stevedoria.net

The Nokia 3588i, activated on January 24, 2004, was my first mobile phone. At the time, I was working at THQ, Inc. as a game tester with the hope of working for one of their subsidiary game development houses and making it big at the Electronic Entertainment Expo (E3). Unfortunately, being a game tester who once worked 76 hours in a single week did not allow time for me to maintain the development skills that I learned in school. I was hammered during an interview at Heavy Iron Studios, because of my neglected software development skills, and was pretty much signaled not to pursue a professional career in video game development. Nowadays, E3’s attendance is 3,000 to 5,000 people as opposed to 50,000 in 2005.

I have worked for five different companies while having the Nokia 3588i in my pocket. I have gained a lot of experience through the diverse work environments with different business models, products, and services. There have been many memories collected while I had this phone, and many of those memories resurfaced as I manually transferred phone book entries to my new Blackberry Curve 8330, which was activated August 12, 2008. Maybe, I should give some of these guys a call, text message, or email.

According to this Amazon.com S3 Team write up on the loss of their S3 service’s availability, “very few requests were completing successfully” during an availability event. The service’s problems seem to have started at 08:40, and the service’s error rates did not fall back to normal, acceptable levels in the United States until 16:02pm. The level of precision offered by the write up, which provides times with minute precision, suggests that the duration of the event was 7 hours and 22 minutes. Allowing a year to be 8760 hours (365 days* 24 hours), the maximum uptime that they can achieve assuming that no other events will occur within the year is 98.318%.

Certainly this event is significant for services that depend on S3 and are contractually obligated to have even just “three nines” or 99.9% availability. I have seen software implementations as well as whole companies that rely on the performance of an uncontrollable third-party. This S3 event is merely another example of what can occur even at a gigantic corporate entity such as Amazon, and it should dissuade people from building their critical systems around uncontrollable third-party services like S3.

Many people place a notice of copyright on artifacts such as web pages and include the text, “All Rights Reserved,” without actually knowing what those rights are.

The text of United States Code Title 17 (“Copyrights”), Chapter 1 (“Subject Matter and Scope of Copyright”), Section 106 (“Exclusive rights in copyrighted works”) is presented below:

Subject to sections 107 through 122, the owner of copyright under this title has the exclusive rights to do and to authorize any of the following:

(1) to reproduce the copyrighted work in copies or phonorecords;
(2) to prepare derivative works based upon the copyrighted work;
(3) to distribute copies or phonorecords of the copyrighted work to the public by sale or other transfer of ownership, or by rental, lease, or lending;
(4) in the case of literary, musical, dramatic, and choreographic works, pantomines, and motion pictures and other audiovisual works, to perform the copyrighted work publicly;
(5) in the case of literary, musical, dramatic, and choreographic works, pantomines, and pictorial, graphic, or sculptural works, including the individual images of a motion picture or other audiovisual work, to display the copyrighted work publicly; and
(6) in the case of sound recordings, to perform the copyrighted work publicly by means of a digital audio transmission.

As indicated above, the rights are subject to sections 107 through 122 of United States Code Title 17, Chapter 1.

More interesting software systems are complex, and the implementation of complex software typically requires multiple developers. The introduction of additional developers increases software complexity, which requires the software design to provide for software components that are resilient against change. Functional behaviors or component dependencies, such as the need for one component to recognize that another component has been acted upon, are sometimes recognized. This is an opportunity for exercising good design.

When encountering a relationship where it is necessary for one component to know that an operation has been performed on another component, there may exist a temptation to simply couple one component with the other. This coupling can be implemented in C by the use of a global flag or a hard-coded function call from the “observed” component to the specific “listener” or “observer” component. There are at least two problems with these approaches.

Global variables, including global flags, are generally a bad idea. The use of a global flag to convey that an event has occurred in the observed component to an observer component raises concerns over the management of the global flag. In the simplified case of an observed component being observed by a single observer component, the responsibilities of setting and clearing the flag can be distributed between the observed and observer. The distribution of the responsibilities becomes problematic when there are potentially many observers. In a situation where the order of the observer components that inspect the flag is potentially random, a problem may arise where an observer component clears or causes the observed component to clear the flag before other observer components are able to inspect the flag and act on its value.

A hard-coded call from the observed component to a function that is provided by the listening component requires that the observed component is knowledgeable of the listening component’s interface. Though recognition of the observed component’s need of a mechanism to notify an observer component may have resulted through the design of an initial observer component, it is worthwhile to consider the possibility that there may be other software components that want to observe the observed component. Some observer components may be designed after the observed component has been implemented and finalized. A hard-coded function call from an observed component to specific observer components cannot support the addition of new observer components.

Recognizing during design that a software component needs to be observable is important. This allows the designer to employ the Observer Pattern as described in Design Patterns: Elements of Reusable Object-Oriented Software. The designer of an observable software component shall provide an interface for observing software components to subscribe to the observable software component’s notification mechanism.

An example of an observable component and two observer components are presented here in C. One observer component will act on the notification from the observable component immediately, while the other observer component will wait until one of its interface functions is called.

/* observed component */
typedef struct
{
  int listener_count;
  /* array of function pointers */
  void (*listener_list[10])(unsigned,unsigned);
} Button;

void button_Init( Button *pButton )
{
  pButton->listener_count = 0;
}

void button_RemoveClickListener( Button *pButton,
                                 void (*fp)(unsigned,unsigned) )
{
  unsigned i;
  void (*temp)(unsigned,unsigned);

  for( i = 0; i < pButton->listener_count; ++i )
  {
    if( pButton->listener_list[i] == fp )
    {
      pButton->listener_count--;
      pButton->listener_list[i] =
        pButton->listener_list[pButton->listener_count];
    }
  }
}

void button_AddClickListener( Button *pButton,
                              void (*fp)(unsigned,unsigned) )
{
  button_RemoveClickListener( pButton, fp );
  pButton->listener_list[ pButton->listener_count++ ] = fp;
}

void button_Click( Button *pButton, unsigned x, unsigned y )
{
  unsigned i;
  for( i = 0; i < pButton->listener_count; ++i )
  {
    pButton->listener_list[i](x,y);
  }
}

/* observer component 1 */
void observer_OnClick( unsigned x, unsigned y )
{
  printf( "observer_OnClick( 0x%X, 0x%X )\r\n", x, y );
}

/* observer component 2 */
bool observer2_isClickEventHandled = true;

void observer2_OnClick( unsigned x, unsigned y )
{
  observer2_isClickEventHandled = false;
}

void observer2_Action()
{
  if( observer2_isClickEventHandled )
  {
    printf( "observer2_Action(): no click event to handle\r\n" );
  }
  else
  {
    printf( "observer2_Action(): handling click event\r\n" );
  }
  observer2_isClickEventHandled = true;
}

/* system */
int main()
{
  Button button;

  /* system initialization */
  button_Init( &button );
  button_AddClickListener( &button, observer_OnClick );
  button_AddClickListener( &button, observer2_OnClick );

  /* system operation */
  observer2_Action();

  /* more system operation */
  button_Click( &button, 1,3);

  /* and more system operation */
  observer2_Action();
  observer2_Action();
}

The Button component in the example code is observable. The Button component provides an interface that allows observer software components to add themselves as the Button component’s observers. To be a compatible observer in this example, a software component must provide a function that returns void and takes only two unsigned integers as parameters. The overall software system will be responsible for associating the observing components with the observed components, or the observing components can register themselves with the observed components during the observing components’ initialization routines.

Some software development shops may consider function pointers taboo. Instead of passing a function pointer to the registration function (“button_AddClickListener” in the example), a pointer to a flag variable that resides within an observing software component can be used. In this way, each software component is able to have its own copy of the notification, which it can manage in a way that is solely dependent on its implementation. This mechanism is more robust to change and the effects of other software components as it overcomes the problems of using a global flag or hard-coded function call to implement a method that allows a component to notify other components of an event.

Another case of lost backups has recently been featured on the pages of Slashdot. Let’s just hope that the “proprietary compression and encoding tools” place the strength of their cipher on a key, rather than a proprietor’s secret cipher algorithm. The article seems to suggest that third-party security consultants were unable to decipher the data because of proprietary software. A reasonable person should wonder if these consultants may have been able to decipher the data, if they had access to the backup system’s proprietary technical information. A better test of the backup’s security provides such information to third-party consultants. Since people who have had exposure to the proprietary technical information are potential adversaries to the data’s security, the provision of the technical information strengthens the testing of the data’s security.

Not that strong ciphers are unbreakable, rather, all that is needed for success is some combination of computing power and time.