Posts

Showing posts from 2012

How to Display/ Load Videos in Browsers

Here is everything you need to know about videos: http://diveintohtml5.info/video.html Considerations In general, these are the considerations when displaying/ rendering videos over the web: where is the video stored/ hosted? – On premise or in the cloud? Cloud-hosting can be a good option for load distribution if the videos are huge. what is the streaming/ downloading protocol? – The trend these days appears to be to stream videos using HTTP rather than specialised (and often expensive) protocols. who is the target audience and what browser/ platform are they using to view these videos? what browser? – Chrome, IE, Firefox, Opera? which version(s)? – still required to support IE6? what operating systems/ environment? – do we have Unix/ Mac users? need to support desktop/ tablet/ mobile? – some or all of these? The challenge for the 3rd consideration is to be able to accommodate everyone (from IE6 on a desktop to the iPad safari browser). To do this, a number of “t

2-Way SSL for WCF Web Service Hosted on IIS

I recently was involved in getting the above to work in our environment. The steps follows: Ensure that the SSL certificates are correctly signed Ensure that the SSL certificate chain is present and valid Install the certificates in the “Current User” account for validation Execute mmc.exe, add “Certificates” snap-in with “My user account” Install the certificate within “Personal” store Verify by using Internet Explorer to retrieve the WSDL from the remote web service If the certificate and chain are correct, Internet Explorer will validate them and report so with “Certificate is OK” Install the certificates (and the entire chain) in the “Local Computer” account Execute mmc.exe, add “Certificates” snap-in with “Computer account” Install the certificate within “Personal” store Note the thumbprint of the certificate Configure the WCF web.config to make use of “Client Certificates” by finding the certificate within the “LocalMachine” using the thumbprint (remove the spac

Microsoft CRM Main Concepts & Relationships

Image
I came across MS CRM while searching for a solution for leads management. In the process of trying to appreciate the main concepts and relationships as well as a basic gap analysis against our requirements, I created a set of UML class diagrams to document my understanding. The following are the main concepts (or entities, according to CRM’s nomenclature): Main CRM entities Sales Force entities Sales Person entities Activity entities Teaming entities Campaign entities Main CRM entities Sales Force entities Sales Person entities Activity entities Teaming entities Campaign entities Web References Some useful links for read-up: http://crmdynamo.com/2008/06/crm-40-concepts-what-are-leads-contacts-and-opportunities/ http://blogs.msdn.com/b/crm/archive/2007/08/27/leads-accounts-contacts-and-opportunities.aspx

HTTP over TLS/ SSL: What is Really Secured?

HTTP over TLS/ SSL performs encryption of transferred data. However, what is really encrypted and what isn’t? Part of the TLS/ SSL negotiation will not be secured. Everything else is securely transmitted. What is in the clear/ can be derived will be the destination hostname or IP address and the port (usually 443) URLs for GET/ POST/ HEAD request methods are secured GET URL parameters, e.g. ?data=12345678&id=123 POST URL All HTTP headers are secured. These include: Cookies Content-type/ content-length Cache control User-agent Accept (-encoding) HTTP payload is secured. This may be: POST parameter HTML/ XML data Does it therefore mean that the GET URL over HTTPS is secured? You decide for yourself…. As the GET URL method information is secured, any sniffer between the source and destination would not be able to “see” the URL parameters. However, the web browser would track the full GET URL (including the parameters) in the browsing history. As such, anyone havi

How to Send an iCal File as an Exchange Appointment

Creating an iCal is rather straightforward, so is sending out an email with the iCal file attached therein. What is required in our case is to automate sending out an appointment thru’ MS Exchange in a way that it behaves as though an appointment has been manually sent by someone thru’ Exchange. This would mean that the appointment has to appear in the Exchange Calendar whether or not the recipient remembers to accept the appointment. This is not possible with a typical iCal sent as an attachment in an email as the recipient would need to open the iCal file and save it before it appears in the Exchange Calendar (sort of an import function). Apart from making use of Exchange API, a much simpler solution would be to (still) send the iCal as an attachment in an email but “trick” Exchange into recognising the mail as an Exchange appointment. Credits to this website for first uncovering the solution. First and foremost, understand the difference between an Appointment and a Meeting Reques

National Do-Not-Call Registry (Singapore)

Information regarding the proposed National DNC registry can be found here . The DNC registry allows individuals to opt-out of marketing messages in the forms of email , SMS/ MMS, faxes, phone-call. A message is regarded as a marketing message as long as it is determined that part of the message has a purpose which is marketing in nature as defined . Messages that are marketing in nature if one of the purposes of the message is: to offer to supply, advertise or promote goods or services , the suppliers or prospective suppliers of goods and services to supply, advertise or promote land, interests in land, business or investment opportunities

Poor Man's SSO with Multiple ASP.NET Web Applications

It is quite straightforward to have (poor man's) single sign-on for multiple ASP.NET web applications without sourcing for an enterprise solution. Based on the following premise: assuming the web applications are in the same domain  forms or custom authentication is used for the web application In order to have things work, a couple of steps are required, namely: Enable Forms authentication for the relevant web applications, use: < authentication mode = " Forms " > Ensure that the validationKey and decryptionKey settings (under the machineKey element) are not auto-generated but are explicitly coded and shared across the relevant web applications (and web farm, if applicable). For IIS6, you can use this website to generate the keys For IIS7+, you can use IIS Manager to do so . Customise the name of the cookie (instead of the default .ASPXAUTH) but more importantly, set the cookie path to the default root "/" and the domain to a valid one,

Dealing with Team Member's Performance Issue

The CRAM model suggests to investigate poor performance in a team member in this top-down order : C onstraints - is the member experiencing certain constraints in his/ her life that limits productivity or effectiveness? For example; married, birth, or death of a close one, debt or addiction issues. R esources - are there resource issues that prevents productive contribution? E.g. lack of test environment, IDE, tools, software licenses, hardware. A ptitude - is the team member cut-out for the role? Are there other more suitable roles available? M otivation - is the team member motivated to perform the role or is he/ she just passing time? Is it time to change the role or the job?

SAN or NAS storage systems… How do they affect my applications?

Here are some salient difference I gathered: SAN NAS Connection FC/ SCSI Ethernet Speed Typically faster (unless over Ethernet like FCoE or iSCSI) Typically slower Cost Typically higher Typically lower Intrusiveness Appears like locally attached storage to OS Remotely accessible filesystem using protocols like: NFS (Unix)/ CIFS (Windows)/ AFP (iOS) or even HTTP Can same unit be shared across different servers? No – every server mount will have its own exclusive blocks Yes. Concurrent access and locking is handled by the access protocols Unit of storage block-level file-level

General Flow for Web Access Management

Image
Three aspects are typically handled by Web Access Management software: protect resources authenticate users authorise users The flow is depicted in the following Activity Diagram:

Personal Data Protection Bill

Some information regarding the proposed Personal Data Protection Bill 2012 (Singapore): Covers the regulation pertaining to the collection, use, disclosure, transfer & security of personal data. The PDP Bill consultation paper found here The proposed PDP Bill found here The Model Data Protection Code for the Private Sector found here A subsequent report of the above-mentioned Model Code by the NIAC found here The PDP bill interprets “personal data” to refer to data, whether true or not, about an individual who can be identified from that data; or from that data and other information to which the organisation is likely to have access The bill does not provide greater clarity to the definition of “personal data” and a prescriptive list of personal data would not be provided. Fortunately, the definition was largely adapted from the Model Code which provided certain implementation & operational guidelines with specific examples. An excerpt from the Model Code follows:

Stages in Competency

Just read about the 4 stages in competence that applies to learning and measuring competencies in new skills. It’s always good to know where one stands for each competency. From the lowest to the highest, they are:   Unconscious Incompetence Individual does not know the required skill/ competence exists, let along the relevance of it. Individual is incompetence and does not know it Call this individual ignorant, clueless To do : Need guidance to identify deficits “Don’t know what you don’t know”   Conscious Incompetence Individual recognises deficit in competency/ skill but is not addressing it/ not able to address it Appreciates the value of the competency/ skill Call this individual a beginner, a learner To do : Offer vast sources of learning resources and even training. Also allow for mistakes. “Know what you don’t know”   Conscious Competence Individual is able to demonstrate basic competency when required and at will Takes conscious effort/ concentration to

Browser wars

Around the world, Chrome appears to have overtaken IE for the desktop recently. Source: StatCounter Global Stats - Browser Market Share Singapore is heavily dominated by iOS but Android is catching-up fast! Source: StatCounter Global Stats - Mobile OS Market Share

Excerpts From “What Can DevOps Learn from Formula 1” Presentation

Full presentation available here . A list of salient points follows: How to define success? Developers want Agility & Change Operations want Availability & Stability F1 car lifecycle Design –> Develop –> Test –> Deploy –> Support Support (Operations) need to always provide feedback to Design (Development) Engineers need to work hand-in-hand with Operations Success must be measured F1: Telemetry and monitoring are required to deliver drivers’ results IT Systems: Performance data collection and analysis as well as performance monitoring are required to deliver success Monitoring is critical in managing change Need to constantly monitor and manage impact of change. Need to provide feedback for where the car: Is fast – where things are done right Is slow – where to optimise and improve Failed – where to fix Three key aspects that impact application performance Concurrency Data volume Resources Where does one find the real bottlenecks? Not of

Review: The Adventures of an IT Leader

Image
A mindmap review of the excellent book. Flash version can be found here

SOAP Client in IIS -> SOAP Server in Weblogic

Image
So many timeout settings… it’s ridiculous!

Draw UML Diagrams Online

Try this: http://yuml.me/

Insurance Quotation Online Applications Best Practices

Chanced upon a website that lists out how to create an insurance quotation website that is customer-centric. Salient points are: Allow for the "human touch" where necessary. That is, have a live chat feature. Instead of pushing for the most expensive coverage, promote a list of coverage options (e.g. basic coverage, premium coverage, etc.) with the associated pricing. Alternatively, incorporate a name-your-price feature that calculates the equivalent coverage for the premium the customer is prepared to pay. Offer discounts during the quotation process! Make data entry easier. E.g. entering postal code could pre-populate the address. For existing customers, the application could pre-fill some related information associated with the customer. Allow for users to perform partial save in order to continue the quote at a later point in time.

Experience in Building Mobile Application

I’ve finally completed my maiden HTML5 mobile application but have only managed to target it for Android. You may download it from getjar . Fundamentally, I’ve created the application due to a need to manage multiple library-loan accounts within the family. It is a hassle to check the accounts one-by-one for (near-) outstanding loans. My experience in development follows: What type of application should I build? Criteria Native App HTML5 App Mobile Website Learning Curve high medium low Performance good reasonable reasonable Device feature accessibility all most few Connectivity tolerance non-connected occasional mostly connected Server requirement NA NA Yes Quirkiness Low High Medium Marketability (on app-store) Yes Yes No Portability Low Medium High Basic Requirements Apache Cordova (PhoneGap) 1.5 jQuery 1.6.4 jQuery Mobile 1.0.1 Gotchas! I wanted to structure the directories into /js, /css. The easiest way is to move all the

How to embed images in a HTML page without ActiveX

We have this requirement to ensure that the saved (X)HTML is completely self-contained. This means that displayed images need to be embedded. Ideally, no additional plugin (e.g. ActiveX, Applet, Flash, etc.) is required. Therefore, instead of using a img tag with the src attribute that refers to an remote image, the src attribute could actually embed the entire image that is encoded using Base64. The magic is to use the data URI scheme . E.g. <img src=" data:image/png;base64 , <Base 64 encoded data> "> This is supported in Gecko-based (Firefox) and WebKit-based (Android, Safari, Chrome) browsers. Trident-based (IE 8 and 9) are also supported.

Java Class Loading Error/ Exception

Have you encountered some class loading/ definition issues in Java recently? To expedite troubleshooting such issues, you need to be aware of the 3 main Java errors/ exceptions and to be able to differentiate amongst them. They are: java.lang.ClassNotFoundException java.lang.NoClassDefFoundError java.lang.UnsupportedClassVersionError ClassNotFoundException Happens when a class cannot be loaded at runtime . This offending class is usually not known a priori This is often caused by the class loader not being able to dynamically load a required class. Examples of such offending class loaders are Class.forName() Classloader.findSystemClass() Classloader.loadClass() An IoC container (e.g. Spring) The exception is thrown with the class that is not found. E.g.  java.lang.ClassNotFoundException: oracle.jdbc.driver.OracleDriver To resolve this, check the class against the classpath. The situation would be a lot more complicated when multiple class loaders come into play (E.g. when

Hallmark of a Good IT Manager

You’ve just been promoted from a senior developer/ programmer to the next level: an IT Manager! What is it really like to be an IT Manager? What do you need to do? What is expected of you? Here are some thoughts: You need to be a leader & (tough) decision maker – not afraid of being in the spotlight have a mind of your own and be not afraid to put forth your perspective be able to deal with difficult and unpleasant situations be the answer and direct others  be able to juggle with the expectations of both the superiors as well as subordinates maintain a visible profile; not hidden behind curtains/ stage  be able to communicate (or even debate) effectively during meetings be on your toes especially during meetings – be always ready with a response be able to hire & fire as necessary be competent in the business domain be competent in IT management understand the processes & operations be able to introduce and enforce structures and procedures when required appr

Best Practices for HTTP Servers

How can web servers be optimised to perform faster? Can resources be cached, compressed, etc. There are a number of HTTP headers that one needs to understand in order to deal with performance optimisations. Last-Modified – Origin server indicates when the resource was believed to have been last modified. Given by both date and time. Etag – Entity tag or unique ID for each version of a resource which is usually comprised of the file-location, file-size and last modified date Expires – Origin server indicates to the browser when the resource becomes stale or how long to keep in cache. Applicable to HTTP/1.0; apparently  deprecated in HTTP/1.1 Cache-control – Origin server indicates to the browser and intermediaries whether or not to cache the resource and if to cache, for how long (cache-control:max-age). Applicable to HTTP/1.1 Notice the similarity in some definitions. In practice, Last-Modified and Etag are similar validators and can be grouped together. Expires and cach

Sending SMS

Image
There are different means of sending SMS that I’m aware of, namely: via GSM modem via SMSC (SMS Centre) via 3rd-party gateways Given that the 3rd-party gateways have got different offerings from vendor to vendor, here are some differences between the 1st two: GSM Modem SMSC Cost Usually lower and is fixed per SMS Normally higher unless there is bulk discount Use of short code (4-5 digit numbers)? No Yes Use of TPOA No Yes Latency per SMS (or throughput) 5-8 secs or 13-17 secs with DR (up to 15-20 SMS/sec) Less than 1 sec (20-40 or up to 100s SMS/ sec) Interface/ protocol USB/ COM ports Usually SMPP (TCP/IP) TPOA - Stands for Transmission Path Originating Address . It is a feature to mask the originating number with a alphanumeric string (up to 11 characters). E.g. Citi, HSBC To understand how all these entities/ components come together, see the following UML diagrams:

Troubleshooting Common .NET HTTP Connection Errors

The first is to identify whether the error is with the client or server (or even intermediaries). Most of the errors begin with “ The underlying connection was closed: “… Indications of client error An unexpected error occurred on a send – Could be due to: antivirus software installed on the client machine   Indications of intermediary error The remote name could not be resolved or The proxy name could not be resolved – Could be due to: DNS issue inability to access the hosts file Unable to connect to the remote server – Likely to have gotten through the DNS but hit a connection glitch due to: proxy firewall network authentication   Indications of server error or intermediaries (e.g. load balancer, proxy, etc.) An unexpected error occurred on a receive – Server or intermediary unexpectedly closes the TCP connection. May be due to: Server or intermediary timeout values set too low ( TODO : increase the client’s request timeout & also the server’s execut

Best Practices for running ASP.NET on IIS 7

When should application pools be turned into web gardens? Web gardens should only be used if the application doesn’t use in-process session variables but rather out-of-process ones (e.g. session state service or database session state). Reason is that a web garden would have at least 2 worker processes which do not share in-process (session) memory. Drivers to using web gardens are: Application makes long-running synchronous requests Application is low in availability and crashes often Application creates high CPU load on worker process Best Practices Systems Settings Optimum paging file size setting: 1.5x the RAM for 32-bit OS system-managed for 64-bit OS Disk queue length should always average less than 2 Processor queue length should be less than the number of processors  Network utilisation should be less than 50% Application Isolation Policy Some applications should be deployed into their own application pool mission critical and should be highly a

Solving Mixed-Content Warnings

Web applications can be written to work with HTTP as well as HTTPS schemes. To do so, URLs to resources should be encoded as relative URLs. For example, on a site (softwarehard.blogspot.com), all URLs to resources should be encoded as “/images/imageResource.jpg” or “images/imageResource.jpg”   instead of “http://softwarehard.blogspot.com/images/imageResource.jpg” Doing so will allow for the resource to be served in both HTTP and HTTPS schemes depending on the the page request. However, if an external resource is required, the authority (domain name) needs to be included. The most portable way to include the external resource is to use a scheme-less URL. For example: “//cdn.blogger.com/js/jquery.js” Note that neither HTTP nor HTTPS have been specified and doing so will allow us to skirt the mixed-content issue. This is valid under the URI RFC However, the caveats are that: this works well in web browsers but will likely break in email clients! there is also a minor downside

HTML rendering with Internet Explorer 8, 9, 9+

Apart from the use of DOCTYPE , IE uses other metadata to influence rendering. You may include the following meta tag in the HMTL document to influence the way Internet Explorer renders content: <meta http-equiv="X-UA-Compatible" content=" Content-Attrib-Value "/> In combination with the DOCTYPE, the value of the content attribute in the above meta tag will result in different rendering modes: Content-Attrib-Value DOCTYPE Doc Mode IE=edge Ignored IE x standards (use the latest IE standard available) IE=9 Ignored IE9 standards IE=8 Ignored IE8 standards IE=EmulateIE8 Known type IE8 standards   Unknown or absent Quirks mode (IE5.5) IE=7 Ignored IE7 standards IE=EmulateIE7 Known type IE7 standards   Unknown or absent Quirks mode IE=5 Ignored Quirks mode At the same time, there are some interesting points to note: in the intranet zone, IE 7 standards rendering mode is used by default these can be overridden by the