York City. I'll be speaking on Web Application Development using jMaki.

jMaki
is a light-weight framework to create Rich Internet Applications using the best tools/libraries and standard practices. I plan to deliver the talk with lots of demos and hope you'll be able to correlate them with real-life scenarios easily. Of course, GlassFish provides a robust development environment for deploying these applications.

I liked the fact that they put my name/photo on the front page as shown below (kinda cool):

Ajax World 2008 Front Page

This is the first time it happened to me :)

If you have not registered yet, Register Today (before Jan 18) and save $200.

Find out more about the Products, Solutions, Free Developer Tools, Try and Buy and Other Cool Stuff for your next generation Web application (aka "Web 2.0") at developers.sun.com/web.

Technorati: conf jmaki glassfish ajaxworld

Friday Mar 23, 2007

Day 2 @ Ajax World - Part 2

Following from previous entry, I spent rest of my day at Sun pod showing various demos and talking to users. The evening was fun with a 2-hour cruise trip.

 

The boat was shaking a lot so I could not get any good pictures of the New York City skyline or Statue of Liberty. But it was nice spending time with other friends.

Technorati: ajaxworld sun swdp web2.0

About

profile image
Arun Gupta is a technology enthusiast, a passionate runner, author, and a community guy who works for Oracle Corp.


Java EE 7 Samples

Stay Connected

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today