SOFTware is HARD

Be aware of the difference between the Browser Mode vs. Document Mode. Browser Mode is controlled by the client browser - is affected primarily by "Compatibility View" settings as well as domain  Document Mode is controlled by the web server, and/ or the web page  Using IE 8-9, some strange behaviour has been observed. Enabling Compatibility View (for either intranet, all websites) would result in the following for affected sites: IE conditional comments would detect IE7 User-agent sent would be IE7 (compatible) Browser mode would show IE 9 Compatibility View Document mode would be IE 7 standard The above behaviour would not be affected by X-UA-Compatible meta-tags within the page.  However, sending X-UA-Compatible HTTP header would alter the behaviour as follows: IE conditional comments would detect IE9 User-agent sent would be IE7 (compatible) Browser mode would show IE 9 Compatibility View Document mode would depend on the value o...

HTTP over TLS/ SSL performs encryption of transferred data. However, what is really encrypted and what isn’t? Part of the TLS/ SSL negotiation will not be secured. Everything else is securely transmitted. What is in the clear/ can be derived will be the destination hostname or IP address and the port (usually 443) URLs for GET/ POST/ HEAD request methods are secured GET URL parameters, e.g. ?data=12345678&id=123 POST URL All HTTP headers are secured. These include: Cookies Content-type/ content-length Cache control User-agent Accept (-encoding) HTTP payload is secured. This may be: POST parameter HTML/ XML data Does it therefore mean that the GET URL over HTTPS is secured? You decide for yourself…. As the GET URL method information is secured, any sniffer between the source and destination would not be able to “see” the URL parameters. However, the web browser would track the full GET URL (including the parameters) in the browsing history. As such, anyone havi...

Creating an iCal is rather straightforward, so is sending out an email with the iCal file attached therein. What is required in our case is to automate sending out an appointment thru’ MS Exchange in a way that it behaves as though an appointment has been manually sent by someone thru’ Exchange. This would mean that the appointment has to appear in the Exchange Calendar whether or not the recipient remembers to accept the appointment. This is not possible with a typical iCal sent as an attachment in an email as the recipient would need to open the iCal file and save it before it appears in the Exchange Calendar (sort of an import function). Apart from making use of Exchange API, a much simpler solution would be to (still) send the iCal as an attachment in an email but “trick” Exchange into recognising the mail as an Exchange appointment. Credits to this website for first uncovering the solution. First and foremost, understand the difference between an Appointment and a Meeting Reques...

Information regarding the proposed National DNC registry can be found here . The DNC registry allows individuals to opt-out of marketing messages in the forms of email , SMS/ MMS, faxes, phone-call. A message is regarded as a marketing message as long as it is determined that part of the message has a purpose which is marketing in nature as defined . Messages that are marketing in nature if one of the purposes of the message is: to offer to supply, advertise or promote goods or services , the suppliers or prospective suppliers of goods and services to supply, advertise or promote land, interests in land, business or investment opportunities

Here are some salient difference I gathered: SAN NAS Connection FC/ SCSI Ethernet Speed Typically faster (unless over Ethernet like FCoE or iSCSI) Typically slower Cost Typically higher Typically lower Intrusiveness Appears like locally attached storage to OS Remotely accessible filesystem using protocols like: NFS (Unix)/ CIFS (Windows)/ AFP (iOS) or even HTTP Can same unit be shared across different servers? No – every server mount will have its own exclusive blocks Yes. Concurrent access and locking is handled by the access protocols Unit of storage block-level file-level

Some information regarding the proposed Personal Data Protection Bill 2012 (Singapore): Covers the regulation pertaining to the collection, use, disclosure, transfer & security of personal data. The PDP Bill consultation paper found here The proposed PDP Bill found here The Model Data Protection Code for the Private Sector found here A subsequent report of the above-mentioned Model Code by the NIAC found here The PDP bill interprets “personal data” to refer to data, whether true or not, about an individual who can be identified from that data; or from that data and other information to which the organisation is likely to have access The bill does not provide greater clarity to the definition of “personal data” and a prescriptive list of personal data would not be provided. Fortunately, the definition was largely adapted from the Model Code which provided certain implementation & operational guidelines with specific examples. An excerpt from the Model Code follows:...

Just read about the 4 stages in competence that applies to learning and measuring competencies in new skills. It’s always good to know where one stands for each competency. From the lowest to the highest, they are:   Unconscious Incompetence Individual does not know the required skill/ competence exists, let along the relevance of it. Individual is incompetence and does not know it Call this individual ignorant, clueless To do : Need guidance to identify deficits “Don’t know what you don’t know”   Conscious Incompetence Individual recognises deficit in competency/ skill but is not addressing it/ not able to address it Appreciates the value of the competency/ skill Call this individual a beginner, a learner To do : Offer vast sources of learning resources and even training. Also allow for mistakes. “Know what you don’t know”   Conscious Competence Individual is able to demonstrate basic competency when required and at will Takes conscious effort/ co...

Try this: http://yuml.me/

I’ve finally completed my maiden HTML5 mobile application but have only managed to target it for Android. You may download it from getjar . Fundamentally, I’ve created the application due to a need to manage multiple library-loan accounts within the family. It is a hassle to check the accounts one-by-one for (near-) outstanding loans. My experience in development follows: What type of application should I build? Criteria Native App HTML5 App Mobile Website Learning Curve high medium low Performance good reasonable reasonable Device feature accessibility all most few Connectivity tolerance non-connected occasional mostly connected Server requirement NA NA Yes Quirkiness Low High Medium Marketability (on app-store) Yes Yes No Portability Low Medium High Basic Requirements Apache Cordova (PhoneGap) 1.5 jQuery 1.6.4 jQuery Mobile 1.0.1 Gotchas! I wanted to structure the directories into /js, /css. The easiest way is to move all the...

Have you encountered some class loading/ definition issues in Java recently? To expedite troubleshooting such issues, you need to be aware of the 3 main Java errors/ exceptions and to be able to differentiate amongst them. They are: java.lang.ClassNotFoundException java.lang.NoClassDefFoundError java.lang.UnsupportedClassVersionError ClassNotFoundException Happens when a class cannot be loaded at runtime . This offending class is usually not known a priori This is often caused by the class loader not being able to dynamically load a required class. Examples of such offending class loaders are Class.forName() Classloader.findSystemClass() Classloader.loadClass() An IoC container (e.g. Spring) The exception is thrown with the class that is not found. E.g.  java.lang.ClassNotFoundException: oracle.jdbc.driver.OracleDriver To resolve this, check the class against the classpath. The situation would be a lot more complicated when multiple class loaders come i...

There are different means of sending SMS that I’m aware of, namely: via GSM modem via SMSC (SMS Centre) via 3rd-party gateways Given that the 3rd-party gateways have got different offerings from vendor to vendor, here are some differences between the 1st two: GSM Modem SMSC Cost Usually lower and is fixed per SMS Normally higher unless there is bulk discount Use of short code (4-5 digit numbers)? No Yes Use of TPOA No Yes Latency per SMS (or throughput) 5-8 secs or 13-17 secs with DR (up to 15-20 SMS/sec) Less than 1 sec (20-40 or up to 100s SMS/ sec) Interface/ protocol USB/ COM ports Usually SMPP (TCP/IP) TPOA - Stands for Transmission Path Originating Address . It is a feature to mask the originating number with a alphanumeric string (up to 11 characters). E.g. Citi, HSBC To understand how all these entities/ components come together, see the following UML diagrams:

The first is to identify whether the error is with the client or server (or even intermediaries). Most of the errors begin with “ The underlying connection was closed: “… Indications of client error An unexpected error occurred on a send – Could be due to: antivirus software installed on the client machine   Indications of intermediary error The remote name could not be resolved or The proxy name could not be resolved – Could be due to: DNS issue inability to access the hosts file Unable to connect to the remote server – Likely to have gotten through the DNS but hit a connection glitch due to: proxy firewall network authentication   Indications of server error or intermediaries (e.g. load balancer, proxy, etc.) An unexpected error occurred on a receive – Server or intermediary unexpectedly closes the TCP connection. May be due to: Server or intermediary timeout values set too low ( TODO : increase the client’s request timeout & also the server...

When should application pools be turned into web gardens? Web gardens should only be used if the application doesn’t use in-process session variables but rather out-of-process ones (e.g. session state service or database session state). Reason is that a web garden would have at least 2 worker processes which do not share in-process (session) memory. Drivers to using web gardens are: Application makes long-running synchronous requests Application is low in availability and crashes often Application creates high CPU load on worker process Best Practices Systems Settings Optimum paging file size setting: 1.5x the RAM for 32-bit OS system-managed for 64-bit OS Disk queue length should always average less than 2 Processor queue length should be less than the number of processors  Network utilisation should be less than 50% Application Isolation Policy Some applications should be deployed into their own application pool mission critical and should be high...

To commit to memory, SLA 9s and acceptable unscheduled downtime: Availability % Approximate downtime/ year 90 50,000 minutes ( 800 hours ) 99 5,000 minutes ( 80 hours ) 99.9 500 minutes ( 8 hours ) 99.99 50 minutes ( 1 hour ) 99.999 5 minutes 99.9999 0.5 minutes In more details, for reference: Availability % Downtime/ year Downtime/ month* Downtime/ week 90% (“one 9”) 36.5 days 72 hours 16.8 hours 95% 18.25 days 36 hours 8.4 hours 98% 7.30 days 14.4 hours 3.36 hours 99% (“two 9s”) 3.65 days 7.20 hours 1.68 hours 99.5% 1.83 days 3.60 hours 50.4 minutes 99.8% 17.52 hours 86.23 minutes 20.16 minutes 99.9% (“three 9s”) 8.76 hours 43.2 minutes 10.1 minutes 99.95% 4.38 hours 21.56 minutes 5.04 minutes 99.99% (“four 9s”) 52.56 minutes 4.32 minutes 1.01 minutes 99.999% (“five 9s”) 5.26 minutes 25.9 seconds 6.05 seconds 99.9999% (“six 9s”) 31.5 seconds 2.59 seconds 0.605 seconds * Assume a 30-day month.

Machineries need oiling after some time; building structure deteriorates due to natural forces; facades need to be repainted; the Golden Gate bridge needs to be repainted; vehicles need to be maintained; what does that mean for systems? I’m inclined to believe that software systems, like all other things, need to be constantly maintained, oiled, cleaned, before they deteriorate. How does deterioration look like? Deterioration may appear in these forms: systems become slower progressively systems crash/ become unavailable more often systems become more bloated (larger codebase, more storage space required, etc.) The system was originally deployed and tested fine so what went wrong? How does deterioration happen? It typically happens due to the following forces: user-base increased post-deployment to a number that was not intended/ tested for smart users found ways to use the system that was not originally intended for operation/ support team did not make it a point to upkeep t...

This wonderful metaphor by Ward Cunningham reminds us that doing things in a “quick and dirty” manner or taking shortcuts sets us for a debt which, when not repaid promptly, incurs interest in the future. When developing systems, enhancing existing ones, or even fixing bugs, we will typically arrive at a crossroad: should we take the time to do it right; or should we take shortcuts and deliver quickly? It is generally in the interest of the business folks to roll out changes quickly; while the development folks would choose to properly design, implement and test changes before delivery. Fortunately, It doesn’t apply to everything (e.g. code smells or design flaw).  It requires a deliberated decision to do something that is not sustainable in the long-term, but yields a short-term benefit. The result of which is not in the interest of the system's ongoing maintainability.   Examples of technical debt Some common examples include: hardcoding values in source code postpo...

Let’s admit it: any form of system documentation is not up-to-date . The moment we start producing it, it is out-of-date. If that is the case, we should do with minimum (perhaps, lean) system documentation that is kept current. This begs the next question: How little is enough? If I imagine myself taking over a system from someone else, I believe the minimum/ lean system documentation should contain the following: Solution Design description of the high-level process flow description of the main modules/ services in the system what are the architecturally significant use cases or main functions of the system? what processes/ components make up the system? E.g. Are there web-based applications? Are there batch processes? what are the databases in use? What are the primary (entity) tables in use? what output is generated by the system? E.g. Are there printed output? Are there output for system integration? Are there messages (emails/ SMS) sent? what systems are integra...

I just came across an interesting article regarding Dangers of Micromanagement. See here . I've extracted an excerpt which I'm in total agreement with. The dangers are: Less risk taking, less initiative, wasted resources . Employees will learn that a micromanager is going to direct in such detail that they will learn to wait for direction in what to do and how to do it .In a micromanagement environment, employees often end up waiting to execute ; or they move forward only to be redirected by their manager, wasting valuable time and resources in the process. Less innovation. When people are being told what to do, there is little to no room for creativity or new solutions . The value of diverse thinking is lost because there is a feeling that mistakes are not acceptable. Micromanagement does not facilitate a "continual improvement" mind-set. My experiences and observations thus far has not differed from the above. I’ve worked for micro-managers. I’ve worked wi...

Some food for thought. Consider the following: Prefer BASE over ACID transactions Prefer asynchronous over synchronous transactions Keeping state is expensive Considering database sharding ( highscalability , codefutures , Pros and Cons ) by data, by transaction or by customer but avoid premature optimisation Design the system for automated rollback Create isolative structures; share nothing; such that nothing crosses the swimlanes Design systems for failure Create idempotent services where possible Database sharding requires changes in mindset: Tables may need to be denormalised to optimise sharding (as well as to workaround cross-shard joins/ queries) Scale-out instead of scale-up Do away with replication where possible Different sharding schemes are: Vertical partitioning – sometimes known as functional or feature partitioning where data relating to certain entities are grouped together. Different functions or features are put onto different shards. Rang...

To set the records straight, my perception of UML (and the related tools) is as follows: I perceive UML as a standard modelling language to facilitate discussion, collaboration, and documentation I do not adhere strictly to the UML standards/ modelling constraints I am seldom interested in forward-engineering, code generation, MDA, etc. I’ve used several UML modelling tools (and even the infamous, MS Visio) in the past. The common issues I had with many of these are: too much constraints that cannot be relaxed (e.g. very strict adherence to UML constraints/ rules/ profiles) too implementation/ platform specific too slow, too huge, memory-hogger too process-driven too code-driven So far, I’ve found that Jude (and now, Astah) is able to meet most of my needs with some minor tweaks and improvements that I hope can be resolved soon (e.g. the tagged values should be displayed in the UML diagram) In addition, there is even the mind-map feature added as a plus! For more inform...