The Phoenix Project

Last week, I read the book called “The Project Phoenix” by Gene Kim, Kevin Behr & George  Spafford. 

Overview

It starts with Ball Palmer who is promoted as VP of IT Operation in “Part Unlimited”. “Part Unlimited” was once a rock star in the selling spare parts of vehicles but it currently facing tough competition from its competitors from all the angles. It believes that “The Phoenix Project” will help to overcome the competition challenge which is 3 years behind the schedule. 

Ball Palmer’s highest priority is to roll out the “The Phoenix Project” on the date which business had decided which doesn’t even pass the QA testing  . Also, he need to address the current operational challenges,  security audit findings and its remediation , handle the fragile systems and handle dynamics of board room.

It further revels how Ball Palmer able handled all these challenges with guidance of Eric, who is new board of director and military veteran.

What I liked most

·         Analogy of linking the Manufacturing unit with IT operations

·         Try to see the information in different dimension

·         Always think out-of-box irrespective of the current situation

Note:  This book is tribute to book “The Goal”.

Composite Web Service

I heard about this term from my colleague, initially I thought it would be something similar to wrapper webservice / Façade pattern implementation in which a web service composed of various other web services but after some goggling it seems to be bit different.

A Composite web service is set of web services which are orchestrated in a manner to achieve a particular business flow. Complex web services may be created by aggregating the functionality provided by simpler ones. This is referred to as service composition and the aggregated web service becomes a composite web service.

References / Read in detail
[1] - http://ceur-ws.org/Vol-313/paper5.pdf
[2] - http://www.sigecom.org/exchanges/volume_3/3.3-Benatallah.pdf

Flyway - DB Migration Made Easy

Flyway : It is an automated DB migration tool which is suitable for Agile development environments. Existing source controls like SVN / CVS / TFS would take care of the issues at code base side but it is doesn’t address DB side. 

 

Flyway would address it and can be integrated with the Marven / Gradle / Ant / SBT [Simple Built Tool] / Command Line. Also it supports most of the popular DBs like Oracle, SQL Server, SQL Azure , MySQL, PostgreSQL, DB2 and SQLLite.

 

New Programming Languages on the Market

These are some of the programming languages that made debut in 2014 barring GO.

HACK – Developed by Facebook.  FB is eventually planning to replace its PHP with Hack.  It supports both static and dynamic typing without making any compromise on the performance. Critics are saying it already go the endorsement that it is being used by FB at the same time it looks like a upgrade of PHP.

Swift – Developed by Apple. It is for developing the applications for iPhone, iPad and Mac.  It is expected to gain traction due to large market (App Store) and ease to use it compare to objective-C.  and it got 16th spot in the Tiobe programming trend index.  Its main feature is playground, which has two windows. Code will be displayed on a window and Application will be running on other window.  Make the changes in the code window it will be automatically reflected in the application window without compiling it. This feature is inspired from a language called Ligth-Box, creator of Swift claiming that this feature will reduce the learn curve drastically.

GO – Developed by Google.

Acronyms / Abbreviations

Though to consolidating the acronyms / abbreviations that are used across in the industry (Software).

A
ADO - Activex Data Object
AOP - Aspect Orient Programing
API - Application Programming Interface

AJAX - Asynchronous Javascript And XML
ASP - Active Server Pages
AUP - Agile Unified Process

B
BYOD - Bring Your Own Device

C
CDO - Collaboration  Data Objet
CLR - Common Language Runtime
CORBA - Common Object Request BRoker
COM - Component Object Model
COTS - Commercial Off the Shelf 
CSS - Cascading Style Sheets
CVS - Concurrent Version System


D
DHCP - Dynamic Host Configuration Protocol
DLL - Dynamic Link Library
DRY - Don't Repeat Yourself
DDD - Domain-Driven Design
DTO - Data Transfer Object

E
EAR - Enterprise ARchive
EJB - Enterprise JavaBeans

F
FTP - File Transfer Protocol

G
GPL - General Public License

H
HATEOAS - Hypermedia As The Engine Of Application State
HTTP - Hyper Text Transfer Protocol

I
IaaS- Infrastructure As A Service
IDE - Integrated Development Environment
IEEE - Institute Of Electrical and Electronics Engineers
IIS - Internet Information Service

J
JSON - Javascript Object Notation

K
KISS - Keep It Simple Stupid

L
LINQ - Language Integrated Query

M
MAPI - Messaging Application Programming Interface
MOSCOW - Must,Should, Could , Would 
MSIL - Microsoft Intermediate Language
MTOM - Message Transmission Optimization Mechanism
MVA - Model View Adapter
MVC - Model View Controller
MVP - Model View Presenter
MVVM - Model View View Model

O
OLAP - On-Line Analytical Processing
OLTP  - On-Line Transaction Processing

P
PaaS - Platform As A Service

POCO - Plain Old CLR Object
POGE - Principle of Good Enough
POJO - Plaing Old Java Object

R
RAD - Rapid Application Development
REST - REpresentational State Protocol
RFC - Remote  Function Call
RFC - Request For Comments
RMI - Remote Method Invocation
RSS - Rich Site Summary 
RPC -  Remote Procedure Call
RUP - Rational Unified Process

S
SaaS - Software As A Service
SAPI - Server Application Programming Interface
SEO - Search Engine Optimization 
SOA - Service Oriented Architecture



SOAP - Simple Object Access Protocol
SoC - Separation  of Concerns
SOLID - Single responsibility, Open close,  Liskov Substitution, Interface Segregation and Dependency Inversion
SPA - Single Page Application
SQL - Structured Query Language
SSH - Secure Shell
SSIS - Sql Server Integration Service
SSRS - Sql Server Reporting Service
SVN - Sub Version

T
TDD - Test Driven Development


U
UML - Unified Modelling Language
URI - Uniform Resource Identifier

W
WAS - Websphere Application Server / Windows Process Activation Services
WMQ - Websphere Message Queue
WCF - Windows Communication Foundation
WWF -  Windows Workflow Foundation
WWW - World Wide Web
W3C - Word Wide Web Consortium
WYSIWYG - What You See Is What You Get
WOFF - Web Open Font Format

X
XP - eXtreme Programming
XML  - eXtensible Markup Language
XSL - eXtensible Stylesheet Language
XSLT - eXtensible Stylesheet Language Transformation
XHTML - eXtensible Hyper Text Markup Language

Y
YAML  - Yet Another Markup Language
YAGNI - You Aren't Gonna Neet It

Scaling : Horizontal and Vertical Scaling

Recently I came across the term Horizontal and Vertical scaling of infrastructure. Though I am aware about the scaling but I couldn't differentiate differences between these two scaling. After some googling these are difference between these two scaling.

Horizontal Scaling

• It also described as Scale-out.
• In Horizontal scaling, additional nodes / computers will be added for scaling.
• Due to low cost in hardware and introduction of VM, now people are moving towards it.
• One of the main downside of Scaleout option would be latency and maintenance hardware.

Vertical Scaling

• It also described as Scale-up.
• Adding of memory / CPU to a server is called as Vertical Scaling.
• Downtime is required during the up gradation.  

References

http://en.wikipedia.org/wiki/Scalability#Horizontal_and_vertical_scaling

http://pic.dhe.ibm.com/infocenter/brdotnet/v7r0m2/index.jsp?topic=%2Fcom.ibm.websphere.ilog.brdotnet.doc%2FContent%2FBusiness_Rules%2FDocumentation%2F_pubskel%2FRules_for_DotNET%2Fps_RFDN_Global478.html

Security Series: Session Hijaking / Cookie Stealing

ASP.Net identifies users by means of session ID Cookie [ASP.Net_SessionID].  In case of form authentication it uses additional cookie called .ASPXAUTH.
   
    If an attacker get these cookies then they can impersonate as valid user. Eventhough modern browser restrit to alter these cookies if you access it from differnt site but if the attackers is able to inject the script in our page then they will gain the access to these cookies.
   
This attack can be prevented be these methods
Client IP Address Check:  

Track the client IP address on which the session has been initiated. Deny if the request if the client IP address is different from the initiated IP address. 
       
    Even though this is nice solution but it suite for corporate LAN scenario but not suitable for Internet application. It will reject the client request in these scenarios
        * Connection has been reset and client go new IP Address.
        * ISP provider process all the HTTP through different set of load balance proxy server.
       
HTTPOnly Cookie: 

Mark a Cookie with HTTPOnly flag. This will hide the existance of the cookie to JavaScript but it will pass it with HTTP requests. Mark all the sensitive cookies as HTTPOnly ntill or unless you have a specific reason to access it through Javascript.
       
    By default ASP.Net marks both ASP.Net_SessionID and .ASPXAUTH cookies as HTTPReadonly. You can set it HTTPOnly as mentioned below
       
    Response.Cookies.Add(new HttpCookie("Cookie1")
    {
        Value = "Values",
        HttpOnly = true
    });
   
    It’s not a complete defense against cookie stealing, because you might still inadvertently expose the cookie contents elsewhere.

References

1. Pro ASP.Net MVC 3 Framework by Adam Freeman & Steven Sanderson

2. https://www.owasp.org/index.php/Session_hijacking_attack