Kartones Blog

Book Review: PHP Objects, Patterns, and Practice

Kartones — Wed, 17 Mar 2010 22:38:30 GMT

New book review, this time of a PHP book. Finding a good one is not an easy task, much harder finding one that shows quality code and good practices!

As usual you can read the review at my book reviews page.

SQL Server 2008: The server principal is not able to access the database under the current security context

Kartones — Tue, 09 Mar 2010 07:54:22 GMT

Looks like SQL Server Management Studio guys didn’t properly tested the tool with unprivileged users. If, like me, you have a shared SQL Server database that lives among others, probably your DB user will only be able to see and operate with your specific database.

But if you try to expand the Databases node from the management studio, this error (Error 916) will appear:

The solution is as easy as strange and hard to come by yourself (I found it at Microsoft Connect):

Press F7 to display the Object Explorer Details window
Doubleclick on the Databases folder
Right-click in the Collation header and uncheck it.
Refresh

And now it will work and list perfectly all the server databases.

Remember, if you have a site or application that has roles, always test with the least privileged account everything ;)

Back from the MindCamp 2.0

Kartones — Wed, 03 Mar 2010 23:44:11 GMT

One of the reasons why I’m so tired this week is that the last weekend we had the MindCamp 2.0, an informal CodeCamp managed by students and .NET clubs around Spain.

I was quite informal, full of alcohol, laptops and food, and with addons like Guitar Hero tournaments, wifi cracking courses or the unique oportunity of hearing “the eye of the tiger” around 10 times per day :)

Apart from the jokes, the sessions were great (ASP.NET MVC, Task Parallel Library, security, XNA, Silverlight, the Wiimote…) and I had a great time with everyone.

You can check a small selection of photos in my photo albums, and download if you want the small (but dense!) speech I gave about high scalability (sadly, only in spanish, although if a few people request it in english I could translate it) from the Downloads section.

Using derivated Exception classes for better error handling

Kartones — Tue, 23 Feb 2010 07:46:29 GMT

One defect that I’ve been finding once and again in the past doing .NET projects is a bad exception handling strategy.

Too many times I’ve seen code that just places a generic try { … } catch(Exception ex) { … } code block to capture errors. And of course any code inside throwing generic exceptions (just with different messages).

The System.Exception class it is indeed the basis of any error that happens, but it is a bad habit to reuse it. Exception represents a fatal error, something critical unexpected.

.NET provides the System.ApplicationException class for a simple reason. To catch any exception from our applications.

It inherits from Exception, so a generic catch (Exception ex) would catch it anyway, but by using it, we differenciate between those exceptions generated by our application and those generated by external factors, like for example an OutOfMemoryException.

But if we just use ApplicationException instead of Exception we only have two layers of error levels… Why not going a step further and building a full hierarchy of exceptions?

InvalidRuleSetException
BLLException
ApplicationException
Exception

Look at that descending list… We can catch a lot of stuff from different layers:

If something goes wrong in our BLL layer while loading a fictional RuleSet, we can just show a message to the user telling him to choose a correct one.
If somehow the BLL components break, the presentation layer can catch it and present a “We’re having technical problems, please try again later” message.
If something goes really wrong in the setup of our web application (for example a wrongly configured IIS), we can silently keep users out of the website without showing them multiple nasty errors.
And finally, if the server gets out of free space for the ASP.NET temporal files folder (which has happened to me too), we will avoid more ugly errors or generic IIS error descriptions…

The easy way is to stick to simple Exception throwings and catchings, but it doesn’t helps your code readability. And probably, it won’t help too much when the application fails and you just get a generic “Exception” in your log (it is amazing, but some people forget to at least log the full stack trace…).

And all of this can be applied to PHP too. PHP contains just two base exception classes, and a few typical derived ones.

So don’t be lazy and create a hierarchy of exceptions. You, your colleages, and everyone who could use your code or the compiled components will not regret it, I promise.

Added a page with my recommended IE addons

Kartones — Tue, 16 Feb 2010 01:13:04 GMT

The same that I have a page listing my recommended/favourite Firefox addons, I think it was time to do the same with Internet Explorer and provide a small list of useful addons (mostly for development/design).

Quite small right now, but if I find other interesting components I’ll update it (you can find the link on the left).

Of course, if you know of other interesting addons, feel free to leave me a comment!

Too much power, too much control

Kartones — Mon, 08 Feb 2010 07:18:18 GMT

Recently, I had an unfortunate incident with my GMail account. It got blocked for around one hour “because of suspicious activity”.

I was doing some User-Agent tests with Firefox and User Agent Switcher with GMail open in one tab so you can imagine my terrible crime… nothing at all :) I didn’t even refreshed a lot the GMail tab.

The feeling of impotence, of not being able to do anything (I use Google for my calendar, documents, emails… even my photos) was very frightening.

Also, the page’s help was very deceiving. It said to click on a link if I thought I was “innocent”. I did so and it sent me to the help. Inside the Answers system I was able to fill a form, which apparently was sent and I was again in the help, looping between the form and the details.

So the only solution was to wait until they decided to release my account back again.

Moral of the story: Don’t put too many power in just one place, if someone takes over control of it, you’re screwed.

I will start migrating all important stuff to a @kartones.net account so in case of more “lockdowns” I can at least unplug the domain from Google Apps for Domain and plug it elsewere to keep it working and receiving emails.

Moral #2: As soon as there’s money implied, everyone is evil. It’s only a matter of who’s more or less evil compared with the others.

Top 5 Microsoft FAILs

Kartones — Sun, 31 Jan 2010 23:39:00 GMT

Sometimes, learning from past mistakes gives us the best tools to prepare for the future.

This post might be taken as a flame against MS, but I would love to see similar ones related to Linux, Apple and other major companies like IBM. I would write them (because they all have fails, some of them big too), but I lack the knowledge as I have been most of my life in a “Microsoft ecosystem”.

MSN Network: Microsoft’s attempt to conquer the online world by creating “their own internet” (much like AOL but with greater ambitions). It came with Windows 95 and on CDs.
Windows ME: The bastard Windows son. Everybody hated it, nobody can remember anything good about it without cheating and looking at the Wikipedia. Half-way between Windows 98 and Windows 2000, was quickly killed with Windows XP.
Internet Explorer 1-6: We’ve needed 7 versions of IE to start to have a decent browser. Always late (or directly the last) implementing all standards and browser features (like tabs). IE6 has particulary created "the way of the hacks" related to CSS and Javascript, hurting web development even as of today (but hopefully finally dying).
XBox 360 RRoD: Probably the best actual-generation gaming console and at the same time the most hardware failures-prone one in history. During years, almost 100% of built consoles could potentially “achieve” the Red Ring of Death, so MS had to extend the warranty period, change the motherboard and even create a specific motherboard to fix old console models without a chance of having problems again in the future. Fortunately the problem seems to be perfectly solved now and all consoles in stores work without problems.
Live for Windows: After the success of XBox Live, Microsoft got greedy and tried to charge PC users for something they always had for free: online multiplayer. It got so bad acceptance that they switched to just provide PC achievements, DLC and since recently a small online distribution store (as Steam).

As mentions that didn’t promoted to the final list, I had two more candidates:

J++/J#: Nobody knows anybody that has actually used J++ or more recently J#. It was a failed attempt to bring Java developers to the Visual Studio world and do a lock-in on the Windows platform. Finally Microsoft decided to “retire” J# after Visual Studio 2005.
MSN Search: A terrible “search engine” that for years has only had usage because www.msn.com was the homepage of Internet Explorer. After a long number of versions, they have renamed it to Bing to celebrate a brand new search engine, and seems that it is finally being worth a try and actually providing at least decent results.

As usual, this is my personal opinion. I’ve lived almost all the Windows lifecycle (since Windows 3.11) and despite of this list, I still prefer Microsoft products on some areas (like the operating system or the development tools).

Note: Although many will claim that Windows Vista should be on this list, I particulary don’t see it as a Windows ME 2. While Windows 7 is for sure “the real Windows Vista”, Vista itself was not bad, only slow, and included a bunch of great features (like the great security enhancements). It just lacked a proper polishing.

POST from http to https: The hidden security

Kartones — Wed, 20 Jan 2010 21:27:30 GMT

Most people think that the only way to have a secure login is to make your whole site use SSL. And while in order to have a sniffing-proof site it is indeed required, for most sites just performing a secure login is enough (to avoid sending your username/email + password in clear text through the network).

How does it work? In the past, sites used to have the login page with https, and after logging in would switch to http (once the cookie is set, session created, ectetera). This is not bad, but if your login page is also the landing page for your site, can take a performance hit to start negotiating SSL channels on each visit.

A more elegant and performance wise solution, that many sites now do (like Amazon or Twitter), is to keep even the login page in HTTP, but perform the POST to a HTTPS url:

Before any data is sent, the browser will detect that we’re going to post to a secure url and negotiate the SSL/TLS encryption and channel (step 9 in the image), and only send the data after everything is setup (step 14).

After that, we can change again to a HTTP channel and keep browsing at full speed (step 15), but none of our credentials have been exposed.

Is Android becoming the new J2ME?

Kartones — Tue, 12 Jan 2010 23:43:24 GMT

When J2ME appeared, we were all told that it would allow to create Java applications that would run on any capable phone.
Nice utopia, but anybody that has either worked developing or alongside J2ME developers knows that this is, apart from a funny joke, quite distant from reality.

J2ME, if anything, can be said to be “code one, port everywhere”. With the epic mistake of Sun of letting manufacturers implement their own version of J2ME Virtual Machines, the mess that we have currently gives more headaches that solves problems, but still there are quite a lot of non-smartphones in the market so support and application development has to be still present.

False capabilities reporting, all kind of errors, problems and bugs on VM implementations lead to almost 100% of the cases leading to a pack of “builds” for specific devices (or if you’re lucky, family of devices of a brand), each with different fixes and/or hacks to bypass the problems.

So, in conclusion we have a nice idea gone terribly wrong and causing a lot of development problems.

Leaving apart other major PDA types (iPhone, Windows Mobile and BlackBerry), Google probably said “Hey, we can do better! Let’s include normal Java and provide better SDKs, more guidelines, an AppStore like Marketplace but free, and everything will go nice”.

And yes, the idea is ok, in fact Google is pumping SDKs at quite a fast pace (although they are more related to special launchs like Google Maps Navigation/Motorola Droid or the Nexus One than to the size of changes and new features).

Android itself is more than decent. IMHO is after the iPhone the best smartphone choice, better than a Blackberry and way better than Windows Mobile (I’ve been a WM user since its 2000 PDAs), the market has a lot of apps…

But I see two major problems:

The first one, Google itself noticed it, and is one of the reasons why Nexus One exists: Pushing SDKs is nice, but if the OS version pushing depends on the Operator, your screwed. In Spain, my HTC Magic runs Android 1.6 because Vodafone rolled the update, but HTC Hero is stuck on 1.5 because Orange hasn’t pushed 1.6 (says will push 2.0 but we’ll see).

Nexus One will be able to have direct updates, so problem solved, but at the same time google is now a competitor of the manufacturers and operators. The same problem happens with any Windows Mobile device, you usually get stuck with the OS version it has forever. Apple did it correctly because they only build a single range of models, so they control their OS updates.

And the second problem, is the falacy of Java pure multi-platform, projected on Android.

At work, we have one specific device that does not render correctly all transparent pngs on WebKit. Why does it happen, if it’s the same browser everywhere? Why some devices throw errors when others work perfectly with the same code? Why Google didn’t thought about multiple resolutions at first, and then launched a device with a crappier, lower resolution than “the standard” after many apps are out?

Those two things, and some stupid limitations (the browser doesn’t allows HTML file upload controls, but if you install Opera Mini under Android, it is able to use them…) are making me wonder if really Android is so platform independent, or if we’re going the way of a “cooler an better” J2ME version 2.

If you have an Android phone with some apps installed, you will probably notice this in a subtle way: almost weekly updates on quite a lot of apps, with update logs like “added multiple resolutions support” and then “fixed a few bugs”, “fixed a problem with xxxxx device”, “updated for the nth time to support Android 2.1” (isn’t it backwards compatible?)…

I wish I’m wrong…

Book Review: Masters of Doom

Kartones — Wed, 06 Jan 2010 00:39:18 GMT

I’ve writen a new book review, this time about the history of John Carmack, John Romero and the company id Software. It’s a biography so don’t expect source code, but a source of motivation ;)