Comments on J2EE Development without EJB (1)

I am reading Rod Johnson’s J2EE Development without EJB. His first book J2EE Design and Development is solid and obviously backed by extensive real life design and development experiences.

This book has more bluff than stuff in the first five chapters. Chapters 6 and 7 provide a good high level explanation on IoC, particularly Dependence Injection. It does a fine job to make the case for DI. But I think a detailed description of how DI is achieved technically will leave developers new to this concept a deeper impression.

The bottom line here is that advanced level developers in J2EE domain all know how JNDI and other service lookup mechanism work and the mechanism behind Dependence Injection, no matter through Setter or Constructor, is no more complicated than JNDI. However, most of the literature available on DI in the public domain seems intentionally keep it as a myth. That does not help to push it to a boarder audience.

The BeanFactory centric configuration framework generally makes application configuration consistent and to be well organized. The following features are particularly interesting:

(1) Easy to setup of collaborating object graph
(2) Strong support for properties defined by Set, Map and List etc..
(3) Implementation of lifecycle management in the infrastructure layer without mandating the beans to implement interfaces as this is usually done.
(4) The powerful tree structure of ApplicationContext, equipped with an important overriding mechanism
(5) Freedom in allocation of the bean definition files

While this framework should be enough for most low-end or mid-range J2EE applications, for which the Spring framework is targeting, high-end J2EE applications may need more. Based on my experiences in architecting and developing an OAM framework for a telecom middleware, the following features are very important for those high-end J2EE applications:

(1) Support a web or other interface in a loosely coupled approach; by “loosely coupled” I mean the configuration framework should immune from changes in the interface side.
(2) Validation of changes defined by the configuration objects but enforced in the interfaces.
(3) Complicated configuration may require operations on configuration objects. Setting properties and doing post-processing may not be enough, or may not be feasible.
(4) Configuration changes may need to be reported and monitored, properly by a industry-strength management software such as HP Openview, IBM Tivoli and others, typically wired through versions of SNMP protocols.
(5) Collaboration of configuration objects (beans in Spring framework) in more rigorous approaches (not only through static reference), such as cascading changes and overriding in runtime.
(6) Configuration objects may have to serve in three different levels: JVM, class and instance. This, in Spring’s term, means the runtime may require different instances of the same bean to serve different system components, and the state of those instances may not be always the same.
(7) Security features built in the configuration objects such that different credentials may see different views of the configuration objects in the interface.

The OAM framework that my colleagues and I came up is based on JMX using Jarkata Modeler. The configuration object follows JavaBean conventions as Spring Framework does. It does not rely on an application server either. In the OAM framework, we used Castor for XML and Java objects mapping, but other similar tool such as XMLBeans should also work. The JMX implementation we used there is the one in Weblogic server, but it can be replaced with such open source one as MX4J. Front-end is based Struts with several open source tools for tree rendering and tab generation. Validation rules are defined in the configuration objects through source-level metadata and compiled with xDoclets.

All the above list features are supported in the OAM framework.

宋史 岳飞传

First read it more than 5 years ago, read it again now to 每辞官，必曰：“将士效力，飞何功之有？”然忠愤激烈， 议论持正，不挫于人，卒以此得祸 and I still can not hold back tears...

岳飞，字鹏举，相州汤阴人。世力农。父和，能节食以济饥者。有耕侵其地， 割而与之；贳其财者不责偿。飞生时，有大禽若鹄，飞鸣室上，因以为名。未弥月， 河决内黄，水暴至，母姚抱飞坐瓮中，冲涛及岸得免，人异之。

少负气节，沈厚寡言，家贫力学，尤好《左氏春秋》、孙吴兵法。生有神力， 未冠，挽弓三百斤，弩八石，学射于周同，尽其术，能左右射。同死，朔望设祭于 其冢。父义之，曰：“汝为时用，其徇国死义乎！”

宣和四年，真定宣抚刘韐募敢战士，飞应募。相有剧贼陶俊、贾进和，飞请百 骑灭之。遣卒伪为商入贼境，贼掠以充部伍。飞遣百人伏山下，自领数十骑逼贼垒。 贼出战，飞阳北，贼来追之，伏兵起，先所遣卒擒俊及进和以归。

康王至相，飞因刘浩见，命招贼吉倩，倩以众三百八十人降。补承信郎。以铁 骑三百往李固渡尝敌，败之。从浩解东京围，与敌相持于滑南，领百骑习兵河上。 敌猝至，飞麾其徒曰：“敌虽众，未知吾虚实，当及其未定击之。”乃独驰迎敌。 有枭将舞刀而前，飞斩之，敌大败。迁秉义郎，隶留守宗泽。战开德、曹州皆有功， 泽大奇之，曰：“尔勇智才艺，古良将不能过，然好野战，非万全计。”因授以阵 图。飞曰：“阵而后战，兵法之常，运用之妙，存乎一心。”泽是其言。

康王即位，飞上书数千言，大略谓：“陛下已登大宝，社稷有主，已足伐敌之 谋，而勤王之师日集，彼方谓吾素弱，宜乘其怠击之。黄潜善、汪伯彦辈不能承圣 意恢复，奉车驾日益南，恐不足系中原之望。臣愿陛下乘敌穴未固，亲率六军北渡， 则将士作气，中原可复。”书闻，以越职夺官归。

诣河北招讨使张所，所待以国士，借补修武郎，充中军统领。所问曰：“汝能 敌几何？”飞曰：“勇不足恃，用兵在先定谋，栾枝曳柴以败荆，莫敖采樵以致绞， 皆谋定也。”所矍然曰：“君殆非行伍中人。”飞因说之曰：“国家都汴，恃河北 以为固。苟冯据要冲，峙列重镇，一城受围，则诸城或挠或救，金人不能窥河南， 而京师根本之地固矣。招抚诚能提兵压境，飞唯命是从。”所大喜，借补武经郎。

命从王彦渡河，至新乡，金兵盛，彦不敢进。飞独引所部鏖战，夺其纛而舞， 诸军争奋，遂拔新乡。翌日，战侯兆川，身被十余创，士皆死战，又败之。夜屯石 门山下，或传金兵复至，一军皆惊，飞坚卧不动，金兵卒不来。食尽，走彦壁乞粮， 彦不许。飞引兵益北，战于太行山，擒金将拓跋耶乌。居数日，复遇敌，飞单骑持 丈八铁枪，刺杀黑风大王，敌众败走。飞自知与彦有隙，复归宗泽，为留守司统制。 泽卒，杜充代之，飞居故职。

二年，战胙城，又战黑龙潭，皆大捷。从闾勍保护陵寝，大战汜水关，射殪金 将，大破其众。驻军竹芦渡，与敌相持，选精锐三百伏前山下，令各以薪刍交缚两 束，夜半，爇四端而举之。金人疑援兵至，惊溃。

三年，贼王善、曹成、孔彦舟等合众五十万，薄南薰门。飞所部仅八百，众惧 不敌，飞曰：“吾为诸君破之。”左挟弓，右运矛，横冲其阵，贼乱，大败之。又 擒贼杜叔五、孙海于东明。借补英州刺史。王善围陈州，飞战于清河，擒其将孙胜、 孙清，授真刺史。

杜充将还建康，飞曰：“中原地尺寸不可弃，今一举足，此地非我有，他日欲 复取之，非数十万众不可。”充不听，遂与俱归。师次铁路步，遇贼张用，至六合 遇李成，与战，皆败之。成遣轻骑劫宪臣犒军银帛，飞进兵掩击之，成奔江西。时 命充守建康，金人与成合寇乌江，充闭门不出。飞泣谏请视师，充竟不出。金人遂 由马家渡渡江，充遣飞等迎战，王燮先遁，诸将皆溃，独飞力战。

会充已降金，诸将多行剽掠，惟飞军秋毫无所犯。兀术趋杭州，飞要击至广德 境中，六战皆捷，擒其将王权，俘签军首领四十余。察其可用者，结以恩遣还，令 夜斫营纵火，飞乘乱纵击，大败之。驻军钟村，军无见粮，将士忍饥，不敢扰民。 金所籍兵相谓曰：“此岳爷爷军。”争来降附。

四年，兀术攻常州，宜兴令迎飞移屯焉。盗郭吉闻飞来，遁入湖，飞遣王贵、 傅庆追破之，又遣辩士马皋、林聚尽降其众。有张威武者不从，飞单骑入其营，斩 之。避地者赖以免，图飞像祠之。

金人再攻常州，飞四战皆捷；尾袭于镇江东，又捷；战于清水亭，又大捷，横 尸十五里。兀术趋建康，飞设伏牛头山待之。夜，令百人黑衣混金营中扰之，金兵 惊，自相攻击。兀术次龙湾，飞以骑三百、步兵二千驰至新城，大破之。兀术奔淮 西，遂复建康。飞奏：“建康为要害之地，宜选兵固守，仍益兵守淮，拱护腹心。” 帝嘉纳。兀术归，飞邀击于静安，败之。

诏讨戚方，飞以三千人营于苦岭。方遁，俄益兵来，飞自领兵千人，战数十合， 皆捷。会张俊兵至，方遂降。范宗尹言张俊自浙西来，盛称飞可用，迁通、泰镇抚 使兼知泰州。飞辞，乞淮南东路一重难任使，收复本路州郡，乘机渐进，使山东、 河北、河东、京畿等路次第而复。

会金攻楚急，诏张俊援之。俊辞，乃遣飞行，而命刘光世出兵援飞。飞屯三墩 为楚援，寻抵承州，三战三捷，杀高太保，俘酋长七十余人。光世等皆不敢前，飞 师孤力寡，楚遂陷。诏飞还守通、泰，有旨可守即守，如不可，但以沙洲保护百姓， 伺便掩击。飞以泰无险可恃，退保柴墟，战于南霸桥，金大败。渡百姓于沙上，飞 以精骑二百殿，金兵不敢近。飞以泰州失守待罪。

绍兴元年，张俊请飞同讨李成。时成将马进犯洪州，连营西山。飞曰：“贼贪 而不虑后，若以骑兵自上流绝生米渡，出其不意，破之必矣。”飞请自为先锋，俊 大喜。飞重铠跃马，潜出贼右，突其阵，所部从之。进大败，走筠州。飞抵城东， 贼出城，布阵十五里，飞设伏，以红罗为帜，上刺“岳”字，选骑二百随帜而前。 贼易其少，薄之，伏发，贼败走。飞使人呼曰：“不从贼者坐，吾不汝杀。”坐而 降者八万余人。进以余卒奔成于南康。飞夜引兵至朱家山，又斩其将赵万。成闻进 败，自引兵十余万来。飞与遇于楼子庄，大破成军，追斩进。成走蕲州，降伪齐。

张用寇江西，用亦相人，飞以书谕之曰：“吾与汝同里，南薰门、铁路步之战， 皆汝所悉。今吾在此，欲战则出，不战则降。”用得书曰：“果吾父也。”遂降。 江、淮平，俊奏飞功第一，加神武右军副统制，留洪州，弹压盗贼，授亲卫大 夫、建州观察使。建寇范汝为陷邵武，江西安抚李回檄飞分兵保建昌军及抚州，飞 遣人以“岳”字帜植城门，贼望见，相戒勿犯。贼党姚达、饶青逼建昌，飞遣王万、 徐庆讨擒之。升神武副军都统制。

二年，贼曹成拥众十余万，由江西历湖湘，据道、贺二州。命飞权知潭州，兼 权荆湖东路安抚都总管，付金字牌、黄旗招成。成闻飞将至，惊曰：“岳家军来矣。” 即分道而遁。飞至茶陵，奉诏招之，成不从。飞奏：“比年多命招安，故盗力强则 肆暴，力屈则就招，苟不略加剿除，蜂起之众未可遽殄。”许之。

飞入贺州境，得成谍者，缚之帐下。飞出帐调兵食，吏曰：“粮尽矣，奈何？” 飞阳曰：“姑反茶陵。”已而顾谍若失意状，顿足而入，阴令逸之。谍归告成，成 大喜，期翌日来追。飞命士蓐食，潜趋绕岭，未明，已至太平场，破其砦。成据险 拒飞，飞麾兵掩击，贼大溃。成走据北藏岭、上梧关，遣将迎战，飞不阵而鼓，士 争奋，夺二隘据之。成又自桂岭置砦至北藏岭，连控隘道，亲以众十余万守蓬头岭。飞部才八千，一鼓登岭，破其众，成奔连州。飞谓张宪等曰：“成党散去，追而杀 之，则胁从者可悯，纵之则复聚为盗。今遣若等诛其酋而抚其众，慎勿妄杀，累主 上保民之仁。”于是宪自贺、连，徐庆自邵、道，王贵自郴、桂，招降者二万，与 飞会连州。进兵追成，成走宣抚司降。时以盛夏行师瘴地，抚循有方，士无一人死 疠者，岭表平。授武安军承宣使，屯江州。甫入境，安抚李回檄飞捕剧贼马友、郝 通、刘忠、李通、李宗亮、张式，皆平之。 三年春，召赴行在。江西宣谕刘大中奏：“飞兵有纪律，人恃以安，今赴行在， 恐盗复起。”不果行。时虔、吉盗连兵寇掠循、梅、广、惠、英、韶、南雄、南安、 建昌、汀、邵武诸郡，帝乃专命飞平之。飞至虔州，固石洞贼彭友悉众至雩都迎战， 跃马驰突，飞麾兵即马上擒之，余酋退保固石洞。洞高峻环水，止一径可入。飞列 骑山下，令皆持满，黎明，遣死士疾驰登山，贼众乱，弃山而下，骑兵围之。贼呼 丐命，飞令勿杀，受其降。授徐庆等方略，捕诸郡余贼，皆破降之。初，以隆祐震 惊之故，密旨令飞屠虔城。飞请诛首恶而赦胁从，不许；请至三四，帝乃曲赦。人 感其德，绘像祠之。余寇高聚、张成犯袁州，飞遣王贵平之。

秋，入见，帝手书“精忠岳飞”字，制旗以赐之。授镇南军承宣使、江南西路 沿江制置使，又改神武后军都统制，仍制置使，李山、吴全、吴锡、李横、牛皋皆 隶焉。

伪齐遣李成挟金人入侵，破襄阳、唐、邓、随、郢诸州及信阳军，湖寇杨么亦 与伪齐通，欲顺流而下，李成又欲自江西陆行，趋两浙与么会。帝命飞为之备。

四年，除兼荆南、鄂岳州制置使。飞奏：“襄阳等六郡为恢复中原基本，今当 先取六郡，以除心膂之病。李成远遁，然后加兵湖湘，以殄群盗。”帝以谕赵鼎， 鼎曰：“知上流利害，无如飞者。”遂授黄复州、汉阳军、德安府制置使。飞渡江 中流，顾幕属曰：“飞不擒贼，不涉此江。”抵郢州城下，伪将京超号“万人敌”， 乘城拒飞。飞鼓众而登，超投崖死，复郢州，遣张宪、徐庆复随州。飞趣襄阳，李 成迎战，左临襄江，飞笑曰：“步兵利险阻，骑兵利平旷。成左列骑江岸，右列步 平地，虽众十万何能为。”举鞭指王贵曰：“尔以长枪步卒击其骑兵。”指牛皋曰： “尔以骑兵击其步卒。”合战，马应枪而毙，后骑皆拥入江，步卒死者无数，成夜 遁，复襄阳。刘豫益成兵屯新野，飞与王万夹击之，连破其众。

飞奏：“金贼所爱惟子女金帛，志已骄惰；刘豫僭伪，人心终不忘宋。如以精 兵二十万，直捣中原，恢复故疆，诚易为力。襄阳、随、郢地皆膏腴，苟行营田， 其利为厚。臣候粮足，即过江北剿戮敌兵。”时方重深入之举，而营田之议自是兴 矣。

进兵邓州，成与金将刘合孛堇列砦拒飞。飞遣王贵、张宪掩击，贼众大溃，刘 合孛堇仅以身免。贼党高仲退保邓城，飞引兵一鼓拔之，擒高仲，复邓州。帝闻之， 喜曰：“朕素闻岳飞行军有纪律，未知能破敌如此。”又复唐州、信阳军。

襄汉平，飞辞制置使，乞委重臣经画荆襄，不许。赵鼎奏：“湖北鄂、岳最为 上流要害，乞令飞屯鄂、岳，不惟江西藉其声势，湖、广、江、浙亦获安妥。”乃 以随、郢、唐、邓、信阳并为襄阳府路隶飞，飞移屯鄂，授清远军节度使、湖北路、 荆、襄、潭州制置使，封武昌县开国子。

兀术、刘豫合兵围庐州，帝手札命飞解围，提兵趋庐，伪齐已驱甲骑五千逼城。 飞张“岳”字旗与“精忠”旗，金兵一战而溃，庐州平。飞奏：“襄阳等六郡人户 阙牛、粮，乞量给官钱，免官私逋负，州县官以招集流亡为殿最。”

五年，入觐，封母国夫人；授飞镇宁、崇信军节度使，湖北路、荆襄潭州制置 使，进封武昌郡开国侯；又除荆湖南北、襄阳路制置使，神武后军都统制，命招捕 杨么。飞所部皆西北人，不习水战，飞曰：“兵何常，顾用之何如耳。”先遣使招 谕之。贼党黄佐曰：“岳节使号令如山，若与之敌，万无生理，不如往降。节使诚 信，必善遇我。”遂降。飞表授佐武义大夫，单骑按其部，拊佐背曰：“子知逆顺 者。果能立功，封侯岂足道？欲复遣子至湖中，视其可乘者擒之，可劝者招之，如 何？”佐感泣，誓以死报。

时张浚以都督军事至潭，参政席益与浚语，疑飞玩寇，欲以闻。浚曰：“岳侯， 忠孝人也，兵有深机，胡可易言？”益惭而止。黄佐袭周伦砦，杀伦，擒其统制陈 贵等。飞上其功，迁武经大夫。统制任士安不禀王燮令，军以此无功。飞鞭士安 使饵贼，曰：“三日贼不平，斩汝。”士安宣言：“岳太尉兵二十万至矣。”贼见 止士安军，并力攻之。飞设伏，士安战急，伏四起击贼，贼走。

会召浚还防秋，飞袖小图示浚，浚欲俟来年议之。飞曰：“已有定画，都督能 少留，不八日可破贼。”浚曰：“何言之易？”飞曰：“王四厢以王师攻水寇则难， 飞以水寇攻水寇则易。水战我短彼长，以所短攻所长，所以难。若因敌将用敌兵， 夺其手足之助，离其腹心之托，使孤立，而后以王师乘之，八日之内，当俘诸酋。” 浚许之。

飞遂如鼎州。黄佐招杨钦来降，飞喜曰：“杨钦骁悍，既降，贼腹心溃矣。” 表授钦武义大夫，礼遇甚厚，乃复遣归湖中。两日，钦说余端、刘诜等降，飞诡骂 钦曰：“贼不尽降，何来也？”杖之，复令入湖。是夜，掩贼营，降其众数万。么 负固不服，方浮舟湖中，以轮激水，其行如飞，旁置撞竿，官舟迎之辄碎。飞伐君 山木为巨筏，塞诸港氵义，又以腐木乱草浮上流而下，择水浅处，遣善骂者挑之， 且行且骂。贼怒来追，则草木壅积，舟轮碍不行。飞亟遣兵击之，贼奔港中，为筏 所拒。官军乘筏，张牛革以蔽矢石，举巨木撞其舟，尽坏。么投水，牛皋擒斩之。 飞入贼垒，余酋惊曰：“何神也！”俱降。飞亲行诸砦慰抚之，纵老弱归田，籍少 壮为军，果八日而贼平。浚叹曰：“岳侯神算也。”初，贼恃其险曰：“欲犯我者， 除是飞来。”至是，人以其言为谶。获贼舟千余，鄂渚水军为沿江之冠。诏兼蕲、 黄制置使，飞以目疾乞辞军事，不许，加检校少保，进封公。还军鄂州，除荆湖南 北、襄阳路招讨使。

六年，太行山忠义社梁兴等百余人，慕飞义率众来归。飞入觐，面陈：“襄阳 自收复后，未置监司，州县无以按察。”帝从之，以李若虚为京西南路提举兼转运、 提刑，又令湖北、襄阳府路自知州、通判以下贤否，许飞得自黜陟。

张浚至江上会诸大帅，独称飞与韩世忠可倚大事，命飞屯襄阳，以窥中原，曰： “此君素志也。”飞移军京西，改武胜、定国军节度使，除宣抚副使，置司襄阳。命往武昌调军。居母忧，降制起复，飞扶榇还庐山，连表乞终丧，不许，累诏趣起， 乃就军。又命宣抚河东，节制河北路。首遣王贵等攻虢州，下之，获粮十五万石， 降其众数万。张浚曰：“飞措画甚大，令已至伊、洛，则太行一带山砦，必有应者。” 飞遣杨再兴进兵至长水县，再战皆捷，中原响应。又遣人焚蔡州粮。

九月，刘豫遣子麟、侄猊分道寇淮西，刘光世欲舍庐州，张俊欲弃盱眙，同奏 召飞以兵东下，欲使飞当其锋，而己得退保。张浚谓：“岳飞一动，则襄汉何所制？” 力沮其议。帝虑俊、光世不足任，命飞东下。飞自破曹成、平杨么，凡六年，皆盛 夏行师，致目疾，至是，甚；闻诏即日启行，未至，麟败。飞奏至，帝语赵鼎曰： “刘麟败北不足喜，诸将知尊朝廷为可喜。”遂赐札，言：“敌兵已去淮，卿不须 进发，其或襄、邓、陈、蔡有机可乘，从长措置。”飞乃还军。时伪齐屯兵窥唐州， 飞遣王贵、董先等攻破之，焚其营。奏图蔡以取中原，不许。飞召贵等还。

七年，入见，帝从容问曰：“卿得良马否？”飞曰：“臣有二马，日啖刍豆数 斗，饮泉一斛，然非精洁则不受。介而驰，初不甚疾，比行百里始奋迅，自午至酉， 犹可二百里。褫鞍甲而不息不汗，若无事然。此其受大而不苟取，力裕而不求逞， 致远之材也。不幸相继以死。今所乘者，日不过数升，而秣不择粟，饮不择泉，揽 辔未安，踊踊疾驱，甫百里，力竭汗喘，殆欲毙然。此其寡取易盈，好逞易穷，驽 钝之材也。”帝称善，曰：“卿今议论极进。”拜太尉，继除宣抚使兼营田大使。 从幸建康，以王德、郦琼兵隶飞，诏谕德等曰：“听飞号令，如朕亲行。”

飞数见帝，论恢复之略。又手疏言：“金人所以立刘豫于河南，盖欲荼毒中原， 以中国攻中国，粘罕因得休兵观衅。臣欲陛下假臣月日，便则提兵趋京、洛，据河 阳、陕府、潼关，以号召五路叛将。叛将既还，遣王师前进，彼必弃汴而走河北， 京畿、陕右可以尽复。然后分兵浚、滑，经略两河，如此则刘豫成擒，金人可灭， 社稷长久之计，实在此举。”帝答曰：“有臣如此，顾复何忧，进止之机，朕不中 制。”又召至寝阁命之曰：“中兴之事，一以委卿。”命节制光州。

飞方图大举，会秦桧主和，遂不以德、琼兵隶飞。诏诣都督府与张浚议事，浚 谓飞曰：“王德淮西军所服，浚欲以为都统，而命吕祉以督府参谋领之，如何？” 飞曰：“德与琼素不相下，一旦揠之在上，则必争。吕尚书不习军旅，恐不足服众。” 浚曰：“张宣抚如何？”飞曰：“暴而寡谋，尤琼所不服。”浚曰：“然则杨沂中 尔？”飞曰：“沂中视德等尔，岂能驭此军？”浚艴然曰：“浚固知非太尉不可。” 飞曰：“都督以正问飞，不敢不尽其愚，岂以得兵为念耶？”即日上章乞解兵柄， 终丧服，以张宪摄军事，步归，庐母墓侧。浚怒，奏以张宗元为宣抚判官，监其军。

帝累诏趣飞还职，飞力辞，诏幕属造庐以死请，凡六日，飞趋朝待罪，帝尉遣 之。宗元还言：“将和士锐，人怀忠孝，皆飞训养所致。”帝大悦。飞奏：“比者 寝阁之命，咸谓圣断已坚，何至今尚未决？臣愿提兵进讨，顺天道，固人心，以曲 直为老壮，以逆顺为强弱，万全之效可必。”又奏：“钱塘僻在海隅，非用武地。 愿陛下建都上游，用汉光武故事，亲率六军，往来督战。庶将士知圣意所向，人人 用命。”未报而郦琼叛，浚始悔。飞复奏：“愿进屯淮甸，伺便击琼，期于破灭。” 不许，诏驻师江州为淮、浙援。

飞知刘豫结粘罕，而兀术恶刘豫，可以间而动。会军中得兀术谍者，飞阳责之 曰：“汝非吾军中人张斌耶？吾向遣汝至齐，约诱至四太子，汝往不复来。吾继遣 人问，齐已许我，今冬以会合寇江为名，致四太子于清河。汝所持书竟不至，何背 我耶？”谍冀缓死，即诡服。乃作蜡书，言与刘豫同谋诛兀术事，因谓谍曰：“吾 今贷汝。”复遣至齐，问举兵期，刲股纳书，戒勿泄。谍归，以书示兀术，兀术大 惊，驰白其主，遂废豫。飞奏：“宜乘废豫之际，捣其不备，长驱以取中原。”不 报。

八年，还军鄂州。王庶视师江、淮，飞与庶书：“今岁若不举兵，当纳节请闲。” 庶甚壮之。秋，召赴行在，命诣资善堂见皇太子。飞退而喜曰：“社稷得人矣，中 兴基业，其在是乎？”会金遣使将归河南地，飞言：“金人不可信，和好不可恃， 相臣谋国不臧，恐贻后世讥”桧衔之。

九年，以复河南，大赦。飞表谢，寓和议不便之意，有“唾手燕云，复仇报国” 之语。授开府仪同三司，飞力辞，谓：“今日之事，可危而不可安；可忧而不可贺； 可训兵饬士，谨备不虞，而不可论功行赏，取笑敌人。”三诏不受，帝温言奖谕， 乃受。会遣士亻褭谒诸陵，飞请以轻骑从洒埽，实欲观衅以伐谋。又奏：“金人无 事请和，此必有肘腋之虞，名以地归我，实寄之也。”桧白帝止其行。

十年，金人攻拱、亳，刘锜告急，命飞驰援，飞遣张宪、姚政赴之。帝赐札曰： “设施之方，一以委卿，朕不遥度。”飞乃遣王贵、牛皋、董先、杨再兴、孟邦杰、 李宝等，分布经略西京、汝、郑、颍昌、陈、曹、光、蔡诸郡；又命梁兴渡河，纠 合忠义社，取河东、北州县。又遣兵东援刘锜，西援郭浩，自以其军长驱以阚中原。 将发，密奏言：“先正国本以安人心，然后不常厥居，以示无忘复仇之意。”帝得 奏，大褒其忠，授少保，河南府路、陕西、河东北路招讨使，寻改河南、北诸路招 讨使。未几，所遣诸将相继奏捷。大军在颍昌，诸将分道出战，飞自以轻骑驻郾城， 兵势甚锐。

兀术大惧，会龙虎大王议，以为诸帅易与，独飞不可当，欲诱致其师，并力一 战。中外闻之，大惧，诏飞审处自固。飞曰：“金人伎穷矣。”乃日出挑战，且骂 之。兀术怒，合龙虎大王、盖天大王与韩常之兵逼郾城。飞遣子云领骑兵直贯其阵， 戒之曰：“不胜，先斩汝！”鏖战数十合，贼尸布野。

初，兀术有劲军，皆重铠，贯以韦索，三人为联，号“拐子马”，官军不能当。 是役也，以万五千骑来，飞戒步卒以麻札刀入阵，勿仰视，第斫马足。拐子马相连， 一马仆，二马不能行，官军奋击，遂大败之。兀术大恸曰：“自海上起兵，皆以此 胜，今已矣！”兀术益兵来，部将王刚以五十骑觇敌，遇之，奋斩其将。飞时出视 战地，望见黄尘蔽天，自以四十骑突战，败之。

方郾城再捷，飞谓云曰：“贼屡败，必还攻颍昌，汝宜速援王贵。”既而兀术 果至，贵将游奕、云将背嵬战于城西。云以骑兵八百挺前决战，步军张左右翼继之， 杀兀术婿夏金吾、副统军粘罕索孛堇，兀术遁去。

梁兴会太行忠义及两河豪杰等，累战皆捷，中原大震。飞奏：“兴等过河，人 心愿归朝廷。金兵累败，兀术等皆令老少北去，正中兴之机。”飞进军朱仙镇，距 汴京四十五里，与兀术对垒而阵，遣骁将以背嵬骑五百奋击，大破之，兀术遁还汴 京。飞檄陵台令行视诸陵，葺治之。

先是，绍兴五年，飞遣梁兴等布德意，招结两河豪杰，山砦韦铨、孙谋等敛兵 固堡，以待王师，李通、胡清、李宝、李兴、张恩、孙琪等举众来归。金人动息， 山川险要，一时皆得其实。尽磁、相、开德、泽、潞、晋、绛、汾、隰之境，皆期 日兴兵，与官军会。其所揭旗以“岳”为号，父老百姓争挽车牵牛，载糗粮以馈义 军，顶盆焚香迎候者，充满道路。自燕以南，金号令不行，兀术欲签军以抗飞，河 北无一人从者。乃叹曰：“自我起北方以来，未有如今日之挫衄。”金帅乌陵思谋 素号桀黠，亦不能制其下，但谕之曰：“毋轻动，俟岳家军来即降。”金统制王镇、 统领崔庆、将官李觊崔虎华旺等皆率所部降，以至禁卫龙虎大王下忔查千户高勇之 属，皆密受飞旗榜，自北方来降。金将军韩常欲以五万众内附。飞大喜，语其下曰： “直抵黄龙府，与诸君痛饮尔！”

方指日渡河，而桧欲画淮以北弃之，风台臣请班师。飞奏：“金人锐气沮丧， 尽弃辎重，疾走渡河，豪杰向风，士卒用命，时不再来，机难轻失。”桧知飞志锐 不可回，乃先请张俊、杨沂中等归，而后言飞孤军不可久留，乞令班师。一日奉十 二金字牌，飞愤惋泣下，东向再拜曰：“十年之力，废于一旦。”飞班师，民遮马 恸哭，诉曰：“我等戴香盆、运粮草以迎官军，金人悉知之。相公去，我辈无噍类 矣。”飞亦悲泣，取诏示之曰：“吾不得擅留。”哭声震野，飞留五日以待其徙， 从而南者如市，亟奏以汉上六郡闲田处之。

方兀术弃汴去，有书生叩马曰：“太子毋走，岳少保且退矣。”兀术曰：“岳 少保以五百骑破吾十万，京城日夜望其来，何谓可守？”生曰：“自古未有权臣在 内，而大将能立功于外者，岳少保且不免，况欲成功乎？”兀术悟，遂留。飞既归， 所得州县，旋复失之。飞力请解兵柄，不许，自庐入觐，帝问之，飞拜谢而已。

十一年，谍报金分道渡淮，飞请合诸帅之兵破敌。兀术、韩常与龙虎大王疾驱 至庐，帝趣飞应援，凡十七札。飞策金人举国南来，巢穴必虚，若长驱京、洛以捣 之，彼必奔命，可坐而敝。时飞方苦寒嗽，力疾而行。又恐帝急于退敌，乃奏： “臣如捣虚，势必得利，若以为敌方在近，未暇远图，欲乞亲至蕲、黄，以议攻却。” 帝得奏大喜，赐札曰：“卿苦寒疾，乃为朕行，国尔忘身，谁如卿者？”师至庐州， 金兵望风而遁。飞还兵于舒以俟命，帝又赐札，以飞小心恭谨、不专进退为得体。 兀术破濠州，张俊驻军黄连镇，不敢进；杨沂中遇伏而败，帝命飞救之。金人闻飞 至，又遁。

时和议既决，桧患飞异己，乃密奏召三大将论功行赏。韩世忠、张俊已至，飞 独后，桧又用参政王次翁计，俟之六七日。既至，授枢密副使，位参知政事上，飞 固请还兵柄。五月，诏同俊往楚州措置边防，总韩世忠军还驻镇江。

初，飞在诸将中年最少，以列校拔起，累立显功，世忠、俊不能平，飞屈己下 之，幕中轻锐教飞勿苦降意。金人攻淮西，俊分地也，俊始不敢行，师卒无功。飞 闻命即行，遂解庐州围，帝授飞两镇节，俊益耻。杨么平，飞献俊、世忠楼船各一， 兵械毕备，世忠大悦，俊反忌之。淮西之役，俊以前途粮乏訹飞，飞不为止，帝赐 札褒谕，有曰：“转饷艰阻，卿不复顾。”俊疑飞漏言，还朝，反倡言飞逗遛不进， 以乏饷为辞。至视世忠军，俊知世忠忤桧，欲与飞分其背嵬军，飞议不肯，俊大不 悦。及同行楚州城，俊欲修城为备，飞曰：“当戮力以图恢复，岂可为退保计？” 俊变色。

会世忠军吏景著与总领胡纺言：“二枢密若分世忠军，恐至生事。”纺上之朝， 桧捕著下大理寺，将以扇摇诬世忠。飞驰书告以桧意，世忠见帝自明。俊于是大憾 飞，遂倡言飞议弃山阳，且密以飞报世忠事告桧，桧大怒。

初，桧逐赵鼎，飞每对客叹息，又以恢复为己任，不肯附和议。读桧奏，至 “德无常师，主善为师”之语，恶其欺罔，恚曰：“君臣大伦，根于天性，大臣而 忍面谩其主耶！”兀术遗桧书曰：“汝朝夕以和请，而岳飞方为河北图，必杀飞， 始可和。”桧亦以飞不死，终梗和议，己必及祸，故力谋杀之。以谏议大夫万俟禼 与飞有怨，风禼劾飞，又风中丞何铸、侍御史罗汝楫交章弹论，大率谓：“今春金 人攻淮西，飞略至舒、蕲而不进，比与俊按兵淮上，又欲弃山阳而不守。”飞累章 请罢枢柄，寻还两镇节，充万寿观使、奉朝请。桧志未伸也，又谕张俊令劫王贵、 诱王俊诬告张宪谋还飞兵。

桧遣使捕飞父子证张宪事，使者至，飞笑曰：“皇天后土，可表此心。”初命 何铸鞠之，飞裂裳以背示铸，有“尽忠报国”四大字，深入肤理。既而阅实无左验， 铸明其无辜。改命万俟禼。禼诬：飞与宪书，令虚申探报以动朝廷，云与宪书，令 措置使飞还军；且言其书已焚。

飞坐系两月，无可证者。或教禼以台章所指淮西事为言，禼喜白桧，簿录飞家， 取当时御札藏之以灭迹。又逼孙革等证飞受诏逗遛，命评事元龟年取行军时日杂定 之，傅会其狱。岁暮，狱不成，桧手书小纸付狱，即报飞死，时年三十九。云弃市。 籍家赀，徙家岭南。幕属于鹏等从坐者六人。

初，飞在狱，大理寺丞李若朴何彦猷、大理卿薛仁辅并言飞无罪，禼俱劾去。 宗正卿士亻褭请以百口保飞，禼亦劾之，窜死建州。布衣刘允升上书讼飞冤，下棘 寺以死。凡傅成其狱者，皆迁转有差。 狱之将上也，韩世忠不平，诣桧诘其实，桧曰：“飞子云与张宪书虽不明，其 事体莫须有。”世忠曰：“‘莫须有'三字，何以服天下？”时洪皓在金国中，蜡 书驰奏，以为金人所畏服者惟飞，至以父呼之，诸酋闻其死，酌酒相贺。

飞至孝，母留河北，遣人求访，迎归。母有痼疾，药饵必亲。母卒，水浆不入 口者三日。家无姬侍。吴玠素服飞，愿与交欢，饰名姝遗之。飞曰：“主上宵旰， 岂大将安乐时？”却不受，玠益敬服。少豪饮，帝戒之曰：“卿异时到河朔，乃可 饮。”遂绝不饮。帝初为飞营第，飞辞曰：“敌未灭，何以家为？”或问天下何时 太平，飞曰：“文臣不爱钱，武臣不惜死，天下太平矣。”

师每休舍，课将士注坡跳壕，皆重铠习之。子云尝习注坡，马踬，怒而鞭之。 卒有取民麻一缕以束刍者，立斩以徇。卒夜宿，民开门愿纳，无敢入者。军号“冻 死不拆屋，饿死不卤掠。”卒有疾，躬为调药；诸将远戍，遣妻问劳其家；死事者 哭之而育其孤，或以子婚其女。凡有颁犒，均给军吏，秋毫不私。

善以少击众。欲有所举，尽召诸统制与谋，谋定而后战，故有胜无败。猝遇敌 不动，故敌为之语曰：“撼山易，撼岳家军难。”张俊尝问用兵之术，曰：“仁、 智、信、勇、严，阙一不可。”调军食，必蹙额曰：“东南民力，耗敝极矣。”荆 湖平，募民营田，又为屯田，岁省漕运之半。帝手书曹操、诸葛亮、羊祜三事赐之。 飞跋其后，独指操为奸贼而鄙之，尤桧所恶也。

张所死，飞感旧恩，鞠其子宗本，奏以官。李宝自楚来归，韩世忠留之，宝痛 哭愿归飞，世忠以书来谂，飞复曰：“均为国家，何分彼此？”世忠叹服。襄阳之 役，诏光世为援，六郡既复，光世始至，飞奏先赏光世军。好贤礼士，览经史，雅 歌投壶，恂恂如书生。每辞官，必曰：“将士效力，飞何功之有？”然忠愤激烈， 议论持正，不挫于人，卒以此得祸。

桧死，议复飞官。万俟禼谓金方愿和，一旦录故将，疑天下心，不可。及绍兴 末，金益猖獗，太学生程宏图上书讼飞冤，诏飞家自便。初，桧恶岳州同飞姓，改 为纯州，至是仍旧。中丞汪澈宣抚荆、襄，故部曲合辞讼之，哭声雷震。孝宗诏复 飞官，以礼改葬，赐钱百万，求其后悉官之。建庙于鄂，号忠烈。淳熙六年，谥武 穆。嘉定四年，追封鄂王。

五子：云、雷、霖、震、霆。

云，飞养子。年十二，从张宪战，多得其力，军中呼曰“赢官人”。飞征伐， 未尝不与，数立奇功，飞辄隐之。每战，以手握两铁椎，重八十斤，先诸军登城。 攻下随州，又攻破邓州，襄汉平，功在第一，飞不言。逾年，铨曹辩之，始迁武翼 郎、杨么平，功亦第一，又不上。张浚廉得其实，曰：“岳侯避宠荣，廉则廉矣， 未得为公也。”奏乞推异数，飞力辞不受。尝以特旨迁三资，飞辞曰：“士卒冒矢 石立奇功，始升一级，男云遽躐崇资，何以服众？”累表不受。颍昌大战，无虑十 数，出入行阵，体被百余创，甲裳为赤。以功迁忠州防御使，飞又辞；命带御器械， 飞又力辞之。终左武大夫、提举醴泉观。死年二十三。孝宗初，与飞同复元官，以 礼祔葬，赠安远军承宣使。

雷，忠训郎、阁门祗候，赠武略郎。霖，朝散大夫、敷文阁待制，赠太中大夫。初，飞下狱，桧令亲党王会搜其家，得御札数箧，束之左藏南库，霖请于孝宗，还 之。霖子珂，以淮西十五御札辩验汇次，凡出师应援之先后皆可考。嘉定间，为 《吁天辩诬集》五卷、《天定录》二卷上之。震，朝奉大夫、提举江南东路茶盐公 事。霆，修武郎、阁门祗候。

论曰：西汉而下，若韩、彭、绛、灌之为将，代不乏人，求其文武全器、仁智 并施如宋岳飞者，一代岂多见哉。史称关云长通《春秋左氏》学，然未尝见其文章。 飞北伐，军至汴梁之朱仙镇，有诏班师，飞自为表答诏，忠义之言，流出肺腑，真 有诸葛孔明之风，而卒死于秦桧之手。盖飞与桧势不两立，使飞得志，则金仇可复， 宋耻可雪；桧得志，则飞有死而已。昔刘宋杀檀道济，道济下狱，嗔目曰：“自坏 汝万里长城！”高宗忍自弃其中原，故忍杀飞，呜呼冤哉！呜呼冤哉！

Address to My Partners: Some Principles

I am trained as a mathematician; in the beginning of my career in information technology, I worked as a consultant and developed systems for online trading, call center service and customer relationship management etc.. For the past two year, I worked for a software development house as a senior architect and development manager leading product development and solution implementations for clients in Europe, Asia and here, North America. I am excited about this opportunity here at ***.

Let me share at this moment several principles I hope to follow in the future:

(1) Bias for action. While we encourage open, positive and constructive dialogs and debates on ideas and processes, we will not waste any time on empty talks. We constantly drive for results, large or small. The bottom line here is no bluff just stuff. Discussions are not necessarily bad, but execution is the focus, and results are the only things we value.
(2) Play to win. Play not to lose is already losing; and frankly speaking, it is troubling to see that many people in our profession belittle themselves when they actually can contribute so much. My thought is that people playing not to lose are impediments to those motivated, therefore should be held accountable for all the failures if there are any. Only the trivial things have certain outcomes. Endeavors of substance always involve some risks. We need to take prudent risks. After putting into sincere efforts, it is fine to make mistakes.
(3) Take responsibilities personally. For any tasks we are assigned, for any initiatives we advocate, we need to take our responsibilities, and I want us to take them personally. That is one way we learn from experiences. We often find a culture of “delegate up” in large enterprises, and I do not want to see it in our group. I do not want to see either delegate horizontally to a committee or to other colleagues. And I certainly hate to see delegation of responsibilities down to the subordinates if they belong to the leaders.
(4) Always be innovative. This means to expand out of our comfortable zone, to constantly challenge ourselves, to try things we have not done before, to explore any approaches that may help us to do things more effectively. To be innovative, we need always be ready to admit that there are things we do not know, and always be ready to learn new technologies and anything else that makes us to be more productive and make us to be better professionals.
(5) Performance says it all. We see often people in large enterprises are obsessed with internal politics and relationships. I am sure that this is not the case here. But anyway, I am going to make one thing crystal clear in front of you: for all the things that I have control and for all the situations that I can influence, performance has the final say. The A performer gets the reward, gets the rise, gets the promotion and gets the development opportunity. You think those are attractive, and you think those are honorable to have, then you work hard, you deliver, and you prove that you are an A performer.
(6) Teamwork is the ground rule. When we emphasize performance, some people immediately think of a hero or a heroin at the center of the stage, a bright star in the largely dark night sky. This is not right. Performance is first judged by how well our group accomplish our collective goals; how well our group create value for the business of ***. If our group fails, nobody successes. Performance is mainly determined by how much you contribute in this team effort. It certainly considers the factor how well you help your teammates, and how well you contribute to the professional development of your teammates. You know, I am talking about teamwork here. In our group, if there is one single ground rule, it is teamwork, and teamwork with all its positive implications. With teamwork as the ground rule, there will be no excuse, no accusation and no blaming, absolutely NO.

Not I want to discuss with you what we want to achieve as a group.

There are two things I feel important. The first, we need to build the best ****** among Fortune 500 companies. To be the first or to be the best, nothing else. And we also need to be well prepared to carry out any tasks for us to better serve the business of ***. Here comes the second thing I hope to achieve in my tenure: I want to see everybody to get well developed professionally in terms of both skills and advance in our career paths. At the end of my tenure, I hope we are all among the most competitive in our profession and all of us are confident to take more responsibilities here at *** or in any other institutions.

You have done a lot of great things in the past, and I see more challenges are coming in the way ahead of us. There is no doubt we have the talents and we have the potentials. Let us demonstrate our commitments; let us work together and face the challenges together.

Comments on Java Transaction Processing

I complete reading the book today.

The book drills down deeper in transaction that what is usually captured in books addressing to application developers. This is definitely an attempt of importance. Because information available from the vendors are just not enough for developers to solve real business problems, or at least some of the leading people in a development effort should know more than what the vendors make available.

The book can be much better and fulfills the authors’ goals more effectively if for each of the concerned points in transaction system implementation, the authors can discuss how it is dealt in the popular application servers (Weblogic, WebSphere, Oracle AS and Jboss). The internals may be difficult to know, but an assessment from the users’ point of view only need some sincere efforts.

I think all major topics in transactional system are discussed, and discussed in a right depth, but the English is very poor and the authors’ exposition is probably not up to what most people expect from savvy techies, or from well-trained professionals. Also, the publisher clearly did a bad work in proof-reading.

With all those said, the book contains substantial information, and is worthy of reading.

Along the same direction, I would like to read books analyzing how application server vendors actually implement component and application life cycle management, thread management, EJB security control, EJB persistence, and clustering etc.. Part of the J2EE developer community needs such deeper information to make J2EE work better for the enterprise domain. While open source application servers (Tomcat and JBoss particularly) help to certain degree on this aspect, more intended and varied efforts will only make things better.

Digest of Chinese Readings

谭延恺：

君试观世界何如乎！横流沧海，突起大风潮，河山带励属谁家，愿诸君尝胆卧薪，每饭不忘天下事；
士多为环境所累耳！咬定菜根，方是奇男子，五侯将相原无种，思古人断齑书粥，立身断在秀才时。


陈炯明，<<重光楼诗稿>><<纪梦诗>>：

孤桨彻夜对愁眠，梦境迷离别一天，百世功名难定论，千秋功业有前缘。
江山摇落增顽感，日月抱持负少年，漫道澄清成绝望，中原待着祖生鞭。

Comments on First Break All the Rules

“First, Break All the Rules” by Marcus Buckingham & Curt Coffman is certainly a great book for all the managers.

For me, it is a relief. Having been applying some of those ideas in practices for quite a while and gathering the grand fruits as a result, I am still hesitating sometimes because those ideas are so alien to all the workplaces. With the evidences in this book, I am at least equipped with powerful enough weapon to defend the right things.

The twelve questions the authors proposed to measure the strength of a workplace fit well with my experience. Team’s high spirit is the absolutely accurate indicator of a successful effort. In the most striking failure I am aware of in my professional life up to today, in reflection all the questions probably get the lowest grade. I remember one incident. An employee was a leader of a project and worked in the customer’s site. The outcome of the project for this customer would decide if the company would die or survive. The employee’s notebook did not work properly and he asked to replace it with an available functioning one. The VP in charge of equipments happened to plan to have the notebook for himself. What the VP responded to the employee requirement email for the notebook, was, in essence, to threaten the employee. This particular employee never got a working notebook for that project, and as a fact of matter, he never got one before the company was destined to die.

This employee centric measurement makes more sense than other approaches of measurement. It is consistent with the teachings of all the great managers such as Jack Welch and Lou Gerstner: people are the most important asset for any corporate.

The central theme of the book: great managers know “People do not change that much; do not waste time trying to put in what was left out. Try to draw out what was left in; that is hard enough.” Based on this knowledge, great managers (1) when selecting someone, they select for talent … not simply experience, intelligence, or determination; (2)when setting expectations, they define the right outcomes … not the right steps; (3)when motivating someone, they focus on strengths … not on weakness; (4) when developing someone, they help him find the right fit … not simply the next rung on the ladder.

The authors’ discussions on the following topics are particularly interesting: (1) manager and leader (2) skills, knowledge and talents (3) customer satisfaction and accuracy, availability, partnership and advice (4) casting (5) manage by exception (6) create heroes in every role (7) tough love etc..

Generally, conventional wisdoms are facing challenges in all fields. In software development, there is RUP vs. Agile or XP; in manufacturing, there is thoughts of assembly line era vs. pull and lean production; in quality management, there is checked in vs. built in; in general management, there is by processes vs. by principles. In all those pairs, we can feel the consistence in old school thoughts and the new school thoughts. In all those cases of evolution or revolution from old to new, we can find that the acceleration of change and the speed of information dissemination play major role.

On Corporate Politics

Hi…

If there is anything I have no idea at all, that is probably "corporate politics". Good or bad, I have been intentionally refraining from going that direction.

My belief is that there is always real work that needs to be done, and if we get real work done, we may probably be, at least, safe from the politicking wars.

But politics is unavoidable, is a reality of professional life. Chances are that you have to deal with them, either to get politics off your workplace if you are in a powerful position, or to make the dynamics work for you. That means you have to know corporate politics, and probably need to know them very well if you want to achieve anything significant.

I read The Art of War and The 48 Laws of Power. I pick up The Art of War once in a while; the principles are very effective if you have the willing power to apply them in real life situations. The 48 Laws of Power has been a very popular book for the past several years. I think this book helps to understand the dynamics of corporate politics, or politics in general. But to be good at politicking is a challenge that not a lot of people are up to, --- I certainly not and actually believe that it is probably a talent as defined in "First Break All the Rules", something you cannot learn.

My suggestion is (1) do not talk too much before you fully understand the situations; (2) always put more energy and pay more attention to real work; when you get real work done, the politicking parties will approach you and you will have the lever; (3) be always good to the group who are doing the real work; (4) be careful when you are with the group in power --- they may not be in power soon if they are in the destructive side and the situation is so bad. But do not take my suggestions too seriously...

Best,

Young

Buddhism Wisdom and Leadership

依於義不依語。依於智不依識。依了義經不依不了義經。依於法不依人。

The citation is from 維摩詰所說經 . I feel it also elucidates some fundamental principles for leadership.

Process and Principle

In almost all software project effort, there will be talks on process, RUP, XP and others. The reality is no single project strictly follows any defined process. When projects fail, not following a standard process is usually cited as one of the reasons. On the other hand, if projects success, there may be a sense of failure in those process people. We often see project managers conflict with technical teams on if a project life cycle phase should be carried out according to a predefined process, or on whether or not a particular operation is compliant with a predefined process.

Those are all unfortunate situations.

General business world has seen the processes become problems again and again. Once successful enterprises are lost in processes. When business conditions change, they start to struggle with out-dated processes and forget the fundamental purposes for a business’ existence and operation. What underlies the Theory of Constraints as described in The Goal is really the following observation: once successful processes start to do harm to the essence of business.

This process-oriented style of management thinking can also explain why people from large enterprises usually destroy instead of help promising startups. Those people often implement what they learn from the operation of large enterprises and try to set up all kinds of processes. Processes are the only things of substance. What they fail to realize is that a process works only in its context. If the conditions are not ready, the process has to be reexamined. However, typical of entrepreneur environments is that even the conditions are only at the emerging stage and just to become stable. In such situations, processes may just mean obstacles, and ad hoc is probably the best.

The solution from great business leaders to this process problem is: lead by principles. This should also guide software project teams.

On Scalability

(1)Most of the people in the industry consider scalability as two issues: the first, when users or clients (load) increase in a pre-defined range, the increasing of users or clients does not lead to proportional increasing in consummation of system resources. Some call this vertical scalability. The second, a mechanism that prevents degradation of system performance below the specification requirements when users or clients increase.

(2)At the business application development level, vertical scalability is simplified to a cache problem; but middleware design also considers other solutions. For example, simple thread pool is usually used in the server side to serve client requests in the client/server pradagm, but certain activator pattern implemented with callback mechanism or others are believed to be more scalable.

(3)Horizontal scalability is usually simplified to a load balance problem in application development. The solution is clustering; but high availability is generally not regarded as a scalability issue; as the name says, it is to address the availability concern, which is at the same level as scalability for enterprise software.

(4)On the cache side, prominent solutions in the market include OSCache, Tangosol, WebSphere Dynamic Cache, JBoss Cache and SpiritCache. All of them implement more or less the same basic features, and the important differentiation factors are (4.1) how well it supports a clustering deployment; and (4.2) in a multitiers system, where the cache mechanism can be applied.

(5)For load balance, middleware load balance is important, but when scalability is concerned, OS, EIS and Storage System etc.. should all be taken into consideration because solution bottlenecks are not necessarily middleware components. End to end clustering management is where vendors working on utility computing make their businesses.

On Architecture, Integration, Development Tool and Small Wins

Hi …,

On the architecture side, except the patterns, there are two fundamental ideas that are getting momentum in the industry. One is that of OSGi. It is the base of Eclipse's architecture. Eclipse is destined to play a major role in the application interface side. Having a rigorous support of plug and play for application systems is a progress in computing of much significance. The second one is that of chained interceptors. JBoss' core is built upon this idea (with JMX); Tomcat, Servlet Filter and Bea's web service support are all applying chained interceptors. It is a relatively simple architecture, but can be very powerful, particularly when it is combined with hot deployment and various group communication mechanisms. The value it brings into the landscape is to separate and isolate different concerns. It more or less can be compared to the assembly line of the industrial manufacturing.

In my opinion, the Enterprise Integration Patterns book is one of the best technical books published in last several years in the application development domain. It covers mainly the asynchronous design patterns. Recently there are a lot of discussions on ESB and most of the topics appeared in those discussions can be found in this book. Together with the architectural ideas of JCA, Jini and JXTA, they may already cover all the major technical solutions for EAI or B2B currently available in the market (see documents for products from Tibco, webMethods, IBM etc.).

Maven is a very nice tool, can be used as the foundation to carry out most of the software development life cycle. But it is just a tool. With the new capabilities introduced in the latest version of Ant, it may be more difficult for Maven to become popular in the developers cycle. My thinking is that when the concern is a tool, you always choose one that most of the developers are comfortable to use. In technology, it is not always a good or bad issue, most of the cases the critical factor determining the outcome is what most of the people like the best.

Looks like the opportunities there in *** are very exciting and the ideas in your mind are overwhelming. If I were you, I may want to be more focused, and try to secure some small but unambiguous wins in a short time frame. This will make professional career there later much easier, and helps to build people's confidence in you and pave the way for buy-in of more risky initiatives in the future.

Best regards,

Young

Comments on The Heart of Change by John Kotter et al

I read John Kotter’s Leading Change quite a while ago. The impression at that time is that it is a practical guide for people at the change agent role if you believe the idea. It is, probably, a little bit too practical. The eight steps process of change advocated in the book is, to certain degree, what I think of as conventional thought. However, in workplace, the problem is not that we are all carrying too many conventional thoughts; but on the contrary, most of the thinking is even below the conventional level.

For the past two days, I have been reading The Heart of Change from John Kotter and Dan Cohen. The authors in this sequel tried to show and analyze some stories on how the eight steps change process works in reality.

The central message the authors sent out in this book, as explicitly pointed out there, is “people change what they do less because they are given analysis that shifts their thinking than because they are shown a truth that influences their feeling.” With such a message in mind, it is not a surprise that the authors’ discussion on the eight steps emphasize much on the emotional barriers of people in a situation that needs to change, and the emotional intelligence of people that advocates the change efforts. This is no doubt a good observation; and there is lot of recognizable truth in the authors’ descriptions if you ever tried to change something in an organization.

In plain language, what the author is advocating for change process is as follows: as the first step, you make the case for your change effort; then you describe where it will be after the change; as the third step you choose some leaders to lead the change, after that you try to sell your change plan; at the end, if you manage the change process properly, you may be successful in your change effort; and if you do better, you are even able to make the change permanent. If you are going to follow the author’s suggestion to carry out a change effort, you are certainly to feel that emotional barriers are the major obstacles. With this approach, when you are making your case for change in the first step, you, in most cases, this way or that way, have to point out that the status quo is problematic. The implication will certainly be the thought on who is responsible for this failing status quo; at least, a question will be asked on why people are keeping this status quo and do not realize there needs change. Those thought and question make enemy for the change effort. And it gets into people’s emotional egos. Also when you try to sell your change plan to a large audience, the same problem rises: why this large group of people bears the status quo and do not advocate change themselves? It again gets into people’s emotional egos.

What I believe is that following the author’s eight steps is very tough. To make it successful is even harder. In a situation where all people are already looking for changes and it only needs a hero to break the glass window and overcome their fear, and then they will carry the change out voluntarily, the author’s approach may work. A second situation where it may work is that the CEO or the people who are in the un-movable positions want to push the change. Even in those situations, the success of the author’s approach is accidental. The reason is that those emotional barriers are just difficult, if not impossible to overcome. In other’s situations, you need God’s help to make it to the end.

The approach I think there is a better chance to win is to secure small wins and build up momentum in the first step. You do not make enemy in the very beginning; instead, you convert people and build up your forces gradually. When it comes the moment your forces are strong enough, you then raise the flag and make your declaration to change. Afterwards, you may follow the authors’ steps. In this case, there will be less and lower emotional barriers. Of course, there can also be problems with this approach. You may not have enough time to build up a strong force. Or it may happen that the status quo is just so horrible that there is no chance at all for you to secure even small wins.

If the inertia is so strong, to stop it and to revert it is certainly not an easy job.

A successful case for the author’s approach is the turnaround of IBM by Louis Gerstner in the 90s of last century. It will be a good exercise to read Lou’s book (Who Says Elephants Can’t Dance) together with Kotter’s books. For the approach proposed in the above section, I myself experienced it once. It worked; but afterwards I almost want to say I never want to do it again although I am still more than proud of the effort today.

For those change agents, all my suggestion is that you prepared yourself for the worst. There are reasons why companies get into a situation where they either change or they fail. And companies already in this situation, in most cases, do not particularly like the idea of change (or else, they will not be there). What you will probably feel more than often is that they are actually pursuing failures (at least their behaviors indicate this. What actually happen can be that people or leaders in those companies lose the control of themselves, some just leave and those remain there just do not have any sense of fighting with the infrastructure or anything else that is the problem. In mst cases, they rationalize the status quo). This may explain why in reality there are much more companies that fail than those that survive or resurrect.

In the extreme cases, you are fighting with God! It needs unconventional wisdom and exceptional mental and physical power to make it happen. Read the above-mentioned Lou’s book, particularly the discussion of “what it takes to run IBM”. Or, even better, also read the readers’ comments in Amazon on the book. There are great evidences of the emotional barriers that Kotter and his coauthor discussed in The Heart of Change.

Thoughts on Leadership and Management

I had an opportunity to discuss leadership and management with a group of senior managers from a Fortune 500 company. Here are some of the points I made in the discussion:

(1) On what we do not like in our responsibilities: There are occasions or situations we do not like. When I see such a situation or occasion, my first thought is always why I do not like it, and I will do some analysis. In most of cases, I will find out that that is because of my shortcomings or weak points, or it is because that I am just trying to dwell in the comfortable zone. With this analysis as the foundation, usually what end up for me is that I will take it as a challenge, or as an opportunity to extend my horizon? After hard work or putting efforts, the shortcomings are overcome, and the weak points are strengthened, what I originally do not like at the end becomes something I enjoy very much.
(2) On evangelization: People in technology profession usually believe they have something that is good and should be welcome by all the people. While this is in most cases are the case, but the attitude behind evangelization is fine in the academic circle, when such an attitude appears in business or industry, we should be cautioned. Computing industry has been in existence for more than 50 years and customers have already accumulated a lot of experiences in applying technological advances in business operation. The dynamics between technology providers and the general business community has changed dramatically. The time when technology companies define business requirements for customers are pretty much gone. Actually, customer feedbacks are gradually becoming a very important input for technical decisions. Companies that are detached from the market realities will not be successful. This was one of the reasons IBM failed in the early 90’s, based on Louis Gerstner’s account. With this said, yes technology is by essence an innovation driven industry, there are definitely opportunities when evangelization is essential. In those cases, the best way to judge is that we, as technical people, put our feet in the customers’ shoes. If our conclusion is that the technology will benefit the customers, we need do some evangelizations. But generally, the relation between technology companies and the larger business community is getting closer, two-way communications are the norm instead of exceptions.
(3) On large enterprise and startup: There are sound reasons why large enterprises are doing things general slower than startups. I think the ultimate judgment is the overall performance in the market. Large enterprises have their competitive advantages that startups do not have; quick response to market requirements is the advantage startups employ to compete with the large enterprises. Different market segments may particularly favor some competitive advantages such as speed. But speed is not everything. What I believe is that, in a large enterprise, different line of business may have different requirement on how fast things should be done; I also believe we, as leaders and managers in large enterprises, should intentionally create and protect those groups for which quick response and entrepreneurship are critical to compete successfully in the market.
(4) On communication: there are four factors in communication, the sender, the receiver, the channel and the message. Effective communication must take all of them into consideration. In technological term, the issue is to understand the protocol. But at the end, it is the message itself that speaks the loudest. The quality of the content is the most important.
(5) On a career in large enterprise. Omitted.
(6) On change agent. Omitted.

Hash Algorithms Broken On August 16th in Crypto2004 By Chinese Scholars

Here are some broken news in cryptography as summarized by Eric Rescorla:


As you may or may not have heard, this year's CRYPTO conference
has been very interesting:

* Joux has found a single collision in SHA-0--an algorithm that nobody
uses but that is very similar to SHA-1. However, SHA-0 was changed to
fix a flaw (later found by Joux), thus becoming SHA-1 so we can hope
that this attack can't be extended to SHA-1. The attack was fairly
expensive, requiring about 2^51 operations the brute force attack
would take about 2^80).

* Biham and Chen can find collisions in a reduced round version of
SHA-1 (40 rounds). The full SHA-1 is 80 rounds. It's hard to know whether this can be extended to full SHA-1 or not. NSA (who designed SHA-1)seems to be generally pretty good at tuning their algorithms so that they're just complicated enough to be secure.

* Weng, Fang, Lai, and Yu have what appears to be a general method
for finding collisions in MD4, MD5, HAVAL-128, and RIPEMD. They haven't published any details.

What does this mean for us? I'll be writing up full details hopefully
soon, but here's a short overview...

WHAT'S BEEN SHOWN?

An attacker can generate two messages M and M' such that Hash(M) = Hash(M'). Note that he cannot (currently) generate a message M such that Hash(M)is a given hash value, nor can he generate a message M' such that it hashes the same as a fixed message M. Currently this is possible for MD5 but we have to consider the possibility that it will be eventually possible for SHA-1.

USES OF HASH FUNCTIONS

We use hash algorithms in a bunch of different contexts. At minimum:

1. Digital signatures (you sign the hash of a message).
(a) On messages (e.g. S/MIME).
(b) On certificates.
(c) In authentication primitives (e.g., SSH)
2. As MAC functions (e.g. HMAC)
3. As authentication functions (e.g. CRAM-MD5)
4. As key generation functions (e.g. SSL or IPsec PRF)

THE POTENTIAL ATTACKS

The only situation in which the current attacks definitely apply is
(1). The general problem is illustrated by the following scenario.
Alice and Bob are negotiating a contract. Alice generates two
messages:

M = "Alice will pay Bob $500/hr"
M' = "Alice will pay Bob $50/hr" [0]

Where H(M) = H(M').

She gets Bob to sign M (and maybe signs it herself). Then when it
comes time to pay Bob, she whips out M' and says "I only owe
$50/hr", which Bob has also signed (remember that you sign the
hash of the message).

So, this attack threatens non-repudiation or any kind of third
party verifiability. Another, slightly more esoteric, case is
certificates. Remember that a certificate is a signed message
from the CA containing the identity of the user. So, Alice
generates two certificate requests:

R = "Alice.com, Key=X"
R' = "Bob.com, Key=Y"

Such that H(R) = H(R') (I'm simplifying here).

When the CA signs R, it's also signing R', so Alice can present
her new "Bob" certificate and pose as Bob. It's not clear that
this attack can work in practice because Alice doesn't control
the entire cert: the CA specifies the serial number. However,
it's getting risky to sign certs with MD5.

WHAT'S SAFE?

First, anything that's already been signed is definitely safe. If you
stop using MD5 today, nothing you signed already puts you at risk.

There is probably no risk to two party SSH/SSL-style authentication
handshakes.

It's believed that HMAC is secure against this attack (according to Hugo Krawczyk, the designer) so the modern MAC functions should all be
secure.

I worry a bit about CRAM-MD5 and HTTP Digest. They're not as well
designed as HMAC and you might potentially be able to compromise them to mount some kind of active cut-and-paste attack, though I don't have one in my pocket.

The key generation PRFs should be safe.



Here is a link of the preprint of Wang et al. Those breakthroughs lead NIST to deliver the following comments:



The current Federal Information Processing Standard SHA-1 algorithm, which has been in effect since it replaced SHA-0 in 1994, was also analyzed, and a weakened variant was broken, but the full SHA-1 function was not broken and no collisions were found in SHA-1. The results presented so far on SHA-1 do not call its security into question. However, due to advances in technology, NIST plans to phase out of SHA-1 in favor of the larger and stronger hash functions (SHA-224, SHA-256, SHA-384 and SHA-512) by 2010. SHA-1 and the larger hash functions are specified in FIPS 180-2. For planning purposes by Federal agencies and others, note also that the use of other cryptographic algorithms of similar strength to SHA-1 will also be phased out in 2010.”