Skip to main content

Lessons from CORBA

In the mid-90's, I got to become experienced in CORBA distributed programming environments.  While it's considered a dead technology with a lot of flaws, I would like to look at it specifically at it from a boundaries point of view.

With the advantage of hindsight, we can look at which characteristics of a distributed programming environment:

  • Interface Definition Language (IDL) - is not a deal breaker.  If you look at current environments like gRPC, the use of a language independent definition language allows wide adoption.  The ability to do code generation for your interfaces ensure that you can implement clients and servers with static type checking (if your language supports that).
    At the same time, JSON is also widely used is REST implementations.  So, another successful alternative is an interpretive on the wire format.
  • Leaking language details into other implementations is not good.  Anyone who implemented a CORBA system would have to learn and understand a fairly complicated memory management scheme that had _ptr and _var in C++ and Java affecting your client and server code because the vendors also wanted to support C.  This means that even if you are just implementing business logic, you were exposed to the complexity.
  • Assuming a flat network design. While there were proprietary work around (Visibroker GateKeeper)  with long polling HTTP gateways, one of the fundamental assumptions in CORBA is that all network endpoints are equally available and connected.  That's just not true.  In the real world you have firewalls, proxy servers, reverse proxy servers, etc. and CORBA generally just didn't play well with them.
  • A greedy set of vendors with a committee based set of standards.  I know this isn't a technical issue, but it affected how software was developed. 
    For example, when the CORBA standard moved from a BOA (Binary Object Adapter - which is not standardized - each vendor did their own) to a POA (Portal Object Adapter - each vendor was supposed to generate standard code) Visibroker, for example, would charge you for any named POA's and not for unnamed POA's.  This would allow you to establish callback objects - think of a push notification - but would not allow you to debug which clients were having problems because they were not named.
    To add insult to injury, that didn't stop them from insisting on audit's that use different license terms than the version deployed.
    Part of the problem is that open source was not as available then.  Getting management buy in to use an open source implementation (like ICE) that was moving faster than the standard was difficult.

Comments

Post a Comment

Popular posts from this blog

Spring Boot native builds when internet downloads are blocked made simple

 No direct access to the internet If you work at a company that controls their software bill of materials, it's quite common to be blocked from directly downloading from: Maven Central Docker hub GitHub (the public parts) Getting the bits Maven Maven is first, because without it, you won't be able to compile your Spring Boot application, let alone move on to turning it into a native docker image. I will be showing changes need to work with artifactory, but you should be able to adapt it to other mirror solutions.  repositories {   maven {     name = "central"     url = "https://artifactory.example.com/central"     credentials {       username = "${project.ext.properties.artifactory_username}"       password = "${project.ext.properties.artifactory_apikey}"     }   } } With this configuration change, you should be able to download your plugins and dependencies, allowing you to compile and ...
Post a Comment
Read more

Kotlin Notebook when you're blocked from Maven Central

 TLDR; If you are blocked getting to maven central when first using Kotlin Notebooks because of company firewalls, you can use a tool like Fiddler Tool to redirect to a different network location. Kotlin Notebooks Kotlin Notebooks are a JDK based environment that brings the Python based Jupyter Notebooks  expressiveness to IntelliJ. From the blog post announcing the plugin, it looks like this: At home, the installation of jar files looked like this: I played around with it at home, but I couldn't use it at work.  Many companies, mine included, do not allow software components to be used when downloaded directly from the internet. In my companies case, we use a product called Artifactory, which allows you to mirror the content from Maven Central while still applying policies like CVE scanning, tracking, etc. The way it should work IntelliJ, as one of the leading IDE's, generally supports this quite well.  In fact, there is a whole setting page dedicated to dealing wi...
Post a Comment
Read more

Active vs. Passive Log4jShell remediation

 Log4jShell  All computer professionals should be aware of the Log4jShell ( CVE-2021-44228 ) and it follow on defects.  There is no shortage of opinions and lessons to be be learned: The difficulty of performing safe interpretation The problems when assumptions are not clearly documented.  I, for one, was completely shocked to find out that a logging system would actually attempt to do variable substitution in an actual message. The difficulty of finding and resolving issues with such a common library that is not provided by an OS package manager. IT'S A LOG4J CHRISTMAS One of my favorite podcasts, Security Now - episode 850 , discussed an analysis by Google regarding the depth of log4j dependencies.  From the show notes : One contributing reason is because Log4j is, more often than not, an indirect dependency. Java libraries are built by writing some code which uses functions from other Java libraries, which are built by writing some code which uses functions f...
Post a Comment
Read more