Sunday, April 22, 2012

Already Over?!

Wow, this semester has really gone by fast!  As this is my last blog post as an undergraduate student, I wanted to use this post to sum up my entire college experience and reflect on everything that's happened over the last few years.  Then reality kicked in and I realized that wasn't going to happen...I would need a whole other blog and the fortitude of a level 20 elf mage to even consider such a feat.  Instead, I'm going to sum up the last two Software Engineering classes.  Here it goes...

Actually, I can sum up the course sequence in two words: teamwork and open source.  Both were vital components for the classes and together formed the kernel of what was needed to complete the course work.  Make no mistake about it, learning to work with a team is no easy task.  In our case, you are dealing with the personalities and habits of four other people who you barely know, having to communicate and coordinate with these people, and your grade depends on it!  It can be a scary prospect when first starting out in 362 (the first Software Engineering class).  On the flip side of that, it is also a rewarding experience like no other.  You make friends that you will continue to know and talk to outside of class.  It is really neat figuring out what everyone's strengths and weaknesses are, and then working with those attributes to balance the workload fairly.

The open source component has been gone over extensively in my previous posts...and now I'm going to add a little more!  My position on open source software as a teaching tool is simply this:  it gives a full-package, complete experience that I don't see happening any other way.  You learn how to use tools like virtualbox and subversion, work with raw source code, communicate with developers, and many other things too numerous to list here.  It's been a great year...now onto the real world!

Database Concepts Should be Required

The title says it all!  I've had more than a few phone interviews with local companies over the last few weeks, and have noticed a common thread.  They have all, in some way or another, asked some kind of question related to databases.  These have ranged from simple (what's a relational database) to challenging (tell me the difference between an outer join and an inner join).  If I had not taken Database concepts last semester I would have completely choked on at least one of these interviews, where I had a good 5 detailed questions on the subject.  So why is this not a requirement?  I mean, everything on the internet uses some kind of database for storage (persistence layer to us professionals).  Someone graduating with a Computer Science degree without taking this class is left with a huge glaring hole in their knowledge base.  I know, I know...we can't make everything a requirement, Jason.  Where would we wedge in yet another required course?

Get rid of 350.  Plain and simple.  This class is interesting and helpful, but definitely should not be a requirement.  For those of you unfamiliar with the class, it is the second class (250 being the first) that we are required to take on computer chips and hardware.  We are taken on an adventure through the wonderful world of decoders, multiplexers, logic gates, and the like twice.  250 is a good class and should stay in the curriculum by all means.  In that class we are introduced into binary, computer logic, and basic circuit design.  This is needed and is a good idea.  Part 2 is not.  The students would be much better served by being given the chance to take Database.  In fact, a part 2 offering of DB concepts isn't a bad idea either!

By the way, I did great on all the database questions in my interviews.

Homebase Project Presentation

For my presentation on the RMH Homebase project, I decided to keep things simple...and include some creepy pictures of Ronald McDonald (RMH = Ronald McDonald House) .  I broke up the presentation into two parts: the aspect of the project as a learning experience, and how the project as a whole enhanced my knowledge of Computer Science.

Learning Experience
Things that I learned doing this project that I either didn't know before, or had limited experience with, include setting up the LAMP stack, using the Simpletest plugin for Eclipse, using Eclipse for php, and utilizing my fellow students as a resource.  I'll not go into the first three here, as I have already extensively blogged on those subjects, but using other students' blogs as a learning tool deserves a little attention.

For the first two or three programming classes that we take here at the college, students are given any number of dire warnings about collaboration on programs or using google to find code examples.  And for those courses that approach makes sense.  I mean, we are trying to learn Computer Science here.  So being given the opportunity in this class to openly use classmates as a resource was a little weird at first.  Every time I went through someone else's posts for inspiration I felt like I was cheating!  I quickly got over this feeling when I realized that this is probably the way people program in the real world.  Open collaboration means that if you are hitting a wall on a problem, chances are someone else on the project has either seen this problem before and solved it or has some helpful input.  It is all about getting the project done efficiently and on time.  So, thanks for the help everybody!  Hopefully a few of my posts helped someone out as well.

Bringing it all together
This project really helped with my understanding of a few key concepts.  Those concepts are debugging, refactoring, and unit testing.  All three of these ideas are vital in constructing robust and useful software, and represent a good portion of the actual work that I put into Homebase. 

That was basically my presentation and accurately represents my experience working with this project.  It also gave me the opportunity to incorporate a picture of Grimace eating a small child...behold!!



Tuesday, April 17, 2012

In The Home Stretch!! Chapter 8 Exercises

Only one full week of classes left in my undergraduate career!  Focus is a difficult commodity to come by these days, but I managed to put off falling into a coma long enough to get this last exercise completed.  Now, with no further jabbering:

8.1
This exercise is in three parts and deals with making the default password more secure, as well as making password retrieval a more automatic process.



a) Suggest a more secure definition for default password assignment in RMH Homebase.
  
      I think the best way to tackle this, other that actually have the user create a password upon sign up, is to have the system generate a pseudo-random password consisting of both lower and uppercase characters, and also some numbers and special characters.

b) When a person forgets his password, suggest a way by which the person can recover it without bothering the House Manager

      The best way to deal with this would be to have a secret question and answer setup.  The user picks through a list of stock questions, picks one, and then provides a pass phrase that is associated with the question.

c) Implement these ideas and then test them.

      For the random password generator I made the following function:

<?php

function generatePassword($length=9) {
    $special = '@#$%&';
    $letters = 'aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ';
   
    $password = '';
    $alt = time() % 2;
    for ($i = 0; $i < $length; $i++) {
        if ($alt == 1) {
            $password .= $letters[(rand() % strlen($letters))];
            $alt = 0;
        } else {
            $password .= $special[(rand() % strlen($special))];
            $alt = 1;
        }
    }
    return $password;
}

?>

The code generates a pseudo-random password of length 9 by alternating through the alphabet and special characters.

For implementing the question/answer password recovery functionality, I created a new module called recovery.php.  All this class does is have an array of stored strings (questions) that can be chosen from.  Once chosen, the user can then input a pass phrase.  Both the question and the pass phrase are stored in a new table in the database.  The assignment did not say anything about connecting any of this to the GUI, so I left that part out and just made some new unit tests to make sure everything worked.  Done!

Wednesday, April 11, 2012

Chapter 8 and Password Security Rant

Two big sections of this chapter of the Software Development textbook are about user interface design and software security, respectively.  As I have a sizable amount to say about to say about software security and how it relates to password strength, I'll begin with what constitutes a good user interface.  Why?  Well, because it is good information, everyone has experienced a truly horrible website UI, and someone needs to put the word out there so the healing can begin.  The book lists 9 "principles" of good UI design buy I'll only list a small subset of those:

  • Simplicity.  This is probably the most important.  The page should walk a knife's edge balancing just the right amount of information on each page, just enough functionality for simple and intuitive navigation to the other pages, and painless viewing of embedded media.
  • Feedback and Recovery.  What the hell did I just do and how do I get back to where I was?  This should never be a problem.  Each page should clearly indicate what has been done, provide a way to undo what has just happened, and show the way to what can be done next.
  • Security.  Users should only have access to the functionality that they are authorized.  This one is actually pretty obvious, but it needed to be said.  And speaking of security...
The place where I currently intern is very savvy when it comes to data security.  All data on laptops is encrypted and a two-point login is required to gain access to Windows (I know, Linux is uncharted territory there).  First a key is required to get past the bitlocker drive encryption.  Then a network password is needed to access the VPN server.  But here's the thing:  data security is only as good as the people who use it.  And people are sometimes lazy and sloppy.  When working on user's computers I have seen bitlocker keys written on the computer in pencil, passwords on sticky notes all over the vehicle, and LAMINATED cards containing detailed login info tucked into sun visors.  I have had users attempt to give me their passwords over the phone...anyway enough said about that.  My point here is that data security needs to begin with comprehensive education and training of any employee who is going to have access to the system.  It needs to be a priority and addressed as soon as possible.  Because even the most rigorous security strategies can be trumped by simple human error.  This brings me to password strength.

'Chicken1' is not a good password.  Changing it to 'Chicken2' does not make it any better.  A good article by Chad Perrin talks about how the idea that a good password should be convenient and memorable needs to be done away with as soon as possible.  He then goes on to say that one way to be secure and still say sane (try to remember '2%4!G.>_!*5_02' every time you want to transfer money to checking) is to use a good password manager that keeps track of all the various passwords you use.  This is good advice.  By using a password manager you only have to remember one, and the rest are securely stored and encrypted for you.

Sunday, April 8, 2012

Exercises 7.1-7.3 and Team Meeting

Before I go into the exercises, there was apparently a bug (intentional?) in the 2.0 source code for Homebase.  After getting the unit tests up and running, I kept getting this error from the testMonth class whenever it tried to test the RMHdate class.  I little digging revealed that where testMonth imported RMHdate as a requirement, the 'd' in date was capitalized.  I fixed the bug and then all the tests passed.  Anyway, now on to the exercises!

7.1

This exercise is about going through the database tables and making sure they all satisfy normalization criteria.  More specifically criterion 5 and 6 from the book.  Here is an explanation of each criterion and an example that violates it from the project code:

  • Criterion 5 - Every entry in the table has exactly one value of the appropriate type.  dbSchedules easily violates this one by allowing multiple values into the table under the persons (notice the plural?) column.  When populated in sandbox mode, several entries have two people available for one slot.  
  • Criterion 6 - No attribute in the table is redundant with the primary key.  The dbPersons class violates this by using a person's first name and phone number as the primary key.  This is a redundancy as both these attributes exist elsewhere in the table.  A better primary key be the person's ssn# or a specifically assigned unique volunteer id.
7.2

This exercise is about developing further the dbShifts module by adding the following functions: get_shift_month, get_shift_day, get_shift_year, get_shift_start, and get_shift_end.  This exercise proved to be a really neat little mini-project to implement.  Basically what you are doing here is taking in the $id as a parameter, then slicing and dicing the $id to get the month, day, etc.  Php's built in 'explode' function (thanks for the hint Mario!) was a HUGE help in making this happen.  When you invoke the function, all you have to do is pass in a delimiter (a dash in this case) and it breaks up the string into the components that you need.  I also added some tests to the testdbShifts class to check everything still worked.  The other tests that were already present in the module served as a good starting point, and all that was required was to pass in a created id and assert that it was true that  a particular string was (month, day, etc.) was extracted.

7.3

Here the book is asking for the creation of a completely new module for the project.  The module that is to be made is called dbMonths (kinda like the dbWeeks class) and will be used to pull an entire month's worth of information from the database and then sent to the GUI for display.  A good starter for this is found in chapter 6, where the authors have already included the needed fields and constructor.  But, as stated earlier, the requirements for dbMonths are very similar to what is already available in the dbWeeks class, so I pretty much copy and pasted the dbWeeks module and then made the required changes.  I also created a new unit test for the module to test the constructor and functions.  After creating the new test and running it i kept getting some serious errors that baffled me for a while.  I finally figured it out.  What I forgot to do (even though the book explicitly says to do so) was add dbMonths to the dbInstall script, so that the new module can be created and added to the database.

Team Meeting

Today's meeting was really productive and we were able to pretty much complete our poster for the upcoming poster session.  Being Easter only me, James, and Matthew were able to attend the actual meeting, but a lot was accomplished despite of this.  The poster consists of sections containing an overview of the project, the lessons that we learned during the course of the semester, and how we specifically contributed to the project.  These sections are supplemented by screen shots of patches and wiki pages that we submitted, as well as a timeline of the xbmc release cycle that we found ourselves in the middle of when starting the project.

Thursday, April 5, 2012

Chapter 7 Exercises: A Slow Start

First let me say that I was unable to actually get to the exercises, mainly because of the difficulties that I encountered installing the SimpleTest plugin for Eclipse.  On that count I was ultimately successful.  Here follows the painful account of the experience.

The version of RMH Homebase that was used on previous exercises was the 1.5 version, and the version needed for the new database exercises is the 2.0 version.  What this meant was that I needed to start from scratch as far as getting a new development sandbox ready.  Going back to Scott's awesome instructions for doing this made the process a lot less of a headache.  The switch over from 1.5 to 2.0 involved the following steps:
  1. Downloading the new 2.0 code and placing the rmh20 folder into my /var/www folder
  2. Creating a new MySQL database in phpMyAdmin named rmh20DB
  3. Setting up myself with security privileges in the new database
  4. Entering these privileges into the dbinfo.php file in my webroot folder
  5. Adding the project to Eclipse
  6. Running (as a web page) dbinstall.php then dbinstallsandbox.php in Eclipse to set up the sandbox
At this point I figured that I was in the home stretch and would only have to quickly install the SimpleTest plugin.  This turned out to be a bit more complicated.  Some of these instructions were extremely helpful in the installation, but my old version of Eclipse made things impossible.  More on that later...here is the process:

  1. Download the tarball here for the Eclipse plugin
  2. Extract in whatever folder you downloaded into
  3. Open up Eclipse and go into Help > Install new software. Enter the following url into the "work with" box > http://simpletest.org/eclipse/ and then click add. 
A this point, a checkbox should come up that says "Uncatagorized", which you check and then run through the rest of the steps.  For me, because of my old buggy version of Eclipse, this didn't happen.  Thinking the problem was me, I ran through the steps a few more times and then succumbed to sweet rage and frustration for an hour or so.  After finally calming down, I realized that I needed to update Eclipse to the newest version.  I ran the update and everything went smoothly from this point on.  The final steps are thus:
  1.  After installing the plugin, its time to configure.  Restart Eclipse
  2. Go into Window > Preferences > Simpletest
  3. Enter the executable location for php (mine is /usr/bin/php5), the php.ini location (mine is /etc/php5/cli/php.ini/), and the path to where the extracted Simpletest folder is.  Then put down the file extension as .php
  4. Now go into Run > Run Configuration.  Highlight Simpletest and then click on 'New' (tiny box at top left).  
  5. Enter into the form that pops up a name for your new configuration, the project (rmh20), and then the test file (alltests.php).  Save it and you are ready to test.
After all of this I now stand ready to complete the exercises over the weekend.  Wish me luck.

Wednesday, April 4, 2012

Chapter 7: Modifing RMH Homebase Database

The reading for this chapter is a great precursor to the homework that is due on Friday.  Both the chapter and the exercises deal with cleaning up and modifying the database for RMH Homebase.  And, for me anyway, a lot of the stuff in this chapter is review.  Last semester I took an extremely useful course called Database Concepts (which I recommend every CS student take) that covered all of the things mentioned here.  For the sake of review, which is always a good thing, I'll go over a few key concepts.

The particular DBMS talked about in the chapter is MySQL, which is a relational database.  The authors start out with a little terminology, then dig right into how the database fits into the software stack for the project as the persistence layer.  The software stack that I'm using for the homework is a LAMP stack because I'm running a Linux box.  Then they go through connecting a project to a database, keys, info about tables, and some naming conventions for tables.  Then comes the cool stuff.

Two of the things that makes database design interesting are the aspects of security and integrity.  Straight from the book, here are what a secure database accomplishes:
  • It prevents unauthorized or accidental disclosure, alteration, or destruction of data.
  • It prevents unauthorized or accidental access to data considered confidential to the organization or individual who owns the data.
  • It ensures data integrity, so that the data stored in the database are always valid and accurate.
These conventions can be enforced by granting different types of access rights to specific users.  These rights can include read/write access to database tables and privileges to separate parts of the database itself.

Finally, the last part of the chapter offers some insight on how to ensure that any changes made to the database do not have a detrimental effect, and all functionality remains the same.  As in previous chapters, this involves modification of the unit tests to include those changes and then refactoring.  If a part of the database has been changed or streamlined, then perhaps something in the class that uses that part of the database can also be streamlined or removed.  Coming up...chapter 7 exercises.

Sunday Team Meeting: Prepping for Poster Session

Our team decided that the best use of our time for this week's meeting would be beginning to get ready for the poster session that is coming up this month.  We are all individually on track for our respective parts of the documentation for the project, so this was not an issue that was discussed.

For the poster session, we have to submit an abstract of 150 words or less by April 13th.  This abstract gives a general overview of our project and how we, as a team, contributed and worked on it.  We finished the abstract without too many problems...but then difficulty in respect to the physical poster manifested itself.

Our first idea was to create a google doc that we all had access to, so we could edit simultaneously as ideas popped into our brains.  This turned out to be an unfortunate idea.  What ended up happening was that we created an incoherent mess that didn't flow or make any sense, and looked like what five different people thought it should look like.  What we were experiencing was actually pretty interesting when you think about it.  It is called combinatorial explosion.

Combinatorial explosion refers to the increasing lines of communication as you add individual nodes to a network.  If you have four people, then you will have six channels:

File:4x2.svg

Adding another person, which is the size of our group, increases the communication channels to 10.  So the channels, represented by c, look something like this: c = (n(n-1))/2 for n people.  This is what was happening when we just jumped into all creating the poster at the same time with no central person in charge.

Me and James both had previous experience from creating our poster from last semester.  James did more of the work on last semester's poster, so he was made the de-facto designer of the poster portion of this project.  So now all ideas will go through him while he is creating the template for the poster, and this will reduce the lines of communication from 10 to 4.  Now that this is worked out, hopefully this will be a smoother process!