stevedoria.net

The completion of a task was scheduled for 3:30pm. We have been pretty good at estimating the time that tasks require, and we have exercised practices that helped ensure that we meet our schedule predictions. We were fairly confident that we were going to complete our task at the desired time, until the lights flickered and dimmed. The fire alarm sounded moments after. The completion of our task at our planned time was ultimately thwarted.

At 3pm on Wednesday of last week, a transformer that supplies power to our building exploded. All of our workstations and servers use backup power supplies, so the loss of a work day was prevented. I am glad that the UPS for my workstation was set up. We saved our work and performed graceful shutdowns on our servers. We would be able to continue our work where we left off when the power is restored.

Everyone in the office building exited to the parking lot. Firefighters came and immediately created a perimeter around the transformer. Many people had left to enjoy the remainder of the shortened workday, while others, like Chris and me, were still deciding on what way to spend the rest of the day. Some people were discussing their plans next to the defunct transformer. As Chris and I started toward my car, a flash of light caught the corner of my eye, and I heard a thunderous sound and turned to see a fireball rise above the transformer. The transformer, or perhaps a second transformer that shares the same housing, exploded with people around it. At that time, people felt it was unwise to stay next to the transformer and moved away from it quickly. Fortunately, no one was hurt.

A couple of lessons were learned that day. Firstly, even schedules that have a very high probability of being met may experience some slippage caused by external, uncontrollable factors. Secondly, loitering around a transformer, especially one that is known to explode, is not a great idea.

Sure, traffic between an SSH client and server is enciphered, but how can certainty that the correct server is directly processing client requests be enhanced. A man in the middle attack occurs when an SSH server poses as the desired host, and forwards messages between the desired host and the client. The fake SSH server receives an enciphered message from the client that it can decipher, because the SSH server provides its own public key for the client to use. Then, the fake SSH server acts as a client to the desired SSH server, passing along messages to the desired server from the client. Respecting the fingerprint of a server’s public key helps minimize the efficacy of man in the middle attacks.

The following command gets the ssh key fingerprint on typical Unix-like system configurations:

ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub

The SSH protocol was intended to use a certificate authority (CA) for ensuring that clients were connecting to the desired server. Many SSH server and client installations currently do not rely on a CA to identify each to the other. This is why the SSH server’s key fingerprint is as important as login and password information when given to remote users. Without a good certificate authority in place, users should disallow connections to servers with unrecognized keys, and manually insert the key fingerprints into applications such as Putty. When a message indicates that a connection cannot be made or that the key fingerprint has been changed, attempts to connect should be discontinued, and the server’s administrator should be notified immediately.

July 16, 2005 – Hua and I set up the company’s very first server at Broadspire LA

The introduction of another full cabinet at a new colocation site in Downtown Los Angeles is evidence of the company’s progress and sustainability. I have heard from forgotten sources that eight out of nine companies fail within their first year, and only one in nine of the companies that make it through the first year become successful. The company has enjoyed stable and controlled growth since its inception, and the company’s investment in additional resources for future products evidences our anticipation of future growth.

During the past months, the company grew its customer base to include several companies that are publicly traded and held in equities markets. Our business development team is especially exceptional at discovering client needs and suggesting company products that can meet them. The technical team has made many accomplishments to cultivate the company’s success, and the entire team’s dedication to serving clients has instilled a great deal of client loyalty.

Success in business and the development of a company is significantly determined by the ability to gather, manage, and retain a pool of resources. Our success is also based on reciprocation from our clients. We care deeply about our clients’ online businesses, and they, in turn reward us. I look forward to continuing and expanding our success through the delivery of success for our clients, and I am driven to help perfect our processes to prepare us for the next level.

[00:16]* ae (steve@liss.loosebytes.com) has joined #gamedev
[00:34] <Decept404> anyone know of any decent offline/local network issue/bug tracking solutions?
[01:05] <ae> how about bugzilla?
[01:11] <Decept404> not offline ;P
[01:12] <ae> heh, you can always install a webserver and db server for use on the local host =)
[01:12] <ae> … and it has the added benefit of making online easily at a later time

I think frequently about the design of software while I drive between home and work. I frequently come across the problem of designing user-defined, compound types or classes. Determining a compound type’s member fields and methods requires a lot of effort. The problem’s complexity is increased when an instance of a class consists of fields drawn from multiple tables in a database. Designing a class that is used in a web application is made more complicated by the stateless nature between each request of a browser. The general problem is stated as designing a class that draws information from multiple sources and supports class instances with short lifetimes.

In practice, determining the interface of an object is difficult. The use of “accessors” and “modifiers,” functions that access and modify an object’s state or internal data, is common practice among software engineers. The use of these functions helps control the operations that can be performed on an object, and it it helps maintain consistency in an object’s state. It also allows the internal implementation of a class to be modified without affecting the code that operates on instances of the class. There may be problems, however, with the tying functions and data into classes too tightly.

An example of an original Person class design is presented below with several interface functions.

class Person
{
	private Name m_name;
	private Date m_birthdate;
	private String m_password;

	public function SetName( Name name );
	public function GetName();
	public function SetBirthdate( Date date );
	public function GetBirthdate();
	public function SetPassword( String password );
	public function GetPassword();
}

The m_password field of the Person object may be retrieved from a database table named User_Passwords while the other information is fetched from the User_Pedrigree table. In the example system, code that accesses or modifies user passwords is spread throughout the system, but execution of the code is infrequent. Although the password information may be used in only 5% of operations that deal with Person object, because the object’s consistency is maintained, the password is always retrieved. With this interface, “person->GetPassword()” and “person->SetPassword( new_password )” may be in multiple places of the code.

Assuming that retrieving the password information is later found to be an expensive operation and that expense is paid every time a Person object is created, a couple of modifications to the operations on the class may be used to improve system performance. The underlying operation of retrieving a password can be reworked, or the password information can be separated from the type definition. Two refactorings of the Person object are presented below. The first treats the object as a descriptor to a function. The second refactoring reimplements the class to delay the retrieval of the password information.

Separating the password information from the Person object may force the removal of the GetPassword() and SetPassword() functions, and this will further require updates to code that rely on these functions. The need would have been avoided, if these interface functions were not present in the original class and independent functions were implemented to provide the same functionality. Code that operated on Person objects would appear as “GetPassword( person )” and “SetPassword( person, new_password )” instead of “person->GetPassword()” and “person->SetPassword( new_password )” as mentioned above.

Separating the password functions from the class is problematic, because it is against the goal of tightly grouping data and functions with classes. The code becomes less cohesive with this approach.

Delaying the retrieval of password information until it is first requested improves the example system’s performance. Resources are not used to retrieve password information, until it is first used. This has the benefit of allowing the object’s state to continue appearing consistent, and it allows code to continue enjoying the benefit of using classes to group functions and data.

The second option described above appears to be the better solution that addresses the example problem. Considering the first option may still be desirable in cases such as when the degree of cohesion between the class and its member data is unstable.