Unix tools as visual programming components in a GUI‐builder environment

Development environments based on ActiveX controls and JavaBeans are marketed as ‘visual programming’ platforms; in practice their visual dimension is limited to the design and implementation of an application's graphical user interface (GUI). The availability of sophisticated GUI development environments and visual component development frameworks is now providing viable platforms for implementing visual programming within general‐purpose platforms, i.e. for the specification of non‐GUI program functionality using visual representations. We describe how specially designed reflective components can be used in an industry‐standard visual programming environment to graphically specify sophisticated data transformation pipelines that interact with GUI elements. The components are based on Unix‐style filters repackaged as ActiveX controls. Their visual layout on the development environment canvas is used to specify the connection topology of the resultant pipeline. The process of converting filter‐style programs into visual controls is automated using a domain‐specific language. We demonstrate the approach through the design and the visual implementation of a GUI‐based spell‐checker. Copyright © 2001 John Wiley & Sons, Ltd.     

A market-based approach to managing the risk of peer-to-peer transactions

Market-based principles can be used to manage the risk of distributed peer-to-peer transactions. This is demonstrated by Ptrim, a system that builds a transaction default market on top of a main transaction processing system, within which peers offer to underwrite the transaction risk for a slight increase in the transaction cost. The insurance cost, determined through market-based mechanisms, is a way of identifying untrustworthy peers and perilous transactions. The risk of the transactions is contained, and at the same time members of the peer-to-peer network capitalise on their market knowledge by profiting as transaction insurers. We evaluated the approach through trials with the deployed Ptrim prototype, as well as composite experiments involving real online transaction data and real subjects participating in the transaction default market. We examine the efficacy of our approach both from a theoretical and an experimental perspective. Our findings suggest that the Ptrim market layer functions in an efficient manner, and is able to support the transaction processing system through the insurance offers it produces, thus acting as an effective means of reducing the risk of peer-to-peer transactions. In our conclusions we discuss how a system like Ptrim assimilates properties of real world markets, and its potential exposure and possible countermeasures to events such as those witnessed in the recent global financial turmoil.     

SDriver: Location-specific signatures prevent SQL injection attacks

SQL injection attacks involve the construction of application input data that will result in the execution of malicious SQL statements. Many web applications are prone to SQL injection attacks. This paper proposes a novel methodology of preventing this kind of attacks by placing a secure database driver between the application and its underlying relational database management system. To detect an attack, the driver uses stripped-down SQL queries and stack traces to create SQL statement signatures that are then used to distinguish between injected and legitimate queries. The driver depends neither on the application nor on the RDBMS and can be easily retrofitted to any system. We have developed a tool, SDriver, that implements our technique and used it on several web applications with positive results.     

Job Security

Some consider unmaintainable code a tool that provides job security. At the low level, you can obtain such code through incorrect or inconsistent formatting, naming, and commenting. Complex and gratuitous coupling, lack of assertions, and failure to use a language's type system can further complicate the picture. At a higher level, deep and wide class hierarchies, lack of cohesion, and unhelpful package relationships can hinder maintainability. Finally, at the development process level, lack of version control, subpar build-and-release procedures, a lacking testing infrastructure, and the hiring of mediocre developers will hammer the last nails into a project's maintainability coffin.     

Tool writing: a forgotten art? (software tools)

The author decided to create a tool to fit the needs. In the process, the author discovered something important: writing stand-alone tools that you can combine efficiently with others to handle more demanding tasks appears to be becoming a forgotten art. The author created a metric tool, named ckjm, using the design principles the author outlined earlier. The tool operates on a list of compiled Java classes specified as arguments or read from its standard input. It then prints to its standard output a single line for each class, containing the class name and the six metrics values. Ant Java-based build tool and adding an XML output option.     

On Paper

This paper tries to devise an algorithm for analyzing initializers for C arrays and structures. The CScout refactoring browser is used to look for possible differences between closed and open source code. Unlike the other code bases, Sun's code didn't appear to use any exotic compiler extensions, so CScout uncomplainingly devoured one file after the next. Then, after approximately six hours of processing and 80 percent along the way, it reported a syntax error. Most errors encountered when processing C code with CScout are easy to handle. A macro definition is added to simulate a compiler built-in-function.     

The Tools We Use

What's the state of the art in the tools we use to build software? To answer this question, I let a powerful server build from source code about 7,000 open source packages over a period of a month. The packages I built form a subset of the FreeBSD operating system ports collection, comprising a wide spectrum of application domains: from desktop utilities and biology applications to databases and development tools. The collection is representative of modern software because, unlike say a random sample of SourceForge.net projects, FreeBSD developers have found these programs useful enough to port to FreeBSD.