Category: programming

Posted on
by

thanks to Blacksail, see https://blacksaildivision.com/mysql-query-log.

În mai toate cazurile, vrei să activezi DB Query Log cînd ai o problemă pe care nu ști de unde s-o apuci, după ce ai epuizat debuging-ul pe surse.

NU ține acest log activ, pune-l On, do the stuff și apoi dezactivează-l! Va consuma resurse aiurea și dai în altele cărora le vei găsi cauza în 1014 ani.

Fiind doar temporar, e de preferat să nu interacționăm cu fișiere sau să restartăm servicii. Iată comenzile magice:

SET GLOBAL log_output = 'TABLE';
SET GLOBAL general_log = 'ON';

Apoi, dă-i, tată, căutări pe mysql.general_log pînă găsești problema ce te frămîntă!

Posted on
by

Security management

În lumea de azi cînd toate sunt conectate cu toate, Security trebuie să fie un rol important. De la autentificare și autorizare, pînă la asigurarea integrității datelor (a se citi coruperea intenționată a datelor) și accesibilitate. Dacă AAA (autentificare, autorizare, audit) sunt imediat recognoscibile ca Security Management, integritatea datelor nu este de obicei luată în calcul (decît pe sisteme dedicate). De obicei un sistem se asigură că datele nu sunt corupte fizic pe suportul de stocare, în timpul scrierii sau citirii, cît și de-a lungul existenței lor pe storage (eg. la un reboot forțat). În context de securitate, Integritatea Datelor identifică autorul datelor și pe cel ce le modifică. Mai mult, ne asigură că datele nu au fost modificate cu rea intenție.

O altă componentă importantă a Security este Accesibilitatea Datelor. Dacă datele sunt greu accesibile atunci ele nu vor fi folosite și business-ul își pierde interesul pentru sistem (business-ul sunt cei care plătesc și care hotărăsc folosirea unui sistem sau altul). Da, anumite date au statut special și ele vor fi accesibile conform unui sistem de securiate strict, dar de aici pînă a încurca userul în day-to-day activity pentru că esti paranoic nu e un sistem bun. Un sistem flexibil, dar fără compromisuri, este marea încercare a unui OS modern.

Audit

Auditul activității în sistem este un rol necesar pentru a determina și preveni activități nedorite în sistem. Userii normali ai unui sistem vor parcurge pașii de acțiune în ordinea lor firească, dar un răuvoitor va încerca diferite scheme de ocolire a procedurii de securitate și numai prin auditul activităților din sistem (reușite și nereușite) se va putea determina o alarmă de securiate. Aici iar dăm în capcana accesibilitații – dacă sistemul va produce o tonă de evenimente și se va isteriza pentru orice bîzîit el va fi neutilizabil și va fi folosibil doar pentru a reconstitui niște pași pe baza unor log-uri (proces necesar în cazul unor evenimente nedorite deja întîmplate, dar cum prevenția costă de zece ori mai puțin decît corecția atunci ne vom concentra mai ales pe rolul de prevenție).

Sistemul va pune la dispoziția dezvoltatorilor servicii de log și audit pentru înregistrarea evenimentelor în sistem un model unitar care să poată fi interpretat ușor. Ba mai mult, se va căuta un model integrat (sau integrabil) cu alte sisteme eterogene pentru a putea fi interpretate la nivel enterprise.

În zilele noastre cînd serviciile în cloud au luat locul aplicațiilor locale, anumiți operatori vor cere și servicii de Accounting în cadrul rolul de Audit (eg. cît timp s-a folosit un anumit serviciu, ce resurse a folosit etc.). Deși la prima vedere pare că este o parte a rolul de Audit, acesta trebuie gîndit ca un rol separat și trebuie consumat direct de aplicații și servicii. Asta pentru că exstă foarte multe scenarii pentru a gîndi servicii, de le combina resurse în pachete și de a le factura (eg. lunar la pachet sau per GB folosit sau per acces-numărdevizite etc) care depășesc definiția de Master Copntroller a unui OS.

Posted on
by

It’s fine to provide guidance for beginners, but education isn’t a substitute for great app design. First and foremost, make your app intuitive. If too much guidance is needed, revisit the design of your app.

Posted on
by

In a survey conducted by Microsoft among 38,000 workers in 200 countries, people spend 5.6 hours each week in meetings and 69% of survey participants considered meetings as not productive.

Yes, yes! the daily meetings from SCRUM methodology are 15 minutes long and doesn’t sum to 5.6 hours per week. But you have to consider management long meetings and mediate them with 1.25h per week SCRUM sessions. After we correlate that with 69% participants that considered meetings to be not productive will find a large bunch of SCRUM practitioners that consider those 15 minutes as wasted time.

Of course, if they do SCRUM at Microsoft.

G

Posted on
by

See Design Patterns, part one; Introduction to get the definitions and the laws of design patterns.

Creational Patterns are used to isolate the details of object creation. They will help us stay under the law of low coupling. App controllers will be decoupled of object types and they will not change as new types arrived. Creational Patterns are about how an object can be created.

There are identified six patterns (more or less an exact number, they have not yet standardized the patterns):

  • Singleton – only one instance can exist;
  • Factory Method – creates an instance of several derived classes;
  • Abstract Factory – creates an instance of several families of classes;
  • Builder – to separate the construction from the representation to allow multiple different representations;
  • Object Prototyping – creates objects based on a fully initialized instance (copy or clone);
  • Object Pool – avoid expensive acquisition and recycle.

 

Singleton

You may use Singletons when your application needs one, and only one, instance of an object. The first intent is to prevent the client programmer from having any way to create an object except the ways you provide.

There are many examples of Singleton usage:

  • any Factories as they are a global need;
  • logging points;
  • configuration classes;
  • lookup service;
  • accessing resources in shared mode.

There are several implementations of this pattern, but all make all constructors private and create at least one constructor to prevent the compiler from synthesizing a default constructor. Some of the theorists ask for lazy initialization, but I do not consider it a must. The Singleton design pattern is one of the most inappropriately used patterns. Singletons are intended to be used when a class must have exactly one instance, no more, no less. Programmers frequently use Singletons in a misguided attempt to replace global variables, why the hell are you using global data?

Object Pool

Sometimes objects are expensive (eg. db connections) and you can think about recycling them. This is a technique to create a limited pool of objects.

As a Factory Design it is a Singleton. Factories create the objects and then forget about them, but The Pool manages objects lifetime and keeps track of them.

Factory Method

The new operator is considered harmful and this pattern makes the difference between requesting an object and creating one. The new operator always creates an object and fails to encapsulate object creation. Factory Method enforces that encapsulation and allows an object to be requested without inextricable coupling to the act of creation.

When you need to add new types to the system the first idea is to use polymorphism as new types may be added without disturbing existing code. If the code that creates objects is distributed throughout your application, you must chase down all the points of your code where type matters and you will broke the night compilation. The solution is to force the creation in one place through a common Factory. As you get experience I suspect that Factories will be the most universally useful kinds of design patterns.

Often, designs start out using Factory Method (less complicated, more customizable, subclasses proliferate) and evolve toward more abstract as the designer needs more flexibility.

As OOD has two fundamental ways to relate classes – inheritance and composition here you may also think as two ways to create objects – Factory Method use creation through inheritance and Prototyping creation through delegation. Prototype doesn’t require subclassing, but it does require an Initialize operation. Factory Method requires subclassing, but doesn’t require Initialize.

The most used example is the injection mold press. Manufacturers of plastic toys process plastic molding powder and inject the plastic into molds of the desired shapes. The class of toy (car, action figure etc.) is determined by the mold.

Abstract Factory

Provide an interface for creating families of related or dependent objects without specifying their concrete classes. It is a natural evolution of Factories as modern applications can run on different platforms. If an application is to be portable, it needs to encapsulate platform dependencies (including UI, OS, DBs etc). The application must replace the entire family of products simply by instantiating a different concrete instance of the abstract factory. In other words, The Abstract Factory is a super-factory which creates other factories (Factory of factories).

Follow the law of simplicity and do not consider platform independency if not needed. To get one more abstraction layer just because you do not choose what DB to build on it is a very bad design. First to do is a Pro-Cons matrix of “platforms” versus “products”, sometimes it is easier and cheaper to build products on platforms.

Builder

The goal of Builder is to separate the construction from the representation to allow multiple different representations. The construction process stays the same, but the resulting object has different possible representations. The differentia of Builder in Factories is that it has multiple steps in creating an object and those steps are accessed externally to the Builder object.

An old lady thought me that McDonalds is using a builder process. Whether a customer orders a hamburger, cheeseburger or chicken the process is the same. The employee at the counter directs the crew to assemble a main item, side item and toy. These items and the drink are then placed in a bag.

Prototyping

The mitotic division of a cell – resulting in two identical cells – is an example of a prototype. The new operator is considered harmful and then we can consider build our own Factory that cache prototypical objects for use as breeders of all future instances. javascript is the common object-oriented language that relays on Prototyping.

A problem with the other Factory designs above is that they require a central location where all the types of the objects must be known: inside the factory( ) method. If new types are regularly being added to the system, the factory( ) method must be changed for each new type. When you discover something like this, it is useful to try to go one step further and move all of the information about the type, including its creation, into the class representing that type. This way, the only thing you need to do to add a new type to the system is to inherit a single class.

 

At the end I must emphasize that sometimes Creational Patterns are competitors: there are cases when either Prototype or Abstract Factory could be used properly. At other times they are complementary: Abstract Factory might store a set of Prototypes from which to clone and return product objects.

G.

 

Posted on
by

These days I’ve been asked to teach these junior software developers several advanced features of Object Oriented Programming and I’ve started this class of Design Patterns. This is a drought, a skeleton, to develop the course.

What are Design Patterns? I don’t know, ;). Can be thought as grounded best practices to solve a class of problems, to have the most general and flexible solution for them. To define what patterns are we have to think about advanced application design. The advanced practice in software developing is to separate the thinks that change from the ones that stay the same. We introduce this abstraction layer into our applications to isolate changes and keep them to propagate other changes throughout the code (of course, the difficult part is to identify what change). Once you have isolated the changes in your code you have some kind of a pattern. Is it a Design Pattern? Nope, you will achieve it when you go with the most general solution.

Four problem solving techniques:

  • language specific – when use language features to get the problem solved;
  • specific design – when use the described technique to solve specific problem;
  • standard design – to solve some kind of problems (repetitive reusable pieces of codes);
  • design patterns – the most general and flexible solution for a class of problems.

Do not let them fool you with words – generalizing is not a goal, is a means. Do not waste your time looking for patterns, start thinking about your problem and in time they will be revealed.

Classifying patterns:

  • Creational – how objects are created; used to isolate the details of object creation;
  • Structural – the way objects are connected with other objects so changes in the system do not affect these connections;
  • Behavioral – objects that handle particular actions.

The laws of application design:

  • the simplest solution is the best; of course you have to consider full application life-cycle, but simplicity is the base;
  • avoid duplication;
  • isomorphism – one abstraction per class, one class per abstraction;
  • consistency – keep your ideas in place;
  • low coupling, high cohesion – coupling refers to the degree to which the objects depend on each other, cohesion refers to the degree to which the objects belong together;
  • keep your code readable (my first choice);
  • keep surprises out;
  • make common things easy and rare things possible;
  • use YAGNI – the design is finished when anything cannot be removed;
  • keep your unit testing updated.

G

Posted on
by

These days I’m in process for selecting a framework for an application. An easy task several years ago when only Windows and Visual Studio were giving the pace. Now, on anything on web days, you have more than plenty good frameworks (and far to many shitsJS) to choose from. Here are some points you must keep eyes on:

  • YOUR APPLICATION

    I have encountered people that chosen a framework because everybody else used it and also must they. Your app will give you the most important criteria to weight a system.

  • What is framework capable of?

    Do not lay your ear on internet hearsay. There are more vaporware than facts. Test it.

  • Who support the framework

    One is Microsoft, Tweeter, Facebook and other ACME ltd who wants to get framework tested for free. Do not put your money on Google. They have made history on laying down projects (and not carrying about clients).

  • Is the framework mature? Can you see it on production?

    My experience says “use only framework versioned 3.x or about to be 3.x”. They change a lot on v1 through v2 to be stable on v3.

  • Does the framework have a comprehensive set of documentation?

    This is the most important criteria to eliminate a framework. Run away from a framework (or anything in computer area) with bad support. If the producer disconsider this part their only meaning is to get free testing.

  • your application

    I cannot emphasize enough how important is the application in the process of selecting the framework to be built on. Do not chose flexibility on flexibility only, do not chose performance on performance only, do not chose web-like on anything is on web only, do not chose scale for scale only, do not chose the popular on popularity only.

G.

Posted on
by

I found that mysql supports stored procedures and start working on them. Bad idea!

On php site (http://php.net/manual/en/pdo.prepared-statements.php) you get this piece of code:
Example #4 Calling a stored procedure with an output parameter
<?php
$stmt = $dbh->prepare("CALL sp_returns_string(?)");
$stmt->bindParam(1, $return_value, PDO::PARAM_STR, 4000); 
$stmt->execute();
print "procedure returned $return_value\n";
?>

After spending a couple of hours on trial-error coding different solutions I compiled this workaround:
<?php
$stmt = $dbh->prepare("CALL sp_returns_string(@out_param)");
$stmt->execute();
$result =  dbh->query("SELECT @out_param")->fetch();
print "procedure returned ". $result['@out_param'] ."\n";
?>

To conclude: do not use mysql and php on any serious apps.
G.

Posted on
by

MySQL are un mod dubios de autentificare.

Dacă atunci cînd primiți mesajul Access Denied pentru un user@% (any host) care are toate drepturile necesare și suficiente simțiți că trebuie să-i transmiteți numai bine mamei designerului modului de autentificare nu înseamnă că sunteți o persoană rea.

Un user care se conectează la mysql pe protocolul socket connection este considerat user@localhost și este diferit de user@%. Doar pentru conexiuni via TCP user@% este alias pentru user@localhost. Dacă Bulă care a desenat mysql a considerat că modul de autentificare poate fi dependent de protocolul de conectare la aplicație noi nu putem decît să tragem concluzia că nu e bine, să-i mulțumim pentru efortul la care ne-a supus materia cenușie căutînd trei ore ce dracu înseamnă acest access denied (îndepărtîndu-ne astfel ziua debutului Altzheimmerului) și să nu mai folosim MySQL data viitoare.

G.