Anay Kamat’s Weblog

In my current project, we are using Alfresco for the content repository and all the extra functionalities required are developed using Webscripts. While working on one functionality, I had to serialize javascript objects to JSON and also deserialize it. For doing this, there is a nice javascript code on Alfresco Wiki for converting the object to JSON and vice versa. But to use it, you need to make some slight modifications to the code. The original code doesn't generate proper JSON code and also has a syntax error in method to obtain the javascript object back from the JSON string. So here is the proper code for handling JSON:

 
/*
   json.js
(modified 2006-09-07): added support for RHINO
(modified 2006-05-02): json.parse, json,stringify added
  USAGE:
  var jsObj = JSON.parse(jsonStr);
  var jsonStr = JSON.stringify(jsObj);
*/
if (!this.json) {
  var json = (function () {
      var m = {
              'b': 'b',
              't': 't',
              'n': 'n',
              'f': 'f',
              'r': 'r',
              '"' : '\"',
              '': ''
          },
          s = {
              array: function (x) {
                  var a = [], b, f, i, l = x.length, v;
                  for (i = 0; i < l; i += 1) {
                      v = x[i];
                      f = s[typeof v];
                      if (f) {
                          v = f(v);
                          if (typeof v == 'string') {
                              a[a.length] = v;
                              b = true;
                          }
                      }
                  }
                  return '['+a.join()+']';
              },
              'boolean': function (x) {
                  return String(x);
              },
              'null': function (x) {
                  return "null";
              },
              number: function (x) {
                  return isFinite(x) ? String(x) : 'null';
              },
              object: function (x) {
                  if (x) {
 
                      if (x instanceof Array) {
                          return s.array(x);
                      }
                      if (x.hashCode) return s.string(+x.toString());
 
                      var a = [], b, f, i, v;
                      for (i in x) {
                          v = x[i];
                          f = s[typeof v];
                          if (f) {
 
                              v = f(v);
 
                              if (typeof v == 'string') {
                                  a.push(""+s.string(i)+':'+ v+"");
                                  b = true;
                              }
                          }
                      }
                      return '{'+a.join()+'}';
                  }
                  return 'null';
              },
              string: function (x) {
                  if (/["x00-x1f]/.test(x)) {
                      x = x.replace(/([x00-x1f\"])/g, function(a, b) {
                          var c = m[b];
                          if (c) {
                              return c;
                          }
                          c = b.charCodeAt();
                          return 'u00' +
                              Math.floor(c / 16).toString(16) +
                              (c % 16).toString(16);
                      });
                  }
                  return '"' + x + '"';
              }
          };
 
     return {
        parse: function(s) {
           try {
              return !(/[^,:{}[]0-9.-+Eaeflnr-u nrt]/.test(s.replace(/"(.|[^"])*"/g,""))) && eval('(' + s + ')');
           } catch (e) {
              return false;
           }
        },
        stringify: s.object
     };
  })();
}

Here is how to use this code to serialize a javascript object:

 
	o={};
	o.name = "Name";
	o.id = 1;
	j = json.stringify(o);

Also, to obtain the object back from JSON string, you can use following method:

 
	x = json.parse(j);

Many big guys have participated in discussions regarding agile and waterfall model. Hold on big guys, look at this video where two kids have nicely presented the debate on agile vs. waterfall.

They say that something is better than nothing. To some extent even I don’t disagree with this statement. But sometimes, you might end up collecting a lot of that ‘something’ which may not serve your purpose at all. You might end up collecting so much useless information and advice that you will actually feel that actually ‘nothing’ is better than lot of useless ‘something’. When we say that time is important, we should make sure that we save ourselves from these useless ‘something’ and focus on things that we really need.

Being a software application developer, I would like to consider what happens in a typical software industry. What is expected from a software project is nothing but working software. But still, most of companies end up using so called ‘up front’ design approach. In this approach lot of time is spent in designing E-R diagrams or UML diagrams including text documentation. Here, I’m not saying that documentation is useless, but considering the effort that is required to change them once the requirement or design decision is changed, it does feel like a big waste of time. There is another approach in developing software known as Test Driven Development (TDD). In this approach, unit tests are written before the code that implements the required functionality. These tests are written such that:
1. They explain the function of unit under the test
2. The broken functionality is identified automatically as soon as possible

Text based documentation can serve the purpose stated in point 1 but fails to identify broken functionalities automatically. Thus it’s better to have unit tests than to have documentation in text.

Similarly, in case of online forums, threads are created asking for help. But most of the time I see replies like “Yes I agree” or “Wow!!! That was great”.  I have seen replies that advice the creator of the thread to search Google for more information. Such replies don’t add any real value to the owner of the thread or to other readers. If you want to give your opinion then make sure that you also add value to the thread by recommending your own solution. This way, every reply to a thread will improve the discussion further.

Another case I would like to consider is the case of websites which are created only to make money. Such websites are known as virtual real estates and use PLR articles as content. This leads to hundreds of websites having similar content floating in cyberspace. Another fact is that, most of the time such websites are created by people who knows nothing about the topic. The articles are mostly ghostwritten or taken from PLR sources or article directories. Google knows that such duplicate content doesn’t add any value to internet users and thus, hides the results containing duplicate information.

Whatever may be the case or purpose, we should remember that whatever we do, even if it’s little, should add value to our work. Something is better than nothing holds true only when that ‘something’ has a value and not otherwise.

Fring is an application for mobile phones that allows you to make calls using VoIP. Yesterday I decided to try it out myself. I had mentioned in one of my post that it is possible to make free calls with fring if you have access to public Wi-Fi hotspots, but in Goa, there are no such public Wi-Fi hotspots. On the other hand, my Nokia N72 doesn’t have support for Wi-Fi networks. So I had to rely on GPRS connection.

If you refer to Fring website, it mentions that the application is compatible with Symbian from version 8 to 9.2. Thus it can work on my Nokia N72. I activated Airtel GPRS service on my handset and downloaded fring directly on my mobile from its site.

After installation, fring asked me to register as a new user. Then, I had to select one VoIP service provider from Skype, MSN Messenger, ICQ, SIP, Google Talk, Twitter, Yahoo and AIM. I have been using skype for long time to make VoIP calls so I selected Skype. After that, fring asked me to login to my skype account with skype screen name and password. That’s it!!!! Now fring was ready for use on my handset.

Fring presented me with list of contacts which were taken from my phone book and skype contact list. From here I could have called my friends who were online on Skype at that point of time. If you try to call a person from your phone book, then you will be presented with options of either Direct GSM call or SkypeOut call.

I wanted to try out fring by making a real call. So I requested my father to call me from skype. Soon, my cell started ringing and Fring showed me that the call is from my father. I was able to talk to my father normally without any problems.

But one thing I noticed is that, I was not able to hear my father’s voice instantaneously. There was a small time gap so I felt as if I’m using a walkie-talkie.

If you want to call your friends at a very cheap rate then should try out fring yourself. Hopefully in near future, just like broadband, the number of public Wi-Fi hotspots in India will increase and then people will be able to use applications like Fring with better voice quality.

Many times I have noticed that people tend to make their computers secure only by installing a good anti-virus tool and keeping it updated regularly. Most of them use free version of AVG antivirus tool thinking that it will keep their machines free from threats. But AVG product comparison page clearly shows that there is one potentially threat which is not handled by free edition of AVG antivirus. It doesn’t protect your machine from the threat of spywares.

But good news is that, you also get free version of AVG Anti-Spyware tool. But most of the people ignore this tool because they don’t know the reason behind installing such tools on their machines. Let’s look at reasons to install anti-spyware tools on your machine.

1) To protect your secret data: Spywares often attack your online privacy and security in many ways. Some spywares will look at your surfing habits and will send the data back to its creator. You won’t believe but many advertisers use this approach to study their market. On the other hand, there are spywares that will cross all limits and can even send your passwords or credit card details to its creator. Scary isn’t it?

2) To prevent your PC from becoming extremely slow: This actually happened to me once. I noticed that my PC had suddenly become extremely slow for no reason. It used to slow down even more after connecting to the net. My antivirus tool didn’t detect any threat on my machine. But when I diagnosed my PC for spywares, I was shocked to notice that it detected hundreds of threats. After removing them, my PC regained its performance. In their attempt to collect data from your machine, spywares often slow down your machine.

3) To safely use freeware tools: Everybody likes to download free software tools from the net. Most of the time, these free software tools could actually be spyware tools in disguise. I don’t say that all free software tools are spywares so don’t panic. But the fact is that, if you have installed lots of free tools on your machine, then you better diagnose your machine for spywares.

These are some of the reasons to use anti-spyware tools. Apart from use of such tools, you can also make sure that firewall is enabled on your system and your operating system is updated with all the latest security updates. Remember that prevention is always better then cure.

A trojan which hijacks adsense advertisement and redirect users to some other sites that may contain malicious content has been identified by BitDefender. Even though this trojan (Trojan.Qhost.WU) is not resulting in a serious threat to adsense as of now, but in future could affect the revenue of publishers as well as the number of people visiting the sites having adsense ads.

Google adsense is the post popular contextual pay-per-click advertisement program and hardly requires any special introduction. In simple words, it’s a technology that displays ads which are closely related to the content of the site or page you are currently visiting. This actually gives advantage to advertisers as well as publishers. Advertiser gets targeted traffic and publisher has more change of making money because ads are closely related to content.

Google adsense got its popularity for two reasons. First reason is its amazing technology while the second is that they try hard to maintain the quality of their ads. To do this, they has some strict rules of usage and if publisher fails in following those rules then his account is banned directly after sending few warning emails. The working of this trojan violates adsense rules so publishers needs to make sure that their sites won’t get attacked by it.

Google adsense is a wonderful service which most of the people use to monetize their sites. You can read more about this Trojan on BitDefender’s website. They have mentioned symptoms of trojan along with the instructions to remove Trojan.Qhost.QU from your machine if it exists. Just be little careful and have wonderful adsense experience.

Imagine how nice it would have been if you could talk to your friends using your mobile without paying huge bills. Well, you can stop imagining now cause, a new mobile application called Fring is going to turn that dream into reality.

Fring uses internet connection available on your handset to make VoIP calls. This means that, in order to make free calls, you need to have free internet connection on your mobile too. Don’t worry again. This is where Wi-Fi is going to help you.

Wi-Fi allows you to connect to LAN’s without using wire. Most of the public places like airports, coffee centers or some hotels are often equipped with public Wi-Fi hotspots allowing anybody in range to connect to their local network and get access to internet. Some latest handsets are equipped with support for 3G/WiFi network which could work without sim cards. Thus, if you have access to any such public Wi-Fi network, then you can start making free calls using Fring.

Just take a look at the video that shows Fring in action.

Software applications, once they are developed have to be released so that people can use it as per their needs. Long back, I used to think that, one day I will develop some good software and sell it. Few years later I came across GNU/Linux which introduced me to the world of open source system. Soon, I came to know the advantages of open source model and thus, changed my mind to release my "To be developed" software application as open source. I had totally made up my mind to release it as open source until I came across SaaS.

Software engineering is constantly evolving field. Every now and then, you will hear about some new programming practices, some new development or testing models and some new delivery models too. SaaS is one such new delivery model that is becoming popular with increasing growth of internet and decreasing cost of internet access.

In SaaS, your application is released as a kind of web application or web service. You don't actually sell your application, but allow people to use it and charge them based on usage. Just like your mobile company where you are allowed make as many calls as you want and pay the bill which is calculated from the number of calls and the duration of each call you make.

So why should one release his software as service? Technically speaking, I feel that fixing bugs will become much easier as whole application exists on central server. In commercial viewpoint, you can make more money if your application is used frequently. Also to some extent, it will make software applications more platform-independent and thus people will get access to good software without worrying about its platform.

As the software industry grows, new development and delivery models will come up. The more number of delivery model means that you will need to think more to decide how to release your software application. The more you think, more confused you will get. Thus, I feel that we should stop thinking in terms of models and just focus on providing clients with solutions to his problem.

Developing of software project is not just a task related to computer programming. Software development involves of lot planning, understanding of requirements, proper design, maintainability and of course, programming. As software planning involves so many tasks, it should be very easy to guess that software projects don’t fail just because of wrong programming, but mostly because, other tasks involved in software development are not handled properly. Recently, I got a chance to review some projects that are being developed in one educational institute in Goa. In this article, I will try to look at some faults that will eventually render these projects useless practically.

Database security: One of the projects developed inside the institute is to get the marks of students and prepare the report of failed students. The application is totally window based program developed in C# which connects to the central database. User need to start the program, login with his username as password, enter the marks for students and create report based on it. Looks like a perfect piece of software. But there is one major security loophole.

Management feels that the software is quite secure as no one can enter or change the marks unless the user logs in with his username and password. The biggest fault being overlooked here is an access to the central DBMS. The connection string required to connect to the central database is stored in a ‘application_name.exe.config’ file which is present in the same folder where application is installed. In other words, this simple text file is installed on every single client machine and any user can read it. Any student can directly login to the central database using the username and password mentioned in the connection string, and can change his marks or delete all records.

This problem could have been easily handled by creating a web service to handle the database tasks and by making the application use this web service. In this way, the connection string would have been in the ‘web.config’ file on the central server and away from any third party access.

Password storage: Care should be taken while user information is stored in the database. User sensitive information should be stored as securely as possible. This is one reason why normally people use MD5 to obtain the hashed password which is then stored in the database. MD5 is one way hash and it is not possible to obtain the original password from hash. People normally keep the same password for different accounts. For example, an user can have same password for his Gmail as well as Yahoo mail account. If the password is stored directly, an administrator having access to yahoo mail’s central database can easily obtain the password of the user and hack his gmail account.

There is another project being developed called inventory management system for the departmental stores. Here, the lead person wants the password not to be hashed but to be encrypted so that it could be retrieved back. Clearly, there is a big security loophole.

Improper use of software development concepts: Software could be programmed either in procedural way or in object oriented way. The program is being written in objected oriented language like C# doesn’t mean that program is object oriented. Program becomes object oriented when the whole program is designed using classes such that there is code reusability along with use of abstraction. Care should be taken that internal structure of class is not exposed. When software is developed in this way, it makes code more maintainable and extendable. Handling of bugs becomes much easier this way.

However, the lead person who is in charge of inventory management system wants the system to be developed neither in procedural nor in object oriented way. He wants to use something that he calls as “Hybrid” way of software development. I have never heard or seen any projects developed in this way. If someone knows, please let me know.

Software programming could be an easy task, but software development is definitely not an easy task. It needs lot of effort to design a software application and plan its development. Care must be taken while developing applications where security is going to play a key role. We should keep our mind open to learn from others mistakes and also from the approach followed by successful software developers. It takes time and hard work to develop a software application and thus, it’s the responsibility of every person involved in the project to develop it properly. Software should be designed to survive and not to fail.

On 28th and 29th of September 2007, P.C. College of Engineering had organized a technical event called 'Blitzkrieg 2007'. I was involved in creating the script to allow users to register themselves as participants for various competitions. This simple script had two responsibilities.

• Registration of participants
• Listing of all participants

The script was pretty simple and worked fine till the day of event. Organizers were able to view all participants who had registered for competitions. However, during the day of event (28th September 2007), organizers faced a problem that we had not at all considered. The hosting plan for Blitzkrieg website had provided them with small bandwidth. Due to this, the allocated bandwidth got over on the day of event and organizers were unable to view the site and get participant's list.I had never experienced such a problem before. Was it possible for me to write a script in such a way to handle this situation? It was definitely not possible to increase the bandwidth using a PHP script, but yes, there was a trick that would have helped organizers to access the latest data.Before understanding this hacky solution, let’s understand what the actual script used to do:

1. Display a registration form to the user
2. Get the data provided by user and validate it
3. If the data was valid, then store the data and send a mail to registered user (participant), informing him about successful registration.

Here, we would have added an extra step to send a mail to organizers after every successful registration with corresponding sql (insert or update sql). This would have given organizers a list of sql commands which if they could have executed on local database. This would have provided them with local access to list of participants even in case of bandwidth failure on central server.

This solution is just a precautionary measure to handle such kind of situations. It has to be implemented before the problem occurs. In our case, we had to call the customer support of our web-host who acted quickly and increased the bandwidth, allowing organizers to view the list of participants.