Wednesday, June 13, 2007

A Useful Command Prompt Tip

netstat -an |find ":80"

The above command I use so frequently. It really helps me out figure if there is a webserver running on the machine (ie. listening on port 80).

Actually, this command is a combination of two commands. The first is netstat which displays a boring long table.

The second is find "XX" which ignores all strings that dont contain "XX".

The '|' is the pipe operator. Now the command simply pipes the output of 'netstat' into 'find', the result is the line that contains the string "80".

If you're from a linux background, you'll find this post a bit too obvious. Since we're used to using the 'grep' command (which is similar to 'find' on windows).

Sunday, June 03, 2007

Microsoft PowerToys

Add convenience to your life ...

Try these free tools:

1. Alt-Tab Replacement
When using Alt-Tab, this will show you a small thumbnail of the program you are switching too. Very helpful when switching to multiple instances of the same application.

2. Power Calculator
Enhanced calculator for your OS.

3. Open Command Window Here
Allows you to open the command window for any folder you are currently in.

4. Image Resizer
Resize images on the spot.

5. ClearType Tuner
This PowerToy lets you use ClearType technology to make it easier to read text on your screen, and installs in the Control Panel for easy access.

Download any or all at:

Saturday, June 02, 2007

Who Said You Cant Learn Karate From A Book?

You can learn anything from books. A good book with good illustrations and a comprehendable language style can teach you anything.

The only extra large step you need is to continually practice. If you dont, then most probably you're dropping everything you've read.

Now wait a second, I know what you're thinking... but watch out for what I said; I said 'you can learn', but I didn't say 'its the best way!'. So lets face it, someone whom read a book about Karate will definitely know more than someone who haven't read (assuming both initially start in the same state).

Here's my evaluation of the different ways to learn ordered from best to worst:

1. Let an expert teach you, practice well, see what other experts teach, read about it, apply, understand the different schools on the same subject.

2. Let an expert teach you and practice well.

3. Read a book, and practice.

4. Read a book.

5. Do nothing.

Please note that I'm writing this post without any pre-research or good analysis on the subject. Therefore, please forgive my 'hardly scratching the surface analysis' (abbreviated HSTSA) on this subject.

Tuesday, May 29, 2007

File System Storage Versus BLOB Objects

Document Management Systems nowadays are heading towards storing all documents as BLOB objects in the database. You rarely find any server side applications that deal with documents as files.

Whether its a... Document, Content, Bug, Project, Knowledge Management System, they're all implementing document storage using BLOB objects.

Why it that then?


1. The first advantage of having everything stored in the database is the ease of backups and restorations. You no longer need to backup the database then backup your document's directory, then make sure they are synchronized.

2. The second advantage is that the documents are stored the same way on all platforms and partitions. Whether its FAT32, NTFS, or any other filesystem, you can store them all in the same way.

3. The third advantage is, you have full control of versioning documents, storing interesting information like diffs, dates, users performing on them.

4. The fourth advantage is that third party applications that connect to the database need only to have the database port available. No need to provide extra ftp access to acess the documents.

Thats it. Bottom line...

If you're building some kind of server application, consider a Database File System.

Wednesday, May 23, 2007

The 3arabeezy Habit

In the old university days, whenever I met someone speaking half english half arabic, I usually felt so intimidated of such personalities. I used to think of them as people whom try their best to show off by mixing sophisticated english terminology with verbal mingled arabic pronounced english sounding words. At those days, 3arabeezy for me was a 100% Yukk.

Today, I became one of them (A 3arabeezist). I just cant stop it, I keep mixing english and arabic whenever I speak, I dont know how it came up to be, it just happened. Gradually, I started substituting english words for words that I cant find an arabic alternative for, and vice versa.

It seems that mixing two languages makes me feel smoother. Its not only in verbal languages. Its also in computer languages. You need to write Embedded C in Java code for certain functionalities, and to write PHP extensions using C in others, or even assembly in some C code, mixing languages could be an advantage.

However, mixing arabic and english proves that you are proficient in using both simultaneaously, but very weak in utilizing one at at time.

Even when trying to talk completely in English... one or more 'ya3neeez' have to slip through the conversation. And when I talk in complete Arabic, one or more 'simply', 'basically', 'soon enough', 'I think' have to slip in between.

In funny cases, I'm also starting to use the plural form of arabic words in english form... examples are 'Raheeebz', 'Raw3az', '7abaaaybax' and 'Jee3aanz'.

Lets jump to the lessons learned of this post. I guess there's one really serious lesson to mention. 3arabeezy aint that bad, but could make you look REALLY bad in first impressions. So here's my advice:

1. When introduced to new people, dont use 3arabeezy whatsoever. Stick to one language. Talk professionaly. Dont mix. It will only leave an impression of either a show-off or an improficient talker.

2. In public speech, dont use 3arabeezy unless the audience are people you've worked with before.

3. When dreaming, feel free to use 3arabeezy. Totally acceptable.

4. Sometimes you need to use 3arabeezy when talking to people who know neither arabic or english. This raises the chances that there could be an arabic or english word that sound something similar to their native language.

5. Only use 3arabeezy if you feel that a certain word has a better alternative in the other language that will ease up understanding. Again, this proves weakness in the former language.

Till then, we'll meet again in a next epi-post of 'Lost in the Code Carribeans'.

Tuesday, May 15, 2007

The Long Easy Way Versus the Short Hard Way

Today I had a small discussion with a good technical friend of mine ;) The discussion started with trying to handle an SQL Query with one shot.

The SQL Query got a bit too complicated to handle and needed some extra research, reading and thinking to figure out the correct way to do it. It took two technical brains, good MySQL experience, about forty minutes of work, and at the end some testing. It resulted with a long SQL statement.

Through our work we had another solution, its a very easy solution, get the data you need through multiple SQL statements. Thus, a long but easier way to do it.

We felt so proud that we were able to tackle the short difficult path, but at the end, considering the long easy path we missed, I felt a bit unrelaxed, but as soon as that happened, I was reminded with an important wisdom (by my amigo):

"If you keep choosing the easy and long path, you'll hardly learn anything. It's the difficult short path that provides you with extra skill and power."

Now imagine the amount of skill and power you can gain by choosing the long difficult path. Hmmmm, cool as long as no fatal mistakes takes place.

There's always alternate wisdom supplements when twisting different stories around.

Monday, May 14, 2007

The 'Call Super' Antipattern

A common design problem that is usually solved using the 'Call Super' antipattern (also referred to as code-smell). Simply stated, the problem occurs when the subclass needs to share the implementation of the super classes over-ridable methods.

In such case, 'Call Super' anti-patten is usually used by calling the over-ridden methods from within the subclass's over-riding methods.

I'll show a 'Call Super' code sample, then show a much better and neater solution (proposed by Martin Fowler).

The Bad Solution (Using the 'Call Super' AntiPattern):

class Penguin {
public void intoduceYourSelf() {
System.out.println("Hi, I'm classified as a penguin.");

class EmperorPenguin Extended Penguin {
public void introduceYourSelf() {
System.out.println("My real name is Emperor Penguin");
A Better Solution
A much better solution is to have an abstract method in the super class for the extra actions the subclasses will perform. And thus, the subclass only needs to implement that abstract method:

class Penguin {
public void introduceYourSelf() {
System.out.println("Hi, I'm classified as a penguin.");

abstract public talkAboutYourselfMore();

class EmperorPenguin extends Penguin {
public void talkAboutYourselfMore() {
System.out.println("My real name is Emperor Penguin");

Thats it. A neat alternative solution that I love to use.

Wednesday, May 09, 2007

Curiosity Never Killed The Cat...

... it was Boredom which did.

The amount of boredom I've been through in the past three days has been killing me softly.

Unfortunately, this time it's the result of practicing a boring repititive task; writing code that tests code. You just keep on writing code and checking the result, then writing another line and checking the result, then another line, and checking the result.

Trying my best to be creative with this task, I only modified the code a bit to show errors in red color and success in green color. Thats about it.

Wisdom of the day:

Ok, curiosity might have killed the cat. But boredom will kill anything!

Monday, May 07, 2007

The Best Free Utilities

Check them out at:

Enjoy. I liked the sticky notes utility ;)

Saturday, May 05, 2007

Swapping Two Integer Variables Without Using a Temp Variable

The first time I heard this question, I thought it was a joke of some kind. I never thought such was possible.

Turned out to be possible and even faster than the normal technique, here you go:

Let X be an integer variable.
Let Y be another integer variable.
X = X xor Y
Y = X xor Y
X = X xor Y

Wont buy it? Then try it out for yourself.

One more technique, you can use the - (minus) operator instead, but be careful not to step over the integer max and min limits. Here you go:

(eg. X = 12, Y = 7)
X = X - Y ( X is now 5)
Y = X + Y ( Y is now 12)
X = Y - X ( X is now 7)
(result: X = 7, Y = 12, Voila! Swapped)

Hmmmm. Coming to think of a practical use. The only way such would be useful is to swap two large memory binary buffers.

This swapping enhancement breaks the common myth of 'its either memory or speed, but not both'. The swapping algorithm you just saw proves better in both memory consumption and performance gain.

Wednesday, May 02, 2007

Sticky Notes No Longer Stick

Ok, we all use pieces of paper for jotting notes and todos from time to time.

Some use white paper, lined paper or 3M sticky notes. When no physical resources are available I'll usually use notepad for quick note jotting.

This usually happens when I'm jotting down a quick description of a street address of phone number.

The problem with the notepad approach is the extra steps you have to walk through to actually open notepad and save the file. Which turns out to be so inconvenient when urgency is required.

I mean you need to go to Start > All Programs > Accessories > Notepad, oooft! or even Start >Run then 'notepad' and enter. I also use the quick launch, but at the end, notepad for note taking creates an intimidating experience. Not to mention having to remember the filename you saved on the desktop.

So long for notepad, what about the paper and pen approach? Well...

First, you need them to be around your desk somewhere and you need them to be around instantly. Pen and paper are easily un-noticed on your desk until you discover that you need them (comparing them to a laptop).

Second, paper and ink are limited resource, ie. They will run out. And you'll have to purchase them again.

Third, ok, anyone can afford paper and ink, but what about the environment.

The amount of paper waste caused from temp note storage is unjustified with the alternative tools available. Consider the amount of trees wasted for the sake of disposable paper notes and todo items.

Ok, I'm sure you're thinking now. What point is this post building up to?

Well, its all about a small and cute sticky notes tool (that mimics 3M sticky notes) named "ATNotes".

You can download it for free from:

Yep. Yep. No more notepad files on your desktop, no more scattered paper, no more ink, and guess what? You're now an environment friendly person.

A Big Thanks goes to its developer & author - "Thomas Ascher".

Hope you like it.

Tuesday, May 01, 2007

The Programmers Notepad

If you're one of those people whom dislike thick fat development IDE's, and at the same time you miss many of those rich highlighting and search/replace features in your simples editors.

Then go no further...

Try "The Programmers Notepad".

1.3 MB in size, free, wonderful, and very light-weight.

I loved it from first 'site' : /

I think I'll let go of EditPlus. My X-Favorite Editor.

Sunday, April 29, 2007

Lazy Evaluation and Caching...

... are the most widely used techniques for improving your software's implementation performance.

Then what are they and how can I use them?

Lazy Evaluation is exactly just like a Lazy Employee; he wont do the job unless some one directly requests it from him. Infact, he'll postpone it forever until the request is made official.

Caching on the other hand is simply storing frequently used data in some quick array or memory for fast retreival, although the same data is stored in a database or in a file, the programmer usually chooses to cache it in its accessible form for fast retreival. This memory could be an Array, a Berkley DB file, a tmp file or any other suitable media.

Google - a well known search engine - caches search results for most frequently used queries. FileNET (a really good CMS server) renders all content objects inside one single HTML page ready for access (instead of querying it from a database everytime). The HTTP protocol itself caches different requested pages on the internet on local internet proxies and implements the HTTP headers to do so. And even does your browser cache some html pages from time to time.

Thats why you usually need to press Ctrl+F5 to force requesting to refresh the page from the server.

As a programming example, lets say you have a small class named UserAccountManager and this class contains a single method:

public static String UserAccountsManager.getUsername(int UserId);

And a single private array which is simply a HashMap mapping a UserID to the Username which is used by getUsername(int UserId).

The method is implemented simply to execute a query on the database:


Here is a simple way to see how caching and lazy evaluation can be applied.

The program can implement caching using a private array map that maps the user id to the username string. This array is filled only once from the database when the program first loads.

The tricky part when implementing caching is knowing when to re-generate the cache, or more accurately, how to identify that the original data store has changed or not? If changed, then the cache needs to be regenerated or else your program is using out-of-date data.
Any calls to getUsername will simply access the array instead of accessing the database. This is whats Caching all about.

Now, lazy evaluation simply changes the implementation so that the array AINT FILLED AT ALL until someone actually calls the getUsername() method.

The advantage here is that you dont waste memory or connect to the database until someone actually calls the function. (ps. It might need not be called at all).

After all this explanation, there is a very annoying advice that you have to stick to:

"Never implement optimization techniques such as caching or lazy evaluation until a bottle neck is identified in the system using benchmarking and testing procedures that shows that need. This simply means, avoid Premature Optimization as much as you can."

Friday, April 27, 2007

SQL Statement Shortcuts

What always bothered me when writing SQL SELECT Statements is handling long table names, and having to reference a field by its table's name to avoid ambiguous errors.

Take this for example, three tables: infobase, infobase_labels, and infobase_users. And let's imagine that those three tables each have a field named 'ID'.

So a simple select statement will go like that:

SELECT infobase.ID, infobase.NAME AS INFO_NAME, infobase_labels.NAME AS LABEL_NAME, PHONE FROM infobase_labels, infobase_users, infobase WHERE infobase_labels.ID=infobase.LABEL_ID and infobase_users.ID=infobase.USER_ID AND infobase.ID=5;

Okay, 238 characters of unreadable sql code.

Whats next? Okay, till here you have two options:
1. Live with it.
2. Find a simpler way.

I have been using option 1 for the last 7 years. Until, option two showed up ...

... the usage of name aliasing for table names to make a query simpler, now this I love, simple alias each table with a 2 letter name, and use it instead of the table name:


Okay, this makes them 205 characters long.

For me the latter is much more readable, shorted and easier to write.

Tidying the SQL statement a bit:
infobase_labels AS _IBL,
infobase_users AS _IBU,
infobase AS _IB

Okay thats it for today. Quite a long post, but I like it ; )

Sunday, April 22, 2007

Master the Techniques Before Chasing the Goals

Miyagi told Daniel Son while holding the chop sticks:

"You have to catch fly first."

And this applies to any career. Ok, Miyagi was a bit over-reacting here, I mean, if it was not for the 'beginners luck' of Daniel Son, I dont think this movie would have ever ended.

The lesson here is that a career person SHOULD master the techniques of her or his profession. Know it well, do it right, know when to use a technique, know when to drop it, know the pros and cons of different techniques, but most importantly, Master it!

That could be the boring part for some, to master the technique, to know the details, to understand the bits and pieces.

A professional football player knows that mastering a 'pass' weighs much more than scoring a goal. Mediocre players - on the other hand - only care about scoring, this arises from a mentality of greed ... "Need to score, makes me feel good.".

Most low quality environments overlook developing good techniques, and favor jumping directly to goals. Ok, fair enough, the time and budget constraints of 'the start' could force such conditions. But, this symptom easily grows to a disorder when this methodology becomes a continuous habit.

Wisdom of today's post:

"Master the techniques, and make them the solid path to your goals."

Tuesday, April 17, 2007

Toggle The Toggler

We all use them, different places in our code, toggling variables.
And there are many ways to achieve the same results.

My first toggle looked like that. This toggles between 1 and -1.
a *= -1;

It then evolved to:
a = a XOR 1; // or a = a ^ 1 in Java

I also started using the modulus operator:
a = (a + 1) % 2;

Then I liked the modulus operator so much, that I started using it to toggle between three, four or N values:
a = (a + 1) % 4;

Sunday, April 15, 2007

Teach Yourself Programming in Ten Years

Very nice article discussing the programmers' learning curve:

This article is so popular it has been translated to many different languages including chinese, arabic, german, french, polish, japanese, korean, russian, spanish and turkish.

ref: Khaled J. Simtix Software.

Friday, April 13, 2007

Book Quote

"Some people play tennis all their lives, but never get better. Those people are not willing to take a fresh look at what they do or to consider changing it. Good players recognize that getting better often means making an investment in new approaches. For a while, they may get worse, as they wrestle with new and unfamiliar techniques, but eventually they surpass their old plateau."

-Fisher, Ury and Patton
In Getting To Yes

Wednesday, April 11, 2007

Getting Organized

I've seen different people do different stuff when it comes to getting organized.

Whether its organizng your images, favorites, invoices, note taking, meetings, budgeting.

Frankly, what works with some turns up to be impractical for others, and vice versa.

1. Some use the browser's favorites toolbar; others see it as non-sense.
2. Some use small notepad files to collect different websites, todo items, readings, passwords.
Others use excel sheets for the same task.
3. Some people even use stange but effective tools. An example is a tool that applies different colors to the different folders on a machine. Even others use tools that automate your environment through pre-configured shortcut keys and mouse clicks.
4. Some use information tools - called outliners - for collecting important pieces of information. Others see it as overly organized.
5. Some use outlook calendar for different reminders, others use their mobile, or even pen and paper.

Best general tips when adopting an organizing procedure is:

1. Make sure the maintenance cost is to the minimum when organizing an item. You dont want to spend an hour trying to figure out where to place your favorite site.
2. Make sure there is some temp storage for your information items that need to be organized. Since sometimes you're too lazy to organize even when you have the infrastructure.
3. Make sure that retrieval of the organized item is to the minimum (example, should be easily located, easily searchable by different fields, dates, text).
4. Make sure that it is available from different places.
5. Take time investigating organization tools at, and, see what fits your case, use what you find practical, make your life easier.

You never know, a fifteen minute deep thought of how to efficiently organize yourself, or even a small research in finding the right practical tool is your way for a much efficient and easier life.

The main hurdle that lets people postpone organizing themselves is their false feeling of 'I can manage' my reminders, my todos, my schedules, my information, and my budget. Trust me on this one, when it comes to organizing yourself, your brain alone is very limited.

Sunday, April 08, 2007

Big Downloads Cause Big Frustrations

These days, I'm downloading different IDE's, database binaries and (non microsoft) service updates from the net. The minimum download size is about 40 MB and the maximum was the new release of JDeveloper which is currently still being downloaded. Its about 508 MB in size.

This is the third time I try to download this 508 piece with a failed connection frustration.

Until... I found this wonderful free tool. Its a download manager named 'free download manager' that can be downloaded from

Enjoy downloading. No more connection disruptions. No more frustrations.

ref: Thanks Quazy (IT support team)

Tuesday, April 03, 2007

Bad Software Methodologies

Ok, this time its from the software industry...

Here are some very well known anti-pattern methodologies in software:

/* 1. Copy and Paste Programming: */
Copying (and modifying) existing code rather than creating generic solutions

/* 2. Golden Hammer */
Assuming that a favorite solution is universally applicable

/* 3. Tester Driven Development */
Software projects where new requirements are specified in bug reports

/* 4. Improbability factor */
Assuming that it is improbable that a known error becomes effective

/* 5. Defactoring */
The process of removing functionality and replacing it with documentation

/* 6. Premature Optimization */
Optimization on the basis of insufficient information

/* 7. Programming by permutation */
Trying to approach a solution by successively modifying the code to see if it works

/* 8. Reinventing the square wheel */
Creating a poor solution when a good one exists

/* 9. Reinventing the wheel */
Failing to adopt an existing, adequate solution

/* 10. Silver Bullet */
Assuming that a favorite technical solution can solve a larger process or problem

Ref: Copied and pasted from wikipedia

Patterns Plus Anti-Patterns

In every engineering science lies the notion of good (design) patterns.

This comes out as a result of repeating good ideas and/or methodologies that work. Once being repeated in different places, a pattern is spotted in which it gets popular between the engineering community and can be safely reused, it even acts as guidelines to beginners.

"Another important concept - but not as popular - is the concept of anti-patterns."

Good Patterns and Antipatterns complete each other. Anti-Patterns are simply the bad patterns that have been spotted being practiced repeatedly and should be avoided.

Its important to note that patterns and anti-patterns do not apply only to software engineering, but rather can be applied to any science. You can even apply it in your own kitchen (strong assumption: you have a kitchen).

I'll discuss here some anti-patterns spotted in the managerial world that have been popular and should be avoided:

1. Fruitless Hoop: The manager who requires endless (often meaningless) data before making a decision.
2. Golden Child: When special responsibility, opportunity, recognition, or reward is given to a team member based on personal relationships or contrary to the person’s actual performance.
3. Leader Not Manager: Being a great leader doesn’t necessarily mean being a great manager.
4. Manager Not Leader: The manager who is proficient at their administrative and managerial duties, but lacks leadership ability
5. Management Meeting Mania: The manager whose only function in the organization is to schedule useless meetings
6. All You Have is a Hammer: One-dimensional management where the same technique is used on all subordinates.

These will do for today. For more you can search google or checkout wikipedia. Keywords Anti-Patterns and Managerial. You can also check for good books on the anti-patterns subject.

Sunday, April 01, 2007


Fortunately, I've found lots of books and online material that teach you Java swing/awt programming for desktop environments.

Unfortunately, very few (approximately none) discuss structuring your application code.

I've seen "Learning Java" over discuss the 'Adapter' design pattern when it comes to separating UI actions from application functionality. But still, I'm looking for patterns that will make code scale, techniques that will handle complex user interfaces using simple class relations without cross-referencing different variables, classes and elements along the code.

Till I meet such a tutorial or reference, I think I'll be treating Swing the MFC way.
Lucky me , I've done MFC ;)

In Search For A Convenient Java IDE

With all the years of VI programming on linux as my ultimate IDE. Being introduced to some civilized java IDE's exposed me to a cultural shock.

With all the impressing stuff, I'm still trying to find the best out there. Trying to find the best by comparison then by elimination. First of all, they all look great. The Java IDE's sum up to the following:

1. Eclipse
2. NetBeans
3. JBuilder (by Borland)
4. JDeveloper (by Oracle)
5. Intellij IDEA

The best link I found that does a fair comparison is this one:

I'm trying them out one by one. Please note that my evaluation will be based on the best IDE for creating desktop applications.

I've just tried JDeveloper today and I think its the best. Eclipse, NetBeans and Intellij IDEA I've tried a bit. But the one that provides the best convenience I believe is JDeveloper, specially when it comes to creating GUI Desktop applications.

The problem with Eclipse is that it doesn't support Swing/AWT ui elements, but rather have to be purchased from thirdparty commercials (most notably MyEclipse).

Netbeans is good. But the layout facilities provided are so cumbersome. To that, NetBeans lacks alot of features, and its intellisense makes me mad from time to time. When I'm in the middle of typing a function name, and go back by pressing delete, intellisense dissapears. This doesn't happen with JDeveloper.

Intellij IDEA. I have to be frank here, I didnt give it a full try. Its commercial for $500 and looks great. Also lots of features, a big community, and lots of plugins, the only problem is that I didnt give it a full try since the GUI layouts it provided were a bit like NetBeans. I'm sure there is an option that makes it like JDeveloper. But I didn't find it fast enough.

The only one left to try is JBuilder from Borland. I dont think I will get there. I'm so happy about JDeveloper I dont think I'll ever go anywhere else ;)

Tuesday, March 27, 2007

The Riddle In The Middle

Whats next in this sequence:


No its not 8. Its 9.

See, the function that created this sequence is:

f(n) = n + floor(n/8)

Wisdom Of The Day:

"When something looks so easy,
suspicion would be the best first thing to do."

Any extra wisdoms you can think of?

Saturday, March 24, 2007

Advanced For Loops

There are some skills in our career that we have reached proficient enough to an extent that we think there's nothing extra to learn.

One good example is the for loop, I mean, I dont think there is anything left I need to learn about a for loop.

Well, I was wrong, daaaaaaaaaaaaaaaamn wrong, here's one extra piece of information that'll leave you scratching your head the rest of the day.

for (int i = 0; i < arrCustomers.length(); i++)


for (int i = 0, len = arrCustomers.length(); i < len; i++)

Now the code above saves your interpreter/compiler from calling the method length() each and every iteration.

Meaning, a wonderful optimization with approximately zero extra code.

Whether you like it or not:
"You ain't a for loop expert as much you thought you were!"

Wednesday, March 21, 2007

You've got a bug (Dont take it personal)

Developers have always, are always and will always be in a state of offense when being accused of committing a bug.

Whether they (we) like it or not, the statement:

"You've got a bug."

is an emotionally disturbing phrase for (we) the developers.

The word 'bug' by itself is so phonetically provoking. First of all, its composed from one sylable that pops out all of a sudden. "BUG", "BUg!", "bUG', "BuG", its like microwave popcorn.

It even sounds like you're cursing someone. And sometimes, it sounds like you're accusing someone of having weazels in his hair (قمل).

I try my best to avoid using the literal form of the word 'bug' by replacing it with more friendly alternatives like the words 'defect', 'malfunction', 'problem', 'leak', these words have proved to be more DES (Developer Ear Safe) words.

If you're a quality person, a customer, a manager or any person involved in auditing developer's output, then here are some alternative sentences I've collected through my career to help you out with dealing with such cases:

"The system is acting a bit wierd when I press this button."

"There's a small problem, I dont think you have uploaded the latest code."

"I found this problem, you know what, it looks like a third-party library is going nuts."

"I found this problem, are you sure no one touched the code you wrote?"

"I'm sure you haven't finished yet, I remember you told me you still have work to do in this module, I think this is why all these bugs are showing up."

Also make sure not to use the word 'you'. But always use the passive tense, and talk about it as if its a 'system' problem and not a developer's problem. Not "You've got a bug", but rather, "A strange problem is showing up here.".

Last advice, stay away from discussing this bug with the public; before the bug is fixed, while being fixed and after getting fixed. Dont discuss other people's problems if you dont like people discussing yours.

Monday, March 19, 2007

Extreme Programming

In Martial Arts, the most extreme methodology is named KungFu.

In software, they call it "Extreme Programming".

Some principals taught in Extreme Programming:

"A team is much more flexible if everyone knows enough about every part of the system to work on it. "

"You must realize that the design you envisioned was a good guide post, but is now obsolete."

"Never try to guess what the system's bottle neck will be. Measure it!"

"If only one person on your team can work in a given area and that person leaves or you just have numerous things waiting to be done in that section you will find your project's progress reduced to a crawl."

"Simple design always takes less time to finish than a complex one."

"So always do the simplest thing that could possibly work."

"If you find something that is complex replace it with something simple."

"Beware though, keeping a design simple is hard work."

"Refactor mercilessly to keep the design simple as you go and to avoid needless clutter and complexity."

"We continue to use and reuse code that is no longer maintainable because it still works in some way and we are afraid to modify it. But is it really cost effective to do so? Extreme Programming (XP) takes the stance that it is not."

"Working overtime sucks the spirit and motivation out of a team."

"Make it work, make it right, then make it fast."

For more visit:

Good Link

Sunday, March 18, 2007

I still find Javascript the hardest

With all the languages I write code in, I still find the most difficult language to write code through is Javascript.

When it comes to writing javascript, I start having some headaches, here's why:

1. I start imagining the different constructs I'll use to check for browser versions.
2. I need to check for different user settings.
3. The debugger on Internet Explorer SUCKS!
4. The language itself is neither Object Oriented, nor friendly, its a strange language where an object becomes an array with a strange form of instantiation, strange syntax.
5. Whenever I think of growing myself in this language, I start getting the feeling that its not worth it. I will only need it for small webapplication tweaking functionalities along with AJAX calls, so there's really no need in investing my mind brain cells in it.

The only thing that made my life easier lately is a very good javascript debugger by the name of FireBug which comes as an add-on for FireFox.

Other than that, I feel that this is the reason why there are very very very few excellent javascript developers around. And guess what, the demand is growing.

Wednesday, March 14, 2007


Having a profession is something, becoming a professional is another. The mental distance between those two is similar to the distance between Irbid and Manhattan.

When building up your profession, there are two parallel lines that you need to maintain and balance:

Step #1: Practice it yourself.
Keep practicing your profession the right way, work smart, enhance your techniques every work cycle.

Step #2: Observe other professional work.

Look at what other good people have done. Understand different methodologies, patterns, techniques and practices. Read, research, find better ways to do the same work.

This bicyclic process is necessary to grow you fast enough.
Dropping line #2 will get you a bit lost and isolated, often resulting in slow progress in your career. Dropping line #1 will simply make you loose your craft.

The most useful tasks I ever got while working in the software industry were debugging, fixing and enhancing existing codebases.

Simply because, I get the opportunity to write code, and to understand how other code works.

Finally, I'd like to end this post with a valuable wisdom:

"Its not what you know, its how good you know it."

Tuesday, March 13, 2007

Desktop Application Development

I'm back to desktop development aaaand I love it. Desktop Applications, its a whole new world, away from the CSS, HTML tags and Buggy Javascript (Damn the IE javascript debugger, I just hate it, it always lies to me about the error's line number).

Desktop application development on the other hand is rigid, aint buggy, wonderful. I'm using MFC8 with Visual C++ 2005 Express. Voila! Smells exactly like teen spirit.

With desktop applications, the possibilities are just endless. You've got new raw material for your abstract ideas.


Monday, March 12, 2007

Subliminal Programming

I remember the old days when I used to play billiards, I used to concentrate deeeeeply on the cue, the black eight, the pocket and the cueball ('7asem), trying my best to have them aligned on the correct (virtual dashed line), I then hesitate and give myself a break by sharpening the edge with a piece of chalk, again, I concentrate, think and make a shot, most oftenly, missing the pocket.

Once upon a vivid day, and after some heavy experience, and while on the table, a sudden feeling of confidence came upon me that made me shoot without thinking and made me score just by blinking. No thinking at all, just used my hidden senses to score, score, score. Yippeeee YaYoe! Something happened there, I'm not sure what it is, but I think somehow my experience managed to slip inside the subconcious part of my brain for a while.

I think this what happens with professional football players, or basket ball players, or tennis, or ping-pong, or even judo, jujitsu, guitarists, all the professional people every where, they just do it without thinking, they are experienced enough to an extent that they are able to make moves and decisions without thinking.

I wish I can become like that one day, actually, this happens to me when I'm writing HTML code, it always compiles(1) without any errors.

ref(1): HTML is the only language that compiles without errors.

Saturday, March 10, 2007

Reverse Engineering Tools That Are Not.

I've been researching for the last week for a good reverse engineering tool that would simply get handed in a large C++ codebase and would automatically walk through all the classes, functions, variables and interfaces for the purpose of generating a visualization of the live flow of code.

At the end of my research I was able to find a good reverse engineering tool called Understand for C++ and Understand for Java. This was one of the best I found. I decided to use it, was impressive, but not too impressive, it still lacked lots of stuff I needed.

Looking around, I felt a bit hopeless, until I got introduced to automated document generators.

A code documentation generator would prove as the best reverse engineering tool ever. For reverse engineering purposes, I dont think I need to go any further.

Wednesday, March 07, 2007

Being Skeptic About Necessity is the Mother of Invention

Have a quick look at the mouse to your right, do you see the two mouse buttons, tell me what else? I'm sure you see a small wheel between the two buttons, a wheel used for scrolling up and down a large page inside the window.

A question prevails: "Did anyone in the world ever need this small scrollable wheel before it was invented?"

The answer is No. No one needed it. People where living happily ever after before this wheel even showed up. They had no problem using the up and down arrow keys or even using the scroll bar to the right of the browser's window.

If this is the case, if no one needed it, then "who in the world invented it and for what reason?"

Well, trying to scratch my head a bit, I believe she or he is someone who found it a tedious task to stretch her or his arms a bit and use the arrow keys, or even worse, he or she found it hard to point the mouse cursor on the scroll bar and move it up or down while holding the left mouse button.

From the previous notes, the only reason I can find for him or her who invented the scrollable mouse wheel is, he or she were in a state of laziness... in other words... laziness was the motive.

Did anyone ever need it before it was invented? No. Can anyone nowadays buy a mouse without requesting a scroll wheel, well, I'm one of the people who cant live without it. And I've seen many others who expect it as the default.

Does this apply to other inventions, in most cases, yes, the laziness motive appears much stronger than the necessity motive, as a short conclusion I could say:

"Necessity was never the mother of invention, the real mother is Laziness."

Monday, March 05, 2007

Power Shell versus Bash

A good command prompt has always been a weakness point in MS Windows. Compared with bash scripting in Linux/Solaris/UNIX, the command prompt simply lacks a command prompt.

Microsoft aggressively striked back this time with Microsoft's new Power Shell. You can download it from the following link or read more about it here. Expect better automation tasks and large bash scripts to be so common on Windows.

Sunday, March 04, 2007

Dissecting The Wisdom

Dont trust casual reasoning doesn't mean dont use it. It just means 'dont trust it'.

In reality, I urge people to use their human logic, to use their common sense, to use their casual reasoning or to use whatever they want to call it. These activities are sourced from a powerful tool God gave to us, called the brain.

The only piece of information that you should be aware of and that wasn't mentioned in your user guide is:

"Dont trust it."

So remember this advice when it comes to making big decisions or when it comes to embracing big ideas.

Thursday, March 01, 2007

A Riddle With A Wisdom

Two large jars of exact equal size. The first jar holds pepsi, the second jar holds the same but seven-up.

Using a small empty cup you remove a full small cup of pepsi and pour it in the sevenup jar, you mix the seven-up jar well. Then you remove from the seven-up jar (which has a small amount of pepsi in it) a full small cup and pour it into the pepsi jar.

The question now is:

Is there more pepsi in the sevenup jar than seven-up in the pepsi jar, or is it that there is more sevenup in the pepsi jar than pepsi in the sevenup jar?

This riddle simply proves that casual reasoning cant be trusted.

Monday, February 26, 2007

The Problem With Technical People .. Business Wise

In the software business, the main problem with technical people when it comes to finding 'the idea', is that they easily deviate in their thinking processes from the main objective which is usually building a profitable business.

Instead of thinking rationally about 'how could my idea turn into a business', they easily end up in the thinking processes of 'how could my idea fulfill my creative and technological demands'.

This puts them through misjudgements leading to completely ignoring really good ideas while researching different market niches for reasons like "the idea didn't tick", "wasn't creative enough", "wasn't technically difficult", or simply "I dont like it". They forget the main purpose of the idea which is "creating a business", a growing profitable money generating business, they forget the whole purpose.

I'm not saying that technical people should change their mindset, I'm one of them, and I just cant. If the idea aint technologically stimulating enough, I find it hard to continue. But my advice for any technical person would be the following:

1. Business Value. Make sure there is a commercial value and your idea's category exists.

2. Love your idea. You're not a business person, so money isn't your main driver. Its the idea itself, so make sure you're convinced, you love it and you'll finish it.

3. Use your idea. It would be an excellent advantage to be your own customer and use your idea continuously, this will guarantee future enhancements and growth.

4. Always stay in touch with business minds. You need business advice, so take as many as you can from marketing, sales, software blogs, etc.

With all this advice, and I'm telling you, chances are so limited for you, you'll be wasting alot of time until anything good happens.

Whether you like it or not, business people are the best when it comes to spotting a good idea (or even coming up with one). Their main motivator is money generation, so, if the chosen idea is a good money generator, then they will already be in enough love with their idea to accomplish it and they'll use it as long as it generates money. Their idea's growth will be completely based on market needs.

Bottom line, we - the technical people - suffer from a major bug when it comes to business thinking. This bug can be simply stated as:

"Our passion for technology and our love for creativity deviates us away from good money generating business ideas, we suffer from this bug, business people dont, we'll have to live it, business people wont."

Saturday, February 24, 2007

In search for a good technical site or magazine.

I'm looking for a good technical site with some interesting articles. I can hardly find any, i'm not looking for code only articles, but rather a technical site with a diversity of subjects concerning the different issues in the technical industry.

I also used to enjoy the Linux Magazine (hard copy), but it is no longer sold in Jordan :( This happened after the war in Lebanon, I presume the main distributor was in Lebanon. Anyways, its too costy (about 12 JDs) but really had a diversity of very interesting subjects. Ofcourse, they provide old issues for articles in their website at

So please, if anyone knows a really good up to date website concerning Java, PHP, C, design articles, tools, components then please drop me a comment.


Friday, February 23, 2007

Monitoring Tools with Zoom In Capabilities

One thing I learned when purchasing, using or even building a monitoring tool is the following:

"Monitoring Tools with no Zoom In Capabilities are Worthless!"
So make sure not to waste your budget or time in any monitoring tool that does not provide zoom features to exactly trace sources. An example would be an httpd weblog analyzer. With all the fancy reports generated using tools on the web, if I just cant click on the graph and zoom in into more detailed information, then thats a big problem.

I'm happy to monitor thirty people entering my website on thursday, but I would like to zoom in the same graph to see at which hours of the day, further zoom in to see which countries where they from, then further zoom in to see which pages a certain visitor has gone through then further zoom in to see the amount of time he stayed on the website. Thats what monitoring tools all about.

Same goes to network monitoring tools, same goes to employee monitoring tools, task tracking tools, code analyzing tools, its just that, you either have a built-in magic zoom button or stop soliciting your monitoring software.

Thursday, February 22, 2007

Stable Software

From a black box perspective, stable software boils up to the following:

1. Good usage of Version Control Systems. Branching revisions, branching features, tagging releasing, merging, detecting flaws from versions logs, histories, comments and generated diffs. After being able to use version control correctly, I'm starting to wonder how I ever by-passed such a requirement.

2. Good Bug Tracking. I'd rather call it 'good issue tracking', since its not always a bug, it could be a required future feature, a priority for the next release, a recommended third party code to use, a small research signifying or recommeding new code structures. Bottom line, being able to track the past, present and future of your software's needs.

3. Good Quality People. Not the ones that randomly click everywhere trying to spot a bug. No, I'm talking about Smart Quality People that can intelligently utilize (or even build) testing tools and automation scripts to consistently be able to test every build and every release in a convenient time without having to repeat the quality cycle all over again. In short, good quality people build good quality assembly lines that result in consistent high quality output for every minor or major release launched.

Tuesday, February 20, 2007

Quote Of The Day

“People make all the difference in the world. Venture capitalists would tell you that they’d rather fund a great team than a great idea. The reason is that if they have a bad idea, great teams can figure out a better one. Mediocre people even with a great idea can screw it up in its execution.”

- Joe Kraus, Founder of Excite and JotSpot
Interviewed by the author of Founders At Work (book)

Monday, February 19, 2007

Trends and Fads

Most ideas start as 'ideas'; abstract implementations existing in a (human's) mind.

The two most obvious patterns signifying an idea's life time are a 'trend' or a 'fad'.

Fads tend to shoot up quickly then suddenly die with no warnings. During their shooting time, fans of fads feel so confident about growing in to a trend, and feel so down when their raging idea diminishes.

Trends on the other hand, are ideas that flourish gradually and strongly replacing any fads they meet in their way. Trends are hard to achieve, and their achievement clearly proves the rigidness of their contained idea.

No matter what the background theme is, fads and trends are reliable recognition patterns that can be consistently used to identify an idea's progress. However, the judgement cant take place until a reasonable amount of time has passed.

From my humble observations, i can say that the fad to trend ratio is 99 to 1, i.e. from every hundred ideas we've got about 1 trend and 99 fads. At least this works fine for product ideas rising from the commercial industry.

Saturday, February 17, 2007

Writing .bat files / Part 1 / Hello World

You create a batch file by writing it in a text file then saving the file with the ".bat" extension at the end, this will tell windows that this is an executable batch file.

Here I will create a text file containing the following and save it as "test.bat":

echo "Hello World, this is my first batch file!"

The word 'echo' is a DOS command that simply tells the command shell to display the text message following it.

You can test your first batch file by opening a command line window. To open a command prompt window there are two ways:

First, you can go to Start > All Programs > Accessories > Command Prompt
Or, you can go to Start > Run then type in 'cmd' and click OK.

Once the command prompt is open, you can run your batch file by typing its name followed by enter:

c:\> test.bat

Make sure to change the directory to the location where the test.bat file was saved, in the above example it assumes it was saved in the C:\ top folder. If it was saved in a different location, e.g. F:\my_folder then you can change directories by typing:

c:\> cd /D F:\my_folder
f:\my_folder> test.bat

The output:
f:\my_folder> echo "Hello World, this is my first batch file!"
"Hello World, this is my first batch file!"

Notice that the string got displayed, but also the command 'echo' got displayed too. To hide the commands being executed you can add "@echo off" at the top of the test.bat file.

@echo off
echo "Hello World, this is my first batch file!"

Now executing test.bat would result in:

"Hello World, this is my first batch file!"

Congratulations, your first batch file is ready. Unfortunately, till now it does nothing interesting other than print a message.

Friday, February 16, 2007

The Art of Delegation Using Batch Automation

For those people whom hate donkey work, I have good news for you... even donkey work has a creative side.

The creativity lies in automating the donkey... in software this means writing code to do the job and writing scripts to handle your book keeping tasks.

Using bash scripts on linux and unix are so common. On windows, people hardly know that a command prompt exists, and that they can make their life much easier by writing batch files.

The first rule of automation says:

"If you repeat anything more than once, then consider
automating it."
Most people fail in committing to this rule due to one of three reasons:

1. They fail to notice that they are repeating the same task.
2. They have so much energy that they dont feel automating is necessary.
3. They dont have the 'know how' of writing automation scripts.

Ironically enough, people that love automation turn out to be the laziest people i ever met. I believe this explains the common phrase "need is the mother of invention", to fulfill their idle needs they start creating tools to work for them.

In the next article, I'll teach you how to write simple batch scripts on windows, part of it is for my own reference and learning curve.

Thursday, February 15, 2007

PHP 6, a revolution or just another evolution?

PHP 6 is on the way. One major feature of this release will be full unicode support with complete backward compatibility (what a mess the php.ini configuration file will turn out to be!).

But, will the core engine differ, will there be something different this time? is it worth a most significant version number jump? PHP 5 has been critisized by many as being a minor evolution to PHP 4 and didn't deserve a version jump, rather than what was initially expected.

See, its not only in PHP, its in all software products, when you jump from Version (X) to Version (X+1) then you'd better be having what justifies this jump, and in my opinion... the only justification is a REVOLUTION (background theme music maestro, plz).

Wednesday, February 14, 2007

I Smell Rotten Code.

Here's my best self-awareness test for detecting areas of self-written rotten-code in my source code. The question you have to ask yourself after finishing a code module is the following:

Are you afraid of looking into the code you wrote for this module?
Are you having any discomfort when it comes to adding extra functionalities to your code?

If the answer to any of the above two questions is yes, then I believe you have a problem and your code needs 'refactoring' (another cool word for 'restructuring').

Tuesday, February 13, 2007

The Problem With The PeePee's

With all the paparazzi surrounding PHP, Perl, Python and Ruby, in my opinion, I see them as lacking a 'major' attribute that I cannot live without. This attribute is extensibility; using existing codebases and libraries written in C and/or Java.

The largest code bases and libraries in the world are either written in C or Java. What use do I get if I cant utilize those libraries? Some might argue that it is possible to call C API from PHP or the others, but have you ever tried writing a PHP extension that wraps a C library? have you tried that in Python? Perl? Ruby?

The amount of learning curve, buggy constructs, and lanuguage intracies you have to deal with make your life suck when it comes to extensibility from those PeePee's (most of them start with the letter P).

Every piece of new hardware, every new database, every robot, each and every mobile device, is guaranteed to provide you a C and/or Java API to communicate with. None have ever provided you with a PHP/Python/Ruby/Perl API. All those API's come as wrapped up contributions of the C or Java version.

This problem does not exist in either C or Java. Java uses the JNI (java native interface) to talk with the C language APIs which could add a learning curve; however, unlike other learning curves, this learning curve aint wasted simply because those two languages are guaranteed to survive for at least the upcoming decade with continuous SDKs sourced out from new technologies.

The PeePee's are useful tools, useful languages, but dont base heavy code bases on them. One day you'll discover that you'll need to start porting your code, let this day be early enough with limited losses.

Saturday, February 10, 2007

Build space ship 'One' before space ship 'Two'

Whenever you have an idea for a library, product, class or anything else, always remember to build space ship one first, stop collecting extrabonanzic features and ideal design methodologies to reach directly to your dream space ship, start with space ship 'one' always.

This means, if its a product, this would be the minimal set of features that will make it usable.

If its a library, this means exposing the minimal set of functions that are sufficient to achieve the main objective of the library.

If its a class, then allow the smallest simplest possible code that'll make it work.

Ofcourse, before you even think of starting to work on Spache Ship 'Two', remember to launch spache ship 'One', or else, you're skipping the advice.

In a product's sense, space ship one is usually your own design, thoughts and implementation. After launching space ship one, people will start giving you feedback on certain conveniences, improvements, enhancements which you should take into account in space ship two.


Nothing more, nothing less, if you cant launch space ship one, dont even think of building a space ship.

Friday, February 09, 2007

Open Source Hidden Facts

1. Open Source software does not imply free usage. Many commercial companies sell there software in open source form, which simply means that the source code is open.
2. GPL Licensed Software is free for use but CANNOT be used in a commercial product.
3. Any software you write that uses GPL licensed software/code is automatically GPL software, they call this the Viral Aspect of GPL.
4. LGPL is different from GPL and stands for "Lesser GPL".
5. LGPL has the advantage that you can include LGPL software code inside your commercial product and also have it in its compiled form.
6. You must always provide GPL software in its open source form, if you do a project that uses GPL software, then your code should also stay open.
7. Apache License has nothing to do with the Apache Webserver, its just a license type that applies to software.
8. An Apache Licensed Software or Library can be used in a commercial product.
9. A BSD Licensed Software or Library can be used in a commercial product.
10. Although you can't use GPL software in a commercial product, but you can sell GPL software with any amount of money you want. As an example, I can now download a GPL software (eg. Kannel Gateway) and sell it to a company for $400'000, totally legal, totally 7alaal.
11. Some software companies provide software products as "Dual Licenses", this means two licenses and depends on the usage. For example, MySQL provides its database as GPL for internal use and provides a commercial license for commercial usage (that you have to pay for).

Tuesday, February 06, 2007

This Week's Quick Peeks

Here I'll mention some interesting tools I came across from friends and websites:

1. Notepad++. A wonderful light-weight and powerful editor program.
2. Create a disposable email that lasts for 15 minutes for use in registration forms. Ver practical.
3. Whats Running. A tool that lets you control your startup programs, and view all system processes, loaded dll's, threads, services, etc. Simple, wonderful and free.
4. Java Excelsior. The best java commercial native compiler on earth for both windows and linux.
5. A site that explains how stuff works.
6. A search engine for developers. Check it out.
7. Handling Back Pain. An interesting article on how to relieve, prevent and exercise to rescue your back. Simple and easy exercises for "Belly Coders" (thats me).
8. A list of the top programming languages. Most recent ranks of who is at the top, is it Java, PHP, C, C++, or * ?

Please donate a comment below to keep this website running.

Monday, February 05, 2007

The Idea, The Money and The Environment

I like this analogy and I think it puts an ends to the world wide debate of whats more important, the idea or the money?

The analogy simply states that an idea is the 'seed', the money is the 'water' and the environment the idea gets implemented in is the 'soil'.

Now, all you have to do to understand the effects of the lack or availability of these elements is by substitution and elimination...

If you have a good idea without enough money or without a suitable environment, then it stays in it's passive form, with no yield.

If you have lots of money without a (good) idea and a suitable environment then your money is in its passive form, with no yield.

If you have a wonderful environment without a (good) idea or enough money, then you're environment is in its passive form, with no yield.

When three of them match, you'll get a wonderful tree. However, without sufficient money, it might take longer to grow, without a matching culture or environment then it will take a lot more time to be accepted, but at the end, without the seed, there's absolutely no tree.

Sunday, February 04, 2007

A Word on Patents

"How powerful are Microsoft patents? No one really wants to know - including Microsoft. A patent is a powerful weapon, but the best use for a powerful weapon is not to pull the trigger but to sit next to it and act like you're going to pull the trigger. Once you use it, you lose the ability to peer silently into the eyes of your opponents and make them shiver with dread. More importantly, you expose yourself to the possibility that the weapon might not even work."

- Joe Casad, Editor in Chief, Linux Magazine, Jan 2007
Describing the threat Microsoft imposes on the Open Source industry.

Whats Running?

One thing I used to hate about Windows in general, was the lack of transparency of processes, services, startup programs, threads, network sockets, etc. There might be some techniques I'm not aware of in viewing all these entities within the system. But I dont think I need to learn any of these hidden techniques after finding this free useful tool by the name of "Whats Running".

Thursday, February 01, 2007

Yours Sincerely

Starting and Ending emails has always been a major issue with myself.

Does 'Yours Sincerely' sound a bit too formal? Shall I use 'Regards' or 'Best Regards'? Maybe 'Best Regards' will give an impression that I'm a bit too excited or something, I'll use 'Regards' instead. What about 'Yours Faithfully'? which will I use, when? What about the name prefix... hmmmmm... "Dear X" sounds so intimate, I barely know her/him, lets use "Hi X" instead, but this sounds too casual too, ok, "Hello X" seems fair enough. What about the prefix? is she a Ms or Mrs? and will he be pissed off if I used his bare name without the Mr/Prof/Highness? I need an ice breaker too, but the only one I can think of is "Hope all is well, ...".

I discovered this article that provides tips that will easily put an end to those confusing 'thought provoking' 'mind squashing' emotions you experience when you write a new email, specially when you're writing to some corporate client trying to look professional enough.

Wednesday, January 31, 2007

Java Collections, Maps, Sets, Hashs, Lists, Arrays

One thing I really hate is having to use collection types in my java code. Whenever this takes place I have to jump back to the JDK documentation and start digging for methods.

Suddenly, I decided to put an end to this fuss (sorry 3akilmit fuss). I searched google for a simple tutorial, and guess what I found. A wonderfully illustrated simple to use up-to-date small tutorial PDF document, check it out here.

Wonderful and easily digestible by an average mind.

Tuesday, January 30, 2007

Purchasing A Laptop

I've learned two things when buying laptops:

1. Research well, do your own study and dont take an impulsive decision. A laptop will stay with you for at least two years, and it will affect your convenience in life throughout this period.

2. The last thing to look at is the specs posted in the laptops offer.

Here are what I first ask about, and I'll also tell you about my preferences:

1. Brand. Its either HP, IBM, Toshiba, Sony VIAO, Dell, or an uncommon brand with a cheap price. My golden rule here is.. dont base your judgement on a brand! Even within the same brand, every model has its differences from other models, its defects, inconveniences, advantages, etc. So, dont compare an IBM to an HP, but rather compare IBM Thinkpad XXX to HP nx83xx (example), or even compare HP nx7400 to HP nx8300. You can ofcourse compare support for these brands based on your location.
My favorite brand though is HP, why I dont know I just love it.

2. Series. Always go for the Professional (or Business) series, forget the Home or Multimedia series, unless you're the family guy. Actually I hate HP's home/multimedia series. What really makes me tick is their Professional series.

3. Screen Resolution. One of the things I hate about laptop offers is that they HARDLY EVER mention the screen resolution. The best resolution to go for is 1280 x 800, nothing more, nothing less. Forget about 1024 x 768, and some new high resolutions really make your eyes burden. If you're attracted to high resolutions, then dont go for more than 1400x1050.

4. Screen Type. Its either TFT, Bright View, or LCD. I prefer Bright View. TFT will get dark by time due to the burning of the TFT cells. Some disadvantages of TFT and LCD is that they become a white screen from a bent angle, some new TFT technologies remedy this problem. And by the way, I've seen companies and people soliciting this problem as a privacy feature. For example, when ur in an internet cafe, people wont see what you're working on from a bent angle. Bright View is very new; it comes by different names, XBRITE for Sony, Bright View for HP, TrueBrite for Toshiba (as far as I can remember). The funny thing is NONE of these companies manufacture these screens, they buy it from a third party and sell it under different names. This really surprised me, specially from SONY.

Some people that tried Bright View at first (specially those used to TFT/LCD) felt that its weird and causes a headache. But trust me, this is only the first week, you'll get used to it, and its also more safer than TFT screens for your eyes.

For me, bright view is the best and it will maintain its quality through the laptop's life time.

5. The sound speakers. Try them out, try a song with a strong base sound and popup the volumne to the max, if you can here rambling inside the speakers, then skip this laptop. This happened to me with the SONY VAIO and some Home Series HP. Also, try to get the laptop where the speakers are on the prolonged edges of the keyboard, or on the front, and do the BASE TEST. Dont let the sales man put for you a Birdy Song while smiling at you.

6. The USB locations. You need two on the left, one on the right, two on the back, or else you'll be leading an inconveninent life. Have the USB ports arranged like that '_ _' and not '=', This is becoz some flash memory sticks will be thick to stumble any extra USB device on the adjacent port.

7. Heat Dissipation. You need good ventilation. There will be heat, but you dont want this heat to be coming out from the Keyboard, or from the left or right bottom corners of the keyboard, or else they will hurt your hand palms really bad.

8. Hard Disk Location. Should be anywhere other than under your mouse touchpad panel. You're bottom palm is heavier than you think and could one day affect your hard disk (happened to FUJITSU SEIMENS users which totally corrupted the hard disk).

9. RAM. For 512, they will write 512MB or 512MB DDR2 in the offer. Ask about the bus speed, and dont go less than 633MHz RAM Bus Speed.

10. Do you want XP Pro, or XP Home. If you dont, then try to find a laptop without them, you'll save about a $100 dollars in price.

11. Mouse, touch pad or rubber? I dont care, I always use an external small mouse. If you care about that then make sure to know what you want.

12. Check the price on the company's website, see a demo, for the model you want, check next and previous item in the same series. For example, my laptop HP nx7400, I checked nx8* and nx6* to see the differences.

13. Try out the keyboard. Make sure to try it out and feel comfortable with it.

14. CD/DVD Writers/Reader. Dont go for less, let it be full writing and reading for DVDs and CDs.

15. Check the microsoft key button, I love this button. "Microsoft Key + D" Minimizes the whole desktop or returns it to its previous state. Really useful.

16. Wifi & Bluetooth. Check that two buttons exist that allow you to disable/enable Wifi or disable/enable bluetooth.

Thats all I can think of.

HP nx7400 for me was super excellent.
ps. I'm a programmer, so keep this in mind.

Monday, January 29, 2007

Say Hi to Derby.

MySQL, Postgres and now Derby... a new database that adds up to the competition. This time from IBM directly to the opensource community and under the wonderful Apache License.

Now this database is amazingly amazing, it supports transactions, its java based, it has a small footprint (2 Megabytes), it supports full encryption storage, it supports multiple access methods including SQL and low level API calls.

What I like about Derby the most is that it started as a commercial database (known as IBM Cloudscape) and then got released to opensource. This guarantees the best of both worlds; a commercial quality database with full opensource transparency and community support.

My only problem with projects that start as opensource is that you rarely find quality efforts put into them unless they are being sponsored by a big company or are provided with donations.

On the other hand, commercial products, if not thriving for quality, they risk a chance of losing their competition and their business. Not only quality software, but quality documentation and quality support and quality *. With a lot of exceptions here and there, I still believe that commercial products have a greater probability of meeting high quality standards.

Thursday, January 25, 2007

Role Based Security

Just a quick summary from the last security post...

A resource is what you need to protect. It could be a document, html page, folder, part of the system, etc.
A subject is the user, him or her who acts on the resource.
An action is what the subject performs on a resource.
An Access List is a table describing what 'action'(s) can a subject perform on a resource.

Lets say we have an admin application, with four sections. User Management, Reporting, Backup & Restore. These can be 3 resources that we want to protect. Remember, a 'resource' is any thing you want to restrict access to.

The subjects are the 10 users. For simplicity, the actions can be Allow, Deny. (ofcourse, some actions could apply to certain resources only specially when you have finer permissions).

The access list could contain:
User A --> Allow --> User Management
User A --> Allow --> Backup & Restore
User A --> Allow --> Reporting
User C --> Allow --> Reporting
User C --> Allow --> Backup & Restore
User C --> Deny --> User Management
User D --> Allow --> Reporting
For 10 users, the table grows, for 100 users the Access List becomes so big... and so administratively consuming. The poor administrator will have to assign the action for every and each user on the system.

Here comes the concept of the "Role". A role is simple a middle entity between the subject's (ie. users) and the actions that would greatly simplify maintaing the access list. The access list in role-based security is called a Role Based Access Control List (abbr. RBACL).

We can now create three Roles; Reporter, Full User, and Guest. The Role Based Access List will now hold Role --> Action --> Resource instead of User --> Action --> Resource.
And another table will hold the User --> Role mapping.

See how simple the Access List becomes:
Full User --> Allow --> User Management
Full User --> Allow --> Reporting
Full User --> Allow --> Backup & Recovery
Reporter --> Allow --> Reporting
Reporter --> Deny --> User Management
Reported --> Deny --> Backup & Recovery
Guest --> Deny --> Backup & Recovery
Guest --> Deny --> Reporting
Guest --> Deny --> User Management

Thats it! Now all you have to do is to add a column in the users table
to specify a Role.

for example, User --> Roles will be:
User A --> Full User
User D --> Guest
User E --> Reporter
User F --> Guest

See how simple it becomes, every new user will only need to assign him or her one Role instead of re-defining all the actions he can perform.

Next post, I'll introduce you to extending your design, and some guidelines to stick to.

Tuesday, January 23, 2007

Goodbye PHP. With Love, Basil.

I dropped PHP, in favor of wonderful JSP. Yes, yes and yes. After too many thoughts, and too many oooofss, its time my friend to start from the end.

Frankly speaking, I have about a thousand reasons why I dropped PHP. Half of them arise from the -ve's (negatives) of the PHP language, and the rest comes from the +ve's of the Java language and the wonderful Java programming mindset.

I wont name them here, you can call me on skype to discuss this if you like. But, I dont even have the time to complain about PHP in this blog. We had good times together, but at the end, leaving this language (from my perspective) is a mindful correct decision. The decision is not a religious one, I might still 'have' to use it in several occasions eg. quick small web-apps, hosting code, scripts, and current codebases.

Saturday, January 20, 2007

Guidelines on Designing a Better Security Model

I've collected some quick notes that will be helpful to guide you in designing a better security model. And to make it simpler, I'll explain it in a step by step example.

Assume you designed/implemented a multi-user application and would like to implement some sort of manageable security for the login accounts on the system. Read the following scenario:

1. Your system is comprised from a set of documents and pages.
2. You have multiple users on your system that can login.
3. The different users can perform different actions on the different documents and pages.

Till here we need to take a break and define some standard terminology used all over.

When it comes to security, the documents and pages are termed "resources", the different users are termed "subjects" and the different actions performed from those "subjects" on these "resources" are termed "actions".

4. I'd like now to collect a list of all the resources, actions and users on my application before I step into any design issues.

5. The resources I have are "Documents" and "Pages"

6. The actions I have are "Read", "Read/Write", "Upload", "Delete", "Edit" as an example. Note that certain "actions" can apply to certain "resources", while have no significance for other "resources", for eg. I can "Upload" a "Document", but I cant "Upload" a "Page". This is okay.

7. A list of users, this is usually stored somewhere in a database table or wherever, the important thing here is that those "subjects" are known.

After preparing a list of "resouces", "subjects" and "actions", I'll assume that no security is applied at all in the first place.

This means that any "subject" can perform any "action" on any "resource" whatsoever. In such a system, freedom fighters will enjoy it the most, while the rest will feel very insecure. Serving the rest will need some better security constraints on the different actions and resources in the system (sounds a bit political :\)

Here comes the concept of the "Access List".

The "Access List" simply defines which subjects can perform which actions on which resources?
Database wise, consider it a problem to figure out, simply it could be a table with a user id, resource id and action(s) for each row. Remember, its your design, I'm just giving guidelines here.

Ofcourse, when talking about the resource document or the resource page, we are indicating the resource type, thus its more of a resource type, and not a specific resource. Again, its your design, some might choose a very fine grained security model in which every single document has its own security, others will be comfortable with a certain action applied or denied for all documents.

An example "Access List" will simply say:

Subject "Basil" can "Delete" resource "Documents"
Subject "Basil" can "Read/Write" resource "Pages"
Subject "Whoever" can "Read Only" resource "Documents"
... (and so on)

The problem here is that if I have 100 users on my system, with 8 types of actions and three types of resources, then this "Access List" can grow indefinitely when describing the different permissions and will be hard to maintain by an administrator on the system.

Next post I'll show you how to tackle this problem.

ps. Comments, anybody, please, starting to feel lonely here.

Tuesday, January 16, 2007

In search for a good security model

I'm currently researching for some good way of implementing a security model for an administrative application. See, this is one of the areas where you really need a good design. And if not well thought of, then the code can easily get dirty and strangled in one month's time.

In small applications, we used to implement such in a very simple way by using database columns with true/false values or by using a access mask stored in a string.

However, such methodology proves very weak when its times to scale and fine tune your apps security demands. A security model is something that doesn't stay the same since it will be affected by any extra functionalities added to the application in future versions, therefore, as i already said, it is one of the areas that need deep thought and a good design.

If you're not acquainted to the terms: Policy, Subject, Resource, Role Based Access List, Authenticator, Authorizer... then HANDS OFF the security architecture document and delegate it to someone else. I know you have the brain power to do it, but without the correct knowledge, it wont be easy.