Web Software Architecture and Engineering – Life on the Bleeding Edge

Archive for March, 2009

SAP and Adobe

SAP and Adobe mark a new milestone in “the true integration of rich internet content based upon the Adobe Flex Platform into the primary SAP UI technologies.” This is big news indeed.
Read more @


Requirements for a new SCM/ALM Tool – Input Appreciated!

I need your help and input! We’ve been using SourceForge OnDemand (now a part of CollabNet, the people behind Subversion) since 2006! Even though our team is smaller now, we’ve still outgrown it. There are so many new players in this field now, especially those that are cheaper in this tight economy.
So I’m putting together a list of features that I’d like to have in this new tool. I need your help in letting me know if I’m missing anything, or if there is a tool you’d like me to take a look at and consider. Your experiences would be helpful as well.
So without further ado, here is my list of must haves (will keep updating this list):

  • SVN Repo Hosting
    • SVN 1.5+ (if not 1.6)
    • Code Browser
    • Integration w/Eclipse via Plugin
  • Some sort of Issue/Artifact Tracker
    • Track Requirements through lifecycle
    • Track Help Desk issues
    • Track Bugs
    • Track General Tasks
    • This feature should have customizable statuses, etc.
  • Simple Project Management
    • Simple Project Pages w/ Highlights
    • Milestones
  • Collaboration
    • Wiki
    • Forum/Messaging
    • File Repo
    • Email Alerts
    • RSS
  • Extensibility
    • API
  • Administration
    • Distinct Permissions
    • Flexibility
  • Cost
    • The lower the better!

Do you have some recommendations! Should I add/drop features? Comments appreciated!

Big News: Subversion 1.6 Released!

See announcement below.


I’m happy to announce the public release of Subversion
1.6.0.  Culminating over 9 months of
development effort, this is the best release of Subversion yet, and delivers
powerful features for both the client and server, including:

 * Better
filesystem storage mechanisms

 * Authentication
data handling improvements

 * Early support
for tree conflict detection

 * …and many


For full details, see the Subversion 1.6 Release Notes:



Subversion 1.6.0 is immediately available from:









The MD5 checksums are:









The SHA1 checksums are:


    a8088dd170ea38f6d175c6b009352922bc808013  subversion-1.6.0.tar.bz2







PGP Signatures are available at:









For this release, the following people have provided PGP


   C. Michael Pilato [1024D/1706FD6E] with

    20BF 14DC F02F
2730 7EA4  C7BB A241 06A9 1706 FD6E

   Paul T. Burba
[1024D/53FCDC55] with fingerprint:

    E630 CF54 792C
F913 B13C  32C5 D916 8930 53FC DC55

   Karl Fogel
[1024D/DB00A248] with fingerprint:

    B77E 8FB2 112F
9637 2E3E  3F08 BC9D BB13 DB00 A248

   Bert Huijben
[1024D/9821F7B2] with fingerprint:

    2017 F51A 2572
0E78 8827  5329 FCFD 6305 9821 F7B2

   Hyrum K. Wright
[1024D/4E24517C] with fingerprint:

    3324 80DA 0F8C
A37D AEE6  D084 0B03 AE6E 4E24 517C

   Mark Phippard
[1024D/035A96A9] with fingerprint:

    D315 89DB E1C1
E9BA D218  39FD 265D F8A0 035A 96A9

Jayachandran [1024D/ED184C2C] with fingerprint:

    3E5B 5C1D 1CA6
A611 2787  9B4B DD61 EFC8 ED18 4C2C


Release notes for the 1.6.x release series may be found




You can find the list of changes between 1.6.0 and
earlier versions at:




Questions, comments, and bug reports to users@subversion.tigris.org.



– The Subversion Team



PCI Compliant Managed Host – Intelenet aka Latisys *WINNER*

Let me start by saying, we had hosted our servers at OpSource, a premier SaaS managed hosting company, with nationwide coverage for almost 3 years. We had issues off and on for a quite a while with them, and soon we knew we had to take things to the next level. Our servers were getting old, and so was their service.
Part of the problem was having a company so big, so global, that they, it seemed, felt no need to treat us special. So we had a strong urge to drop a remote host, for disaster recovery purposes, in favor of someone local, so that we could get some face time (and hopefully better service).
Our only option in Southern California was Intelenet, which recently changed their name to Latisys (they have merged and grown since then). They answered our questions regarding being in California, hence dealing with earthquakes right from the start. They showed how they were out of the quake zone, and that LA City, and other local clients, actually outsource and do disaster recovery with them being in the heart of Orange County, for those who are familiar with the area). 
They were quite aggresive from the start, always following up, and showed they were quite eager to earn our business, and to work the quote to meet our needs. They went the extra mile for us on several occasions. They have 3 major data centers spread out across the US due to mergers and acquisitions. Their upper management seemed quite brainy, and their data center setup is quite impressive. All their backups go to their Colorado facility. And they were also SAS 70 Type II compliant along with being PCI certified.
Overall, their pricing was decent, and despite some minor hiccups, we liked what they had to offer.
So there you have it. It took 3 long arduous months for us to find a host, and so far we are quite pleased.

  • Go get ’em attitude
  • National Coverage
  • Willing to go the extra mile
  • Brainy management
  • PCI Experience
  • SAS 70 Type II certified
  • 1 Hour Hardware Replacement
  • Medium Costs


  • Not all together well-known
  • In California (near quake zones, although they make up for it by being on the priority grid, and having 3 layers of monthly tested power backups)
  • Some minor hiccups, turn around time took a little longer due to the holidays

Rank: Tier 3

PCI Compliant Managed Host – AmericanEagle

AmericanEagle is a web development company that does big business for industry, government, etc. They have a couple data center, and listed on their website, was also PCI Compliant Hosting. However, from my initial contact, it seemed like their sales people weren’t used to selling stand-alone PCI Compliant Hosting, and that most of their clients doing e-Commerce were also their clients for development.
Despite that, they were PCI Certified Hosts. However, it seemed the sales process hadn’t caught up, and their quotes were a bit cookie cutter. If you are looking for a host to build the website and to host it, they might be a good option, however I couldn’t tell if they had any ColdFusion experience.

  • PCI Certified Host
  • Web Development Knowledge


  • Locked into their PC specs
  • Cookie cutter quote process
  • Primarily a web dev company
  • Medium Sized
  • New to Hosting Only concept
  • Could not provide diagram of proposed setup
  • Medium Costs

Rank: Tier 3

PCI Compliant Managed Host – HostMySite

HostMySite is a name familiar to many CF developers. But have you looked to them for a solution beyond simple shared hosting and maybe even dedicated hosting?
From my discussions, they seemed to be new to the whole PCI area. Although they were able to provide a diagram, I wasn’t always sure they got what I was talking about. Again, this has all to do with experience, not only technically, but in selling a solution.

  • Extensive experience with ColdFusion


  • New to PCI
  • Unknown if they are Certified PCI Hosts
  • Servers spec’ed were quite anemic (shockingly so!)
  • Unusually high costs, relative to their experience and server specs especially

Rank: Tier 2

PCI Compliant Managed Host – A3IT

A3IT is the opposite of DataPipe in terms of size. As far as I know, they had only one data center. However, if someone is looking for a Certified PCI Host with a personal touch, they seemed to be the way to go. They seem to be a sub-50 person company located in North Carolina, and they took the time to understand our setup.
Initial setup costs seemed high, however was understandable for a smaller data center, which can’t spread costs based on economy of scale.

  • PCI Certified Host
  • Personal Touch / Small Size (could be a minus)
  • Plenty of PCI Experience


  • Small Size (see above)
  • Couldn’t do a site-to-site VPN to servers (lack of resources?)
  • Did not provide diagram of setup
  • Medium to High Costs
  • Didn’t have much in the way of shared storage setup (lack of resources?)

Rank: Tier 3