Posts

Showing posts from November, 2006

Design to fail

Last night I went to an SDForum talk by two eBay architects Randy Shoup and Dan Pritchett on how they built, scaled and run their operation. The talk didn't have anything substantially different from what I've heard before, but was still impressive because they were applying some of the common thinking to their operations which runs over 15000 servers any given time. [ Slides ] Here are a few interesting phrases I took away from the talk. Scale out not up : Scaling up is not only expensive, it will also become impossible beyond a certain technical limitation. Scaling out, however is cheaper and practical. Design to fail : Every QA team I know, do a whole batch of tests to make sure all components work as they should. Rarely have I seen a team which also does testing to see whether the servers stay up if certain parts of the application fail. If you can't split it, you can't scale it : Ebay realized early on that anything which cannot be split into smaller components

The Java+linux OS

This will be an interesting trend to follow. This linux+perl distribution is made up of just linux kernel and perl binaries. Rest of the tools are all written in perl shell scripts. Miguel de Icaza , the creator of mono is looking for folks to do the same with mono. I think its a great experiment and will help validate mono as a practical alternative to other frameworks/languages on linux. But what will be even cooler (for me atleast) is if someone can create a true Object oriented shell experience like Microsoft's powershell/monad . And incase you didn't know, Powershell/Monad is the new shell by Microsoft using .net framework. It will probably replace cmd sometime in the future. That being said, it doesn't really have to be mono. Java is a perfect candidate for it as well. There was a java project related to a java based shell which I don't think is active anymore... may be someone can revive it. Can it be done ?

JSON: Breaking the same-server-policy Ajax barrier

The same origin policy prevents document or script loaded from one origin from getting or setting properties ( XMLHttpRequest ) of a document from a different origin. The policy dates from Netscape Navigator 2.0. This is a very important security restriction which disables rogue third-party javascripts from getting information from your authenticated banking server session. Unfortunately, this also almost completely shuts down any possibility of data sharing between multiple servers. Note the use of the word "almost", because "JSON" is the new Saviour of web2.0 world. JSON or Javascript Object Notation , is nothing but a simple data interchange format which can be easily used by javascript applications. Whats different here is that unlike XMLHttpRequest which can send back answers in any format the javascript application wants, JSON requires the answers to be in JSON format, which is basically a subset of Javascript Programming language , or to be more spec

Ajax/Web debugging with Firebug

Image
I've been using Firefox for a long time, and have always had Web developer plugin by my side for those miserable days. This tool which can save your ass at a time when you really need to understand what the heck your Ajax code is up to. A couple of days ago I came across another such tool called  Firebug . All I have to say is that I was completely blown away by its intutive debugging style Cleaning up my messy Ajax generated code could have been a lot worse if this guy wasn't around. Here is a quick feature list * JavaScript debugger for stepping through code one line at a time * Status bar icon shows you when there is an error in a web page * A console that shows errors from JavaScript and CSS * Log messages from JavaScript in your web page to the console (bye bye "alert debugging") * An JavaScript command line (no more "javascript:" in the URL bar) * Spy on XMLHttpRequest traffic * Inspect HTML source, computed style, events, layout and the DOM

Thanksgiving updates

I played around with two interesting javascript toolkits which help you make rounded-corners in your html pages without using images. Rico and Trancorners . DD-WRT is a opensourced kernel for Broadcom based wireless routers . During my work using CSS I found some interesing CSS tips and tricks sites . OpenSuse is finally here. Release Candidate 1 (RC1) of openSUSE 10.2 is codename Basilisk Lizard. 130 Ajax Tutorials Google is planning to add its blog search engine to its main google search website Zune didn't have a USB drive mode, but now it been hacked

Faking a Virtual Machine

One of the more popular trends in the recent years is the move of malicious code analysts towards virtual machines to test and reverse-engineer malicious code. And surprisingly the virus/worm writers have been adding mechanisms to their code to detect such environments. I came across this particular piece of software called Themida which does exactly that. Lenny Zeltser from SANS reports about this on SANS . Whats interesting is that this kind of detection is now part of commercial packers around the world. The question I have is this, how long will it take for someone to come up with a VMWare/Virtual Machine simulator/faker which I can run on my perfect non-virtual desktop/laptop/server and make malwares believe its running inside a Virtual machine ? If that can kill even a small percent of fresh 0-day worms/viruses, it would be worth the effort. Wouldn't it ?

The RAJAX framework (Reverse AJAX)

The use of XmlHTTPRequest without refreshing the browser is one of the more common ways of differentiating an Ajax application from a more traditional approach. But while rest of the world was learning Ajax, some smart developers have figured out to do the next step and created something called " Reverse AJAX ", or as I call it "RAJAX". Traditional client-server applications (not over the web) which used standard TCP/IP and UDP protocols didn't have to worry about Firewalls, NATs and PATs. Such client-server applications had the ability to intiate connections either way (from client to server, or from server to client). HTTP Protocol, which was built over TCP/IP was designed for specifically for web browsing where its always the clients asking for information and servers replying. By moving traditional client-server applications to Web applications, the users did solve a lot of Firewall/NAT/PAT issues, but gave up a lot on usability and speed. AJAX to some ext

Sitemaps now supported by Microsoft and Yahoo.

Google started it, but sitemaps has since been adopted by most of the large search organizations out there. If you own a website, and have a lot of static content, you probably should be investigating at creating and updating sitemap on regular basis. Sitemap is basically an XML file which describes the contents and change frequency of the site. If you ever had pages hidden deep inside your website which were not getting indexed before, sitemaps is an excellent way of advertising those pages to the search engine. Sitemaps are an easy way for webmasters to inform search engines about pages on their sites that are available for crawling. In its simplest form, a Sitemap is an XML file that lists URLs for a site along with additional metadata about each URL (when it was last updated, how often it usually changes, and how important it is, relative to other URLs in the site) so that search engines can more intelligently crawl the site. Web crawlers usually discover pages from links within

Powershell/Monad Version 1.0 is finally out

More than two years ago I wrote about a neat little microsoft project called Monad which caught my eye. The project boasted of doing something which I've never seen anyone else do before. They created an object oriented shell interface. One of the examples I use to explain is that unlike unix flavor of "ps" which allows listing of fields you like or not using optional command line parameters, in Monad, you can parse the output of "ps" (aka get-process) and manipulate the objects returned to print any format you want by inspecting the object. All unix admins know how to use "cut" "grep" and "awk" for different reasons, but in a true monad shell environments where every command you type is a monad commandlet, you won't have to use the traditional string based tools anymore. Whats interesting is that unlike in Unix/other_shells, you can pipe the output of ps command in monad and throw it on to an XLS sheet with a pie chart attache

Comprehensive security report on Mac

Image
I knew that the Macs are the most secure operating systems around, but what surprised me is that someone took the trouble of writing a comprehensive 29 page PDF report about it. "The research report looks at significant OS X threats including local, remote and kernel vulnerabilities and discusses overall system design weaknesses that contribute to insecurities on the Mac platform. The document also reviews the current state of malicious code, discussing the presence of several viruses and worms and the existence of three known rootkits for OS X."

Microsoft will probably start selling/distributing linux soon

Anyone can tell you an interesting story, but when it comes to Microsoft and Novell's recent deal Linux enthusiasts around the world have more than a couple up their sleeves. Microsoft has a long history at killing competition. They started with Novell's Server market, they tried to do with Java, and today they are trying to do it against the Anti-Virus vendors. They succeeded against Netscape, gained significant grounds against Sony's Playstation, and killed a thousand other products that I can't name because I forgot about them after Microsoft obliterated them out of the market. If any of you are XBox lovers, I don't have to tell you that in the war over consoles Microsoft has been losing money on every XBox it sells. Zune (the competition to iPod) is said to have a similar strategy. In short Microsoft has a huge bank balance and can pump in a lot of money until the competition goes bankrupt. As a result of this announcement its not a surprise that the Linux world

Offline Storage in Ajax applications ?

I've been out of the blogging world working on a ajax application which has been sucking out a lot of time from my already small free time which I have. I'd mentioned Laszlo sometime back, and explained how its jumping into the Ajax world from a pure flash based application server. The ajax application I was working on, however, started in pure ajax before it got involved with Dojo . Dojo is not the only Javascript library out there, but it certainly is one of the better ones. I played around with a few others including yahoo's javascript library, Google web toolkit and Sajax before I chose Dojo to work with. No server side code was one of the reasons, but its popularity was the man reason. When I started off Dojo had 0.3 version out which already had a lot of important features like back-button-fix and keyboard event handlers which I heavily use in my application. As of today has 0.4 released which has among other things APIs to draw 2D graphics. But what really surprised