1. Pages:
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. 6
  8. 7
  9. ...
  10. 13
Tue 31 Jan 2012

A Layered Mess

Posted on January 31, 2012 at 12:09 AM by shirish in Programming | Leave a comment

I had a moment of reflection at work today, as I was completing a task.

During college, I was taught the power of Object-oriented programming and, among other things, the importance of abstraction. I had a good understanding of the theory of abstraction and what it did. I had a fair understanding of how to go about abstracting stuff only during my first job/internship. That project had, in my opinion, the most adequate use of abstraction. Not too much, not too little. :-)

An ASP .net project, it had views with HTML, JS, CSS and some server-side tags, codebehind files that wired the data to the views, a Business Logic Layer (that was literally called BLL.vb), and a Data Access Layer. During the documentation of the project, I classified it as having the then-famous 3-tier architecture (MVC was just catching on at the time). It’s the most memorable project I’ve worked on, and the .NET platform blew me away. :party:

Today, I realized the hazards of the overuse of programming abstractions. I was trying to refactor a project to adjust to changes made in an API’s response. The API had one additional field that needed to be captured and handed over to the view. The task entailed modifying the entire chain of layers from the model to the view. This chain of layers in my case wasn’t a lengthy one. But I asked myself, “What if I had abstracted things further?” :!:

I’ve seen vast projects with thousands of lines of code with layer upon layer of abstraction, following the best practices of code ever thought of by man-kind. Yet, the code is fragmented into so many different layers, it is almost impossible to club it all together and get a sense of what’s going on. Not even my IDE can help me put the pieces together.  These projects require vast amounts of documentation and code comments, so that the future members of the team could take over. But are these layers even necessary? :-?

I strongly feel they aren’t. Code should only be as modular as required, not as modular as a book on Software Engineering or expert programming guidelines would like you to have it. We quickly submit to well-organized, deeply modular projects that contain millions of lines of code and accept them to be the hallmarks of Software Engineering. They aren’t. They often contain data being passed from one layer to another, with the layers in between doing nothing but passing data around. Elaborate Interface and Exception definitions do not spell out the formula for robust, testable, maintainable code. :detective:

Speaking of maintenance. I think this obsession people have about writing maintainable code is laughable. It’s 2012. Product lifecycles are short, and within 2 years, you’re expected to either work on a new product, or introduce features that can no longer be accommodated in the current architecture. Only portions of the current codebase would be of any use, and the layers of abstraction would sooner or later fall apart. While abstractions you create may help you maintain the product during it’s lifecycle and maintenance period, you will probably feel like rewriting the entire codebase once you hit a roadblock. :drunk:

Projects should be architected to get things done, and not for detailed blueprints, specifications and diagrams of what is being built. Sure, that’s impressive to the average client, but that isn’t the soul of Software Engineering. Of course, I’m never going to find a firm that actually builds software neglecting code-quality or maintenance, but how I wish I could. Code, would truly be like poetry. Free-flowing transmission of a Software Engineer’s innermost essence. Alas, my next firm will probably adore me for writing thousands of lines of well-commented and documented code, with unit test cases, for displaying a “Hello World” on a Windows 8 desktop. :scared:

We tend to be attracted towards ideals, while losing sight of the purpose. The focus on solving the problem at hand gets lost in the infinite layers of abstractions. Limit your layers till the point you solve the problem and one more (for good luck), and not till the point you think your code will be maintainable for hundreds of years. :rip:

In a few years, we’ll all be fighting for oil, natural resources, and dive into anarchy anyway. Functional programming may just rule the roost then. :pirate:

Posted in Programming | Leave a comment
Sat 16 Jul 2011

CSIA Website, debug=”true”

Posted on July 16, 2011 at 11:37 AM by shirish in Programming, Rants, Review | 1 Comment

We frequently hear reports about “hackers” successfully bringing down some of India’s premier websites. The IPL-T20 website was once “defaced” and the hackers politely left a message stating that they had exploited a common SQL injection vulnerability.  :pirate:

It’s no surprise that hackers are able to carry out such attacks on the Government’s premier websites. I’ve heard that the folks in charge of the Indian Railway website had their site’s security audited by some security experts after the site came under attack from “foreign” hackers, so that was a positive step forward. But in general, the Government/Agency “outsources” the I.T. implementation of important public websites to some standard Indian IT company that has more than a million employees, most of whom play the role of a small cog in a large wheel.

Sometimes the laziness of that one employee, who’s possibly utterly bored of his desk-job, is quite evident to the entire world. In case of the Mumbai International Airport website, it’s the dude who’s supposed to maintain the web.config file of this Microsoft .NET 2.0/C# based website. They’ve left the Debug Mode on, letting every curious visitor take a peek under the hood.

Been there. Done that.  :D

Sadly, no one’s cared to review the security of this website.  :knockout:

Here’s the dreaded yellow page that I’m kind of beginning to miss seeing in projects I’m working on, since they’re in PHP and Java (that aren’t as colourful when displaying debugging information) :P

Please click on the image below to zoom in.

Mumbai Airport Website, debug=true

Looks like the code queries a MS SQL Server, but the SQL Server didn’t respond within the time set in the SqlCommand.CommandTimeout Property (default being 30 seconds). Hence, this exception won’t be thrown every time, and that’s why probably why it wasn’t caught during the QA of this website. It’ll throw an exception only when the SQL Server doesn’t return data within 30 seconds (or whatever timeout value has been set), possibly when a DoS attack is underway, or when the query to be executed is a slow, complex query.  :detective:

Whatever be the case, debug mode should not be on. Not only does it murder performance (because the compiler performs extra checks on the code), but also leaves a gaping security hole.  :scared:

Anybody listening?

Posted in Programming, Rants, Review | 1 Comment
Thu 31 Mar 2011

Acquiring Multiple Key Presses in JavaScript

Posted on March 31, 2011 at 10:58 PM by shirish in JavaScript, Open Source | Leave a comment

While trying to emulate the wonderful “Speed Dial” feature available in the Opera Web Browser in a web-based project, I was looking to write JavaScript to capture multiple keystrokes before a certain action is executed. For eg. a screen of website links with their screenshot-thumbnails are displayed to the user, each website having it’s own numeric shortcut key. When the user pressed the appropriate key/key-combination, the respective site would open in a new tab.

The way to capture multiple events in JavaScript is pretty straightforward. We take advantage of the users being human! We capture keystrokes, using onkeyup/onkeydown/onkeypress, and append each keystroke to a variable (as a String). We then start a timer that counts down approx. 500 milliseconds, a fairly less time for the user to press another (or more) keys. Once the interval that was set times out, we make use of the data stored in the string, and once that’s done, we reset the variable’s value to an empty string.

The code and the demo below, show how JavaScript/jQuery can be used to capture multiple digits pressed by the user within a short duration of time (less than 400 milliseconds)

<script type="text/javascript">
var keys='';
function resetKeys(){
 alert(keys);
 keys='';
 timerHandle=null;
}
var timerHandle=null;
jQuery(document).ready(function(){
 $('body').keyup(function(e){
 var key = e.keyCode - 48;
 if(key > 0 && key < 10){
 keys += key.toString();
 if(!timerHandle){
 timerHandle=window.setTimeout("resetKeys()", 400);
 }
 }
 });
});
</script>

View Demo

Posted in JavaScript, Open Source | Leave a comment
Sun 27 Feb 2011

Windows 7 v/s Ubuntu 10.10

Posted on February 27, 2011 at 9:47 PM by shirish in Review | 3 Comments

I’ve always been a big fan of Microsoft Windows operating system. But now I’m required to work in the Ubuntu/Linux environment. If you ask me, that’s a big change – it’s like changing your religion. Frankly speaking, it almost feels de-evolution, or the death of productive computing. The very thought of typing out a command in the terminal to edit a file, and not being able to use the mouse while performing simple operations such as editing a file baffles me. Sure, Ubuntu comes with a decent UI, but from my recent experiences, all UI related features of the Ubuntu operating system are miserably incomplete, or lacking the level of intuitiveness simple Windows programs have to offer. I’m talking about Ubuntu 10.10 and Windows 7.

Lets forget for a while that Ubuntu is free (it’s second biggest “selling” point), and judge both systems from the point of view of an average, typical, non-techie computer user.  The file manager: Nautilus can’t help me find files based on created date, modified date, or content. Whatever basic file management features it does offer are very basic. I’ve experienced the file copy window going unresponsive while copying a remote file to the local machine. That doesn’t happen in Windows (anymore) :D .

Modern computing should not be about working in the black command-based screen, regardless of whether you’re a Software Developer or an average end-user. It doesn’t make sense. We have a range of input devices and intuitive UI’s that make regular computer use more productive. Simple tasks take lesser time, and complex tasks are easier to perform. Take the Opera Browser, for example. It’s a speech-enabled. It can speak out highlighted text, and can even accept voice-commands.  We need to make use of better input devices. We need to have better UI’s for all users. We need to constantly find better ways of letting the computer know what we wish to achieve. A high dependency on the Unix terminal to perform tasks restricts this much needed drive to be more productive. Lets suppose a file to be modified is on a network. If I use “vim” to edit this file, and if I need to edit a line in the middle of the screen, I need to limp my cursor to the point where editing is required, one line at a time. Same thing using a GUI, I would open the file in a text editor, bring the cursor to the required line with the help of the mouse pointer, and save the file.

The terminal is a one-stop-shop for doing “anything” with your Unix-based computer. But what’s more productive? Opening up several different GUI based programs specialized to do each task? Or, using multiple terminal tabs to perform the same operations on different files? It’s a matter of choice, but I tend to favour the former. Hence, even in Ubuntu, I heavily use Nautilus.

I strongly believe that with Windows, Microsoft has pioneered UI design.  They may have begged, borrowed, or stolen UI concepts and designs, but the bottom-line is, their operating system is more usable out-of-the-box, without providing the end-user with any training. Ubuntu offers similar UI features as Windows, but it’s of sub-standard quality. There are plenty of customization features, but going through those features requires technical knowledge. In my opinion, it is certainly NOT an Operating System for the average Joe (or Joginder, if you prefer the common Indian). If Ubuntu was launched as the only Operating System available, and Microsoft Windows was never made, I strongly feel the world would have fewer computer users today. The kids would find computers “yucky”, and nerds and geeks would rule the world. Fortunately (or unfortunately), that’s not the case. :P

The best user interfaces are the ones that “just work”, with no training or help required. Things need to be obvious. With Windows, Microsoft did two brilliant things. It made the computer available to the end-user (at an arguably decent price). And it made things obvious (after some basic training was given to the end-user). Any Windows 95 user can deal with Windows 7, after a few hours of checking out different options. It’s not a totally different concept.

Since we’re at UI design, I should be mentioning Apple’s efforts, but I won’t. I don’t respect Apple as a company at all. In fact, I believe no Microsoft-hater should love Apple products. The classical Linux-lover cum Microsoft-hater generally complains about how “closed” Microsoft is about it’s products. If that’s the reason for negativity towards Microsoft, then the whole world ought to hate Apple products for their proprietary hardware and software (from connectors and adapters, to chips and architectures). While most people look at the Macbook and iPods and go, “Wow!”, I look at the classic iPod earphone jack and think to myself, “Wow! That’s a load of crap!”. They have their own standards, own patented designs, and if it weren’t for the quality of their products (and the viral following), Apple would be a completely neglected company.

With the recent open-source phenomenon, Microsoft Windows is a great platform for Software Development. A lot of open-source softwares (Toad for MySQL, for example) run on Windows. It also makes sense to target your softwares for the Windows platform, given the huge end-user base. There are a range of commercial softwares that are indispensable for developers (for example, Adobe’s suite of softwares), that require Microsoft Windows. It’s just not fair to tag Windows as a “commercial” OS. It’s much more. It has helped make computing social, for those who can afford it.

Posted in Review | 3 Comments
Tue 4 Jan 2011

Using MySQL User-Defined Variables in PHP

Posted on January 4, 2011 at 1:23 AM by shirish in Rants | Leave a comment

User-defined variables are a neat way to have Dynamic SQL queries — statements that accept parameters and possibly produce different result sets based on different parameter values. They’re defined in a MySQL query as follows –

SET @varname=’value’;

eg. SET @varname=’value’; SELECT * FROM Table WHERE Cell=@varname;

I first encountered these in MS-SQL Stored Procedures, so when I had to use them in an ongoing PHP project, these weren’t scary at all. MS-SQL queries involved DECLARE @varname and other stuff — It’s no different from having a variable in a program’s function. Weird syntax though, but that was necessary – How else would you distinguish user-defined variables from columns in the table?

The idea of having user-defined variables introduces a degree flexibility that might be desirable in your application. But you need to be a little careful when using MySQL user-defined variables the query you dispatch to the MySQL Server for execution. I was stuck almost 4 hours trying to debug the problem, and it’s a pretty annoying thing. I’ll get straight to it.

I had used the popular mysql_query() function in my Database Abstraction Layer, only to realize much later that –

mysql_query() sends a unique query (multiple queries are not supported) to the currently active database on the server that’s associated with the specified $link_identifier.

The multiple queries crammed into one query idea seemed to fail, even when I tried that bunch of ugly code as a transaction (because that’s presumably what happens when a Stored Procedure has a BEGIN…END block)

The Solution

mysqli_multi_query() — Executes one or multiple queries which are concatenated by a semicolon.

Of course, this means moving your database connection funk to mysqli-based functions. You really can’t complain about it, since the mysqli extension is, in fact, pretty good…unless, you have no way of installing/enabling the mysqli extension at the server. That’s when you’ll really pull your hair out.

Posted in Rants | Leave a comment
  1. Pages:
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. 6
  8. 7
  9. ...
  10. 13