Flex: Storing custom user strings in controls

Few days back while I was programming on Flex this cool problem came through. Problem was that I created buttons dynamically in the code based on some parameters passed to the function. These parameters would decide the label, id and color of the button. In addition to this there was an information called category which had a contextual meaning to the project I was working on. So it went something like this - 

private function InitializeAndDisplayButton(id:String, label:String, category:String)
{
var b:Button = new Button(); 
b.id = id; 
b.label = label; 
b.addEventListener(MouseEvent.CLICK, buttonHandler);
}

private function buttonHandler(event:Event):void
{
var id:String = event.currentTarget.id; 
/* how do I access “category” here */
} 

Now the problem, how do you store the category for each button so that in the button handler you access it through the event? 

Solution I

A naive solution came to mind that I can keep a private map (flash.utils.Dictionary) between id and the category and add an entry corresponding to each id in the function InitializeAndDisplayButton and access it in buttonHandler after extracting “id”. 

Solution II – (topic of this post) 

Another solution is a cool one certainly. Function “SetStyle” takes two parameters and stores them as key-value pairs. We can use this to store any custom user strings (data) in controls. e.g. we can add following line in InitializeAndDisplayButton - 

b.setStyle(“ButtonCategory”, category); 

and access it with following code in function buttonHandler

var id:String = event.currentTarget.getStyle(“ButtonCategory”); 

This looks cool to me!  

_

Desktop Twitter – twitter out of the browser

Desktop Twitter is an Adobe AIR desktop application written in Flex (Actionscript) which I wrote up few days back. It is an attempt to bring the twitter experience out of the browser. Current version of the application that am giving out so it contains minimal features. A screenshot is shown at left. Twitter Rest APIs are quite simple to use and developing any such application becomes painless using them.

 

 

Current set of features include -

1. On entering the user name of the user whose desk twitter page you wish to see, you get the list of thumbnails of friends of this user near the bottom.

2. On selecting any thumbnail you get to see the details of that user. Account information is shown in the right top box, twitter updates are shown in the left big box and thumbnails of the friends of the selected user are shown in the right bottom box. 

Issue Known – On scrolling the list of thumbnails fast, thumbs disappear. This is a bug with Flex and am looking around to fix this ASAP. You can workaround by scrolling really slow.

Missing – Help is missing for now but will be available in next release (soon) (Details of the different panels are intended to be clear by the labels provided. ). No caching of thumbnails is done and hence sometimes there may be some delay in loading of images.

Application can be downloaded from here. You will need to install Adobe AIR runtime (takes not more than few seconds) to install (again, not more than a few seconds) and use this application. Please download the application, try it out and report any bugs, suggestions, features at awasthi.manoj@gmail.com.

Extracting full path while uploading a file to server in Flex

In my free prototyping time I decided writing a simple uploader in AIR (what else?). I could create a working application in minutes using FileReference class and its method browse() (for opening a File Selection Dialog) and upload() method to upload the file.

But something looked odd. I wished to show the user the filepath he has selected in a disabled text box (the good old way..) but FileReference does not have the full path information. Googling helped. It said that “for security reasons full path of a file won’t be available in flash”. Valid. But then it clicked in my mind that I’m developing an AIR application. I talked to a friend, asked him for resolution. And that helped -

Use File intead of FileReference while developing AIR application. It is an extension to FileReference with more functionality (including a getter/setter to the private variable nativepath). Cool!

Thanks Raghu.

A generic binary search implementation in C – thoughts

Wish you a very happy new year!

This is an attempt to discuss a problem I’ve come across. Some common things that I would like to suggest people going for computer science interviews are -

• listen to the question with full concentration on every word; avoid wandering for the similar questions that your friend discussed this morning
• do not assume anything (even if this means asking the dumbest questions, don’t hesistate)
• if you know the problem and the solution (or you’ve been asked the same or similar question in a previous round of interview), tell them. don’t waste your and their time.
• break the problem into small tangible subsets; things that you are more comfortable working with (say a problem with million users telephone directory, think of a 50 or 10 users telephone directory or say a problem on a variation of tower of hanoi, think of the implementation of simple tower of hanoi and then move towards the special treatment) or things that are more do-able.
• think aloud; most interviewers love loud thinking
• think out of box when you cannot remember (or you do not know) a standard solution (which you are sure exists although). Everyone loves innovative ideas and believe me, they do come.
• do not make an obvious mistake while writing code. code defensively. check success of every memory allocation or file read.
• make sure you understand the Big-O notation for algorithmic time-space metric. I’ve seen that computer scientists’ are happy when you come up with more accurate O-notation understanding.
• think of design issues like portability of code, reentrancy of the code, bottleneck portions of the code (and any trade offs) etc. and discuss these with the interviewer
• if you can think of more than one solution for a problem, tell them.

Write a program to implement a binary search for generic array whose elements are sorted.

Problem is to write n implementation of binary search algorithm and twist is “generic”. The term generic itself is enough for giving you a clue into the direction of thoughts. Without the “generic” requirement, suppose a binary search algorithm is to be implemented for an array of integers, then signature is:

int binsearch(int a[], int x, int n)

If you are going to implement the algorithm in C, think “void *” and if you are going to implement the algorithm in C++, think templates. Now I discuss here an implementation in C. Well my function should have an array (which will be a ‘void *’ to accommodate an array of any data type), the item to search for (again a void *), the number of elements in the array. What else?

• We do not have an idea of how to dereference the pointer available to us.
• we do not have a way to base our comparison on (e.g. this may be an array of structures sorted on an element of the structure (which obviously our algorithm is blind to)).

So we require two more arguments, size of the data structure so that we can do a typecast of ‘void * arr’ to ‘char *’ and for an index ‘i’, jump using the expression ((char*)arr + i*size) to get to the item of interest and a pointer to a function, compare, which will take two ‘void *’ and return -1, 0, 1 just like any compare function. so signature is:

int binsearch(void *arr, void *x, int n, size_t size, int (*func)(void *, void*));

Algorithm itself is not much a problem I think. It works like calculating the “mid” (for 0 to n), and then comparing the mid value with x by:

int p = compare(((char *)arr + mid*size), x);

If p == 1, search in [mid+1, n], if p == -1, search in [0, mid-1] and if p == 0, you happy, go lucky got it!

You can actually edo away with the argument “size” if you make the function signature a bit uglier by pushing the responsibility of dereferencing the arr (void *) to the user. so now your function signature code will be -

int compare(void * /* arr */, int index /* index */, void * /* tosearch */);

But this is dirtier since humans normally are in habit of a ‘compare’ with two parameters. In this new avatar your binsearch becomes -

int binsearch(void *arr, void *x, int n, int (*func)(void *, int i, void*) );

Happy implementation!

Power of plain text, the power of being simple

As we see the convergence of technologies through web, I think plain text is going to play a crucial role in delivering a standard cross platform solution for communication. It has already taken the center stage in form of XML. Debate on simplicity (or human side of technology) and performance will, I think, have a positive shift towards the former (people love faster development and simpler use more these days I think.. Rubyist view)

why plain text?

pragmatic programmers answer it with bullets – insurance against obsolescence, leverage (lot of tools available for talking to plain text) and easier testing. and I as always agree.

The concern is there although. Concern is that in addition to being human readable, the text should be human understandable as well. Using names which are semantically correct and contextually relevant is going to act as a substantial catalyst in helping dealing with these plain text files (whether it is a database or configuration file or data-transfer format).

Being always biased towards keeping configuration and databases (good old unix way) I am going to take care of this as a specification in almost all (not everything is driven by me!) development I do. You should also do the same so that your database outlasts your application!

Orthogonality and its importance in software development

I’ve been lately reading The Pragmatic Programmer by Andrew Hunt & David Thomas. Been onto a chapter about decoupling requirement in the development of software, I thought of putting few lines on the weblog. Orthogonality is derived originally from Geometry where it is meant to illustrate two lines which meet at right angles and hence are mutually independent moving in all directions. In software, orthogonality refers to the independence between the modules of the software. e.g. user interface of a software should not have any dependence on Database schema. Decoupling, if not met properly while designing software, can lead to disaster in code maintenance. A decoupled code is better for maintenance because of numerous reasons -

1. Changes are localized and hence development and testing time (and cost) are reduced. Quality also improves since better division of work is possible.

2. Problems are also localized. An issue in one module does not affect other modules and hence fix requires to be done their only (or whole module can be replaced by another implementation altogether).

3. There is more possibility of smaller independent teams (which is ideal for a better coordination)

An interesting introduction into orthogonality is the advent of Aspect Oriented Programming (AOP), a research project at Xerox Parc. As Object oriented programming focusses on the objects and their interaction, Aspect oriented programming focusses on aspects (concerns). AOP lets you express a behavior which would otherwise be distributed throughout the source code. The most obvious example would be logging. Log messages are normally generated by sprinkling explicit calls to some log function throughout the code. With AOP, you implement logging orthogonally to the things being logged. Using the AOP for Java, you could write a log message while entering any method of Class Fred by coding the aspect -

aspect Trace {
advise * Fred.*(..) {
static before {
Log.write(” -> Entering ” + thisJointPoint.methodname);
}
}
}

If you weave this aspect in your code then log messages will be generated and if you don’t, they won’t. Either way, your original source is unchanged.

Towards the end of the discussion is a challenge: Consider large GUI-oriented tools typically available on Windows and small but combinable command line tools used on shell prompts. Which do you think are more orthogonal in design?

What do you think?

Building Strings in Ruby

If efficiency is important to you, don’t build a new string when you can append items onto an existing string. Constructs like str << ‘a’ + ‘b’ or  str << “#{var1} #{var2}” create new strings that are immediately subsumed into the larger string. This is exactly the thing to avoid. Use str << var1 << ” ” << var2; instead.

Starting on the formal journey into Ruby!

I’ll be starting with Ruby Cookbook today (it’s evening right now..). I will be discussing Ruby code, Constructs, Positives and Negatives as I encounter them. So expect lot of Ruby (and may be rails) here.

Association with the language: Why I fell in Love with Ruby

Adobe AIR, taking RIAs to Desktops

I’m pretty much sure that you must have heard (and talked) a lot about how the next big thing (after desktop.. and Micro$oft’s humongous success in that arena) would be taking desktop applications to web (and many of you would be in a queue to purchase Google shares for too-too-too-much price) and there are tangible examples to quote, for example, Google docs (formerly Writely, acquired by Google), Google Spreadsheets, Google Presentation etcetera.

No, no. Don’t think that I mistyped the title. It’s alright.

What am I upto?

A pathbreaking technology from Adobe, AIR (Adobe Integrated Runtime) is all about taking Rich Internet Applications (RIA) to Desktops i.e. having a desktop application which will communicate with web and deliver rich content right there. Adobe website says:

Adobe® AIR™ lets developers use their existing web development skills in HTML, AJAX, Flash and Flex to build and deploy rich Internet applications to the desktop.

This is a cross platform technology and an application written for MS Windows will work with Linux platform. No migration (read porting) required. Don’t see any released development support for Linux though. I will keep posted.

What do you need to get started?

• Install Adobe Integrated Runtime (AIR) on your machine
• Install AIR SDK
• Install Flex Builder for your platform (if development is going to be in Flex i.e. MXML and Action Script).
• Read tutorials on how to develope RIAs for desktops in your favorite language (HTML (using Ajax), Flash, Flex etcetera)

I’ve started with AIR application development and am hooked to it (as I’m to most technologies I try out), you should also get your hands wet once with it and I’m sure you gonna love it. (Affiliation: I’m employed with Adobe Systems).

AIR Showcase. Adobe Labs. Adobe Flex

_

IT Security unclothed by “a nerdy hacker”

 

Robert Moore, a 23 year old hacker would be starting his imprisonment in federal prison today (Thursday, 27th Sep) for breaking into 15 telecommunications companies and hundreds of businesses (and individuals) worldwide. He spoke about “how easy it was”. Moore, who describes himself as a “mega geek” is more upset about being banned from using a computer than actually going to prison. Here are few things from his interview which may help IT vendors, users (including the huge IT departments whose “sole” job is to secure the company network and provide the staff with a better service) to know how insecure they are.

 

 

How easy it is?

“It’s so easy. It’s so easy a caveman can do it,” Moore told InformationWeek, laughing. “When you’ve got that many computers at your fingertips, you’d be surprised how many are insecure.”

“what made the hacking job so easy was that 70% of all the companies he scanned were insecure, and 45% to 50% of VoIP providers were insecure. The biggest insecurity? Default passwords”

 

“I’d say 85% of them were misconfigured routers. They had the default passwords on them,” said Moore. “You would not believe the number of routers that had ‘admin’ or ‘Cisco0′ as passwords on them. We could get full access to a Cisco box with enabled access so you can do whatever you want to the box. … We also targeted Mera, a Web-based switch. It turns any computer basically into a switch so you could do the calls through it. We found the default password for it. We would take that and I’d write a scanner for Mera boxes and we’d run the password against it to try to log in, and basically we could get in almost every time. Then we’d have all sorts of information, basically the whole database, right at our fingertips.”

How he used to work (hack)?

 

He explained that he would first scan the network looking mainly for the Cisco and Quintum boxes. If he found them, he would then scan to see what models they were and then he would scan again, this time for vulnerabilities, like default passwords or unpatched bugs in old Cisco IOS boxes. If he didn’t find default passwords or easily exploitable bugs, he’d run brute-force or dictionary attacks to try to break the passwords.”We would go to telecom forums and other telecom sites that list company names and where they’re from,” he explained. “We’d look at foreign countries first. We’d take the name and IP range and then dump it into the scanner. … Some of the Cisco versions, like IOS, were old and easier to get into.”

Tips from the hacker?

Moore said it would have been easy for IT and security managers to detect him in their companies’ systems … if they’d been looking. The problem was that, generally, no one was paying attention.

“If they were just monitoring their boxes and keeping logs, they could easily have seen us logged in there,” he said, adding that IT could have run its own scans, checking to see logged-in users. “If they had an intrusion detection system set up, they could have easily seen that these weren’t their calls.”

The hacker said IT technicians also could have set up access lists, telling the network to only allow their own IP addresses to get in. “We came across only two or three boxes that actually had access lists in place,” he added. “The telecoms we couldn’t get into had access lists or boxes we couldn’t get into because of strong passwords.”

 

I have myself seen that even in huge operations, this policy of keeping a company wide (as if that is safe) default password for their servers.

 

Ludicrously this incident has divided the IT industry into two and Enterprises have started a blame war against the vendors for making it a policy that default password is changed before things work. But my question — who will save you when you are attacked with a brute-force dictionary attack ? There is only one fact that there is no one-push-button for security and you have to keep a part of the department busy into logs analysis, password updation and knowledge updation of what is happening around (and this too will make you just ‘more’ secure).

I remember Henry Keller’s say — Security is mostly a superstition. I add “More so for worldwide interconnected computers”. I hope that you too learn from it and atleast personalize your passwords now. Be a Paranoid!