Friday, September 7, 2012

Samsung Galaxy S3 or iPhone 5?

I have a confession...  I own an iPhone 3GS... still.

Yes it's time to upgrade.  It's been time to upgrade.  But last week made it my time to upgrade.  I've only every dropped my phone twice... TWICE!  Last week I dropped it a third time.  Apparently the third time did it in.  The screen now has 2 cracks.  The second is pretty noticeable.

Sorry for the over saturation of the photo but it shows the crack the best.

Now that its determined that I must upgrade my phone I'm in sort of a flux.  There are 2 competing rivalries I see going on - Samsung Galaxy S3 vs. Apple iPhone 5.

Why these two phones?  They are (or will be) the hottest phones on the market.  Currently the Samsung Galaxy S3 is most popular phone.  Last weekend I took a trip to the Verizon Wireless store to see the phone for myself.  When compared to the other Android devices it contained the most sleek design and outperformed many of the others when it came to specs.  I loved the 4.8 inch HD Super AMOLED display!  I'm sure this would be a phone that I would enjoy using for reading my Kindle books on the go as well as viewing my other apps.  But what about the lawsuit?  Should that effect my decision to buy?  Will this phone be taken off the market?

As most of you know, Apple is to be awarded $1 billion in damages after finding Samsung guilty of "willful" violations of a number of Apple's patents in the creation of its phones.  However, apparently that shouldn't concern me too much because it only really effected older model phones.  The newer Samsung phones, such as the Galaxy Note, Galaxy Nexus, and Galaxy S3 were not on trial.  That's because since the litigation began Samsung has steered clear of designs similar to Apple's.

For now, this won't sway my decision.  But the iPhone 5 might...

On September 12th it's speculated that Apple will unveil the iPhone 5.  The hardware will probably be equivalent to the Samsung Galaxy, such as an upgrade from the Dual-core A5 chip to a Quad-core chip and a better camera.  The obvious upgrade will be a larger screen featuring the Retina display.  Apple's consistently increased screen size with each major release so it's safe to assume they will again.

The key to a good smart phone is the operating system.  Android has made huge leaps towards becoming the most widely distributed mobile platform for smart phones.  However, I've used iOS for sometime now and I enjoy the look and feel.  Both are equivalent for providing apps.  The core apps I use are: Bank of America, Mint, Facebook, Pandora, Songza, Kindle, USA Today, Chrome, and Tech Review.  I found that all have an app on both Android and iOS.  This makes me happy.  :)

For the past 8 years I've been a heavy user of iTunes.  I owned iPods during college and I use my iPhone every day to listen to music at work (and as I write this).  If I switch to Android I need to make sure my music stay's synced and I don't want to spend a lot of time doing it!  The answer - Google Play.  Google Play allows me to store 20,000 songs on Google's servers for free.  That's not including songs I buy using their service.  That's nice because that will allow me to access my music from anywhere.  I like those types of cloud services.

My decision so far is to wait.  With only 5 days until Apple's announcement, that's too close to make my decision now.  But I am leaning towards Samsung.  I'm even thinking about diving into Android development.  We'll see.  Which ever I choose I'll probably write a review on it.

What do you think?  Do you have a preference?

Synchronizing MySQL Replication

Earlier I posted an article on how to setup MySQL Master-Master Replication. I failed to mention how to synchronize the servers if they got screwed up. Why would a server get out of sync? Honestly, it's not too hard. If a server reboots in the middle of a transaction or there's a network interruption then it can get out of sync. MySQL does a better job now than before for handling these types of problems but it's better to know how to deal with it before the issue presents itself.

Resync'ing a server pretty much deals with telling each server where to start reading again. Since your data is being read from Server A's bin log and copied into Server B's relay log you just need to tell Server B what file and position to start reading again. And vice-versa for the other server in a Master-Master configuration.

Let's get started...

In the MySQL command line of each server stop the slave.

mysql > slave stop;

Then request the master status.

mysql > show master status;
| File             | Position | Binlog_Do_DB | Binlog_Ignore_DB |
| mysql-bin.000003 | 73       | netreports   | manual,mysql     |

This will give you the information necessary to manually provide the other server of the position of where to start reading again in the bin-log.

On each server enter the command below of each server.

mysql > change master to

Once you've done this on both servers, start the slave threads on each.

mysql > slave start;

Replication should now be working!

You can double check by running the following command on both servers.

mysql > show slave status;

Both the "slave_io_running" and "slave_sql_running" should be YES. If not, you'll need to reset replication.

Resetting replication is pretty simple. Shut down both MySQL server services. Delete the relay logs (relay.log), which causes the server to re-read from the master. Then synchronize the servers again (as described above).

Wednesday, September 5, 2012

Using XQuery for AMQP XML Subscriptions

I was trying to find some examples about how to use xquery to setup an x-binding for subscribing to specific XML messages. I didn’t find too much and the documentation for the Qpid Client libraries are scarce. So here's what I did.

Setting up the XML Exchange
First off, I didn't have the XML Exchange setup on my server. I'm running the Qpid C++ broker on CentOS 6.3. To setup the XML exchange I needed to install the XML exchange package.
# yum install qpid-cpp-server-xml.x86_64
Then modify the /etc/qpidd.conf file and add the following so that the Qpid Broker loads the modules at startup.
module-dir /usr/lib64/qpid/daemon
Restart the Qpid daemon.
 # service qpidd restart
Now you're ready to send some messages.

Filtering Messages w/ XQuery
Creating x-bindings provides greater control on filtering messages using XQuery. Your queries can filter on both XML content or messages properties contained in the body of the message.

Before I get to a more advanced example I'll explain how the XML Exchange works. For example, let's say we have the following message.

To query on an employee's last name you can create the following XQuery.
let $m := ./Employee
return $m/LastName = 'Doe'
The query can be combined with the address string and provided to the Receiver for a subscription.

Here's a C++ example of querying off multiple last names.

std::string query = "let $m := ./Employee "
        "return (";
for (size_t i = 0; i < names.size(); ++i)
    if (i == 0)
        query += "(";
        query += " or ";
    query += "matches($m/LastName, '" + names[i] + "')";
query += "))";
std::string xmladdr;
xmladdr = "xml; {"
        " create: always, "
        " node: { type: topic, x-declare: {type: xml } }, "
        " link: { "
        "  x-bindings: [{ exchange: xml, key: test, arguments: { xquery:\""
        + query +
        "\"} }]"
        " } "
qpid::messaging::Receiver r = conn_p.session.createReceiver(xmladdr);

Tuesday, September 4, 2012

Sloppy Code is the Developer's Fault

This morning I arrived at work to see a TechRepublic article sitting in my inbox.

Sloppy code: Why it’s not (always) the developer’s fault

The author, Nick Heath, writes from the perspective of a program manager that displaces the blame for bad coding practices from the developer to the company.  He states that commercial pressures of the business is what drives developers to release code that is not of it's highest quality.  

I do believe that we (developers) are often asked to perform many tasks on very short schedules.  However, I consider myself to be a professional and sometimes (maybe too willing) to "stick to the man" and I'll speak my opinion of what the realistic expectancy should be.  I always provide my boss with an estimate and factor in 20% more time for issues that could arise.  Sometimes under certain conditions I'll provide multiple paths towards a goal, an optimal more scalable solution, and perhaps something that would work today and tomorrow but may not meet demands of future requirements.  In doing so I've come to be more respected by my peers for knowing when to say no.  I think as professional programmers we should realize that saying yes to everything is not the way to solve problems.

I think that Robert Martin says it best in his book, The Clean Coder - "Professionals speak truth to power.  Professionals have the courage to say no to their managers."  That's an important virtue for a developer.  Too many times are we asked to implement a new feature or a bug fix within certain time constraints, but its up to use to push back when those constraints are considered unreasonable.  Robert Martin goes on to say:
Slaves are not allowed to say no.  Laborers may be hesitant to say no.  But professionals are expected to say no.  Indeed, good managers crave someone who has the guts to say no.  It's the only way you can really get anything done.
When I worked at Total Quality Logistics (TQL) I had a software manager who always told his developers to "never say no" when it comes to a manager asking for something.  When I first started there I found that the temptation to be a "hero" and solve the problem was huge.  I got high regards for the person who could implement that application or feature quickly.  I enjoyed the bragging rights, but when I go back to review that code I see so many fallacies.  Some were obviously those of a novice coming straight out of college and others were just out of trying to get the feature done.  I know I learned a lot in those months of working there.  However, it was until later in my career when I slowed down on being the "hero" I found out that I learned so much more.  I learned the advantages of good coding standards, best security practices, and knowing when to say no to my boss.  Which lead to better quality programs that cost my employer less over time.
Mr. Heath writes: "Good engineers focus on engineering and sometimes lack the bigger picture to look at the business - [to realise] that if you don't ship this then we're going to bust," says Andrew Clymer.

If your company is in such a position that it could fail if your feature isn't released on time, then SO BE IT.  Do you really want to work for a company who's future strictly depends on your new feature?  If the feature is that urgent to the business then you'd expect that your boss has a lot riding on this and would want it to be reliable.
"Do; or do not.  There is no trying."  - Yoda
Now when I think back to that software manager at TQL I don't associate "never say no" to every request for a feature, but now I associate it with the possibility of the feature.  I think that makes me a better developer because I often hear from over developers "it can't be done" and dismiss it.  Now I assume it can be done, but how much time will it take me?

Thoughts or opinions?  Let me know what you have to say.

Sunday, September 2, 2012

Easily Securing your Desktop and Web Passwords

Recently I updated how I store my passwords. If you're like me you have all kinds of passwords, for Amazon, PayPal, iTunes, Gmail, etc. I try to use a different password per website but it's hard to keep up with them. I was storing them (unencrypted - YIKES) in a list in Microsoft OneNote. The problem is that now my OneNote notebook is in the "cloud".  Meaning that my data is sent over the wire to Microsoft's servers.  That's great for me because it syncs to my work PC, home PC, iPhone, and iPad. But its bad because if ever one of these devices gets compromised… well I'm in for a bad day to say the least.  I'm also assuming that OneNote sends it's data via SSL so that anyone using Wireshark or another other packet sniffer can't see my data as it travels across the internet.

I was reading Kevin Mitnick's book, Ghost in the Wires, (awesome book!) and I realized that I'm pretty vulnerable.  I needed to do something about this.

Desktop Applications

I found an open-source software called PasswordSafe.  The software is great for storing all my passwords.  You can double click on any entry you've created and it copies it to your clipboard, without every needing to see it.  Then you just paste it into the password field.  Which is great if your friends are around - or anyone else for that matter.  

It took me about 10 minutes to populate the list of my most used passwords and I'll never have to worry about forgetting about them again.

It's free so give it a try @

Web Browsing

The best security for web-browsing (IMHO) is to use Google's Chrome browser. When you sign in to Chrome and enable sync (which is off by default), Chrome keeps your information secure by using a passphrase to encrypt your synced data. By default, Chrome uses your Google Account password as the passphrase, but you can choose to use a custom encryption passphrase instead. This custom passphrase is stored on your computer and isn’t sent to Google.  

To enable encryption just click on the Wrench icon in the top right of Chrome and select Settings.  Then select Advanced sync settings...

You can tell Chrome to Sync everything and be sure to enable Encrypt all synced data.  

This will allow your passwords to be synchronized across multiple devices and browsers.  For example, if you use Chrome on your iPad,  your Android device and your PCs.

I've always heard that using Internet Explorer opens up the most risk for attack because it's used by so many more people.  But when I was looking at the statistics for browsers used I was surprised to see that Chrome is indeed taking the lead.  

The best protection against threats is yourself.  Don't open up those emails from people you don't know.  Make sure the URLs you type are correct.  Look to see if your bank or credit card website starts with https.  And, last but not least, don't store your passwords on your desk or in a file that's easily accessible.  

So Dear Reader, do you have any good suggestions for keeping your passwords secure?  Do you still write them down on a Post-It or keep them in a text (passwords.txt) file on your desktop? ;)