Thursday, October 24, 2013

// // 1 comment

Enable-Migrations Error

Ran into an error earlier regarding enable-migrations. In the past is has worked perfectly, but suddenly it seemed to barf all over my screen in red paint like so - Argh, My Eyes!!

PM> Enable-Migrations
Exception calling "BuildProject" with "3" argument(s): "The parameter is incorrect. (Exception from HRESULT: 0x80070057 (E_INVALIDARG))"
At D:\development\Dev-Training\TaxMate\packages\EntityFramework.6.0.1\tools\EntityFramework.psm1:866 char:45
+     $DTE.Solution.SolutionBuild.BuildProject <<<< ($configuration, $project.UniqueName, $true)
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : ComMethodTargetInvocation

Get-Package : Cannot validate argument on parameter 'ProjectName'. The argument is null or empty. Supply an argument that is not null or empty and then try the command again.
At D:\development\Dev-Training\TaxMate\packages\EntityFramework.6.0.1\tools\EntityFramework.psm1:878 char:40
+     $package = Get-Package -ProjectName <<<<  $project.FullName | ?{ $_.Id -eq 'EntityFramework' }
    + CategoryInfo          : InvalidData: (:) [Get-Package], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,NuGet.PowerShell.Commands.GetPackageCommand


Turns out, it was a simple case of the default project not being selected because I had deleted the start-up project


Read More

Thursday, October 17, 2013

// // 2 comments

Choosing the right desktop development technology

I've recently had a requirement to build out a desktop offline application that mostly does data collection.

Here are the requirements technical and otherwise
  • Must work offline
  • Will be mostly installed on Windows laptops (assuming Windows 7+)
    • Nice to have the ability to run it on Mac as well
  • Simply data entry application
  • Should be easy to maintain by a group of unknown future developers. 
    • This is not for a company, but a volunteer based organization
As I started evaluating different technologies, I went from

Native Technologies

1. Windows Forms Application - Rejected because styling is difficult 
2. Silverlight Out of browser application - Rejected because silverlight is rapidly becoming obsolete
3. WPF application - Not bad. This is, after all, the recommended technology by Microsoft. But I balk at this choice simply because it unnecessarily complicates development (one has to learn XAML). Also because after having done years of XAML development, I realized that even a gap of a few months had wiped out my expertise.

Local Web Server 

Having rejected most of Microsoft's recommend technologies, I decided to explore some form of HTML 5/ Javascript backed application. 

The simplest option is to, of course, run some sort of lightweight web server on the user's machine( Maybe IIS express) and use ASP.Net MVC. But remember that I'm going for a simple install, and running an IIS express is not part of the plan. There are far too many things that can go wrong with an IIS express instance like port configuration, administrator privileges etc.

Shell Application

Since I'd been working lately with phonegap, it occurred to me that something of that sort should work well. After all, I don't need http capabilities - simply the ability to use HTML 5 / CSS and javascript as my front end programming stack.

The most promising option in this direction seemed to be App.js - a framework designed specifically for this purpose. A quick review of technology shows that this depends on node.js (not something i want to throw into the mix), but more importantly that this open source project has not had any check-ins for a month and a long list of bug. Won't do.

Other options seem to be


  • TideSDK - Looks a little too heavy for the purposes i have in mind.
  • node-webkit - backed by intel.
  • Brackets Shell

Clint Berry has a good run down on these options on his blog - http://clintberry.com/2013/html5-apps-desktop-2013/

As for me - I have a long night ahead evaluating these option. If node-webkit works, I'm all for it.
Read More

Tuesday, October 15, 2013

// // 1 comment

Automating PhoneGap Build build.

No - that's not a typo. I'm referring to the build process when using Adobe's phonegap build service. I won't go on much about phonegap build, except to say that it's brilliant and probably saved me from buying an expensive mac for 2 weeks of development work. Can't completely eliminate the need for a mac, but at least day-to-day phone gap based web development does not require one.

Phonegap build offers you the ability to zip up your web application and upload it for a build. 2 easy steps right ? Wrong! Doing this around 50 times a days is quite annoying and repetitive. So naturally, I looked around for a simpler way to do this

1. Zipping up files

I use 7-zip, which comes will a command line interface. I had to add the install location to the PATH, and then it was as simple as issuing

7z a [targetpackage.zip] [targetdirectory]

2. Uploading to phonegap build 

Luckily phone gap provides an http API to interface with it. It's sparsely documented, but fairly intuitive. Since I was uploading a zipped file instead of using a github repository, the command was

curl -u [username]:[password] -X PUT -F file="@[full-file-path]" https://build.phonegap.com/api/v1/apps/[appid]

You can download curl for windows from here 

A few gotchas

  • For windows users, the fill-file-path needs to be enclosed in double quotes. This is more of a curl quirk than anything to do with phonegap build.
  • Finding the application id: the application id used in the curl URL can be sourced quite easily from phonegap build URL for your project. For instance when navigating via the browser to your app, the URL is https://build.phonegap.com/apps/598899/builds , then 598899 would be the appId that needs to be plugged in to the curl command at [appid]
  • Excluding git files: I'm using git as source control and this creates a .git\ sub directory. The problem is that i don't want this to be part of the zipping process. adding -xr!?git\* to the zip command does the job nicely.
  • Reset the archive: the zip command adds to an existing archive, which means that if i delete files off my directory, they won't get removed from the archive. So - I delete the target archive before zipping.

All of this is taken and put up into a batch file 

del [target-archive]
7z a [target-archive] [target-directory] -xr!?git\*
curl -u [username]:[password] -X PUT -F file="[target-archive]" https://build.phonegap.com/api/v1/apps/[appId]







Read More

Saturday, March 30, 2013

// // 1 comment

Poor Man's home office setup

Scott Hanselman and Jeff Atwood, two of my favorite programmers have long talked about the perfect home office and components. However, their access to resources far exceeds mine and I suspect most people in India. For instance - IKEA is not an option here (yet).

I still believe in working from home is efficient and have put in some thought and money (more thought and less money - I'm cheap)O on getting the components of this right -

Room / Space

I need a room separate from the place where I have strewn dirty clothing to focus on work. Just the act of moving from space to another dedicated for work helps in narrowing down focus and limit distractions. If you don't have the option of a separate room, consider carving out a space that is delineated with some simple elements like maybe a different flooring, or focused lighting or painting the walls around the area in a different color. It's a psychological trick that make a huge difference.

Desk

Here's one that most people get wrong and tend to buy something labeled as a computer desk. Computer desk is simply a marketing gimmick. The worst thing you can do is have a pull out keyboard rest - that simply does not work.

Here are the ones I see sold in India purporting to be computer desks

 


ALL OF THE ABOVE ARE WRONG 

Instead look for a 4-seater dining table like one of these - They will give you better surface area as well as plenty of legroom.
 



Also - most working desks are designed for writing rather than computer work and thus get the height all wrong. You will not find an office chair that will adjust to the height of a writing desk, and even if it does it will result in dangling feet.

Footstool

Despite sounding like a luxury item from the Ottoman empire, the footstool is extremely handy (footy?) to give you options for your legs. Having a foot stool will give you the flexibility to slump back or forward. Back pain prevention is 90% adjusting positions regularly. Which makes it important to have multiple options while sitting.

Chair

I haven't found a perfect chair yet, so i prefer a simple dining table chair with a straight back. I find most cheap office chairs to be more uncomfortable than a simple high back dining chair. So - this is a to do. I just don't find any reasonably priced chairs around bangalore for retail.

Laptop / Desktop

This one is debatable. Most laptops do not offer the performance of a desktop at half the price. However, I still don't like having a massive desktop sitting under the desk collecting dust and getting tangled in my feet. Luckily I was able to appropriate my brothers Lenovo T400 which is simply a stunning machine. Upgraded it to 8 GB RAM and it performs on par with most work desktops. But It's pricey.

Wireless Headset with mic 

If you tend to do a lot of meetings from home like I do, this is essential. I've come to the point that I find VoIP far more reliable than my cellular connection. I've gone for the Plantronics 995 and i'm quite happy with the purchase. The only issue I have with this is that  i cannot use this when its on charge, which seems like lazy engineering. But I was surprised when some of my audiophile friends used this for extreme EDM and stated that its audio quality was astounding. 

It does not use bluetooth and has its own USB dongle, which i don't object because the range and fidelity is far superior to any bluetooth headset i've tried. Which means that I can discuss architecture with people in the US while playing fetch with my dog in the yard (I love living in the future of the past)

Wireless Speaker with Mic

This one is kind of optional from a pure home office perspective, but just in the last week it has become irreplaceable part of my setup. I've been doing night long calls last week and having headsets on for eight hour calls simply is not an option. So I went and got the BIG jambox which comes with a built t in 360 degree mic. Usually i've found that being on a speaker phone is the quickest way to annoy people on a call followed by heavy breathing. But the Jambox has excellent mic fidelity and so far no one has been able to make out the difference. This also comes in handy while making Video calls and you don't want to look like a DJ in a club with massive headsets.


Keyboards / Mouse 

A controversial personal preference, but I prefer a wired keyboard and mouse over wireless versions. Given my aversion towards anything wired, I suppose this trait is because even a single stutter of the mouse because of wirelessness is just not acceptable to me. Maybe its gotten better, but I hate lifting up the mouse and checking if the red light is on. Even more so for the keyboard. Wireless keyboards have a different problem in that most of them tend to target portability over usability.

USB Hub

This little Rs 100 device has a huge impact in my work day. No more do I have to bend over into ill-lit corners and jiggle the USB cables of my keyboard and mouse into the laptop. I simply have all my USB devices plugged into the hub and connect a single wire into the laptop. Kinda like a ghetto docking station for the laptop.





Extension cord

i've learnt the hard way to invest in a great extension cord - not an average one, not a good one, but a great one. The best available currently in bangalore is by Belkin. Don't think about how much it's costing - it will make a huge difference in the quality of any geek's life to have an assortment of cables plugged in snugly into this beast. And don't make the mistake of getting a single row version - you always need the space for that one pesky outsized adapter that takes multiple rows of parking room like that overcompensating Toyota Fortuner guy at the mall

Monitor and Projector

2 display screens are a must. it's not even a debate anymore. What remains to be decided is what kind of monitor. I've hunted down a Square TFT Dell monitor because it was the one I had at work and had gotten used to it. TFT is easier on the eye than LCD, and I always thought of wide screen monitors were for the casual movie watching crowd. I'm not so  sure about that anymore. A couple of sessions on a wide screen monitor has made me rethink my choice.

I don't YET have a projector, but I think it will complement my wireless speakers well in enabling me to get a little more distance from the monitor for long presentation. Lately, I've been getting paranoid about my constant focal distance of about two feet for long durations of the day.

Other Stuff 



I'm a big fan of this little Havells's fan. Small, light, yet powerful, this one has a unique air distribution system which works by the shell rotating on its axis instead of the entire assembly swingin gpback and forth.







Since i'm a fiddle person by nature I usually have an assortment of hand exercisers, a yoyo, and maybe  a kendama lying around. The fiddling helps me think.


Be sure to check out Jeff's and Scott's home office setups that make mine look like a 3rd world ghetto.

And here are some links on getting it just right for your home office -

http://www.codinghorror.com/blog/2008/07/investing-in-a-quality-programming-chair.html
http://www.codinghorror.com/blog/2007/01/five-things-you-didnt-know-about-me-and-my-office.html
http://www.hanselman.com/blog/NewJobNewHouseNewBabyAndDesigningATotallyNewHomeOffice.aspx
http://www.hanselman.com/blog/WorkingRemotelyFromHomeTelepresenceAndVideoConferencingOneYearLater.aspx

Read More

Wednesday, March 27, 2013

// // Leave a Comment

Authentication in ASP.Net MVC

At the outset there appear to be a couple of options for doing Authentication in an ASP.Net MVC application - Global Filters and HttpModules. To understand this a little bit more in detail, we need to take a look at the Architecture of ASP.Net MVC as illustrated in the diagram below



As you can see, MVC is built upon the ASP.Net framework along with other frameworks like Web Forms and Services etc.

Global Filters - are implemented at the MVC layer
HttpModules - are implemented at the ASP.Net pipeline layer.

ASP.Net Framework has inbuilt functionality to provide authentication, which is by the use of HttpModules. Every request into the system will go through Httpmodules  whereas only MVC specific request will go through the global action filters. MVC has the concept of global filters that expose an onAuthorize event. This (authorization) at the application level does make sense to control which user can access which resource or not. But Authentication should not be left to the individual applications IMO.

Mnay people prefer MVC filters be used for authentication, but I don't agree that this is a good paradigm in an enterprise scenario where you may not want developers controlling authentication polcy and application. I advocate using the ASP.Net HttpModules feature for authentication for the following reasons

  • It allows configuring security at "site" or asset level completely agnostic to the higher level frameworks like MVC / Web forms etc.
  • It can be configured by Release Engineering. Global filters on the other hand are defined and instantiated in code programmatically. This moves the control of security from developers to release engineering which is a safer mechanism. We partition developer and release engineering practices (even though the developers might be writing the the code for the actual httpmodule)
  • Common set of HttpModules can be reused across ASP.Net application, WCF services and MVC applications

There are some advantages of using global filters -

  • They allow for finer grained control if we wanted to expose actions for authenticated as well as unauthenticated user (which is not the case in any scenarios)
  • They speak the language of MVC


Reading and references

http://blogs.teamb.com/craigstuntz/2009/09/09/38390/
ASP.NET MVC Authentication - Customizing Authentication and Authorization The Right Way - Jon Galloway

Read More

Wednesday, March 13, 2013

// // Leave a Comment

Arrgh, Matey - Or the saga of the white hat pirate

Before i begin, let me qualify two things

1. I have no satisfactory solution to the problem.
2. I am not advocating piracy.

What I'm getting at is this - Pirating is just simpler and more efficient than purchasing books online every step of the way

To set the stage, my inventory of devices looks like this -
Dell 6400 / Windows 7
Kindle 4th Generation
Nexus 7 / Android

Lenovo T400 / Window7

















Macbook Pro / Snow Leopard
Micoromax Ninja / Android
Xbox 360
iPad 1




Step 1: Discovery 

For a pirated digital copy, I simply need to type in the name of the book + "torrent". That's it. I don't have to deal with any specific stores search like for Amazon or Flipkart. What's more, I get presented in one screen EVERYTHING for my search including format options, books, movies, and yes, even porn dedicated to the subject (see rule 34 of the internet). I have a choice of formats depending upon my download appetite and gadget compatibility. For instance, if I also had a PS3 (urgh), I might want the Blue-ray version as well.



Step 2 : Download 

It's no secret that the much-maligned BitTorrent protocol is the most efficient way to download anything. The media companies, however, have managed to equate it with piracy - but that's the same as saying internal combustion technology cause war. Anyways, the BitTorrent protocol is so awesome because it harnesses the distributed power of the internet by using peer-to-peer connections to download files. it's resilient, fast and distributed - Holy grail, Batman! 

Of course protocols are just that - an agreement of how to do stuff. The "stuff" needs to be done. And here comes in the client - µTorrent - a very tiny BitTorrent client, the undisputed champion weighing in at just 1 MB. Yep - read that again - 1 MB. Many web pages these days amount to more than that simply to give us the update on the Kardashians (<-- My idea of SEO: dropping celebrity names) 

And no - its not the download of a downloader; Another bit of chicanery that incenses me when i download a 2 MB installer which proceeds to download hundreds of additional megs for the target application, usually a ploy to install yet another toolbar on my browser[Deep breath ... 1 .... 2 .... 10]. I'm fine now.



The small download footprint is deceptive, because this is an incredible little full-featured application. Does what it says and does it very well. Running on my machine this is taking about 20 MB of ram, almost exactly as much as every individual tab on chrome.

Step 3: Formats 

As i mentioned earlier, i now have a choice of formats and resolutions. In case of books I can have the pdf version for "Read Later" and "Instapaper". and the .mobi version for my kindle.In any case I can use a plethora of converters to format the pdf to whatever format I choose. If i buy a digital copy I'm locked to a fraction of the devices that i own. 

Conclusion

So there we go - money didn't even figure in the equation. I would happily part with the cost of a coffee to acquire the brain juice of an intelligent person (umm.. book), but the current state of the eco-system does not incentivise me to do that. 

The villians of the piece are the distribution agencies, and not necessarily the content producers. The distribution companies have the most to lose here. Authors have already started self-publishing via amazon to free up their content. I won't go on much about this because there is enough being discussed on this topic by people more knowledgeable than I. My focus was on the technology and usability flows of pirated content versus DRM protected content acquisition. 

One short term, slightly hippy-ish solution, would be for the content producers to set up channels for people like me to make "donations" to assuage the piracy guilt but still use the best of breed technology to acquire content.



Read More

Friday, March 08, 2013

// // 1 comment

Its getting "cloud"y out here

Firstly, apologies for the pun, but it IS getting overcast in Bangalore the last few days. I've noticed that I've quite naturally migrated away from most desktop apps towards a "cloud" based solution. Or as we used to say a year ago - online solutions.

But, hype and buzzwords aside, I really only took notice the last couple of weeks since my work laptop fried and I've been messing around with multiple laptops. What popped out was that I really didn't need to install much to keep going at work because I had been progressively preferring online solutions to desktop ones.

Outlook Desktop -> Outlook Web Access.

The Microsoft OWA 2012 release has done a tremendous job of ensuring desktop parity in feature and UX which has made the transition so simple that i didn't even notice that i had stopped using the desktop client. The web client retains many of the keyboard short cuts, alert sounds and visuals that are really key to bringing the full experience to the net. The best part is that unlike the previous versions, this web client works well across most of the browsers.




Visio -> Lucid Chart, Gliffy

I feel a little sad for Visio. As an architect, I should have loved this product. This was supposed to my home where i merrily drew boxes and layers and clouds building enterprise dreams of interconnected systems. But Visio let me down with their latest 2013 release. I don't know what segment the team targets, but the software is unnecessarily bloated with all sorts of themes and art works, but makes a complete hash of the most simple thing that I need - connecting shapes easily and in an intuitive manner.



The best part is that at my workplace, Lucid Chart is integrated with the collaboration platform - JIVE, making it even simpler to move away from Visio

Notepad -> Writability

Ok - so this one may be a bit of stretch because it really is javascript code that enables you to write in the browser. But if you're signed into chrome bookmarks get ported over to the instance and its almost like an application in the cloud.


Windows Live Writer -> Blogger.com editor.


I've waited a long time for this. Windows live writer was a great alternative to Rich text areas for creating blog content. But i recently logged into blogger and found the new editor powerful enough to discard live writer. In fact, this single change is allowing me to blog a lot more. I don't know if other engines have powerful editors, but I'm happy to stick with my Google profile and hence blogger.

Word -> Jive

Now this may not really be an option for everyone, but at my workplace we've deployed Jive for business collaboration and I am amazed at the transformation it has brought about to the company DNA. What once used to be silo'ed divisions with serpentine communication channels is now a thriving community of collaborators. I can't say enough about this. Every large organization needs this.

Strictly speaking, there isn't a direct mapping from Word to Jive, but because of the platform I rarely create documents. Instead the platform allows me to create blog posts.

Skype -> Google + 


I still use skype on a daily basis because of my perception that the call quality is better. For personal calls, where I'm willing to live with a little more disturbance, I tend to use the Google + hangouts. Strangely enough, google+ has more features than skype - most notably the ability to screen share

Of course there are some applications I use on a regular basis that simply don't have equivalent replacements yet -
  • IDEs - Visual Studio
  • Excel 
  • Media Players (but for music only i use a combination of sound cloud, pandora etc.. )

I have a bunch of other applications but they are mostly BECAUSE i am on a desktop and would be irrelevant in a fully cloudy world - zip software, networking stuff, media players, editors.

The future of desktop applications does indeed look bleak.

Read More

Tuesday, February 26, 2013

// // Leave a Comment

Using Chrome Profiles for Development setup

Part of a being developer is doing a lot of research on the net. However, i find myself quiet annoyed many times when personal tabs and work tabs get intermingled. Chrome has an elegant solution to this - user profiles.

This allows you to have multiple chrome windows, each within a specific context. For instance, I have 3 profiles

  1. Personal - this is where i'm signed into Facebook, Gmail etc...
  2. Work profile - All my work related bookmarks live in this profile, along with any work related sites signed in.
  3. Personal Work Profile - this is for my current side-project with links to the development server site and Heroku, GAE etc signed in and bookmarked as well.

This makes it easier to switch context and open up tabs in the correct windows, so that i don't have to hunt through the usual hundreds of tabs that i would typically have open on a regular day / night.

Personally, I love the little Avatars that show up on the top left corner helping me identify the context that i am currently in. If you want to make this more explicit, then set up different themes for each of the profiles.

Screenshot         Screenshot

Even though each of the profiles can be linked to a gmail account, I prefer to not have my work and personal work profiles logged in simply to make it harder for me to randomly open up gmail and other stuff in the work context.

To activate this go to Chrome > Settings > Users. it should be pretty obvious from there.

Read More

Wednesday, February 20, 2013

// // Leave a Comment

DDMT done wrong

oh IE - why do you do this to yourself ? While every other brower (chrome / firefox) is intelligent enough to detect OS and version, the India IE site does not even provide a link to the x64 version. I downloaded the incorrect version and had to hunt for the x64 version.

Which then downloaded the installer of the installer. Of course, restart required. Not cool, IE .. not cool.

Screenshot
Read More
// // Leave a Comment

The DMMT (don't make me think) principle done right

I've been looking to upgrade my ram on the laptop and the first step of the process is figuring out compatibility options. Its this sort of stuff that pushes people to Macs away from PCs. The choice and options are as astounding as they are incompatible.

Crucial has a good solution for this problem. Simply download their scanner and it will give you the compatible options for the laptop. the scanner is a non-bloatware targeted program that produces extremely readable and more importantly, actionable results. Noice!


Read More

Tuesday, February 19, 2013

// // Leave a Comment

Sample Indian Data

I've been prototyping some stuff, and hate using foreign names and address for sample data input. So - i created my own. Enjoy!

https://docs.google.com/file/d/0BxHZTpcWRBHiTExpQnVEM2pQajQ/edit?usp=sharing

There are some random name generator out there but none of them seem to cater to Indian names. Also - refer this thread
Read More

Monday, February 11, 2013

// // Leave a Comment

Mashups

Last month I did a fair bit of research into mash-up options for developing a framework that collates widgets from different sources. A couple of articles on the oracle site (that strangely seem to have been de-linked)  are a good starting point -

Mashup Overview and Server Side mashups - http://192.9.162.55/developer/technicalArticles/J2EE/mashup_1/

Client side mashups - http://192.9.162.55/developer/technicalArticles/J2EE/mashup_2

My evaluation is based on an enterprise environment where multiple teams host their modules independently but now need to be collated into a mashup style. This, of course, is a big company problem. You know, the sorts that buy multi million dollar enterprise bus solutions.

In this instance mashup refers to the case when multiple sources contribute to the creation of a single page. these multiple sources provide both widgets and data that are displayed on the page. The container page is simple a holder for the widgets and does not interpret any data or design provide by the widget sources.


There are 2 high level options for building a mashup framework - Server side and client side.

Server Side Mashup

As the name suggests, this approach involves collating the widgets on the server side from multiple sources and composing a single page that is sent out to the client. Subsequent data (ajax) calls from the widgets are all routed through this central server and the responses channelled back to the client. 

This, of course is the simplest solution as the client side code  / browser is not even aware of any composition. This is the same in concept as any regular client server application. All the complexity of composing from multiple sources is on the server itself. 





There are a couple of flavours to this approach. Both the widget html and the data can be sourced off the widget server OR only the data can be sourced off the widget servers and the html composed on the mashup server. 
Option A

Option B

In an enterprise environment there are some issues with this approach
  • Infrastructure for the mashup server. Assuming that the individual widgets servers are already scaled for capacity, an additional mashup server means that this hardware layer now needs to scale to usage of the most heavily used widget. 
  • In case of option B, operationally, this creates a big challenge to now maintain the API connectivity between the widget HTML and the widget source API for the widget data.
  • In case of option A, a widget design and interaction guideline must be developed and adhered to by the widget source owners. This may prove to be challenging in a large scale deployment.
  • Requires the creation of a team to maintain this mashup server and its contents
There are also advantages to this approach - 
  • No complexity on the client side to understand the mashups. The client simply works as a regular client-server application.
  • Potential for data caching and other operations on the mashup server.
  • Of option B selected, then it's easier to standardize the UX elements. 

Client Side Mashup

In the client side mashup design, the widgets are composed and aggregated purely on the client side, i.e. - browser. Although this may seem like the logical option simply because it eliminates the middle man, remember that browsers are specifically implemented to disallow cross-domain requests. This is known as the same-origin policy

What it means that a single HTML page (excluding frames in this context) can only communicate with a single domain. This is to prevent malicious sites from getting jiggy with data they are not supposed to in the web page. This also means that legitimate mashups are a little bit more difficult to implement.

There are a few options to get around this security issue

Proxy Server

In this approach we place a proxy server in between the container page and the widget source servers. This means that all requests go through this proxy server and are routed to the respective servers. It's similar to the server side composition option, but the server is a dumb router. It could even be a purely hardware based solution. All we are doing is satisfying the same origin policy requirement. 

IFRAME

An IFRAME within a HTML document allows loading content from different sources. However, since iframes cannot communicate with each other, achieving a seamless look on the page is a big issues. Without DOM level communication, sizing and merging the frames in a consistent manner is nearly impossible. So, even though technically the content is on the same page, each iframe processes and displays its data independently.

With the HTML 5 specification of postMessage, this limitation can be worked around. It is only available on IE 8 and above.

For older versions of IE there are libraries like easyXDM to get around the X-domain communication issue between frames.

JSON-P

Another way to get around this limitation is to exploit the fact that scripts can be requested from different domains. JSON with Padding requests for JS code using the <SCRIPT> element. Except that instead of receiving pure code, now a javascript function along with data will be returned to the browser. Since this is interpreted by the javascript engine, the function will be executed which usually invokes a callback on the main page with the data. The final result is that this enables data to be served up from multiple domains.

JSONP, however is not a recognized standard even though there exists libraries to support usage. It also means that source servers have to put out data in a certain non-standard format to enable consumption by the JSON P technique. 

Cross Domain Requests

CORS is the HTML 5 specification to enable cross domain requests from browsers. Only IE 10 has support for this standard

IE 8 has support for XDR, which is a Microsoft proprietary way of enabling cross domain requests. This implementation has some limitations, but should be mostly workable.



Read More

Wednesday, February 06, 2013

// // Leave a Comment

Discourse away

If you are a programmer, the chances are that you visit StackOverflow at least once a day (if not, then you must be in the '90s and using your boxed set of MSDN DVDs for reference). I'm a huge fan of The StackExchange platform and all the work done by the team. Jeff Atwood of Coding Horror fame was the co founder of Stack overflow and when he stepped away from it last year with this post, I was more than a little concerned about him retiring from the game.

Well - I was wrong. Yesterday he made an announcement about launching discourse by the same team. They intend to do for the forum format what they did for the Q&A format on the internet - Revolutionize it.

Discourse-logo-big




The goal of the company we formed, Civilized Discourse Construction Kit, Inc., is exactly that – to raise the standard of civilized discourse on the Internet through seeding it with better discussion software:
  • 100% open source and free to the world, now and forever.
  • Feels great to use. It's fun.
  • Designed for hi-resolution tablets and advanced web browsers.
  • Built in moderation and governance systems that let discussion communities protect themselves from trolls, spammers, and bad actors – even without official moderators.
http://www.codinghorror.com/blog/

Stack Exchange has had a major impact on my professional life and i hope discourse will do the same.

Forums suck, and have sucked for a long time. For example, one of the most popular forums, xda-developers, which is regularly visit to find solutions to my vast variety of android issues looks like this.
and



Let's see if discourse can achieve its aims as well as it did with SO

Read More

Tuesday, February 05, 2013

// // Leave a Comment

do you even curl, bro ?



I took far too long to discover curl, the command line tool for transferring data via different protocols. Now, I'm dependant on it. It's part of my journey to get closer to the nuts and bolts of the web. And curl -v does just that.

You could use one of the GUI tools to form a request, but that hides away some of the most interesting aspects of the communication.

I'm developing a a very un-microsoftish love towards command line utilities from the *nix world.

Read More
// // Leave a Comment

https, Whoa !

found this detailed article on what happens during the first few milliseconds of https connection. Reading through the entire article is a like a crash course on Public-Private key system and transport protocol basics.

http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html

Summary of steps

  • https translates to 443 as per RFC 2818
  • Client sends Hello which contains
    • UTC time + random bits
    • Session ID (if any)
    • Cipher Suites
    • Server name extension
  • Server sends Handshake that contins
    • Hello 
      • UTC time
      • Session ID
      • the Cipher suite server side chose
    • Certificate
    • Hello done
      • Indicating that it won't require a client certificate
  • Client validated the certificate sent by the server
    • checks the time on the certificate to ensure it is not expired
    • computes a hash of the certificate using the certifying authorities public key to ensure that it was indeed signed by the said certifying authority
    • the browser trusts the certifying authority
  • Generate the Pre-master secret
    • a massive random number is generated
  • Trade secrets with the server
    • encrypt the secret generated using the server's public key
    • send to server
I've definitely simplified the last few steps as they involve a lot of mathematics, but all of the above happens in 220 ms! 




Read More

Monday, February 04, 2013

// // Leave a Comment

Yahtzee

This man validated my gaming preferences. For many years, I didn't feel like a real gamer because I wasn't into MMPORG, Sports Games, RTS, driving and simulation games. Our preferences converge on a narrow but deep appreciation of gore, fast paced violence and outdated things like, y'know - pacing, good plots, narration and general awesomeness.



Yahtzee reviews are an acquired taste, and you may have to hold on to your tears when he rips apart your beloved game to shreds. You don't even need to have played the game. Check it out

www.escapistmagazine.com/videos/view/zero-punctuation




Read More
// // Leave a Comment

Javascript Frameworks

Over the last couple of weeks, I've been looking into a lot of javascript frameworks. And there are a LOT out there. A couple of sites I've found useful for evaluating the frameworks -

http://addyosmani.github.com/todomvc/ - This one has the same sample application coded up in the different frameworks for comparison

http://codebrief.com/2012/01/the-top-10-javascript-mvc-frameworks-reviewed/ - a great starting point for comparison based on features. 

After playing around with a few of the frameworks, I'm sure that i want to work with a framework that has UI bindings. Using Silverlight for the last couple of years, I'm hooked onto the concept of two-way UI binding using the MVVM pattern. Anything less is just a lot more cumbersome wiring work. 

Just because of the sheer number of frameworks available, ramp-up time and learning curve become a factor. Knockout.js is a top contender simply based on the fact that they have an outstanding interactive tutorial system


Read More