Tuesday, February 26, 2013

// // Leave a Comment

Using Chrome Profiles for Development setup

Part of a being developer is doing a lot of research on the net. However, i find myself quiet annoyed many times when personal tabs and work tabs get intermingled. Chrome has an elegant solution to this - user profiles.

This allows you to have multiple chrome windows, each within a specific context. For instance, I have 3 profiles

  1. Personal - this is where i'm signed into Facebook, Gmail etc...
  2. Work profile - All my work related bookmarks live in this profile, along with any work related sites signed in.
  3. Personal Work Profile - this is for my current side-project with links to the development server site and Heroku, GAE etc signed in and bookmarked as well.

This makes it easier to switch context and open up tabs in the correct windows, so that i don't have to hunt through the usual hundreds of tabs that i would typically have open on a regular day / night.

Personally, I love the little Avatars that show up on the top left corner helping me identify the context that i am currently in. If you want to make this more explicit, then set up different themes for each of the profiles.

Screenshot         Screenshot

Even though each of the profiles can be linked to a gmail account, I prefer to not have my work and personal work profiles logged in simply to make it harder for me to randomly open up gmail and other stuff in the work context.

To activate this go to Chrome > Settings > Users. it should be pretty obvious from there.

Read More

Wednesday, February 20, 2013

// // Leave a Comment

DDMT done wrong

oh IE - why do you do this to yourself ? While every other brower (chrome / firefox) is intelligent enough to detect OS and version, the India IE site does not even provide a link to the x64 version. I downloaded the incorrect version and had to hunt for the x64 version.

Which then downloaded the installer of the installer. Of course, restart required. Not cool, IE .. not cool.

Screenshot
Read More
// // Leave a Comment

The DMMT (don't make me think) principle done right

I've been looking to upgrade my ram on the laptop and the first step of the process is figuring out compatibility options. Its this sort of stuff that pushes people to Macs away from PCs. The choice and options are as astounding as they are incompatible.

Crucial has a good solution for this problem. Simply download their scanner and it will give you the compatible options for the laptop. the scanner is a non-bloatware targeted program that produces extremely readable and more importantly, actionable results. Noice!


Read More

Tuesday, February 19, 2013

// // Leave a Comment

Sample Indian Data

I've been prototyping some stuff, and hate using foreign names and address for sample data input. So - i created my own. Enjoy!

https://docs.google.com/file/d/0BxHZTpcWRBHiTExpQnVEM2pQajQ/edit?usp=sharing

There are some random name generator out there but none of them seem to cater to Indian names. Also - refer this thread
Read More

Monday, February 11, 2013

// // Leave a Comment

Mashups

Last month I did a fair bit of research into mash-up options for developing a framework that collates widgets from different sources. A couple of articles on the oracle site (that strangely seem to have been de-linked)  are a good starting point -

Mashup Overview and Server Side mashups - http://192.9.162.55/developer/technicalArticles/J2EE/mashup_1/

Client side mashups - http://192.9.162.55/developer/technicalArticles/J2EE/mashup_2

My evaluation is based on an enterprise environment where multiple teams host their modules independently but now need to be collated into a mashup style. This, of course, is a big company problem. You know, the sorts that buy multi million dollar enterprise bus solutions.

In this instance mashup refers to the case when multiple sources contribute to the creation of a single page. these multiple sources provide both widgets and data that are displayed on the page. The container page is simple a holder for the widgets and does not interpret any data or design provide by the widget sources.


There are 2 high level options for building a mashup framework - Server side and client side.

Server Side Mashup

As the name suggests, this approach involves collating the widgets on the server side from multiple sources and composing a single page that is sent out to the client. Subsequent data (ajax) calls from the widgets are all routed through this central server and the responses channelled back to the client. 

This, of course is the simplest solution as the client side code  / browser is not even aware of any composition. This is the same in concept as any regular client server application. All the complexity of composing from multiple sources is on the server itself. 





There are a couple of flavours to this approach. Both the widget html and the data can be sourced off the widget server OR only the data can be sourced off the widget servers and the html composed on the mashup server. 
Option A

Option B

In an enterprise environment there are some issues with this approach
  • Infrastructure for the mashup server. Assuming that the individual widgets servers are already scaled for capacity, an additional mashup server means that this hardware layer now needs to scale to usage of the most heavily used widget. 
  • In case of option B, operationally, this creates a big challenge to now maintain the API connectivity between the widget HTML and the widget source API for the widget data.
  • In case of option A, a widget design and interaction guideline must be developed and adhered to by the widget source owners. This may prove to be challenging in a large scale deployment.
  • Requires the creation of a team to maintain this mashup server and its contents
There are also advantages to this approach - 
  • No complexity on the client side to understand the mashups. The client simply works as a regular client-server application.
  • Potential for data caching and other operations on the mashup server.
  • Of option B selected, then it's easier to standardize the UX elements. 

Client Side Mashup

In the client side mashup design, the widgets are composed and aggregated purely on the client side, i.e. - browser. Although this may seem like the logical option simply because it eliminates the middle man, remember that browsers are specifically implemented to disallow cross-domain requests. This is known as the same-origin policy

What it means that a single HTML page (excluding frames in this context) can only communicate with a single domain. This is to prevent malicious sites from getting jiggy with data they are not supposed to in the web page. This also means that legitimate mashups are a little bit more difficult to implement.

There are a few options to get around this security issue

Proxy Server

In this approach we place a proxy server in between the container page and the widget source servers. This means that all requests go through this proxy server and are routed to the respective servers. It's similar to the server side composition option, but the server is a dumb router. It could even be a purely hardware based solution. All we are doing is satisfying the same origin policy requirement. 

IFRAME

An IFRAME within a HTML document allows loading content from different sources. However, since iframes cannot communicate with each other, achieving a seamless look on the page is a big issues. Without DOM level communication, sizing and merging the frames in a consistent manner is nearly impossible. So, even though technically the content is on the same page, each iframe processes and displays its data independently.

With the HTML 5 specification of postMessage, this limitation can be worked around. It is only available on IE 8 and above.

For older versions of IE there are libraries like easyXDM to get around the X-domain communication issue between frames.

JSON-P

Another way to get around this limitation is to exploit the fact that scripts can be requested from different domains. JSON with Padding requests for JS code using the <SCRIPT> element. Except that instead of receiving pure code, now a javascript function along with data will be returned to the browser. Since this is interpreted by the javascript engine, the function will be executed which usually invokes a callback on the main page with the data. The final result is that this enables data to be served up from multiple domains.

JSONP, however is not a recognized standard even though there exists libraries to support usage. It also means that source servers have to put out data in a certain non-standard format to enable consumption by the JSON P technique. 

Cross Domain Requests

CORS is the HTML 5 specification to enable cross domain requests from browsers. Only IE 10 has support for this standard

IE 8 has support for XDR, which is a Microsoft proprietary way of enabling cross domain requests. This implementation has some limitations, but should be mostly workable.



Read More

Wednesday, February 06, 2013

// // Leave a Comment

Discourse away

If you are a programmer, the chances are that you visit StackOverflow at least once a day (if not, then you must be in the '90s and using your boxed set of MSDN DVDs for reference). I'm a huge fan of The StackExchange platform and all the work done by the team. Jeff Atwood of Coding Horror fame was the co founder of Stack overflow and when he stepped away from it last year with this post, I was more than a little concerned about him retiring from the game.

Well - I was wrong. Yesterday he made an announcement about launching discourse by the same team. They intend to do for the forum format what they did for the Q&A format on the internet - Revolutionize it.

Discourse-logo-big




The goal of the company we formed, Civilized Discourse Construction Kit, Inc., is exactly that – to raise the standard of civilized discourse on the Internet through seeding it with better discussion software:
  • 100% open source and free to the world, now and forever.
  • Feels great to use. It's fun.
  • Designed for hi-resolution tablets and advanced web browsers.
  • Built in moderation and governance systems that let discussion communities protect themselves from trolls, spammers, and bad actors – even without official moderators.
http://www.codinghorror.com/blog/

Stack Exchange has had a major impact on my professional life and i hope discourse will do the same.

Forums suck, and have sucked for a long time. For example, one of the most popular forums, xda-developers, which is regularly visit to find solutions to my vast variety of android issues looks like this.
and



Let's see if discourse can achieve its aims as well as it did with SO

Read More

Tuesday, February 05, 2013

// // Leave a Comment

do you even curl, bro ?



I took far too long to discover curl, the command line tool for transferring data via different protocols. Now, I'm dependant on it. It's part of my journey to get closer to the nuts and bolts of the web. And curl -v does just that.

You could use one of the GUI tools to form a request, but that hides away some of the most interesting aspects of the communication.

I'm developing a a very un-microsoftish love towards command line utilities from the *nix world.

Read More
// // Leave a Comment

https, Whoa !

found this detailed article on what happens during the first few milliseconds of https connection. Reading through the entire article is a like a crash course on Public-Private key system and transport protocol basics.

http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html

Summary of steps

  • https translates to 443 as per RFC 2818
  • Client sends Hello which contains
    • UTC time + random bits
    • Session ID (if any)
    • Cipher Suites
    • Server name extension
  • Server sends Handshake that contins
    • Hello 
      • UTC time
      • Session ID
      • the Cipher suite server side chose
    • Certificate
    • Hello done
      • Indicating that it won't require a client certificate
  • Client validated the certificate sent by the server
    • checks the time on the certificate to ensure it is not expired
    • computes a hash of the certificate using the certifying authorities public key to ensure that it was indeed signed by the said certifying authority
    • the browser trusts the certifying authority
  • Generate the Pre-master secret
    • a massive random number is generated
  • Trade secrets with the server
    • encrypt the secret generated using the server's public key
    • send to server
I've definitely simplified the last few steps as they involve a lot of mathematics, but all of the above happens in 220 ms! 




Read More

Monday, February 04, 2013

// // Leave a Comment

Yahtzee

This man validated my gaming preferences. For many years, I didn't feel like a real gamer because I wasn't into MMPORG, Sports Games, RTS, driving and simulation games. Our preferences converge on a narrow but deep appreciation of gore, fast paced violence and outdated things like, y'know - pacing, good plots, narration and general awesomeness.



Yahtzee reviews are an acquired taste, and you may have to hold on to your tears when he rips apart your beloved game to shreds. You don't even need to have played the game. Check it out

www.escapistmagazine.com/videos/view/zero-punctuation




Read More
// // Leave a Comment

Javascript Frameworks

Over the last couple of weeks, I've been looking into a lot of javascript frameworks. And there are a LOT out there. A couple of sites I've found useful for evaluating the frameworks -

http://addyosmani.github.com/todomvc/ - This one has the same sample application coded up in the different frameworks for comparison

http://codebrief.com/2012/01/the-top-10-javascript-mvc-frameworks-reviewed/ - a great starting point for comparison based on features. 

After playing around with a few of the frameworks, I'm sure that i want to work with a framework that has UI bindings. Using Silverlight for the last couple of years, I'm hooked onto the concept of two-way UI binding using the MVVM pattern. Anything less is just a lot more cumbersome wiring work. 

Just because of the sheer number of frameworks available, ramp-up time and learning curve become a factor. Knockout.js is a top contender simply based on the fact that they have an outstanding interactive tutorial system


Read More