miércoles, septiembre 28, 2005

Ultimos días en La Serena...

En pocos días más, viajamos de Santiago a Madrid. Tres años en Chile, entre La Serena y Santiago. De ahora en más, la Comunidad Valenciana...
Durante un mes no creo que tenga prácticamente tiempo para nada que no sea organizarnos. Posted by Picasa

viernes, septiembre 09, 2005

ECMDA: Consistencia en el desarrollo de software conducido por modelos

La Conferencia Europea en Arquitectura Dirigida por Modelos (ECMDA) tendrá en Noviembre una reunión de trabajo enfocada en el análisis de la consistencia de modelos creados con UML, en el contexto de su uso para la generación automática de código:

A number of artefacts are produced during the software developments process and MDA in particular. Those artefacts are usually expressed in UML and should be related in different way to each other. One of the most important relationship between artefacts is that they should be consistent. Putting this question into the discussion and trying to find answer to this question is the main topic to be addressed during the workshop. (...)

The following issues fall within the scope of the workshop:

  • Understanding consistency in the context of MDA and UML in particular – informal consistency from different points of views, static and dynamic consistency.

  • Definition of consistency in MDA and UML – set of properties or other techniques,

  • Checking consistency,

  • Ensuring consistency,

  • Model transformation preserving consistency,

  • Practical realization,

  • Tools support for checking and ensuring consistency,

  • Relationship between consistency and formal techniques and languages,

  • Consistency driven development process,

  • Merging models and consistency (PIM + PM ->PSM).


El material de las reuniones previas de los años 2002, 2003, y 2004, se puede consultar a partir de ésta página (link en el título de esta nota).
Todo el material es de interés no sólo para abordar el propio problema convocante, sino para entender el uso de OCL, las operaciones de transformación de modelos, y los metamodelos en UML, y aún más en general, el uso de artefactos capaces de generar código.
Un tema que particularmente estimulante, es planteado por Robert Wagner, Holger Giese, y Ulrich Nickel, de la Universidad de Padeborn, Alemania; Flexibilidad en las reglas de consistencia aplicadas:
In most CASE tools, the consistency checks being performed are rather static and predefined as they are hard coded into the tool . Thus, new consistency rules neither can be added nor can existing consistency rules be adapted to special user, enterprise, project, target language, or domain specific demands. However, during large projects you will never obtain a complete set of rules covering all relevant inconsistencies. In fact, the set of consistency rules will be expanded and refined through the whole lifecycle of a project. Thus, for a tool developer it becomes infeasible to identify all consistency rules in advance.
In this paper we present a plug-in for a flexible and incremental consistency management realized within the FUJABA TOOL SUITE. FUJABA itself is an Open Source UML CASE tool project. It was started by the software engineering group at the University of Paderborn in fall 1997 and has a special focus on code generation from UML diagrams resulting in a visual programming language. Hence, consistency management was an important issue from the beginnings since consistent specifications are a required prerequisite for an error-free implementation.
Más sobre ECMDA.
Herramientas Comerciales y Open Source participantes. FUJABA.
Historial de conferencias sobre MDA de la asociación.

sábado, septiembre 03, 2005

Una comparación sobre ambiente de seguridad entre Java y .NET

Mencionado en The Server Side (.net) por Paul Ballard, un papel de dos estudiantes, Nathanael Paul y David Evans, de la Universidad de Virginia, compara la implementación de políticas de código seguro en Java y en .Net. Con un punto de vista algo "virado al .Net", el documento es minucioso y consistente, por lo que contribuye a alcanzar dominio sobre los potenciales problemas o puntos débiles de las plataformas. Su conclusión es que .Net ofrece un mejor marco de seguridad que Java:
Java and .NET have similar security goals and mechanisms. .NET’s design benefited from past experience with Java. Examples of this cleaner design include the MSIL instruction set, code access security evidences, and the policy configuration. .NET has been able to shield the developer from some of the underlying complexity through their new architecture.

Where Java evolved from an initial platform with limited security capabilities, .NET incorporated more security capability into its original design. With age and new features, much of the legacy code of Java still remains for backwards compatibility including the possibility of a null SecurityManager, and the absolute trust of classes on the bootclasspath. Hence, in several areas .NET has security advantages over Java because of its simpler and cleaner design.

Most of the lessons to learn from Java’s vulnerabilities echo Saltzer and Schroeder’s classic principles, especially economy of mechanism, least privilege and fail-safe defaults. Of course, Java’s designers were aware of these principles, even though in hindsight it seems clear there were occasions where they could
(and should) have been followed more closely than they were. Some areas of design present conflicts between security and other design goals including fail-safe defaults vs. usability and least privilege vs. usability and complexity. For example, the initial stack walk introduced in Java has evolved to a more complex stack walk in both architectures to enable developers limit privileges. In addition, both
platforms default policies could be more restrictive to improve security, but restrictive policies hinder the execution of programs. .NET’s use of multi-level policies with multiple principals provides another example of showing the principles of least privilege and fail-safe defaults in contention with usability and
complexity. Several of the specific complexities that proved to be problematic in Java have been avoided in the .NET design, although .NET introduced new complexities of its own. Despite .NET’s design certainly not being perfect, it does provide encouraging evidence that system designers can learn from past security vulnerabilities and develop more secure systems. We have no doubts, however, that system designers will continue to relearn these principles for many years to come.
No obstante, es necesario recordar que la similitud está en el uso de una máquina virtual, pero que .Net ejecuta múltiples lenguajes sólo sobre Windows, y Java sólo un lenguaje sobre múltiples plataformas. En una decisión de arquitectura, las alternativas por ahora son más amplias sobre Java, sin mencionar la confiabilidad del sistema operativo huésped.

viernes, septiembre 02, 2005

Apuntes sobre performance en Java

Jack Shirazi sostiene una página dedicada a dar consejo en hacer ajuste fino al uso de Java, mejorando su performance. Un buen sitio no sólo para tener guía en aspectos críticos del uso del lenguaje, sino para hacerse una idea realista de cómo encarar Java con posibilidades de éxito. Acumula al día de hoy cuarenta y siete cartas sobre performance.