SAP and Java

When SAP announced that they were migrating their solution to a full J2EE server stack, I was initially sceptical. While it makes good business sense (after all Enterprise Java server’s are now effectively free), and complemented their decision to open source the SAP DB (now known as Max DB), there was still a niggling feeling at the back of my mind.

Why? Well over the years we’ve learnt a lot of lessons of how to build Scalable Java applications. Even then, some people can’t seem to get it right (No names , but you know who you are). How would SAP people (who I have a lot of respect for as you don’t get to the position SAP is within the industry without getting at least something right) react to this strange new Java world. Would they shed all past baggage and dive in with the enthusiasm of College Graduates? Or would they take a ‘not invented here’ attitude and hack together something in Java along the lines of what they were used to.

I suspected the latter , and fully expected to end up cleaning up some mess of a CRM or ERM system. However, I am pleasently surprised with SAP’s Java Website. On a pure Java level, it approaches the efforts from Oracle , IBM and BEA. If SAP are making this amount of effort to promote Java best practice, then there may be hope after all.

Final question: If this goes the way SAP is planning, at what point does it’s installed base get counted as part of the Market share of J2EE servers. What percentage of the market would it have? A healthy and very profitable 10%? Certainly the strategy (and the Market share) is very close to Oracle , which also bundles it’s (10g) App server with it’s main product (a Database rather than a CRM or ERP Solution).

Security : How to break your own web application

Almost as bad as thinking ‘nobody can break my web application’ is a bury your head in the sand and think ‘if I don’t try and break it , then it must be working , right?’

The Open Web Application Security Project is a cold dose of reality – it documents what the bad guys already know, and what you should know to actively try and break your own website.

I haven’t tried running any of these against any of the well know Irish Websites, (for obvious reasons), but it would be interesting to see how many would pass these tests … they even provide WebGoat , a piece of software to teach you on how to find (and fix) Security flaws (thanks John for the correction!).

Estate Agents and the Klu Klux Klan

Freakonomics is a book recently published where the ‘Indiana Jones’ of the Economic world take a sideways look at things we take for granted.

One of the chapters is titled ‘Estate Agents and the Klu Klux Klan’ , where the authors show the power of information – in the first instance how Estate Agents use their market knowledge to get higher prices for their own house (by a couple of thousand dollars on average). In the 2nd instance it shows how information was used to stop the Klan revival in it’s tracks (by giving out information on the funny handshakes in a childrens cartoon).

So what has all this to with IT consultancy? The moral of the story is that when hiring somebody with more knowledge than you (be it a plumber or a Sys admin) be very very careful. More than ever , get references from the candidates and follow them up. If you ask me nicely, I’ll tell you a ‘how not to do it story’ which can’t be published here for legal reasons ….

As an aside , to do with information and the power of the internet , take a look at the New Orleans Hurricane Katrina information map. People are using a combination of google maps and blogs to give a real picture of the situation on the ground. While the picture may be surprisingly ‘normal’ (after all the people posting still have internet connections), it shows that the internet is still producing cultural aftershocks 10 years after it’s introduction.

It’s hard to ignore people, even half a world away, when they’re posting information about how the floodwaters are rising by the minute.