Monday, July 25, 2005

Some good Wiki sites on the web.

I cam upon this wiki as I was surfing the web, searching for more info on XP...It turned out to be a gold mine of information..

http://c2.com/cgi/wiki?CategoryCategory

Design By Contract

When I first heard about DBC 4 years back, little did I know how important a role it can play in software development. But my experience in the past few years have made me wiser. I have seen so much of cluttered code where inside each method call, the first thing that is seen is the checking of all the parameters. (This is sometimes also replicated on the client side). How many times I have seen a try/catch for a condition that will never occur if the method is called correctly.

The "Design By Contract" paradigm eliminates all this. It specifies that a method should have a pre-condition, a post-condition and an invariant. At first, I found the concept of invariant a bit foggy to understand.

Well, actually it is very simple. An invariant is something (in a class) which does not change. Classes should specify their invariants: what is true before and after executing any public method.

If U are planning to incorporate DBC in Ur code, then check out :
http://jcontractor.sourceforge.net/
http://c2.com/cgi/wiki?DesignByContract

I feel "Unit Tests" can also play the role of checking Contracts as it is used in Extreme Programming. But may be both can be used to complement each other.

UnitTests tests for things which should happen. DesignByContract watches for things which shouldn't. These two categories overlap somewhat, but both techniques are still useful.

Friday, July 22, 2005

Proxy setting for Java programs

Quite often whenever we need to connect to the internet thru the company firewall, we need to set the proxy details for the Java interpreter.

Here is the syntax:
java -DproxySet=true -DproxyHost=localhost -DproxyPort=80

In Ant, we need to set it as:

set ANT_OPTS=-DproxySet=true -DproxyHost=localhost -DproxyPort=80
ant mytarget

Alternately, your application can specify proxy settings before using a URLConnection :

// Modify system properties
Properties sysProperties = System.getProperties();
// Specify proxy settings
sysProperties.put("proxyHost", "myhost");
sysProperties.put("proxyPort", "myport");
sysProperties.put("proxySet", "true");

Java Decompilers and Obfuscators

Was looking for a comprehensive list of Java decompilers and obfuscators..Found a nice article here:
http://www.program-transformation.org/Transform/JavaDecompilers

Wednesday, July 20, 2005

Java Classpaths on Cygwin

The problem with using Java on Cygwin is that Java.exe is a windows program and expects the path to be in windows style. Whereas Cygwin expects paths to be in Unix style.

Hence if U run a simple Java command like the below, U will get an error:
java -classpath /cygdrive/d/naren MyJavaProgram

Even the following would give an error, bcoz cygwin cannot understand windows path on the command prompt
java -classpath d:\naren MyJavaProgram

So, the solution is to use a cygwin utility known as cygpath.exe. This tool converts from unix paths to windows path, before passing it to the shell.
java -classpath `cygpath -wp $CLASSPATH` [arguments]

Tuesday, July 19, 2005

Java and .NET interop

Came across a cool tool today that can be used to convert Java byte-code to .NET IL.
What does this mean to developers..Well, it means that if U have a Java library, U need not 'manually' port the Java library to .NET. Just use the IKVM tool to do this for U...

For furthur details, check out the following links:
http://www.ikvm.net/index.html
http://www.onjava.com/pub/a/onjava/2004/08/18/ikvm.html

Wednesday, July 13, 2005

Diff btw a Corba object and a servant

I have been perplexed by the concepts of Corba object and servant. Finally after a lot of reading, things are falling into place. The following articles give a good explanation of the same:

http://www.javaworld.com/javaworld/jw-09-2002/jw-0927-corba_p.html
http://www4.informatik.uni-erlangen.de/~geier/corba-faq/poa.html

Excerpt from the above articles:

In the CORBA world, an object is a programming entity with an identity, an IDL (interface definition language)-defined interface, and an implementation. An object is an abstract concept and cannot serve client requests. To do so, an object must be incarnated or given bodily form—that is, its implementation must be activated. The servant gives the CORBA object its implementation. At any moment, only one servant incarnates a given object, but over an object's lifetime, many (different) servants can incarnate the object at different points in time.
The terms creation and destruction apply to objects, while the terms incarnation and etherealization apply to servants.
Once an object is created, it can alternate between many activations and deactivations during its lifetime. To serve requests, an object must:
1)Be activated if it is not active.
2)Be associated with a servant if it does not already have one. Just because an object is active does not mean that it has an associated servant. You can configure/program the POA to use a new servant upon request.

A client views a CORBA object as an object reference. The fact that a client has an object reference does not mean that a servant is incarnating the object at that time. In fact, the object reference's existence does not indicate an object's existence. If the object does not exist (that is, it has been destroyed), the client will receive an OBJECT_NOT_EXIST error when it tries to access the object using the object reference. However, as noted above, if the object is in a deactivated condition, it will activate, a process transparent to the client.

Servant: A programming language entity that exists in the context of a server and implements a CORBA object. In non-OO languages like C and COBOL, a servant is implemented as a collection of functions that manipulate data (e.g., an instance of a struct or record) that represent the state of a CORBA object. In OO languages like C++ and Java, servants are object instances of a particular class.

The POA distinguishes between the CORBA object reference (IOR) and the implementation object that does the work. This implementation object is called a servant. A BOA-based approach has the IOR and servant existing at the same time. A POA-based approach can support this, but can also support IORs existing without being associated with servants, and also servants existing without being associated with IORs.

Obviously, the association between an IOR and a servant has to be made at some point, to make the servant a useable CORBA object. But this association can be done on-demand. Consider the following example scenarios to motivate the advantages of on-demand association:
  • A pool of servants can be instantiated, and then associated in turn with IORs, as needed.
  • A set of IORs can be created for the purposes of publishing the references to the Name Service, without going through the work to actually instantiate the servants.

Moreover, the POA allows a single servant to simultaneously support several IORs.
All of the above significantly contribute to scalable applications.

HOW DOES THE POA MAKE THE ASSOCIATION BETWEEN SERVANTS AND CORBA OBJECTS?

This is where the Object ID and and POA Active Object Map come in. So, for a given POA, the Object ID identifies a specific CORBA object, which is used in the Active Object Map to identify the servant.

IPC channel in .NET 2.0 (remoting)

Good news is that MS has finally included the 'named-pipe' channel into the core .NET 2.0 remoting framework. The channel is known as IPC channel and enables on-box communication between processes on the same m/c.
It has, additionally, the capability to secure that channel with an ACL. You can use an Access Control List with this particular channel to limit the number of users that can access it.

More information here.

Named pipes in Linux

In computing, a named pipe (also FIFO for its behaviour) is an extension to the classical pipe concept on UNIX and UNIX-like systems, and is one of the methods of interprocess communication. The concept is also found in Windows, albeit the semantics are largely different.
A good article is available at http://www2.linuxjournal.com/article/2156
Snippet from the article:

We often used "un-named" pipes on the command prompt. For e.g. ls grep x
The other sort of pipe is a "named'' pipe, which is sometimes called a FIFO. FIFO stands for "First In, First Out'' and refers to the property that the order of bytes going in is the same coming out. The "name'' of a named pipe is actually a file name within the file system. Pipes are shown by ls as any other file with a couple of differences:
% ls -l fifo1
prw-r--r-- 1 andy users 0 Jan 22 23:11 fifo1

The p in the leftmost column indicates that fifo1 is a pipe. The rest of the permission bits control who can read or write to the pipe just like a regular file. On systems with a modern ls, the character at the end of the file name is another clue, and on Linux systems with the color option enabled, fifo is printed in red by default.

To make a pipe named pipe1

% mkfifo pipe
Then open 2 console windows:
% ls -l > pipe1 { in one window }
% cat <>

Voila! The output of the command run on the first console shows up on the second console. Note that the order in which you run the commands doesn't matter.

Tuesday, July 12, 2005

Chatty interfaces Vs Chunky interfaces

In distributed applications, we need to put special emphasis on issues such as network latency, low bandwidth. Hence as a good design principle, we should make our interfaces 'chunky' and not 'chatty'

Chatty interfaces are interfaces that make a lot of transitions(between layers, processes etc.) without doing any significant work on the other side. For example, property setters and getters are chatty. Chunky interfaces are interfaces that make only a few transitions and work done on the other side is significant. For example, method that opens a database connection and retrieves some data is chunky.

This does not mean that U return unnecessary data in Ur calls...U need to take a decision based on 'balance' and the 'problem situation'

Problems with CAO in .NET remoting.

In his excellent article here, Ingo Rammer states the points why CAO is not a good option for many scenarios.

Excerpt from the article:
CAOs are always bound to the machine on which they have been created. This means that you can't use load balancing or failover clustering for these objects. If on the other hand you'd use SingleCall SAOs, you could use Windows Network Load Balancing (NLB) quite easily to randomly dispatch the method invocations to one out of a number of available servers.
If you are running a single-server application, this doesn't matter too much for you. If however there is the slightest chance that the application has to scale out to a server-side cluster, than CAOs will definitely limit its scalability.

CAOs also affect you on a single server. When running SingleCall SAOs (and when strictly keeping all state information in a database) you can shutdown and restart your server on demand. You could for example upgrade to a newer version or apply some bug fix without having to tell any user to close and restart your client-side application. As soon as you use CAOs however, you instantly lose this feature. If you restart a server in which you host CAOs, the client application will receive exceptions when calling any methods on these objects. CAOs are not restored after restarting your server. Don't use them if you care about restartability or scalability.

Important points regarding Sponsors in .NET remoting

  • The lease manager calls ISponsor's single method, Renewal, when the lease expires, asking for new lease time. Because the sponsor is called across an AppDomain boundary, the sponsor must be a remotable object, i.e. extend from MarshalByRef object.
  • We need to override the InitializeLifetimeService() method to return null, so that the sponsor object itself has infinite lease.
  • Also the client needs to register a channel so that the server can make the lease renewal calls.

Access a .NET webserice using proxy generated from SoapSuds.exe

Both WSDL.exe and Soapsuds.exe generate proxies that can be used to access a web service.
But we need to be aware of the SOAP encoding differences.

SoapSuds.exe expects a RPC style WSDL/Web Service but ASP. NET Web Services are Document style per default. These different styles imply different XML message encoding.

In order for a Soapsuds-generated proxy to communicate with a ASP.NET webservice, we need to apply an attribute to your ASP.NET Web Service class to achieve 'compatibility': [SoapRpcService()]

SOAP encoding concepts

Web Services Description Language (WSDL) defines two styles for how an XML Web service method, which it calls an operation, can be encoded in a SOAP request or a SOAP response: RPC and Document. The RPC style refers to encoding the XML Web service method according to the SOAP specification for using SOAP for RPC; otherwise known as Section 7 of the SOAP specification. This style specifies that all parameters are encapsulated within a single element named after the XML Web service method, and that each element within that element represents a parameter named after their respective parameter name.

A more detailed explanation can be found at MSDN here.



Elements in the .NET remoting chain

There are a lot of components/elements that play a role in the .NET remoting architecture:

Client --> Proxy {Converts the stack frame into a message}
-- > Message Sink (chain) { Intercepts the message }
-- > Formatter { Converts the message into a stream }
-- > Channel Sink (chain) {Intercepts the stream }
-- > Transport Sink { Transfers the stream from one process to the other }
====================================
-- > Transport Sink { On Server side }
-- > Channel Sink
-- > Formatter
-- > Message Sink
-- > Dispatcher { Converts the message into a stack frame }
-- > Remote Object

.NET Remoting Proxies

In .NET remoting, proxies are generated transparently by the remoting runtime, hence it is necessary to have the remote object metadata at the client side.
This metadata can be obtained in many ways. I only knew of the 'sharing interfaces' and 'soapsuds.exe' utility, but there are a couple more --

– Shared interfaces
– Shared base classes
– Shared implementation (implementation is copied to server and client)
– SoapSuds.exe (lets you extract metadata from running server or from an Assembly)

Monday, July 11, 2005

Data Concurrency Violations in ADO.NET

Bcoz the DataSet is a disconnected data model, quite often we may have to handle concurrency problems. There are basically 3 ways in which data concurrency is handled:
  • Pessimistic locking-- A range lock is obtained on the required rows and no one else can modify the rows during that time. Fully fool-proof, but reduces the scalibility drastically
  • Optimistic locking -- If there are data changes that has happened in between the user updates, then the user is given the choice to either overwrite the changes or discard his changes.
  • Last wins -- Whoever updates last will overwrite everything.

ADO.NET used Optimistic concurrency and hence it is possible to alert the user of any concurrency violations. An excellent article regarding the same is available here.

Object Activation in .NET remoting

I have often been confused on when the 'new()' operator can be used for remote server activation? Can it be used only for CAO (client activated objects) or SAO (server activated objects) or for both?

The answer is that the 'new' operator can be used to activate any kind of remote object-both CAO and SAO. The only difference between GetObject/CreateInstance and 'new' is that the former allows you to specify a URL as a parameter, where the latter obtains the URL from the configuration. (I belive the 'new' operator can be used only when U have the remote object implementation on the client side?)

Another imp point regarding activation is that the remote object on the server is 'not' actually created when the 'new' operator or the GetObject() methods are called.

Here's a snippet of what MSDN says:

GetObject or new can be used for server activation. It is important to note that the remote object is not instantiated when either of these calls is made. As a matter of fact, no network calls are generated at all. The framework obtains enough information from the metadata to create the proxy without connecting to the remote object at all. A network connection is only established when the client calls a method on the proxy. When the call arrives at the server, the framework extracts the URI from the message, examines the remoting framework tables to locate the reference for the object that matches the URI, and then instantiates the object if necessary, forwarding the method call to the object. If the object is registered as SingleCall, it is destroyed after the method call is completed. A new instance of the object is created for each method called.

But for CAO, the new operator or the CreateInstance methods send a Activation message to the server machine when the client creates the object and a proxy is created on the client side. Constructors with parameters are supported.

SoapSuds.exe Vs the Wsdl.exe

I have often seen developers getting confused over the similarity of the SoapSuds.exe and the WSDL.exe tools -- after all, both are used to generate proxies on the client side.

The Wsdl.exe tool creates a proxy class that derives from SoapHttpClientProtocol. This proxy does all the plumbing work of marshalling/unmarshalling using SOAP over HTTP.

The Soapsuds.exe tool creates a proxy class that is derived from System.Runtime.Remoting.Services.RemotingClientProxy which in turn subclasses System.MarshalByRefObject.
The RemotingClientProxy class takes over responsibility for serializing the proper messages according to the selected formatter and sends them from a bird’s view through the configured channel.

It's important to note that the Soapsuds.exe tool works only for ServerActivated objects using the Http channel.

Friday, July 08, 2005

Aspnet_regiis.exe tool

There are times when the 'link' between IIS and ASP.NET can be broken, because of uninstall or reinstall of IIS or .NET environment.

In such as case U can use the Aspnet_regiis.exe tool that comes with the .NET SDK.
Just type : Aspnet_regiis.exe -r
Use Aspnet_regiis.exe -i if U also want to install the asp.net engine embedded within the regiis tool and update the IIS mapping.

Sometimes you may also have to register the Aspnet_isapi.dll by clicking start -> run.
In the Open text box, type “regsvr32 %windir%\Microsoft.NET\Framework\version\aspnet_isapi.dll” and then press ENTER

Thursday, July 07, 2005

Big endian Vs little endian

With Apple officially declaring that Mac's would move to Intel processors, it brought out an important question in my mind...What would happen to the byte-sex???

Mac's use big-endian format and intel processors always use little-endian format. So how will applications on Mac behave if the Intel processors are used?

For more info on byte-sex, check out these links below:
http://www.cs.umass.edu/~verts/cs32/endian.html

Subversion -- A supplant to CVS?

CVS has done a lot of good to a lot of projects..But there is a new tool that's making waves in the open-source community..A source-control system named 'Subversion' that's touted to replace CVS.

Check out more info at:
http://svnbook.red-bean.com/

Tuesday, July 05, 2005

Dictionary Attack on Ur hashed passwords

Whenever we store a hashed password in a file or in the database, then it may be possible for a intruder to get the password using a 'dictionary' attack.

Here's what the MSDN says:
Hashed passwords stored in a text file cannot be used to regenerate the original password, but they are potentially vulnerable to a dictionary attack. In this type of attack, the attacker, after gaining access to the password file, attempts to guess passwords by using software to iteratively hash all words in a large dictionary and compare the generated hashes to the stored hash. If you store hashed passwords by any storage mechanism, you should require your users to choose passwords that are not common words and that contain some numbers and nonalphanumeric characters to help prevent dictionary attacks.

Monday, July 04, 2005

Cool Tool: Link Checker

Quite often, we have to unit-test each and every link on a web site. This could be automated thru a tool called "Link Checker" available at :

http://validator.w3.org/docs/checklink.html

Friday, July 01, 2005

Capturing Page-output in ASPX pages

There is a cool trick thru which one can capture the page-output of Aspx pages before it is send to the browser. An excellent article explaining this is at :
http://west-wind.com/weblog/posts/481.aspx

The trick is to override the Page.Render() method, and capture the output in a TextWriter. Then write the same context back to the original textwriter. Sounds confusing..It is a bit :)
Here is the code snippet:

protected override void Render(HtmlTextWriter writer)
{
// *** Write the HTML into this string builder
StringBuilder sb = new StringBuilder();
StringWriter sw = new StringWriter(sb);
HtmlTextWriter hWriter = new HtmlTextWriter(sw);
base.Render(hWriter);
// *** store to a string
string PageResult = sb.ToString();
// *** Write it back to the server
writer.Write(PageResult);
}