Tag Archives: application

Learn Exactly How I Improved My Digital Security and Privacy In 2 Days

You have zero privacy anyway, Get over it! – Scott McNealy ~ 1999

What is the real fuss all about?

In real life we have privacy, well kind of, no stranger can enter our houses still? Well think again from an evil strangers perspective, there are layers of security already there that ensure our security:

Systems: Govts,Municipality,Locality,Society,House.

People: Police,Neighbours,House occupants,Passerby,You.

Q: So why is it that the digital security has caused so much trouble?
A: Each and every individual (You) & their digital account (your) is a potential target for the evil stranger!
Here’s the simple math: online world population x online accounts per person == potential virtual estate targets for the evil stranger!
Assuming that a person has a single email account atleast, the online world is as insecure as the real world, add to the mix these accounts are held by anyone from 8+ years to 60+ age with varying degrees of meaning of security in their minds!

Defining the attacks

All attacks can be broadly arranged into these 2 categories!

  1. Illegal entry (un trusted)
    These attacks are generally entrusted to be taken care by the system you are connected to! Say you go a friends place for a dinner; you would not expect to take care about your food from the dacoit running on the streets! You would trust your friends premise would take care of this already, any mischief would be assumed to be an illegal entry actually questioning the system as a whole!
  2. Pretending to be someone else (trusted)
    Its not just people, systems can now also presume our identities and hence are subject to being trusted or not! When this happens, the systems can be abused on behalf of an individual. So it is not just a stranger mis-using your credit card, but worse, a lesser-known stranger!

The Warrior Approach

Every digital identity is under attack, and like in the real world, a responsible citizen keeps their ears and eyes open, in our digital avataar, we ought to think likewise!
There is no fool-proof way to secure your digital identity except taking care of known best practices! You break the rule; you end up paying the price depending on where you committed the mistake!

  1. Choose better passwords
    a)Create/Update and change your existing account passwords from here http://passwordsgenerator.net/b)If you have a number of connected systems and too many passwords to manage, think about getting a password management system(they are not safe too!) or best keep them in an offline system with a ready access!
  2. Never trust a new system
    The least you trust a new system, its fun when it turns out to be totally trustworthy, and if not atleast you don’t end up loosing a fortune!
    Use this mantra in life too, good results recommended! 🙂
  3. Never trust a known system too much!
    Know your limits, you own your body totally, but a flu attack can happen on the best of days uninvited!
    Even your trusted disconnected home system is subject to virus attacks from the chinese-make pen-drive!
  4. You are as secure as the world around us!
    The equation of trusted<->non-trusted keeps getting updated regularly, that keeps the battle on between the evil strangers and the white hats!
  5. Question Everything!
    If you are not finding the answers, start looking for the right ones elsewhere! Don’t take anything for granted, for the but obvious, have an inquisitive mind!

Few years into the future, and these practices might not change, only the systems we interact and correlate with will keep upgrading!

Conclusion

The Question is, how do we trust

Workout Guy

from

Tiffany

Either be a paranoid like Agent J or start following the warrior approach! 🙂

PS:This was written for an opening @ THN.

The Sound Experiment ~ Internet Radio setup

Internet Radio

 

Internet radio is an age old concept, that I first got awed using my nokia e 51(RIP). Getting advt free 24×7 guitar songs was a super surprise! And this week I got the opportunity to help set up the infra for a similar requirement!

Here are the lessons:

Enter Windows:

If you are a windows user, you have lots of quick support setting up a winamp backed shoutcast dsp based streaming solution, right from your desktop! Select a playlist and redirect it to the dsp, Viola: You have your local playlist being streamed to the world to enjoy!

Enter mac:

Coincidently, the winamp software is not available at its full fledged version for anything other than a windows! So the previous solution falls on its face!(You get winamp, but not plugins et al). So you have to try:

1/Broadcast Using This Tool

Screen Shot 2016-01-10 at 2.21.29 pm

The problem with this tool is it cannot hijack a running audio, instead, it can only take an input from a device(like mic). Any 3rd party tool that mocks a running audio into a once coming from a device might make this tool very useful! Its a super trimmed down version for anything broadcast!

2/Nicecast

Screen Shot 2016-01-10 at 2.23.04 pm

Nicecast is good for the naive user, but it has a limitation of noise messing(deliberate overlay of a noise sound) after 60 mins of broadcast. The quality of broadcast with Nicecast was even better as compared to winamp solution and aint it cool they provide you with a url in realtime! Sadly their trial version does not let you play with shoutcast streamings!

Update 3: No need to buy the licence :-(, you can link shoutcast servers from nicecast in their trial!

Enter Linux:

Did not try it, but if you are on a linux system, you have to try liquid soap, for the pure fun of command line!

This is what liquid soap does from the command line — Thats autoDJ mixing powers! Way too cool 🙂 Muse is another option worth checking out on a linux distro!

I did not go full fledged to try out unattended hosting(autoDJ), but there are host of plans/providers for that requirement(links shared below).

Useful links:

Video Tutorial: https://www.youtube.com/watch?v=K_rMNo4tkJc

Get free hosting — http://myradiostream.com/get-started/

Another free hosting — http://www.caster.fm/

Not India specific(free autoDJ) — http://free-shoutcast.com/

Free/Small AutoDJ account — https://shoutca.st/

THE STREAMING SOFTWARE — https://www.dyne.org/software/muse/

THE STREAMING COMMANDLINE — http://liquidsoap.fm/index.html

Streaming options — http://blog.wavestreaming.com/5-best-client-broadcasters-to-stream-live/

Various baud rate files — https://www.fastserv.com/kb/article/mp3_bitrate_selection_and_samples/

Talk on baud rates — http://blog.codinghorror.com/the-great-mp3-bitrate-experiment/ and http://sound.stackexchange.com/questions/26222/are-there-any-audible-differences-between-192-and-320-kbit-s-mp3-files

I wish we had more native radio streaming service providers on the web (esp India), why that is not the case maybe due to radio not being accepted as a medium people prefer to hear!No doubt it is the one with max reach!

Also basic things like, why a low encoded audio only does not play well on one stream and a high encoded music play flawlessly on the same stream -Are questions that still bewilder me to an extent! Time to pick up the baud rate/bit rate/encoding/decoding concepts and revise!

Any sound engineer around!?(pun intended!) 😛

Update: The super fast audio hiccup, could be due to chipmunk effect!

Update 2: This experiment is not complete without referencing to podcasts! And here is the magic portion! 🙂

Further monetizing the audio is also an option which shoutcast provide by stealing 2 mins of your stream time and plugging in their advts! IMO, with things that go straight from the ear to the heart, advts should be avoided! Even if its the extreme nuisance of hard rock music or the sound of rain drops & thunder and anything in between! A way better option is get the subscription based model upfront(maybe with a trial of a week or two) and then people choose to keep or trash!? 😀 🙄 ??

Update 4:

AND THE WINNER IS: http://shoutca.st !

Reason:

  1. They give you 50 mb free auto dj.
  2. They give you servers in France(most reliable country in tech!)
  3. They run liquid soap underneath! Yay!
  4. Their solution is cross-platform.(read:cloud)
  5. Their interface is typical of a french mindset! 😛
  6. You can switch to live telecast whenever you want!
  7. They offer icecast and shoutcast v2!

Take my word for it, go for it, for a truely awesome streamed internet radio( minus podcasts) setup solution!

Bike Assist is out!

Making Bike Rides ~ a paradise!
Bike Assist

Bike Assist is out and generally available(fully loaded!)

Here’s a download of all versions:

1/Standard/Free Version

2/Premium Version(@ INR 29/mo)

3/Maps(@ INR 19/mo)

4/Heartbeat+(@ INR 24/mo)

Heres the feature details:

compare4And now to the special features:

1/Maps: Going wayword from our punchline(Maps are boring!), we did realize that when you have a flat tyre, Maps are not that boring, so we have provided with the integration of maps for all spots at a small premium!

2/Heartbeat: The most exciting features of this app!Say you are planning a bike ride and your loved ones need to stay update about your whereabout? Now it wont be fun they calling you all the time?Enter HEARTBEAT: Pin your location whenever you want, to your loved one! If you really like it handsfree, we have provided a mechanism where for a scheduled time(4/6/8 hours), your location will be updated and your loved ones can take a look at that link(updated every 15 mins)! Aint that cool! 🙂

Coming back to BA, heres the link to the app:
Android app on Google Play

If you wish to send us best wishes, you can do so at facebook:

Please go ahead and use the app and share your experience!

Securing your AWS instance!

A daunting task of getting the things secured in the app! Here’s a plethora of links that can help anyone lost/looking to get it done!

  • Cant trust https? Well, roll out your own, AT YOUR OWN RISK!(A must for even https GET calls)
    http://dacrazycoder.blogspot.in/2013/09/encrypt-url-parameters-using-aes-in.html
  • openssl | Getting started with the certificate
    https://www.digitalocean.com/community/tutorials/how-to-install-an-ssl-certificate-from-a-commercial-certificate-authority
  • Look here if nothing works!
    http://www.thefarmdigital.com/blog/technology/how-do-i-setup-ssl-on-aws-elactic-load-balancerelb/
  • FF issue(double check in the browser too!)?
    https://sslanalyzer.comodoca.com/
  • AWS docs(perfect example of information overload)
    http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https-elb.html
    http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.managing.elb.html
    http://serverfault.com/questions/356598/why-cant-i-reach-my-amazon-ec2-instance-via-its-elastic-ip-address
    http://serverfault.com/questions/238976/cname-to-aws-public-dns
    http://pushentertainment.com/rds-connections-by-instance-type/(DB)
  • Testing what you have
    http://mxtoolbox.com/productinfo/domainhealth
    https://www.sslshopper.com/ssl-checker.html
    https://sslanalyzer.comodoca.com/
  • Small things(Hacks!)
    http://stackoverflow.com/questions/22290821/using-a-wildcard-ssl-with-a-cname-pointing-to-ec2-instance
    http://passwordsgenerator.net/

Dont forget, if you have a front controller for your aws, you need to apply the certificates there also!

And finally once all is set up turn off your http listeners for port 80! 🙂

And here’s a link to end the atrocities of the monopoly of the so called CA’s : https://letsencrypt.org/ 😀

DejaVu : Web Services!

For the un-initiated, I am working on my lesser liked topics in the programming world, JS and WS!

I had recently started appreciating the WS without XML/Annotations a few weeks back, but to my surprise, the XFire implementation is no more supported in Spring 3.x hence I had to fall back on XML and Annotations.

I could come up with a working example of contract first WS development from here, and I was happy to see things working as expected, except for the inherent pain of seeing and using XML/Annotations.

This made me re-visit my understanding of whether to use java-first or wsdl-first approach for development.

I was initially a supporter of java-first simply due to my dis-liking for XML, now it seems a wsdl-first approach can keep the concentration of implementation towards the data structure of the messages that go to-and-fro.

That said, if I develop a java-first implementation, and give the 3rd party implementation team the link to the wsdl, does the 3rd party implementor stand to loose anything?

Either way’s even if they are using something other than java to consume the services, they have to wrap the response as per their conveneince, the only tradeoff that I seem to have is the structure of the wsdl message is not the fundamental change item, but the java method arguments become the items that define/control the change.

The only flexibility that I might be loosing here is the power of functional programming language, as-in imagine if a functional programmer implements a wsdl as per my current understanding, I question, does that programmers changing of the wsdl based on the arguments that come and go, affect(ease/pains) my implementation?

To conclude, do I stand to loose anything if I *still* go the java-first implementation way?

Your thoughts?

~rohit.

Requirements Tracking- Yet Another Format!

Couple of days back at work, I got my first opportunity to document the requirements for a particular moderation flow.As a practice we document everything in microsoft project management tool(read: ms word).

And the pain of tracking the changes, without review/comments is unacceptable!

Hence with the motivation set in, this is the template that I could come up after a *lot* of thinking:

As a I want to do … So that… Only If… My action affects…

and here’s an instance of an entry derived from that template:

moderator See new artefacts  entered by users I can validate the contents. There are new artefacts available in the system. Displaying the artefacts with ability to go to next artefact and/or approve/disapprove them.

I have modified the actual text that was prepared for generality and not keeping office work in public!

Incase you have not already guessed, this instance deals with viewing artefacts for moderation.

While preparing this template, I was not cent percent aware of the domain that I was dealing with and also, I was new to this module, maybe that can work in favour of most people in similar situation!

What do you think? Does this template gives you the ability to cover all/most scenarios in your development story?

Feedback welcome!

~rohit.

The social media thing!

Recently at work, I was given the task of implementing social engagement buttons for the likes of Google +1, Twitter, Facebook, LinkedIn.

And the successful implementaion was in two phases.

The first phase: Installing/Configuring the scripts for inclusion and second was testing them out!

Here comes the comparison of their usage:

Ease of finding share buttons.

Here LinkedIN fared last(it took me some time to reach the actual page)), while facebook came second last(it was simply not intuitive to see what changes were getting affected) and google just beat twitter for better placement of the generated script.

Basis: Easy finding + Instant display of customization + Zero extra effort.

Size of included JS

Here FB was last with 100+KB of script, while other three were quite okay, seemingly under 29KB all three combined.

Basis: Don’t know why FB is pushing so much client side javascripts?

Ease of understanding the tag’s

Here the clear winner is twitter, as they simple do a script include and use an anchor tag! It can not get simpler than this. Google came second by making it complex by adding their own custom tag. FB was ugly, while LinkedIN was pathetic, as there was not handle that I could find in their code!

Basis:I am a non-UI guy, so and anchor tag + js include sounds like I am at home!

Alignment on the UI

Twitter and Google fared quite well here, as placing them in a span/div tag, did not distort their buttons, whle FB and LinkedIN folks seems to have done a sloppy job here. Try putting a div around them and you might see their button’s vanishing at times!

Basis:I should be given complete freedom to place the button’s where I like’em.

Getting them to work!

All 4 of these scored 0 on this front. I wasted one whole day trying to figure-out the reason for these tag’s not working on localhost. Surprisingly they require a live public url for them to work fine!

Very dis-appointing!

Basis:I suppose I should be able to test on local how these buttons look for testing!

After getting them to work!

Al most all of these have a bug that if I delete the publicly promoted link/url/etc, the count does not seem to come down accordingly.Strange, but true.

No – Thank You!

For incorporating all of them I had to create a new id and register. I am glad I did it that ways, because LinkedIN was all over me pouring all their corporate tie-ups link/spam/trash all to me and making me a subscriber by default. Also reading the fine print LinkedIN seems like they are selling all infromations to 3rd party affiliates without a clear consent!

Going through FB and twitter settings was also a pain, did not go through details on +1!

Basis: No thanks for the spam!

The inclusion codes for each of these are available on these sites:

1/Google +1 2/Twitter  3/Facebook 4/LinkedIN

Well after checking out the code on a live public url, I suppose the feature would easily come out, but this was an interesting learning experience about how do folks at big public organizations code!

Twitter seems to be leading in this front by keeping it really simple!

~rohit.

Zero Fat( read: XML), Zero Cholestrol(read: Annotations) Web Services!

I have never been an advocate of XML per-say.
And I was faced with the difficulty of writing one recently overwhelmed by the amount of XML and Annotations, well I was looking forward to a hard day ahead. 

Then motivated to defeat XML in my own war, and reducing its footprint in the codebase I am working on, I put on the searching glasses and XFire came to the rescue(credits to them for integrating WS in the most cleanest manner done with Spring, that I know of!)

Now that the plot is set, here’s simple how to:

Presumption: You have two different projects one is the WS other is the consumer of the WS.

Step 1/ Write your service and its implementation in the WS project.
(eg: XXXService/XXXServiceImpl for the project YYY)

Step 2/ Configure the usual project as a spring web project.

Step 3/ Add the following snippet into the web.xml(append incase you have contextConfigLocation predefined.). This makes your project XFire aware.

  
    contextConfigLocation  
    classpath:org/codehaus/xfire/spring/xfire.xml

Step 4/ Expose the service as Http WS through XFire Exporter:

    
                
                
                
        XXXService

Step 4.2/ Inject the Service Impl Bean.

Step 4.3/ Configure the Url for accessing the Service.

Step 5/ Deploy the WS project an tomcat/jboss.

 

|| End of Server Side Configuration||

Step 6/ Test using the soap url:: http://localhost:8080/YYY/XXXws?wsdl

Step 7/ Configure the XFire client on the other project as follows:

    
      XXXService        
      http://localhost:8080/YYY/XXXws?wsdl

Step 8/ Inject it in your client

Step 9/ The client should be configured as::

public class WsClient{    private XXXService xxxService;}
|| End of Client Side Configuration||

Step 10/ Done!

Things to remember::
1/The Java Interface XXXService needs to be shared with the client.
One can overcome this by creating a third common project shared for the WS Provider and WS Consumer.

2/Any changes in the WS provider, would require re-deployment of the first project.
This is the least a java developer(xml unfriendly) can absolutely live with!

3/Once these configurations are done, forget that you ever need to look into the xml’s!
Also any change addition/removal of the methods that needs to be exposed will be purely a java exercise, without requiring to smell XML.
Well you won’t be able to find any xml!!!, thanks again to the wonderful folks at XFire!

PS: All these steps are written here with the help of http://xfire.codehaus.org/Spring+Remoting and implementing this in a production environment!

Hope this helps you in reducing the amount of unnecessary XML’s in your java projects!

~rohit.

Annotations are hardcoded string literals.

Well,
I do not have much to say apart from the what the title of this post says.

I do not like annotations as a way of weaving code for an application at all.
XML’s are bearable, but looking at an annotated code, is like looking at hardcoded values as if they are all string literals.

The reason I prefer XML over annotations is atleast they keep the configuration part staked away seperately or is it just me who does not like overloaded contexts?

Here’s the real motivation:
The OO paradigm was there to do the abstraction right, by punctuating them with annotations, we miss the broader general rule of why the object maping was done initally.

Let’s Keep the principle Simple!

Stable Dev Environment?

2 Comments

Once upon a time there was a Q&A that happened as follows…

Q:So when can you say that your local dev environment is ready?
A:When you have run a comprehensive unit test, pre-existing or drafted yourself.

Q:What is a comprehensive unit test?
A:One that covers all major components of the architecture you are working on.

Q:What can be the major components of an architecture, one may be working on?
A:Layer Code, deployment, DB, Jndi context, orm context, 3rd party API context.

Q:What’s your point?
A:You environment ain’t ready until all your environments are not accessible from your box. The best way to ensure this is with a unit test and know thy environment!