Meaningful code comments...

Nothing frustrates me more than looking at someone else's code and searching for that elusive bug that killed part of the application.

The code I looked at yesterday is  undocumented and did not use any of the standard naming conventions for C# which makes it doubly hard! Well, to be truthful there was some comments here and there but the way the comments were written is what ticks me off. Here's a sample:

// If index @ 0 not equal to mLinks count
if (ckbSkip.Checked
   && mLinks.SelectedItems[0].Index != mLinks.Items.Count - 1)
{
  mLinks.Items[mLinks.SelectedItems[0].Index + 1].Selected = true;
  mLinks.SelectedItems[0].Selected = false;
}

Did you see what I meant?

The comment alone wasn't very helpful, at all!

It could have been written in this manner:

//if user wants to skip to next mfg
//and we are not at end of list, go ahead
if (ckbSkip.Checked
   && mLinks.SelectedItems[0].Index != mLinks.Items.Count - 1)
{
  mLinks.Items[mLinks.SelectedItems[0].Index + 1].Selected = true;
  mLinks.SelectedItems[0].Selected = false;
}

Code comments should say 'why' it is written that way and the code itself shows 'how' it's done.

Fake Flash Memory Products

If you are planning to bid or buy a flash memory product (USB sticks, SD cards, Sony sticks) from eBay or other auction sites, be warned! There are literally thousands of sellers out there selling fakes. Advertised as 16GB or 32GB, their true capacity is actually somewhere between 1 or 2GB. Be specially wary of sellers from Asia (China, Hong Kong, Singapore, etc) that sells USB drives.  They are priced so low you might be tempted to bid for one.

If you do, test it immediately! One of the software tools that has been around and is very reliable is H2testw v1.4.  It was created to specifically test for counterfeit USB drives. At the end of the test it will output the following:

The media is likely to be defective.
1.9 GByte OK (4044672 sectors)
14.0 GByte DATA LOST (29483136 sectors)
Details:14.0 GByte overwritten (29483136 sectors)
0 KByte slightly changed (< 8 bit/sector, 0 sectors)
0 KByte corrupted (0 sectors)
1 MByte aliased memory (2048 sectors)
First error at offset: 0x000000007b6f0000
Expected: 0x000000007b6f0000
Found: 0x00000003ff260000
H2testw version 1.3
Writing speed: 4.44 MByte/s
Reading speed: 14.3 MByte/s
H2testw v1.4

Make sure you save this output so that you can offer it as proof that the USB you just paid for is a fake. If you bought the item from eBay report it immediately by opening a case against the seller and offer as proof the output from H2testw v1.4. Do not leave a positive/neutral feedback to the seller nor should you return the item to the seller. Otherwise, the seller will just re-list it back on eBay.

For more details head over to SOSFakeFlash.

The Life Cycle Of A Programmer

source: http://librenix.com/?inode=38

• binary age(*) 0 > 1 (baby): learns structure of first language
  
• 1 > 10 (toddler): walks, learns many keywords of first language and significance of context, develops philosophy of life
  
• 10 > 100 (little kid): violates rules of language, is housetrained (usually)
  
• 100 > 1000 (brat): violates intent of language, starts school to learn new ways to abuse language
  
• 1000 > 10000 (big kid): reaches physical maturity, reverts to subset of language with local variations -- causing parsing errors among programmers of all other ages
  
• 10000 > 100000 (trainee): reaches mental maturity (usually), learns new languages, starts to work (usually), marries (maybe)
  
• 100000 > 1000000 (programmer): reaches emotional maturity (usually) and begins to decline physically, works, dreams of times of no work both past and future, divorces (usually), remarries (maybe)
  
• 1000000 > 10000000 (curmudgeon): forgets languages, declines in usefulness; almost all programmers are retired during this age range, although in the past some remained working well into this range to deactivate millenium(**) bugs in their older code
  
• => 10000000 (zombie): this is currently not possible due to the age field having been defined as a signed char; while negative ages are not logically possible, it is believed that the negative range was once used for returning errors from age-related functions and this definition has been retained for historical compatibility (the language committee apologizes for any inconvenience this may cause)

* age expressed in complete cycles around the main energy object

** primitive languages used an obsolete numbering system called 'base ten' which somehow encouraged programmers to create date bugs related to the value 11111010000 (?)

2010 CWE/SANS Top 25 Most Dangerous Programming Errors

Cross-site scripting and SQL injection are the 1-2 punch of security weaknesses in 2010. Even when a software package doesn't primarily run on the web, there's a good chance that it has a web-based management interface or HTML-based output formats that allow cross-site scripting. For data-rich software applications, SQL injection is the means to steal the keys to the kingdom. The classic buffer overflow comes in third, while more complex buffer overflow variants are sprinkled in the rest of the Top 25.

Source: http://cwe.mitre.org/top25/index.html

Wired on Apple's iPad

Wired on Apple's iPad. Pretty cool video below.




Makes me wish that I have one right now!

It also makes me wonder if Wired is giving this away for free (I must be hallucinating) or charging me a whole lot of money to view their stuff on the iPad. Even the New Your Times is in a quandary as to how much to charge for the iPad version of the paper.

We Are Under Cyber-Attack!

I posted the following way back in 2008. I feel it is relevant today as it was then. Read on!

The NSCA Consumer Research Study has just been released and I cannot believe what I read. Apparently there’s still a lot of people out there who’s totally in the dark as to what cyber-attackers can do to an unprotected device, and you know what I’m talking about. It’s your computer!It’s just mind-boggling that some people would buy a wireless device (a router, for instance) and skip the part in the installation where they are supposed to secure it. That’s just criminally idiotic and totally irresponsible. It’s like buying a brand new car and leaving the doors unlocked in a public parking lot. Anyway, enough of my ranting and here it is…

Overview of NSCA Consumer Research Study

Key Findings

• 49% of consumers have changed their password within the past year (19% of those within the past month)
• 71% have never heard the phrase “botnet” (29% are aware of botnets)
• Only 22% think it is at least somewhat likely that your computer’s security could affect homeland security (59% think it is not likely at all)
• 53% believe it is possible for a hacker to use your computer to launch cyber attacks or crimes against other people, businesses and our nation
• 46% of consumers are not at all sure of what to do if they became a victim of a cyber crime
• 48% do not know how to protect themselves from cyber criminals.

Remember my Passwords!

Over the years I must have downloaded and installed/uninstalled quite a few (I cannot remember anymore!) password programs that can help me manage my usernames/passwords combinations. With so many websites out there that requires you to login first before you can use their services it is quite daunting to remember what username/password to use. I don't particularly relish the idea of writing my username/passwords on pieces of paper because it's inherently insecure besides being foolish. I am also wary of 'password managers' that claims they don't have access to all the juicy information I entrusted to it. Then again my memory can only hold so much.

So, this morning, I downloaded the LastPass application from http://www.lastpass.com. According to their website it is "an online password manager and form filler that makes web browsing easier and more secure." Good. Exactly what I need. So, I went ahead and installed it. It was easy and straightforward. No hassles at all. Then the application prompted me if I want to search for insecure information on my computer. I sure got the shock of my life when it easily retrieved all of my passwords that I use for Twitter, Facebook, GMail, etc. It dawned on me, duh! that any malicious application can easily do the same had I inadvertently downloaded one. Whew! That sure would be big trouble.

Right now I'm testing LassPass but it looks very promising.

Another mobile operating system...

Slept late, woke up late. Opened my browser and voila! Another operating system from the two biggest companies in the world. Nokia and Intel. Nokia, the largest cell phone manufacturer and Intel, the biggest chip maker, must be facing enormous pressure from Apple, Research in Motion, Microsoft, and AMD, to force the birth of a new operating system, the so-called MeeGo.

How in the world do they pick OS names?

MeeGo, if you look it up in the Wikipedia, is "a short-lived American science fiction sitcom that aired on CBS in 1997. It's a 9,000-year-old shape-shifting alien from the planet Marmazon 4.0".

How in the universe do they pick planet names?

Anyway, here's a few backgrounder info from different sources regarding MeeGo, the shape-shifting OS that's about to pop-out of the belly of Nokia and Intel.

MeeGo, is a new operating system that can run on advanced smartphones, netbooks, connected TVs, and tablet computers is arriving this second quarter of 2010 courtesy of Nokia and Intel. MeeGo, as it is called, is a merging of Nokia's Maemo and Intel's Moblin. MeeGo will support both Intel's Atom and ARM architectures. System and developer tools are expected to be released in the coming weeks and is based on Qt which will allow developers to build once and run the application on multiple platforms.

Sounds good, doesn't it? But whatever happened to the venerable Symbian? After being acquired by Nokia in 2008 and its software released into Open source world in February 2010, is it going to be the end?

Nope! According to Nokia, Symbian will continue to be the mobile OS of choice for low-end phones and not so smart smartphones. Poor Symbian.

So, here I am, wondering if this will be the operating system that will finally deal the iPhone's OS the death blow. Wondering, wondering, wondering...

Maintaining browser compatibility

In my work, browser compatibility is critical. It's no longer "cool" to just put a link that says: "For optimum use, we recommend " and append "Microsoft's Internet Explorer", "Mozilla's Firefox browser", Opera, and/or Google's Chrome.

A carefully designed website has to work great on all the major browsers (Internet Explorer, Firefox, Chrome, Safari, and Opera) and be functional, at least, on the less known ones (see Other Browsers). If your website doesn't, it's either a sign of laziness or just plain incompetency.

Thus, in my web arsenal, I have FF, IE, Chrome, Safari, and Opera. I usually test my website under FireFox first and then move on to the other browsers. True, it can be tedious to test a website's layout and functionality on so many browsers, but it has to be done.

One of the tools that has been available in FireFox has been IE Tab, an add-on that allows the web developer to view how a particular page will look like in IE. I have found this tool to be indispensable since I don't have to open IE itself.

Another add-on that has proven itself to be invaluable to the web developer is Firebug. What is nice about Firebug is that it integrates itself so well with Firefox to put a wealth of development tools at your fingertips while you develop your web page. You can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page.

Of course, all the tools I mentioned above can only help so much. You still have to apply the right CSS (Cascading Style Sheets) to your webpages so that they will appear correct on every browser you're testing it with.

Cascading Style Sheets or CSS is an entirely huge topic and you might want to read up on it if you're not familiar. Facility with CSS is a must for any web developer and tools and guides abound in the Internet. One of the best sites to learn from is Zen Garden.

At work, we have to contend with some clients who are still using Internet Explorer version 6. I don't have any clue as to why these users don't want to upgrade. According to a Wikipedia entry, as of October 2008, 36.01% are still using IE6. This is a reality that every web developer has to face.

Conditional comments comes to the rescue. They work as follows:

Conditional comments only work in Internet Explorer on Windows, and are thus excellently suited to give special instructions meant only for Internet Explorer on Windows. To learn more about them surf over to: Quirksmode.

Hopefully, this blog post helps you. It's a continuing battle to develop websites that will work and look good on all browsers and versions.

Windows 7 driver problems

Updated my Vaio VGC-RC110G operating system from Windows XP Professional to Windows 7 Professional a few days back. The installation itself went smoothly but was disappointed that there were no suitable drivers for my on-board audio and the TV tuner (Conexant) that went with the computer. I searched the Internet for solutions to the sound problem but the suggested fixes didn't work at all. The Vaio support site has a Vista driver but it's packaged in an executable. When ran, the executable checks what OS is running and exits if it's not Windows 7. Sony should immediately update this executable to check for Windows 7 and allow the Vista drivers to be installed. A stand-alone Vista driver available as a download would make it even better.

Anyway, I finally gave up waiting for Sony Support to give me something that will fix the on-board audio driver problem and went ahead and bought a Riviera PCI Sound Card from Turtle Beach. After turning off the on-board audio from the BIOS. I opened the computer case and slid the card right on the only available slot. I then proceeded to install the software that came along including the Vista drivers and was soon listening to awesome music.

I love this sound card.

eBay store doing great...

My first blog posting of the year. I got so busy at work and at home I totally forgot about "my blog".

We started an eBay store last June 2009. It's called MedNurse Uniform Station. The eBay store shows a lot of promise. We've had lots of sales and the feedback is awesome. We're still looking, though, for wholesalers that can provide really good stuff on nursing uniforms (which is what we primarily sell), but we're open to sell almost any stuff. :-)

A few days back we received notice that eBay is lowering fees on fixed-price listing auctions. Now, that's really good news. I hope they don't change the final-listing fees, though, no matter how miniscule it would be.