Top
Author

Portrait of Joannes Vermorel

I am Joannes Vermorel, founder at Lokad. I am also an engineer from the Corps des Mines who initially graduated from the ENS.

I have been passionate about computer science, software matters and data mining for almost two decades,

Meta
Tags

Entries in pratices (11)

Thursday
May242007

Spam 2.0 or the spammers reloaded

DateThursday, May 24, 2007 at 3:32PM

Spammers are legions, and unfortunately, most recent systems are just very weak against adversarial behavior (see my previous discussion on the Google case ).

In the last few months, I have just noticed no less than 4 new kinds of spammers.

Spam 2.0 released, buy now!
  • P2P spam targeting file-sharing applications such as Emule. The basic idea is the following: spread, through the P2P application, a virus that breaks into the P2P application itself. Once the P2P application is infested, all the incoming requests will return the virus wrapped under the name of the incoming query. For example if the incoming request is "some illegal song" then, the infested P2P application will claim the file "some-illegal-song.mp3.exe". Nasty but effective.

  • SMS spam with incentive for the recipients to call a very expensive phone number. Indeed, sending SMS is not free (as far I know); thus you need a strong incentive like "To the owner of 0123456789, you've won a Nitendo Wii, call 987654321 to claim your prize". No need to tell that 987654321 is anything but a tool-free number.

  • Instant Messaging spam targeting applications such a Skype. Actually, I would suspect that some black hat guys managed to pass through the "usual" white-listing systems because I end up, once or twice a day, forcefully connected into huge conference calls (with roughly of 200 people); the spam being sent through the conference canal.

  • Virtual Worlds spam targeting popular MMPORGs such as World of Warcraft. Basically, spammers just start flooding the main discussion canals with commercial links. So far, it was mostly Warcraft-related (like buying Warcraft gold coins with US Dollars), but I suspect that pretty soon, spammers will realize that they are able to sell fake drugs and fake watches on Warcraft too.

Spam has already upgraded toward the version 2.0 but I am still waiting the delayed release of Cypercop 2.0.

AuthorJoannes Vermorel | CommentPost a Comment |
tagged , , , in
Wednesday
May232007

Get your TCO assessments right - fight the urge for home-cooking

DateWednesday, May 23, 2007 at 11:14AM

TCO stands for "Total Cost of Ownership". The concept has been known for decades, yet when it comes to software, even IT professionals have real difficulties to make correct TCO estimations. It's true that software TCO is a difficult task: first, it's really hard to compare products especially if the products involve hundred of features as it is usually the case, second, TCO heavily depends on the way you are actually using the product, MS Excel has an excellent TCO if you want to make some personal budgeting operations, but the TCO would be abysmal if you would try to use MS Excel as an accounting system for your mid-size company.

An issue that I have often encountered in software companies is, what I would call, the urge forhome-cooking; home-cooking always taste best, no matter the actual skill of the cook, but you can't really criticize a relative. Unfortunately, home-cooking usually costs way more than industrial food as soon as you stop considering that the cooker time is just free.

Is your IT company a victim of the home-cooking syndrome?

Typical symptoms include
- Hey, let's recycle this old PC into a server. Unfortunately, the machine resources are too low for Windows;
thus, you switch to Linux. Then, you start having hardware issues; after all, it's an old PC, what did you expect. At the end, you spend 4h/week just taking care of the old PC. TCO = more than 800 EUR a month, probably twice the price of a new PC.
- We have an home-grown FOO solution. Replace FOO by keywords like compiler, programming language, accounting, time-tracking, billing-tracking, email management, CRM. All sort of things where cheap on-the-self software solutions exist anyway. Software companies are really weak against this because it's fun to start a new project but the costs are just terrible.
- We need to hire someone to manage our systems. In software companies, practically anyone has the skill to manage applications, plus the market cover 200% of the needs for software companies. If you start needing full-time people dedicated to your IT
infrastructure in your less-than-20-people-mISV, then something is wrong.

In order to reduce the IT infrastructure TCO, the most efficient solution that I have found so far consist in migrating to hosted & managed solutions whenever possible. For example, instead of building your own Subversion server (cost = 10h at setup + 2h / per week for maintenance) just go for hosted-projects.com (cost = 10 EUR per month or so). More to come on the subject, stay tuned...

AuthorJoannes Vermorel | CommentPost a Comment |
tagged , , in ,
Saturday
May122007

Continous migration in software development

DateSaturday, May 12, 2007 at 6:15PM

New (and soon to be deprecated) technologies are just flowing in the Software industry. Some people pointed out that you can't stop improving your product just to keep the pace with the release flow (that's the fire and motion theory). Yet, being an ISV, your options are quite limited. You have to rely on the latest (yet stable) technologies in order to maintain a highly competitive productivity.

Rewriting from scratch your application to support the latest Foo.NET release is a bad idea; no question asked. Yet, it must be taken into account that

  • getting people interested (worse, training them) on deprecated technologies (let's say Classic ASP) is both hard and depressing.

  • not beneficing from the latest tools means lower productivity. Ex: Classic ASP => ASP.Net 1.1 => ASP.Net 2.0, each new version being a huge time-saver compared to the previous one).

Lokad.com has been existing for less than a year and, we have already performed quite a lot of migrations.

  • SQL Server 2000 => SQL Server 2005

  • ASP.Net website => ASP.Net web application

  • No AJAX => ATLAS (betas) => ASP.Net AJAX Extensions

  • NAnt => MsBuild (when the MsBuild Community Tasks have been released)

  • VS 2005 Setup Project => WiX 2.0

  • Command Line => PowerShell (for our command-line tools)

  • IE6 => IE7 and FF1.5 => FF2.0 (for javascripts and CSS)

Among the next planned migrations

  • Visual Studio 2005 => Orcas

  • WiX 2.0 => WiX 3.0

  • Inline SQL in C# => LINQ

  • NDoc => SandCastle

  • NuSoap => PHP5 Web Services

  • osCommerce 2.2 => osC 3.0 (currently alpha) => osC 3.1 (for the plugin framework)

Our processes at Lokad involve continuous migrations toward new technologies. Upgrading take time and efforts, yet this process seems quite necessary to maintain optimal development conditions.

AuthorJoannes Vermorel | CommentPost a Comment |
tagged , , , in ,
Monday
Dec112006

What do most WS directories have in common?

DateMonday, December 11, 2006 at 6:48PM

Most Web Services directories have one thing in common: they are totally bugged at the point of being totally unusable. Indeed I have tried to submit the Lokad Forecasting Web Services to several directories. Namely:

  • BindingPoint.com: registration process crashes and the ASP.Net default exception page.

  • WSIndex.org: can't even login, gets a fatal cgi-bin error while trying.

  • XMethod.com: website painfully designed, registration succeeds but submission crashes.

  • Dmoz.org: "Submit URL" gets me to a page Service Temporarily Unavailable (it has been that way for the last 2 weeks)

It's almost unbelievable that so many top-ranked web sites (try web services directory on Google) are not even able to achieve something as simple as a registration process.

On the positive side, I have found wsfinder.jot.com which is by far the most usable WS directory out there IMO.

AuthorJoannes Vermorel | CommentPost a Comment |
tagged , , in ,
Saturday
Nov112006

A few tips for source code versioning (do not drive your co-workers mad)

DateSaturday, November 11, 2006 at 11:40AM

Source control management (SCM) is a technical matter as well as a good practice matter. Here is a small list of tips that I have found quite useful in practice.

A good commit is like a good paper:

  • It starts with an evocative title. Ok, there is no title in SCM but there are comments provided while committing. If your SCM comment is not clear, then how do you expect your co-workers to keep track of what you are doing? A good title takes time and so does a good SCM comment. Do not rush your commit omitting the SCM comment.

  • It has a clear self-contained content and focus. If you start working on many different files, you may end-up with a large commit covering many unrelated aspect of your software. Such a commit is hard to read for your coworkers because there is no focus. A lot of things are going on but nobody can really tell what did change and what did not.

  • It goes right to the point: Insignificant elements are left outside the scope of the article. Do not commit a file if the changes have no purpose whatsoever. Such situations arise easily when you've just added or removed a few blank lines.

  • The SCM comment is your title, eventually your headline, but it's definitively not the content of your paper. In particular, do not use the SCM comment to raise questions or ideas. Those elements must be handled directly in body of your commit, i.e. the committed files themselves. The SCM comments will be quickly lost in the SCM history, but the ideas/suggestions must stay until implemented or discarded.

AuthorJoannes Vermorel | CommentPost a Comment |
tagged , , in
Page 1 2 3 Next 5 Entries ยป