Friday, July 17, 2009

Bus Stops around the world


Just Mumbai for now.... Since Our Mumbai is the BEST!

Thursday, July 16, 2009

என் காதல் டைரி

நண்பர் திருப்பூர் சுந்தரவடிவேலு அவர்கள் எழுதிய ஒரு கவிதை...

என் காதல் டைரி

உன் மௌனங்களின் நாராசாரத்தில்
என் ஆழ் நித்திரை பாழ்..
எதிர்ப்படாத நீ தரும் இம்சைகள்
எதிரில் வந்து கத்தியில் குத்தினாலும்
தேவலாம் போன்ற வலிகள்....

எத்தனை மெல்லியவள் நீ...
ஆனால் உன் காதலை வன்முறை போலவே
உணர்கிறது என் மனது..
எனக்கு நீ கிடைக்காத ஏக்கத்தை விட
கிடைக்காமலே போய் விடுவாயோ
என்கிற சந்தேகம் தான் பெரிய கவலை. ....

ஒவ்வொரு இரவிலும் உன் திருமணப்பத்திரிகை
நூல் அஞ்சலில் வருகிறது கனவாய்...
என் பெயர் இல்லாமல் இருக்குமோ என்று அஞ்சியே
அவைகளை என் ஒவ்வொரு கனவிலும்
பிரிப்பதே இல்லை. ...

நீ அமைதியின் ரசிகை என்பதை புரிந்தும் கூட
என் பதற்றங்களை என்னிடமிருந்து ஒழிக்க முடியவில்லை.

நான் உன்னை விரும்பாமல் இருந்திருந்தால் ஒரு சமயம் நீ
என்னை விரும்பியிருப்பாய். ....- அதற்காக உன்னை
விரும்பாமல் இருக்கும் திறன் என் வசமில்லை.

நான் உன்னைக் காதலிக்கிறேன்.. காதலிக்கிறேன்.....
என்னை நீ உதறித்தள்ளுவது பொருட்டே அன்று......

Wednesday, July 15, 2009

The European Commission changes English Language

The European Commission has just announced an agreement whereby English will be the official language of the European Union rather than German, which was the other possibility.

As part of the negotiations, the British Government conceded that English spelling had some room for improvement and has accepted a 5- year phase-in plan that would become known as 'Euro-English'.

In the first year, 's' will replace the soft 'c'. Sertainly, this will make the sivil servants jump with joy. The hard 'c' will be dropped in favour of 'k'. This should klear up konfusion, and keyboards kan have one less letter. There will be growing publik enthusiasm in the sekond year when the troublesome 'ph' will be replaced with 'f'. This will make words like fotograf 20% shorter.

In the 3rd year, publik akseptanse of the new spellingkan be expekted to reach the stage where more komplikated changes are possible.

Governments will enkourage the removal of double letters which have always ben a deterent to akurate speling.

Also, al wil agre that the horibl mes of the silent 'e' in the languag is disgrasful and it should go away.

By the 4th yer people wil be reseptiv to steps such as

replasing 'th' with 'z' and 'w' with 'v'.

During ze fifz yer, ze unesesary 'o' kan be dropd from vords kontaining 'ou' and after ziz fifz yer, ve vil hav a reil sensibl riten styl.

Zer vil be no mor trubl or difikultis and evrivun vil find it ezi tu understand ech oza. Ze drem of a united urop vil finali kum tru.

Und efter ze fifz yer, ve vil al be speking German like zey vunted in ze forst plas...

If zis mad you smil, pleas pas on to oza pepl

:-)

--
Regards
Vijayashankar

Tuesday, July 14, 2009

Fashionably Mysterious

Dear friends I found this article on http://www.personalmba.com an interesting site for learning Biz Management, by Josh Kaufman!

The Dangers of Mystique

Fashionably Mysterious

There's a big difference between liking the idea of being/doing something and liking the actual being/doing.

It's easy to like the idea of being the CEO of a Fortune 50. It's harder to like the hours, the responsibility, and the pressure that comes with the top job.

It's easy to like the idea of being a manager. It's harder to like the demands from C-level execs, surprises from your direct reports, and the necessity of defending your turf in a political environment.

It's easy to like the idea of getting an Ivy-League MBA or law degree. It's harder to like the six-figure debt and the corresponding necessity of getting a 120-hour-a-week job to make the investment "worth it."

It's easy to like the idea of being self-employed. It's harder to like the fact that 100% of your income comes from your own effort, and if you screw up, you're the one that will face the consequences.

It's easy to like the idea of raising millions of dollars of venture capital. It's harder to like the fact that you've given up control over the project you're investing your life in.

It's easy to like the idea of being an author or professional blogger. It's harder to like the solitude, uncertainty, and the long hours of "butt in chair, hands on keyboard" that consistent writing requires.

It's easy to like the idea of being a celebrity. It's harder to like the scrutiny, loss of privacy, and constant fear that people will direct their attention away from you in favor of the "next big thing."

It's easy to like the idea of being a supermodel. It's harder to like strictly controlling your diet, constant workouts, and hour-upon-hour of sitting still for the camera.

It's easy to like the idea of being a Broadway star. It's harder to like the endless auditions, evenings of waiting tables, and recognition that – even after landing a high-profile show – you'll probably be out of work again in a few months.

It's easy to like the idea of being a secret agent or special forces commando. It's harder to like people shooting at you.

Mystique is a powerful force – a little mystery makes most things appear a lot more attractive than they actually are. Fortunately, there's an easy way to counteract the rose-colored glasses of mystique: have a real human conversation with someone who's actually done what you're attracted to. Here's what to ask:

"I really respect what you're doing, but I imagine it has high points and low points. Could you share them with me? Knowing what you know now, is doing this worth it?"

It only takes a few minutes, and you'll be amazed by what you learn, both on the positive or negative side.

No job, project, or position is flawless – every course of action has benefits and drawbacks. Learning what they are in advance gives you a major advantage: it allows you to examine an option without idealizing it, then choose if it's really what you want to do with your time before you start. That kind of knowledge is priceless.

Like this post? Be sure to share it with a friend or colleague!

:-)

What is Cloud Computing?

Cloud Computing is a concept, that can be well applied enterprise wide.

There is no confusion in using it. It is all about deployment.

To make it simple, there is very simple architecture dimension to it. Necessary servers and related applications are deployed very close the the place of use, limiting the internet "hopping" dependence. Also over intranet, multi cities connection with a dedicated VPN, might give an exemplary performance.

At times I felt that this is a new way of Marketing the same existing ( co hosting ) kind of service to make "moolah". Well I beg to differ again, there is some element to the meaning of "Clouds".
Major utilization - usage of systems, can be achieved, without idling or waste of resources. So theoretically, with a secure connection ( I talk broadband here ) you might be able to connect to systems in USA, while they are sleeping and work to get its power from India, when you are awake! Sounds OK.

It is a way of shared service. On the cloud.

Also the license management, of costly software or SaaS, can be optimally utilized for a given multinational corp. (MNC) with a fixed set of licenses, with this method - cloud product licence management ( a product that I am trying to patent! ).

So major achievement of cloud computing comes from the infrastructure management seamlessly.

It is not just a technology, it is an evolving business Model. Hence clouds can represent, merge different location with one another and effectively use infrastructure.

Finally we should not forget in India, that there is bottleneck on bandwidth and also the inherent politico user control on spectrum.

--
Regards
Vijayashankar

Jeyamohan's article on Ayn Rand

http://jeyamohan.in/?p=3405

ஜெயமோகனின் இந்த அயன் ரெண்ட பற்றிய ஆர்டிகிள் - கல்லூரி சென்ற போது என் சீனியர்ஸ் சொன்னது ஞாபகம் வந்தது.

என் கல்லூரி பி.எஸ்.ஜி மாணவர்கள், ஐ.ஐ.தி மாணாக்கர் விட ஒரு படி மேலே, ஒரு தனித்தன்மையோடு விளங்குவது, ஒவ்வொருவரும் ஒரு தனிப்பட்ட திறமையான மாணவர் என்பதால் என்ற எண்ணம் வலுவாக ஊட்டப்பட்ட நிலை தான், ஒவ்வொருநாளும்! கல்லூரி சேரும் மாணவர்கள், பல திக்குகளிலிரிந்து, முதன்மை மாணவர்கள் ஒன்று சேரும் போது நடக்கும் போட்டி, விவாதங்கள், ஒருவனை சிறக்க நிருபனமாக்குகிறது!
--
Regards
Vijayashankar

Monday, July 13, 2009

Some Architectural snippets on JAVA, J2EE and Web

When migrating a web-based solution to a J2EE solution, you need to consider the requirements of the original solution as opposed to taking the route of replacing like with like, e.g. replacing ASP with JSP.

It may be the case that a solution using PHP and PERL technologies to handle presentation and business logic (and in some cases transaction management), could be better separated in J2EE with presentation logic being handled by JSP and Servlets and business logic by EJBs. (If transactions are involved in almost all cases, this is enough justification for using a separate application server and Enterprise JavaBeans.)

***

Use AJAX for repeated refreshes in web pages. Gmail uses this! ( note - 5 years Beta, solidly tested ).

Ajax neither reduces browser-compatibility issues nor improves security in anyway. Ajax will not work if Javascript is disabled because Ajax is basically a combination of Java Script and XML.

***

You are architecting a new web based labor claim management application. Currently the users have a Java Swing-based application running on their local PCs, and you want to implement the new web-based solution with a GUI that is similar to their desktop application. Once the users have filled in their hours then you must send the details to central labour system through a Web service.

What of the following technologies would be required for building this application?

UI can be built using JSF and the web service may be invoked through a JAX-WS client.


The Java Message Service (JMS) API is an API for accessing enterprise messaging systems. The Java Message Service makes it easy to write business applications that asynchronously send and receive critical business data and events. It defines a common enterprise messaging API that is designed to be easily and efficiently supported by a wide range of enterprise messaging products. It supports both message queueing and publish-subscribe styles of messaging.

The Java Secure Socket Extension (JSSE) enables secure Internet communications. It provides a framework and an implementation for a Java version of the SSL and TLS protocols and includes functionality for data encryption, server authentication, message integrity, and optional client authentication. Using JSSE, developers can provide for the secure passage of data between a client and a server running any application protocol, such as Hypertext Transfer Protocol (HTTP), Telnet, or FTP, over TCP/IP.

The Java Cryptography Extension (JCE) provides a framework and implementations for encryption, key generation and key agreement, and Message Authentication Code (MAC) algorithms. Support for encryption includes symmetric, asymmetric, block and stream ciphers.

***

You are currently designing your own Desktop Publishing application, as you have not found any existing application that does exactly what you want. As part of the design, you are using a Controller to which you send all GUI requests. Not all objects can process the same commands.

For example, you cannot select the spell check tool when an image has the focus. To stop any possible errors, you would like to filter out some of the messages as they are passed from these objects to the Controller object. What pattern could you use?
Firewall and Filter are not design patterns. In this scenario, what you are essentially trying to do is filter all packets that do not meet a certain set of requirements. This behavior is just like a Proxy server dropping packets from certain IP address etc.

Proxy - (GOF 207): "Provide a surrogate or placeholder for another object to control access to it."

The other patterns:

Adapter - (GOF 139):"Convert the interface of a class into another interface clients expect. Adapter lets classes work together that couldn't otherwise because of incompatible interfaces."

Observer - (GOF 293):"Define a one-to-many dependency between objects so that when one object changes state, all its dependents are notified and updated automatically."

Chain of Responsibility - (GOF 223):"Avoid coupling the sender of a request to its receiver by giving more than one object a chance to handle the request. Chain the receiving objects and pass the request along the chain until an object handles it."

***

Both the Abstract Factory and Factory Method are Creational patterns.

Abstract Factory - (GOF 87): "Provide an interface for creating families of related or dependent objects without specifying their concrete classes."

Factory Method - (GOF 107): "Define an interface for creating an object, but let subclasses decide, which class to instantiate. Factory Method lets a class defer instantiation to subclasses."

***

The current application has been built using JSF & a custom persistence framework. You have been approached to expose some of the data as a EJB to another J2EE application. You may need to access multiple business objects to provide the data.

Use Session Facade.

See description of patterns.
Application Service - Application Service centralizes and aggregates behavior to provide a uniform service layer to the business tier services. An Application Service might interact with other services or Business Objects. An Application Service can invoke other Application Services and thus create a layer of services in your application.

Session Facade - Session Facade provides coarse-grained services to the clients by hiding the complexities of the business service interactions. A Session Facade might invoke several Application Service implementations or Business Objects. A Session Facade can also encapsulate a Value List Handler.

The Service to Worker pattern, like the Dispatcher View pattern, describes a common combination of other patterns from the catalog. Both of these macro patterns describe the combination of a controller and dispatcher with views and helpers. While describing this common structure, they emphasize related but different usage of patterns. Both of these patterns differ in division of labour among components(Controller, Dispatcher and View).

In Dispatcher View content retrieval is done by View and in case of Service To worker content retrieval is done by controller.

Business Delegate - Business Delegate reduces coupling between remote tiers and provides an entry point for accessing remote services in the business tier. A Business Delegate might also cache data as necessary to improve performance. A Business Delegate encapsulates a Session Facade and maintains a one-to-one relationship with that Session Facade. An Application Service uses a Business Delegate to invoke a Session Facade.

***


Polymorphism is a characteristic of being able to assign a different behavior or value in a subclass, to something that was declared in a parent class.

For example, a method can be declared in a parent class, but each subclass can have a different implementation of that method.

Inheritance is the ability of objects in Java to inherit properties and methods of other objects.

An abstraction denotes the essential characteristics of an object that distinguish it from all other kinds of object and thus provide crisply defined conceptual boundaries, relative to the perspective of the viewer."

Encapsulation (also information hiding) consists of separating the external aspects of an object which are accessible to other objects, from the internal implementation details of the object, which are hidden from other objects.

***

Every Java object implicitly extends java.lang.Object class. What is this design concept?

It describes Inheritance. All Java objects extend Object class implicitly and also inherit methods such as toString().

Polymorphism is a characteristic of being able to assign a different behavior or value in a subclass, to something that was declared in a parent class. For example, a method can be declared in a parent class, but each subclass can have a different implementation of that method. Inheritance is the ability of objects in Java to inherit properties and methods of other objects.

An abstraction denotes the essential characteristics of an object that distinguish it from all other kinds of object and thus provide crisply defined conceptual boundaries, relative to the perspective of the viewer."

Encapsulation (also information hiding) consists of separating the external aspects of an object which are accessible to other objects, from the internal implementation details of the object, which are hidden from other objects.

***

What is the difference between Maintainability and Manageability in Software Engineering?

Maintainability (Cade 8) "is the ability to correct flaws in the existing system without impacting other components of the system" and Manageability (Cade 9) "is the ability to manage the system to ensure the continued health of a system with respect to scalability, reliability, availability, performance and security."

***

It provides a convenient way to bind an XML schema to a representation in Java code. This makes it easy for you to incorporate XML data and processing functions in applications based on Java technology without having to know much about XML itself. Which of the following is the API described above?

JAXB - Java Architecture for XML Binding (JAXB) provides a convenient way to bind an XML schema to a representation in Java code. This makes it easy for you to incorporate XML data and processing functions in applications based on Java technology without having to know much about XML itself.

SAAJ - The SOAP with Attachments API for Java (SAAJ) provides a standard way to send XML documents over the Internet from the Java platform. SAAJ 1.3 EA (with support for SOAP 1.2) is shipped in Java WSDP 2.0.

JAXR - The Java API for XML Registries (JAXR) provides a uniform and standard Java API for accessing different kinds of XML Registries. An XML registry is an enabling infrastructure for building, deploying, and discovering Web services.

JAXP - The Java API for XML Processing (JAXP) enables applications to parse, transform, validate and query XML documents using an API that is independent of a particular XML processor implementation. JAXP provides a pluggability layer to enable vendors to provide their own implementations without introducing dependencies in application code.

***

You have developed an application consisting of Java EE Stateless session beans. Methods of these beans use simple Java types. You would like to convert them to web services. How can you achieve it?

You can use annotations like @WebService and @WebMethod. They are automatically deployed as web services.

. web.xml does not have any such entries.

. resource injection is a mechanism that removes the burden of creating and initializing common resources in a Java runtime environment.

. ejb-jar.xml does not have any such entries.

***

EJB 3.0 offers simplified entity programming model.

Java Entity is a POJO class but not an EJB, so it does not require any Local/Home interfaces. Entities may either use persistent fields or persistent properties.

If the mapping annotations are applied to the entity's instance variables, the entity uses persistent fields.

If the mapping annotations are applied to the entity's getter methods for JavaBeans-style properties, the entity uses persistent properties. You cannot apply mapping annotations to both fields and properties in a single entity.

Simple primary keys use the javax.persistence.Id annotation to denote the primary key property or field. Composite primary keys are denoted using the javax.persistence.EmbeddedId and javax.persistence.Id Class annotations.

In the Java Persistence API, you no longer need to provide a deployment descriptor. JPA supports complex relationships between Entities.

***

A typical JSF application contains
  • A set of JSP pages (although you are not limited to using JSP pages as your presentation technology)
  • A set of backing beans, which are JavaBeans components that define properties and functions for UI components on a page
  • An application configuration resource file, which defines page navigation rules and configures beans and other custom objects, such as custom components. Usually named faces-config.xml
  • A deployment descriptor (a web.xml file)
  • Possibly a set of custom objects created by the application developer. These objects might include custom components, validators, converters, or listeners.
  • A set of custom tags for representing custom objects on the page
  • validations.xml is not part of JSF.
***

Real Time Web based Application can be built using JSP for UI, stateless session beans for business services and EJB3 entities for persistence.

***

The JavaServer Pages Standard Tag Library (JSTL) encapsulates, as simple tags, core functionality common to many JSP applications.

--
Regards
Vijayashankar

Securing Company systems over Web

The company web server needs to serve pages to remote users and office machines need access to the internet.

Given the above architectural system specification you should secure it by creating a DMZ that contains the company web server.

You should put machines that provide services to Internet clients in the DMZ and the office machines and development servers behind an inner firewall.

You would then configure a proxy server in the DMZ to forward the requests from the office machines to the Internet.

***

What are the solutions available, if planning for interfacing with existing CORBA systems. You can use Java IDL to integrate with these other systems.

The following is taken from: http://java.sun.com/j2se/1.3/docs/guide/idl/index.html

Java IDL adds CORBA (Common Object Request Broker Architecture) capability to the Java platform, providing standards-based interoperability and connectivity.

Java IDL enables distributed Web-enabled Java applications to transparently invoke operations on remote network services using the industry standard IDL (Object Management Group Interface Definition Language) and IIOP (Internet Inter-ORB Protocol) defined by the Object Management Group. Runtime components include Java ORB for distributed computing using IIOP communication.

Java IDL should not be used when servicing requests from CORBA clients and the reference to messaging is a red herring.

***

How does a predominantly EJB based J2EE application that has to be accessed by CORBA clients? Which connectivity option would you recommend?

RMI-IIOP stands for Remote Method Invocation (using IIOP as the transport.) This is the protocol supported by EJB1.1

**

What if you are Streaming information of the network?

StAX provides a standard, bidirectional pull parser interface for streaming XML processing, offering a simpler programming model than SAX and more efficient memory management than DOM.

StAX enables developers to parse and modify XML streams as events, and to extend XML information models to allow application-specific additions.

Below is an excerpt from Java EE tutorial.

Streaming refers to a programming model in which XML infosets are transmitted and parsed serially at application runtime.Stream-based parsers can start generating output immediately, and infoset elements can be discarded and garbage collected immediately after they are used.Streaming models for XML processing are particularly useful when your application has strict memory limitations, as with a cell phone running J2ME, or when your application needs to simultaneously process several requests, as with an application server. Streaming pull parsing refers to a programming model in which a client application calls methods on an XML parsing library when it needs to interact with an XML infoset; that is, the client only gets (pulls) XML data when it explicitly asks for it. Streaming push parsing refers to a programming model in which an XML parser sends (pushes) XML data to the client as the parser encounters elements in an XML infoset; that is, the parser sends the data whether or not the client is ready to use it at that time.

***

Use a VPN (Virtual Private Network) to connect to company networks. Mostly applications exclusive and sharing of data, should use this. This is better than using Firewalls, over internet.

***

You have a requirement that the PIN of the customer used for ATM transactions must be encrypted using a one-way encryption algorithm to prevent data theft.

You should use SHA encryption. http://en.wikipedia.org/wiki/SHA_hash_functions

3DES is a symmetrical encryption algorithm.

Blowfish is a symmetrical encryption algorithm.

RSA is a asymmetrical encryption algorithm.

--
Regards
Vijayashankar

Various Methods of Web Attacks

A Denial-of-Service attack (also DoS attack) is an attack on a computer system or network that causes a loss of service to users. Usually it is realized through consuming all of the bandwidth available to the victim network or by overloading the computational resources of the victim system. It can be prevented by using Service Request Queue technique - limiting the number of concurrent requests one application can get while queuing all excess requests.

A Man-in-the-Middle (MitM) attack is a technique where an attack intercepts another user's session, inspects its contents and tries to modify its data or otherwise use it for malicious purposes. Measures to prevent these attachs are to use encryption of sensitive data and prevent the data being read. Some examples are using SSL, avoiding Frames/IFrames, avoid URL rewriting (SessionId is exposed).

Cross Site Scripting (XSS) is a type of computer security exploit where information from one context, where it is not trusted, can be inserted into another context, where it actually is trusted. From the trusted context, attacks can be launched.

Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user. The data is usually gathered in the form of a hyperlink which contains malicious content within it. The user will most likely click on this link from another website, instant message, or simply just reading a web board or email message.

Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on. After the data is collected by the web application, it creates an output page for the user containing the malicious data that was originally sent to it, but in a manner to make it appear as valid content from the website.

Some of the measures to prevent it : encode the data on the generated pages, escape user input (special characters,tags), validate user input(maximum length) using Frameworks like Struts Validator, users disable javascript, avoid using Frames/IFrames.

Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing is a social engineering technique to fool users.
--
Regards
Vijayashankar