The principles of Software engineering consist of determining the feasible approach toward managing a software application. The normal processes of engineering software involve: the interviewing process, which is the research and studying of the problem domain; and the prototyping process, which refers to the understanding of the type of data needed for each level of the problem.

A good practice is to use Data Flow Diagrams to visually articulate how each process of the problem interacts with each other to solve the big problem. Using Data Dictionaries helps to define each data prototype and conceive the stability of managing each sub-unit of the problem domain. Each sub-routine that solves a specific problem should have its own specification.

If the software application utilized a database, the engineer is responsible for designing the Database, and designing the effective output and input. The final process is the software Documentation, which involves extensive testing to explain in detail the design and documentation technique, flowcharts, pseudo code, and procedures manual.

So today I was doing some thinking about my next project, and I decided that I should not be deleting records willy nilly and instead using a flag for deletion.  I know, I’m a little behind the times, this is certainly basic database management, but you know how things are.  We do what we do because we learned our bad habits from programmers before us.  The bigger picture is, experience and reading peer materials (best practices blogs and websites) teach us how to think differently, and how to correct some of our bad habits.  As one who is always interested in correcting those bad habits, I came across a nifty solution.

Using the mysql Show Tables syntax in a ColdFusion cfquery, I am able to pull down a query result set of all of the tables within the database that I am working on.  Using that query is very simple then to loop over and conduct a new query that alters the tables, adding on the new column that I wanted.

<CFQUERY NAME=”test” datasource=”#dsn#” username=”#dbuser#” password=”#dbpass#”>    
  show tables;
</CFQUERY>

The query will output with a column named TABLES_IN_xxxxx where xxxxx is the name of your database.   Using this as my new variable, I can loop over the results and use the alter table to add my little ‘deleted’ switch.

<cfoutput query=”test”>
 <CFQUERY NAME=”testUpd” datasource=”#dsn#” username=”#dbuser#” password=”#dbpass#”>    
  ALTER TABLE #test.tables_in_xxxxx#
  ADD Deleted TINYINT(1) UNSIGNED NOT NULL DEFAULT 0;
 </CFQUERY>
</cfoutput>

So there you have it.  A nice tidy way to make a mass update to all tables in the database.  This can be modified in all sorts of ways.  Say I wanted to change the datatype of one of my fields, and it has foreign key references all over the place.  Well, I can do the same thing with the CHANGE column syntax.  Of course, as always, be wary of housing this online anywhere where it could be accessible to those who would have some ill intent, having database permission to alter tables is a dangerous set of permissions to be floating around.

It would be difficult for me to say how many people I know have a Facebook or Myspace account (or both). Many do. I had a Myspace account for a while, but I got tired of it. My ego didn’t need to be fed any longer by strangers who wanted to read about what I was doing today. Most parents have probably seen hundreds of pictures of their daughter, and their daughter’s friends pursing their lips and holding up their fingers in what I refer to as the Myspace pose. So there are tons of people out there on these social network sites. And they all want to customize their page with stuff: OMG, LOL, check out what ur Scooby Doo name is! or various applications that are now available through third party installable programs. Not only are your future employers using these sites to check you out, but so are those with more malicious intent. They are diving into your account trying to persuade you to go to sites where you either reveal your personal information or download and agree to installing a piece of software that will do it for them. All by seemingly harmless postings on your page. They are starting to call them ‘drive by downloads’. One little link on a friend’s page, you trust them, so you get the link too. Anyone who clicks the link downloads something to their computer, and not thinking about the repercussions, click ‘ok’ because we’re so used to all the random safeguards on our modern computers.

Social engineering has long been the way ‘hackers’ (I use this term loosely) gain information to be used maliciously. Long before the days of the web 2.0 these people were gathering dial in numbers and usernames and passwords from pieces of paper left around, in the trash, or by phoning up an unsuspecting staff member. Then came spam, soliciting something fun, sending you to links that were riddled with virus programs. Today we’ve learned these tricks and how to stay ahead of them, to an extent, but the experts in social engineering will continue to find ways to get the information you’re not so willing to give. These days, social networking sites are all the more happy to just give out that information. Oh, but your account is private? Do you really know that person you just let be a friend? Did you install an application or put one of those quiz links on your page? How about a friend of yours? Each new application can be developed and in those applications user information can be garnished. Most programmers will not care about gathering information, but some do. Every link could be malicious, you really don’t know until you go there, and even then, do you really? Not every anti-virus or security suite catches everything. It may already be too late.

Does it bother you that every move you make is tracked by a company? It happens every day, whether it is simple user information about the website you’re visiting, or if it’s something more complex, like your email address dug up through that application that tells you who your best love match is. You can be as paranoid or not as you want to be, hoping that your anti-virus/Internet security system is more up-to-date than those trying to steal your information. I don’t have a foil hat, but I try to keep up to date with the goings on in the security world, even if it doesn’t directly relate to me, as anyone who uses the Internet should. As long as your computer is connected, it is vulnerable to attack. Whether or not you help it along is up to you.

Windows, Linux, Solaris, NetWare, HP-UX, and Mac OS are different operating systems developed on different machines because of machine dependency. Since each machine has its own unique sets of code, different sets of software had to be developed specifically for each machine. What does that mean for a web programmer? Many tools are developed to solve the cross browser compatibility. Each machine browser interprets code differently and each JavaScript interpreter in each different operating system are developed differently with their own specifications. So if a new feature of the JavaScript language is available in Firefox that doesn’t mean it will be available in Internet Explorer. The fact that some browsers cannot interpret certain code at all is a big issue; so, to alleviate the stress of bugs in a web application a specification of what all web browser share in common is formulated. There are tools to validate a web page html codes and JavaScript codes. The World Wide Web Consortium (W3C) is an organization working to make a standard specification for all web browsers.

I know the saying is “I have a beef” but having a fish seems more fun…. and then it also goes with ‘I have a bone to pick’ as well, because I always have bones in my fish. 

This weekend I was working on a project, programming in ColdFusion, using one of those discount hosting places that everyone seems to love unless they’re the actual programmers.  There are a lot of things that go in to getting a site set up for use with ColdFusion.  You have to not only create the code, but create the database and the datasource connection, and any time things go wrong, it can cause a spiral of issues that continue to compound.  After spending several hours getting everything set up, I finally got to coding only to find that things I’ve done in the past on our DDA servers were not as easy to do on this particular server, as certain things were unavailable due to security restrictions.  One of these was the ColdFusion createobject.  Eventually I found that the createobject had a decent substitute in cfinvoke.  So what I was thinking was, well, if they’re basically doing the same thing, why is one locked down and not the other?  I believe the answer coming from what I’ve researched on the web is that the instantiation of objects using cfinvoke is different from createobject.  Also, cfinvoke does not appear to be able to instantiate java objects, which I guess is what drives the lock down.  Now if you ask tech support, they’ll say there is no such lock down, that everything is fine and you’ve just improperly coded your scripts.  Never mind that within the 5 items in the entire ‘knowledgebase’ one of them clearly states that certain tags are not available.  So on to other things.  I finally get my coding in and I begin adding code to upload an image.  CFFILE is a great function, one I tend to use on every project for some thing or another.  Unfortunately what ColdFusion doesn’t tell you is that CFFILE actually uploads first to a temp directory, and then into the destination folder.  If you do not have access to that temp directory, gosh golly, you’ll not be able to get that file uploaded and accessible.  So what do you do?  Tech support.

Here’s my beef.  Tech support.  Now I know that 90% of the people out there that contact tech support are probably on the lower rungs of the technical savvy scale, but for those of us who are not, we like to be regarded as people who know what they’re talking about.  I don’t want a canned response for the first 5 times I contact support, as if my situation was not individually reviewed.  The other day I sent in a problem with some software that I own.  What I got back was a long response about turning off software that I am not running on the computer.  Every now and then I get an error message in another piece of operating system software.  It comes up with an error number and everything.  So then it says to click this link for more information, you know, to help troubleshoot.  So I click the error number and there’s a long list of all kinds of error numbers, but mine is not on the list.  It gets very frustrating.

So how do we avoid this at DDA?  Well for one, all of our clients at DDA are important to us.  Whether we have done custom programming or are hosting websites, we take every issue seriously and try to get to the bottom of every problem.  Sometimes due to conditions out of our control, we cannot solve an issue (usually cross browser incompatibility) but we take the time to provide the best support we can.  We have several people on staff with varying degrees of knowledge and experience, and we can rely on that entire set of knowledge when diagnosing issues and troubleshooting.  Our support will never be form letter sent, unless of course it’s something like setting up an email account on Outlook, where we have created a simple step by step process that we can direct users to.  But the fact that we would send that only after knowing what the real problem is, rather than using that as a first step, will set us apart from most other technical companies.

In the development of Graphical User Interface (GUI) application or web application the Model-View Controller (MVC) architectural paradigm is often used to separate logic and the user interface. An event driven application such as web application or a Windows-based application would be implemented by first the model representation which is the data collection and logical set of regimented rules that govern the data. The view representation is the Graphical User Interface that users have to interact with and the controller is the events that are triggered behind the scenes as the user interacts with the application, which involves the communication between the model component and the view components. The Model-View Control Concept has been widely adapted in many languages such as the Java Enterprise Edition, mainly to solve the problem of interdependencies between all components of the application, which can have a cascading effect when adding more data and logic. The problem is often application maintainability, where the Model-View Control Concept comes in and separates business logic code, data access code, and representation code.

In website development, more often than not certain files or directories need access restrictions.  Access can be restricted either through server-side scripting (i.e. Coldfusion, PHP, or ASP) or the web server, like Apache.  To restrict access in Apache, a file named “.htaccess” can be uploaded into the directory of which you want access restricted. The .htacess file is a text file that lets the web server prompt for a username or password, or displays a message that you are not authorized to view the contents of this page.  When restricting users by login name and password, the .htaccess file references a file called .htpasswd.  There is a program in the Apache directory called htpasswd.exe that will create a user and password in an encrypted MD5 format.  There are many options for the htpasswd.exe program that include recreating the file, appending the file, and using different encryption types.  Below is an example of the contents in a .htaccess file.

AuthUserFile c:\security\.htpasswd
AuthName “Please Enter a User and Password”
AuthType Basic
require valid-user

This would be an example of the .htpasswd file.

user1:Nd8VlAyM/Byno
admin:L7L1bBFu6QwEg

An Integrated Development Environment (IDE) is an application tool with the capability of facilitating a computer programmer with the environment of writing high language programs in their syntactic form and their regimented semantics. An IDE usually composes of a source editor, a compiler or interpreter, and a debugger. Working as a web programmer at Dynamic Digital Advertising (DDA), the main tool I’ve used to write code is called Abode Dreamweaver CS3. Dreamweaver CS3 supports web technology frameworks such as CSS, JavaScript and also various server side script languages such as ColdFusion, PHP, and ASP. At Dynamic Digital Advertising, the facility of Dreamweaver CS3 I mostly use is the server side script language framework of ColdFusion, which makes writing ColdFusion templates very easy. The IDE catches syntactic errors very easily. One thing I found difficult with the IDE is the inability to debug script templates at the local computer. Which makes sense because only the server has the script compiler or debugger.

Every so often, I am asked by a member of the DDA team to write up something along the lines of “What are our programming capabilities?”  I get a chuckle out of this question.  I always have to ask them to get a little more specific about what they’re looking for, or at the very least, if it is OK that I give them a list of things we’ve already done instead.  To me, our custom programming capabilities are pretty much endless, it’s just a matter of time and money and whether or not I think we can get it done in that amount of time and money.  We have been able to do an amazing amount of work for a little programming department, and we’re not stopping our momentum.  So what I like to do is ask in return, ‘How about asking about what we can’t do?”  I can start with ‘well, we can’t travel in hyperspace’ and ‘we probably cannot program your coffee maker to brew beer in 30 seconds’, things that might sound completely irrational, but it may be feasible some time in the future.  Our web programming services are limited only by imagination.

What we can do is work with ColdFusion to create advanced programming; programming which can do just about anything on the web.  If we have access to your database, we can integrate a website with your current inventory management system.  If you need things to float around and work like it’s in a desktop environment but on the web, we can do that too.  What about image processing?  Sure.  File transfers? No problem.  Can we give your dog a bath?  Well, I don’t know about how you’re going to get the shower to chase down your dog, but we could probably find a way to run robotic software to scrub him.  I’m not saying it would be easy. It would probably take years, but we could do it, and we could do it using ColdFusion.  Why?  Because I have faith in the abilities of our team.  We have a unique bunch of very intelligent programmers who can do some amazing programming work.

I recently needed to find out how to resize images that are being stored on the server using ColdFusion. My initial search didn’t show me any built-in existing ColdFusion tags that could do this, so I searched more. I was finding plenty of add-ons that could do this task, but they were all charging a fee for their product. A fellow worker had needed to do some image resizing before and gave me a link to a free open source version of image resizing code. Open source to the rescue again.

This image resizing add-on does everything I need. You can scale the image proportionally or by just either height or width, control the compression and quality, overlay a watermark, and so much more. It works with all the most common formats too. JPG, GIF, and PNG are all supported. The best part is that it’s all free.

Open source code is a very useful ally in the coding world. With open source code available out there, time that would have been spent coding my own image resizing add-on, can now be spent pushing the envelope in a different way.

Open source code is a great asset and idea in the programming world and allows the complexity and capability of future programs and applications to be that much better. Since we don’t need to waste time making stuff that has already been done, we can use that time making stuff that’s never been done. It saves money for people paying for the work as well. Less time spent on writing the code that open source has provided means less time to pay a programmer for. Everyone benefits. Well, except for those people who are trying to sell the code. They might go out of business.