hasan's blog (বল্গ)

Yesterday was a great surprise for all of us, you know somewhere in… is a place to make color for people as well as for creating color for their talents too. nice explaination from Samiha esha is here .

howdy, well it’s been really an interesting day for us at office today. actually last week arild proposed to our java team members that we should arrange some small dramas about our every project activities…this function of activities can fill up our communication gap with our clients more efficiently.
our project manager shahana apu arranged a fantastic drama about our idg project with all of us today. she organized the drama quite fantastically. and i must thank to my all team mates for participating in such co-curricula activities. without your cooperation it won’t be possible to make it possible.

now lets come to the real fun. shahana apu wrote a tiny script for us. interesting is that she shuffle the characters and distribute among us. i was really amazed that all of our team members really played outstanding. they took only ten minutes rehearsal and they perform the whole drama quite spontaneously. it’s really kind of absolute new experience for me. i never would even participate in my school’s drama program. but arild really introduced quite nice concept of development to our team. with this small drama project we can easily find out how the problems and flow of work quite easily. this kind of projects really appreciating.

anyway, here’s i m describing our idg project drama roles. hope you will enjoy it.

today, i got a request to explain about Content management system and how it suppose to be developed. here i am putting my cms architectural thoughts over an Graphical presentation. i hope it will be easier to understand. (more will come on next blog)
How a Content Management System architecture should look like:

Overall architecture

1. Presentation layer:
presentation layer is consists with HTML, WML, XML, PDF or Multimedia object representation. if you say about Java. i would love to use “JSP, Velocity or Ruby” type scripting language. which has less access on core API or database access layer.
2. API:
API is main area to focus for the time being, on my next article, i will come up with more stuffs on integration or joint point. API is a complete bridge among presentation, web services and plugin integration. API has to maintain a series of stuffs.like: framework, repository and version of contents, LDAP and Database stuffs.

3. Framework:
Framework is the way to hook or tie up all stuff together. this part is consisting with Class/Interface and application container. most often DI and IoC container could be used over here, where managed objects are created and destroyed inside the container. this is for concrete Implementation on language dependent framework.

I would love to say about Spring Framework for managing all class and interface and aspects related stuffs.

this part of framework is highly scalable, tuned and tightly coupled with distributed object caching, DSO and persistence layer. this part has to support clustering and other performance and loading balancing related stuffs.

4. Repository/Version (VFS):
Repository is meant to be a process of storing content and their changes in a several versions. Repository is maintained over a Database or filesystem.

some content like Multimedia object which is better to be stored in local file system. repository and version system will ensure those object to be stored with their every change logs.

5. LDAP/Database:
For authentication and authorization purpose LDAP server can be used. it is good for isolating user related stuff. single ldap server can be used for multiple enterprise purpose. it is better practice to keep user out of the application specific storage.

6. Database:
any relational database can be used to store and retrieve contents. local file system will be used to store media type objects. (for example: image, video, audio etc…)
7-8. Web services:
To simplify all stuffs and tie them all under a same hood. web service is meant to be a good choice. it will provide various services over HTTP protocol. RESTful services with various content type. for example: JSON, XML or Plain textual. it is good choice to become more on web 2.0 and more on upcoming WEB 3.0 with lot of sharing with 3rd party buddies.

9-10. Joint point or Plugin:
this part is coming with a simple wrapper of API, which is intended to provide an abstract platform for Plugin and 3rd party developer. those who want to meet or add on their requirement on top of Content Management System, this part has to be developed.

best regards,
-hasan
“Fly without wings”

Recently i was reading an article from Hasin bhai,
which is titled “Just PHP will give you nothing, unless you upgrade yourself”
here is my comment on hasin bhai’s post

wow hasin bhai, nice write up.
Bro i wanna add up few topics which are leaking in most of the php developers. i belief most of the PHP developers are producing dirty fast code (not 30th first night ) it is because of the following reasons:
(my suggestion are enclosed with in ‘–>’ context)

1. less concentration of DRY (Don’t Repeat Yourself)
–> Create each fragment as reusable module (for example: latest_comments.php, latest_user.php, latest_news.php etc..)

2. Search those code which u have written more than once
–> Separate them. (keep them in separate reusable file)

3. Keep your business logic away from presentation layer
–> you don’t need to follow any strict design pattern like MVC, MVP. just plain solution is enough. Use php class to manage your business rules.

4. Use any good framework, it doesn’t mean you have to use java or Ruby on rails like framework. Better go for simple and productive framework.

5. Use library from trusted parties (hope zend is growing up its huge libraries on many aspect), PEAR is obviously great choice.

6. Don’t think all running web application is 100% accurate, and never ever grab their design and code. Better use your own sense and create a colorful stuff… meet your own client requirements.

7. Don’t mix up PHP with java or these kinda technologies
–> The way php works and the way Java works are not same, and better not compare both. Never ever try to implement all design patterns which are successful on Java EE platform. PHP is great for its simplicity. Java is great for its complexity.

8. Go for better object orientation, but it doesn’t mean you have to restrict everything with in a bunch of classes.
–> PHP is not intended to develop for this purpose. Rather follow php related performance tuning stuff.

9. Always keep your data access layer separate from raw or presentational php coding

10. Always go through open source projects, where you can learn how big projects are managed by human beings.

My few suggestions:
1. Keep a separate file for all SQL queries. for example:
(#) file: sql_index.php
——————
$select_users = ’select * from User’;
$delete_user_by_id = ‘delete from User where userID=?’;

$select_comments = ’select * from Comment’;
$delete_comments = ‘delete from Comment’;

(#) file: sample_usages.php
———————
…..
$result = mysql_query( $select_user);
…..

—> Benefit is, when you want to solve cross database related issue, you can resolve it very frequently (though you can write Data Abstraction Layer dependent code)

2. Presentational files (which files are used to render web UI) should keep their logic through few helper functions (rather hard embedded code). For example:
(#) File: test.php
——————

title ? >

(#) File: replace_test.php
—————-

3. Limit frequent database access.
–> Go for caching system, use PEAR cache or any cache solution from PECL. For more optimized and challenging solution go for DSO related caching solution, whenever you will need multiple server It will give you a big hug. Go for MemCache, as it has been proven for several years.

4. Grow your knowledge on Software engineering.

5. Explore your idea, you can become a good developer but you can’t become a good idea creator unless you explore and dive inside the deep sea of knowledge.

6. Travel as much place as you like, it will help you to grow up a good sense of creativity. (I have to start it … )

7. Don’t forget to adopt little stuff from TDD (Test driven development), dig these terms: unit test, fixture etc…

8. Try to work on agile team. Enforce your PM to learn about agile related stuff. Select the best agile methodologies which are most suitable for your company. (Agile comes with a bunch of options, scrum, XP, rup and many stuff)

9. While you writing your code, always think, your code will be verified by some guy, who is very strict and who will surly scream because of your poor writing… :p (anyway, if u feel your code is nice … just send me. during my week ends I will check it up… obviously I will come with a set of good criticize )

10. Learn, Dig, Seek and Dive in “KnowSea”

11. Use change management tools, (Subversion, bug tracking system and project planning tools)

(hasin bhai apologized for Big comment :p)

Best regards,

Dear friends and messenger buddies,

From tonight I am no longer going to use MSN and Yahoo messengers. If you want to contact with me please drop your message over “hasan83bd — AT – gmail.com” or my official email address. (hasan — AT — somewherein.net)

Best regards,

nhm tanveer hossain khan (hasan)

Through out my software development experience I found following common security pitfalls:

1. Relying on web browser supports, for example disabled, readonly or hidden html fields.
Some sites, (for example: spaces.live.com) keep user name inside a read only text field. Using FireBug or other DOM editor, anyone can alter those text fields.

2. Only JavaScript based content validation.
At anytime user can disable javascript feature. Keep security restriction support from server side.
3. No server side content sanitizing and validation
if you are missing server side data sanitizing and validation, it would worth a huge lost, when some people will introduce database injection or other problem.

4. If any button is used for single purpose, it should be disabled or hidden after performing its task.
Otherwise user may click on that button once again, perhaps that button will hit an unexpected server hit. Save server side hit.

5. Incase of own managed session, every session should commit to suicide after a certain life time. After session dead, every session ID must be invalidated.
Otherwise, user may use previous session id to perform any spamming.

6. Limit your controller to “POST” only.
All form submission and data changes request will be performed over “POST” request. And all data retrieval request will be performed over “GET” method.

7. Releasing product without proper security test.
Perform and verify all probable security pitfalls and development limitation, before opening for public.

8. Asynchronize ajax request for each function.
All functionality should be synchronized to perform each request. For example, a pipe can be used to handle one function, another pipe for handling another function. So whenever user double clicks on any button or function. It will wait until previous function is completed.

Functional pipe process

That’s all for today

On our daily activities we have to manage a lot of articles. Most often articles are managed over user own computer. Obviously google doc (old writely) is doing excellent job. Google doc or these kinds of services are managing online documents.

But what do you think about Escenic?
Escenic is known as Content Management System. Many popular Nordic, UK and USA newspapers are publishing on Escenic Engine. Millions of articles, millions of multimedia objects and many user profiles are managed over strongly backed java based Escenic Content Engine.

Let’s think about an escenic publication where user manages own created articles. User has option to use Escenic web studio or Content Studio to manage own articles.
Let’s imagine we have developed a highly optimized AjAX based web interface where we are providing escenic backed article management and publishing system.

What does article mean?

1. A container of textual content
2. multimedia contents (i.e. Flash content)
3. pictorial contents
4. audio and video contents

escenic is born to maintain these kind of stuff. More over escenic has proved its own strength over year and year.

What does publishing mean?
User can publish own article on any 3rd party services. Let’s think you have a blog site. You want to publish one of your articles which is kept in “MyArticles” service. See how easily we can manage this stuff:

1. Just select your article from escenic web panel
2. Select publish to “my blog” service.

Exactly same way you can publish, podcast, video blog and so on.

How about busy journalist?
Let’s think about a journalist, who engages himself with lot of news services and blog site. How can we simplify his daily life? Obviously “MyArticles” can become a big hug.

What would be the features of “MyArticles” service?
1. Common platform for publishing article on many different services
a. Newspaper
b. Blog service
c. Picture, Video and Audio blog
2. A common platform and an API will be introduced to integrate new service
3. many more…

Food for think

Hello,

i was searching my old projects, suddenly i found one of my funniest projects. i named it “Color Selector”.

“move your mouse over anywhere and checkout the color’s hexa code. it is very helpful for web designer, who wants to pick color.”

Color hints popup window attached with mouse movement	System trey pop up enable/disable icon

history:
JDK 1.5 was in beta version, one day i was checking through all stuffs. suddenly i get to know about MouseInfo class.

so i wrote the following line of code:

MouseInfo.getPointerInfo().getLocation().getLocation();

now i have prepared a standalone package for windows with installer.
hope you will enjoy..

hi,

it is really amazing. Congrats Tashan for your nice gift. i like “ALO” song among the newly released  songs from “Eccha” album.

Hi my viewers, you can check out Tashan ALO rigntone from the following URL or you can subscribe my following feed to iTunes or other PodCast player. so later u will be informed with cool bangla ringtones..

1. Tashan ALO Ringtone

2. My PodCast url 

“Omar AL Zabir” the name in .NET domain is always shaking us with lot of new cool ideas. recently our Misho bhai (his nick name) introduced us with a creature of his healthy brain. it was “Building Google IG like Ajax…stuff with in 7 days…”.

Man, you really made it great surprise for 2007 !!!. , hi readers don’t you belief me right? just read the following introduction and click over here to continue the rest of the article ….

I will show you how I built a start page similar to Google IG in 7 nights using ASP.Net Ajax, .NET 3.0, Linq, DLinq and XLinq. I have logged my day to day development experience in this article and documented all the technical challenges, interesting discoveries and important design & architectural decisions. You will find the implementation quite close to actual Google IG. It has drag & drop enabled widgets, complete personalization of the pages, multi page feature and so on. It’s not just a prototype or a sample project. It’s a real living and breathing open source start page running at http://www.dropthings.com/ which you can use everyday. You are welcome to participate in the development and make widgets for the project.

This is only true for this guy who can bet any ajax start page…

Shameless disclaimer: I (Omar AL Zabir) am co-founder & CTO of Pageflakes, the coolest Web 2.0 Ajax Start Page. I like building Ajax websites and I am really, really good at it.

How to automate the traditional Cow supply process

Year 2007 is really different, we kick started our 2007 with a lot of funs. We got 2 different festivals with in same day. It is bit different, isn’t it?? .

Year 2006, I wasn’t thinking much about my daily responsibilities & life. I was bit robot. No pain was on my skin. But the end of 2006 fall me in really a lot of thinking. I am bit confused whether I have to participate in social activities or I can ignore them or I should ignore them.

Our family was too busy since last 2 days, lot of family stuffs. My family was taking a lot of preparation for EiD festival. I am bit dull and bore guy, who never care about any family and social culture. But recently I really got a depth feeling whether I should keep me involve with all those social stuffs or I have to become an alien.

Become an alien is bit easy task, just hide yourself from all buzz and fuzz… no need to involve in anything. Just keep your butt stick with bed or chair. It is not bad at all. But I started believing, it is not really a human is being created for.

I am planning to involve myself with all social and family stuff from this year on, but I have to fix few social problems too. I am personally not like those people who accept everything from the first understanding. I like to find out the logic or relation with real benefit.

So today, when I was coming after EiD – ul – azha prayer, I found two of mine Dula bhais. They both are teachers of a respective school and a university. I knew these two guys since my child hood.

We were discussing on various topics, suddenly I an idea poped up on my head, it was about how we can simplify our traditional & cultural activities. Let’s think about EiD festivals.

During EiD –ul- azha we usually buy Cow. I know they are experienced guy, so my question wasn’t wondering for them rather they enjoyed and wanted to introduce few services. Here I want to share few services that I am planning for Next generation.

Here is our traditional way of cow supply:

traditional cow supply process

Figure 1: Traditional Cow Supply chain

Traditional way of cow supply chain collects cow from the following sources:

1. Cow firm
2. International cow (basically Indian cow)
3. Individual cow supplier

1. Cow firm

Cow firm is usually a big place, where many cows are maintained and built. In our country we have insufficient cow firm. Most of the time we have to depend on International cow firms (Mostly India).

Because of insufficient local cow supply, our cow market is imbalanced and most often fake crisis is intentionally raised to pop up the market value.

2. International cow

Most of the EiD festival we have to wait for international cow firm. Our cow related business is totally misleading by few international cow agents. Intentionally fake crisis are recurring most often. International cow are nice looking, too long and too nice to show off. But meat is not exactly comparable with locally managed cow. Anyway International cows are really affecting our local business.

3. Individual cow supplier

Individual cow suppliers are individual cow firm holder or those people who wants to sale their domestic cow. Most often these cows are bit aged and suffers from nutrition and lot of physical problems.

Interceptor

Most of the third party agents act as an Interceptor. They intercept with in every supply processes. Usually they purchase from the individual agent or big firm or international agent. And create various fake crises to rise up price level.

How to resolve such problem

I can’t suggest any solution rather I can show up my idea; I am warning everyone “I AM NOT EXPERT ON THIS SUPPLY PROCESS”. Most of my information is based on my imagination. Any correction is mostly appreciated.

proposed cow supply process

Figure 2: My Proposed Supply process

Managed processes:

1. Quality assurance team
2. Data center
3. Media
4. Customer

Before explaining these stuffs, I want to remind about few basic cow selection process. As far I know a good cow is measured by following statement

Good Cow = Weight + Figure Dimension + Age + Color (* optional)

1. Quality assurance

So far I have heard and understood. No cow is verified by any quality assurance team. All cows are verified by local agent or global agent, where quality doesn’t mean quality for human. Most common complain about cow is cow are not properly maintained.

No way cow are passing through quality assurance process.

We would be highly dependent on quality assurance process. Each and every cow has to pass on every quality assurance test.

2. Data center

After completion of quality test, all cows will be locked up in our own haat. Our data center will hold profile of each and every cow.

Generally speaking, after locking up all cows, we will take the responsibility of maintaining all cow shit!!! .. no third party cow firm won’t be used. Rather our quality team and doctor will take care of each and every cow.

Data center is huge archive of cow profiles which is linked up with different business services.

3. Media

We won’t mind to appreciate any creative media. Media layer is our distribution channel. We would love to distribute our cows over online (web application), TV Show, Radio program & News paper classified advertisement.

We would love to enable our end user to build up an online community where cow firms, individual agent and so on are rated by customer himself. Our cow’s price won’t vary on location of haat or firm or country. It will vary on measurement standard.

Good Cow = Weight + Figure Dimension + Age + Color (* optional)

That’s all for today …. Holly Cow Shit!!! Write up…

I would love to see a painless cow haat over modern media.

Best regards,
— nhm tanveer hossain khan (hasan)

Cow taken from -

http://www.cs.princeton.edu/gfx/proj/sugcon/models/cow.png