Monday, 31 December 2012

I Got hacked today and never use GoDaddy.com for hosting

I'm going to get straight to the point; the last 24hrs one of my domain got hacked. Initially I thought it was one my developer messing stuff on the server. Today, 31st December 2012, I tried accessing the domain through the web browser to see if they were any updates from the development team. When tried to browse to the web site, my antivirus started to go crazy: Threat detected - Exploit Blackhole Exploit Kit (type 2371). First thing I did was to get the team on the phone and you can imagine how conversation went. These are the steps have taken so far:

Conversation with dev team: in summary; make sure that you didn't use any code that you copied and pasted from the internet and change all user names and passwords. 

Conversation with GoDaddy Support:
 
Godaddy: Hi, How can I help you today?
Me: My domain xxxx got hacked today...
G: Ok?! What can we do for you?
M: I would like to have a copy of the FTP log for my domains, please.
G: Oh...we can't do that
M: Why not?
G: It's for security reason that we cannot provide you with the logs.
M: very strange as my account got hacked and this means that you have an intruder on your network, therefore you system is potentially vunerable to more attacks...
G: Sorry sir but our systems are secured...
M: clearly not, so what do you suggest I do?
G: You can delete all files and folders in your domain...
M: We are alreay reverting the system to a backup state but that does not garantee to our system will be safe from any hidden script put in place by the hacker...
G: Sorry but that's all we can do...
M: Do you have a virus scanner that you can run on our domain?
G: Yes...Let me check the cost for that...It will cost about £45+VAT
M: Is there any default protection that comes with my package, I am on the Ultimate package?
G: No, there isn't any default antivirus provided for any packages...
M: So there is nothing I can do check for viruses and malware unless I pay the £45?
G: No, you have to pay for the service...
M: No problem, I'll just take my business to a more secure hosting provider
G: Ok.
M: Good bye!

Now, if you navigate to Godaddy hosting page you will see that there is a malware scanner provide but no antivirus therefore leaving my systen open to threats. It is shame because I have been with them for quite awhile but you can only the strength in a relationship only when it is put to the test. On this final note, I do not recommend GoDaddy hosting for any businesses.

Feel free to share your views in the comments.

Tuesday, 22 May 2012

PaaS Cloud - The Rise of The Developer Entrepreneur

In bad times such as recession, there is the inevitable fact that some people will be laid off by their employer. In these circumstances, when software developer are made redundant they usually set-up shop. The majority goes into providing software development services for small company or friends. They set-up websites to promote their services and few focuses on building their own product. 

In London, services based company took a massive hit during the downturn and it is still felt now; well the UK and now in a double-dip recession. So what is my point here? It is much harder to sell services and even harder to export services than products. When providing services, your market has geographical constraint; just think what would take for your to sell your services to a potential client 100 miles from your local?

It used to be hard to build products in the past due to high cost of hardware; to build a java-based product you had to find a suitable host and then pay for a dedicated server or VPS. As you are already tightening your belt, it is likely that you do not want to spend £60 + VAT a month on services to host your product and all the headache of troubleshooting it in case of problem.

Enter the PaaS, Platform as a Service. For this posting I am going to look at PaaS from a Java perspective but it should be applicable to any other programming language. 

The competition in the PaaS market is fierce there is no single winner yet. Amazon is the leader for IaaS but not much to be deployed on Beanstalk as yet. If you look around the market, you can see that major technology vendor are jumping on the bandwagon:

Some of those PaaS services are free such as OpenShift and CloudBees. OpenShift runs on JBossAS7 and if you are using Eclipse for it becomes a breeze to develop and deploy, but the only downside is that it's still in beta stage.

Utilising the current ecosystem of PaaS, you can go from:

inception (idea) -> development -> product

for almost nothing. The prototyping is now free for example you can use Heroku to build Facebook apps  making all the Facebook API directly available to your app and hosted for free (until you out grow your free account of course). I will suggest that developers familiarises themselves with Lean Startup and Lean Software Development

If you are a developer and out-of work, you have no excuse of no building your cloud apps. Even if you do not want to start a business and you can do it as a learning practice and use that to your advantage next time you are interviewing for a new role.

With PaaS Cloud, every developer is a potential entrepreneur and the barriers to entry are almost non-existent. If you are looking for a job, it is no longer acceptable just to have some sample code on GitHub but you should also have a sample project hosted on a free cloud provider to showcase.

  This is blog was written from Cloudstock 2012

Sunday, 6 May 2012

Developers should not believe the HTML5 hype

As an Architect and Lead developer, I have to sit down with the non-techie and convince them why I think a technology or framework is the right one for a project and then I build my team to deliver the solution. The past two years or so, the marketing engine of technology companies have been spinning at full throttle. HTML5 is a the future, everything will run in the browser and more blah blah blah.
Don't get me wrong, HTML5 brings some good technologies to the web application developer. Nevertheless, I think there is a lot of hype as HTML5 doesn't really bring anything new to the table.
First of all, there are multiple type of applications that we are all well-aware of;

  • Consumer
  • Business
  • Enterprise

Consumer Application


If you are building a consumer oriented application which doesn't use any of the native functionality of OS, then I would recommend the application to be built in HTML5 and all the RIA fanfare that comes with it. You can best view this in the mobile space where developers build either native or web apps depending on the application requirement. Remember that web application (HTML5 ) do not have direct access to printers, USB port or any other hardware such as Bluetooth and network services. Simple word processing application that can be developed in HTML5 such as Google Doc (where this blog is typed from). I haven't come across any serious application written in HTML5 or the likes yet (JavaFX, Flash and Silverlight are not HTML5).

Business Application

Critical business application such as POS which requires access to barcode scanner as an example can't be written using HTML5. You can have a native application delivered through the browser such as Java Applets ( or JavaFX) using webstart. Java applets can access OS features and hardware and provides another layer of security. Business application are delivered in controlled environments, for example, the application can be deployed on Linux desktop in company "a" environment only. For as much "fanfare" one might create around HTML5, these type of application will not cease to exist.

Enterprise Application


Enterprise applications come in various forms, from desktop to servers. As this is a comparison to HTML5, I will only focus on desktop application. First, let take a financial company such as a stock brokerage firm. There is a reason why stock trading application run as closely to the OS as possible ( and also to the exchange), in one word, PERFORMANCE. Web browsers performance sucks regardless of which one you are using, JavaScript is just too slow to implement some of the logic. In the trading business, a millisecond is all that is required to lose millions of £. Can you for one second imagine building a Bloomberg trading platform using web technologies, that's laughable. There is a reason why the finance industry are still using Java Swing as their desktop technology of choice.

Conclusion

HTML5 is a promising step in the right direction to building scalable robust web application but it will not obliterate desktop applications, not today, not tomorrow, not ever (really!?). We can already see it in the mobile space where developers rather write native application so that they can utilize OS features and hardware. Web applications cannot access you local files directory (I am not talking uploading a file to a site) to read or write.  A simple operation such as reading available space in a directory or writing a log to a local directory is not possible (again I am not talking about downloading or saving a page). Therefore, developers should not believe the hype. HTML5 is not the silver bullet and it is a shame when companies such as Adobe sends mix-messages by discontinuing their Flex offering. Anyway, Adobe has never been a big player in the enterprise desktop application market.

If you disagree with my points, feel free to share your thoughts.

Monday, 30 April 2012

5 Things all Java developer should know when developing for the cloud

The last couple of years, "Cloud Computing" replaced Web 2.0 as the new buzzword. You can read, hear and see everywhere the cloud is coming. To most developer, this is still the same old sh*t. If you have experience in developing distributed system then you should be fine, you say. Well not entirely true, the IT department wants to deploy on cheap cloud and therefore some restrictions now applies. I will list 5 things that I think all developers should know when working with cloud Platform as a Service provider such as Amazon Beanstalk or Google App Engine. This list also applies to IaaS architecture. Some of the points might be obvious to the more experienced, nevertheless, they need to be mentioned.

  • Static objects
We all know the difference between instance variable (non-static) and class variable (static variable). We use static to tell the JVM that they should only be one instance of this variable (singleton). If the static variable is declared with the "final" keyword, this will not cause a problem in a distributed environment as the value will never change. The problem is when we expect the value of the variable to change. As in a cluster environment, GAE and Beanstalk run your application in multiple JVM. If a the value of your static variable has changed in JVM, it will not be propagated to the cluster therefore leading to inconsistencies. I recommend that you avoid static variable unless that set as "final" and their values are hard-coded so there is no way to change their values are runtime.

  • Caching Objects
This one is related to performance in order to avoid expensive operations such as running database queries and others. Sometimes we need to cache objects in memory and therefore we implement our own caching strategy through the use of simple HashMap or some other caching solutions available outthere. Caching has many benefits but implementing a caching strategy should be approached with care. This is because caching has the same problem as static objects. Your cache will be in the local JVM therefore not it will not be visible in the cluster. There are some solutions, for example, GAE uses Memcached and Beanstalk can make use of Amazon ElastiCache which is compliant with Memcached. When developing for a PaaS environment, make sure to not implement your own caching system but look for one that is supported by the vendor. I know this can lead to vendor lock-ins.

  • Server-side Session
Something we do take for granted in single environment is storing application session data on the server. Based on experiences, mainly using GAE, I encountered multiple issues with session management. Since then, Google has fixed alot of the issues with the way GAE handle sessions for Java application. To minimize writing session to a datastore, we store application state in memory. Most application are written without any vendor approach in mind; so we use JEE as-is. This approach would work in you deploy in any self hosted clustered environment but Google PaaS. Google implements their own session management which is off by default therefore you need to enable it in appengine-web.xml and make sure that all your objects implements the java.io.Serializable interface. 
Note: Note, session data is always written synchronously to memcache. If a request tries to read the session data when memcache is not available (or the session data has been flushed), it will fail over to the datastore, which may not yet have the most recent session data. This means that asynchronous session persistence may cause your application to see stale session data. However, for most applications the latency benefit far outweighs the risk.

  • Event-driven Execution
This is more about running a process at a given time such as Scheduling task. Again, in a managed environment, it is straightforward to implement a timer or scheduler service. But this is a clustered environment which is not managed by yourself and their stack his different to yours. I personally use Quartz Scheduler when working in a single server environment. In a clustered environment such as Beanstalk or GAE, it is difficult to know which instance will be triggered and execute the task only once. The folks at Google have provided another solution with their own implementation of Cron for Java which can be used. At the time of writing, Amazon Beanstalk didn't have a solution yet. Therefore, consider before-hand when designing your system, which approach to take in order to create scheduled tasks for your application.

  • JRE white list
I believe this related to GAE J only. Google App Engine for Java doesn't allow the use for all available API in Java, especially if they do require access to the file system. The fact that there is a such a restriction impose by the Google has led us to look elsewhere for some of our projects. The cost of re-developing our application to please them is much higher than deploying them elsewhere. Also, another downside of GAE J is doesn't fully support JEE servlet specification. You cannot implement custom security for your application through your web.xml therefore pushing you to use Google own security mechanism. I would recommedn using GAE J when developing a greenfield project which can be built with these restrictions here  and here in mind. If you want to be locked-in using GAE J for your application, then I recommend it as a cost efficient way to testing your application otherwise, look somewhere else.

I hope this was helpful and if there's mistake, feel free to get back to me and I make any corrections. Also, I am sure that I am missing some other points, add them to the comments sections.

P.S. here is a nice comparison from IBM

Cheers and Happy Coding.



Wednesday, 25 April 2012

The traveling robot problem

I am currently between contracts and for first time in many years, I am requested to write some complex code from home so I took the liberties to share my result on my blog.

A startup based in London sent me this problem:

Problem:
A robot can be programmed to run 1, 2, 3, 5 and 10 kilometers and it takes 10, 5, 3, 2 and 1 minutes, respectively. Once it runs to programmed kilometers, it must be turned off for 2 minutes. After 2 minutes it can again be programmed to run for a further 1, 2, 3, 5 or 10 kilometers. How would you program this robot to go exactly 43 kilometers in minimum amount of time.

Please write a java program that solves the problem by finding the minimum time required to travel 43 kilometers. Your solution should print out the correct sequence of distances to be programmed into the robot: for example (10,5,10 and so on...)
When coding your solution please pay special attention to design, data structures, dynamic programming, faster execution time and creating generic solutions. (it should be fairly easy to change the parameters) Compute and provide Big O notation for main piece of your solution too.


END-OF-QUESTION

Before you look at my answers, it will be cool for you to try the exercise too so that we can share feedback in the comments section.

The question brought back memory of my Computer Sciences days, especially Data Structure and Algorithm lectures. At first glance, this looks like a simple problem but it goes deeper than that. Like artists, there are multiple ways to write code but once you look at someone else code, then it becomes difficult to be original ( IP patent law suit anyone?). Any experience developer can write code that would work perfectly for this problem, looking closely to what is being requested and you will notice that there is an extra requirement; dynamic programming. For those who needs more information about what dynamic programming is, I suggest the following wikipedia article. I had to spend sometimes reading the article to refresh my memories and off-I-went-hacking-away. Bear in mind that you could solve this problem by rewriting a recursive application but that is not a dynamic programming approach.

Anyway, here are my results ( the algorithm was inspired by a similar problem set).


I hope this helps someone in the future in any ways.


Happy Coding

You can download the source code this github https://github.com/armelnene/the-traveling-robot-problem

Friday, 20 April 2012

Primefaces Mobile - Weather App Example

As a Java developer, I usually get requests of building mobile apps. I like building Java application; enterprise, web and mobile. The latest projects that I have been involved with make heavy use of JSF and Primefaces in particular.

I am quite confortable with JSF and therefore I decided to build a mobile application using JSF and Primefaces Mobile. Primefaces Mobile wraps JQuery as a JSF component so that you do not have to write any Javascript. This approach has huge benefits: JQuery is a well tested framework used by large companies such as Google and Microsoft.

I will make this post quite brief. I wanted to know how easy it would be to recreate the demo from the Primefaces Mobile labs page.

Here is a screenshot of the final application running in Firefox 11 (Windows 7 64 Bit).





This was a simple example taken directly from the website therefore I was expecting to a short exercise to make build and make it run. Well not so fast.

I created a Maven based Java EE 6 project using Netbeans IDE 7.1.1. After browsing Google for a bit, I spent a few minutes getting the right repository and dependency in place.

Once the dependency where in the place, I had to create the beans required for the actual JSF page to work. I found the Primefaces Mobile backing beans on Google Code. So now I had everything setup and running. At first glance, the application seemed to running fine and working. Then I tried the application on my iPad and the Android Emulator, and nothing was working. The user interface was displayed but the "get forecast" button was not making any Ajax calls.

So I started to debug the application everytime I had some spare time. I also noticed that, while running on a desktop browser, the application would be able to an Ajax called and updated the screen with the values (see screenshot above) but you wanted to make another to find out the temparature of let's say London, the nothing would actually unless you refresh the page and try again. OK, so it's not working as expected but the example on Primefaces Mobile labs worked fine on my iPad, emulator and desktop browser (IE 9 excluded).

So I ran the application using the NetBeans debugger and decided to look through Firebug. The first call goes through and stops at the breakpoint but subsquent calls do not even get to the managed bean. Firebug shows that the other code are being retrieve from the cache. I manually set all the HTTP headers so that it does not cache any content but this is still the same result NOT WORKING!

I have uploaded the code to GitHub click on the link to download it.

In conclusion, it's not plug-and-play to make the examples on Primefaces.org labs work. The documentation for the examples are quite poor and I hope that the good folks from Primefaces can take look at my code and tell us what I am doing wrong.

A part from that, Primefaces is a good JSF framework that I use on a daily basis on multiple projects therefore I cannot really put them down but I wished the mobile examples work and tell us what is needed to make it work.

Please share your experience in the comments below or advice on how to fix it. Feel free to download the code from GitHub and have a look to.

Happy coding :)


Thursday, 19 April 2012

Parachutist Dilemma - a parallel programming problem

Here is a little mental problem solving exercise for you to try to do in 30 seconds; that was the time I was allowed. So I had a telephone interview from a company today and this guy asked me this question utilizing a parrallel programming algorithm. Here are the details:

Two parachutist (A and B: A is in front of B) land on single line; one behind the other. Their parachutes also lands behind them respectively. 
We have a set of instructions which are as follow (all instructions are executed, meaning A and B will executed instructions at the same time).
  1. move forward 1 step
  2. move back 1 step
  3. if standing on a parachute go to (1 | 2)

Question:

We need our parachutist to somehow meet each other, what are the sets of instructions that can make that happen?


Please try to answer before reading my answer below

My answer:

  1. execute 2
  2. execute 3
Explanation:

  • When both parachutist move back 1 step, they will both be on their parachutes
    • when parachutist A stands on his parachute, he will move back 1 step therefore go to 1
    • when parachutist B lands on his parachute, he will move forward 1 step 
Therefore our two parachutist will meet in B original position.

NB I had to change the original questions as the interviewer explanations led to the parachutist to never meet.