dev:ices » Jonathan

Immersive Pomodoro

Jonathan — Thu, 07 Jul 2011 11:59:58 +0000

Some of my colleagues have been applying the Pomodoro technique to their pair programming of late, so I thought I’d give it a try. I’m trialling a combination of tools which now integrates my Pomodoros more with my daily working life and I’ll set them out in this post.

I’m currently coding in XCode on a Mac so I discovered the Pomodoro app (available via AppStore or source code) which adds a countdown timer to my status bar at the top. It’s got a range of good features to it that brings it well above just being a glorified egg timer. The two features I’m liking the most are the GTD (Getting Things Done) and Calendar integration.

In the GTD section, the Pomodoro app sets my iChat status announcing my current Pomodoro and what time I’ll be done by. It automatically marks me as Busy during my Pomodoro and sets me back available afterwards and marking me as on one of my rest breaks. We’re using GChat more at work now so this is perfect because it can hopefully guide people who want to contact me on to the best time to do so.

In the Calendar section, I’ve set it up to log my Pomodoros to iCal. I’ve linked iCal to Google Calendar following a guide from Google’s help pages on how to use CalDAV to sync the two. I changed my Google Calendar’s notification settings to stop adding Email/Popup notifications for each Event by default. Before I’d done this iCal was alerting me to Pomodoros I’d already completed which was pointless.

So I can now embark on a fresh Pomodoro with a simple click or keypress, enter the description for the Pomodoro and know that my colleagues can see my current status and know that I’m tracking my own Pomodoro progress in my calendar at the same time.

I’ll let you know how the experiment continues, but at the moment it’s proving a positive way of focussing intently for a fixed period. The integration from using the Pomodoro app with iChat and iCal does provide a very immersive Pomodoro experience.

Are your contacts portable?

Jonathan — Thu, 24 Mar 2011 13:31:59 +0000

With an increasing amount of technology to help you communicate, the job of keeping your multiple contact lists up-to-date across these devices and services has mainly fallen to you.

Contact information lurks in many places and is often locked to serve one purpose. Whether it’s contact details in your mobile phone; on the address book in your email client at work or the list of friends you’ve built up on social media.

This post introduces Portable Contacts as a solution to getting access to these distinct collections of your contacts to avoid needing to duplicate them.

Importing leads to duplication

On-line services can often encourage you to import your contacts from other services so they’re available to use with their service. Making it easy for you to import contacts seems helpful as you can start to use your contacts in new ways. At the same time duplicating your contact information in yet another place means that the maintenance task to keep everything in sync increases. Importing contacts in multiple places can lead you to experience these services as separate ‘boxes’ instead of being really interconnected on the Internet.

Portable Contacts is an open standard which has a simple goal to

“make it easier for developers to give their users a secure way to access the address books and friends lists they have built up all over the web” – portablecontacts.net

Instead of forcing you to duplicate your contact information, Portable Contacts allows you to unlock your information and share it in a controlled and secure way. If your friends and family are stored in one place and your work contacts in another, if you could access them elsewhere via Portable Contacts then you only have to make edits in one place.

A secure way to share

A service that implements Portable Contacts uses OAuth to control access to any contact information to be shared. OAuth is increasingly used in services to allow 3rd party services to interact with them. Twitter uses OAuth to give you the choice of allowing other applications to ‘tweet’ on your behalf. Sharing contacts with OAuth also stops you needing to share the security credentials to get access to your contacts. Usually websites that offer to import your contacts on your behalf will blatantly ask for your username and password details which, for the ease of use, users freely share.

Easy to consume

Portable Contacts shares information via HTTP operations and supplies the information in either JSON or XML formats to applications which want to use them. This approach is widely used in modern APIs and makes the contact data easy to consume in many programming languages.

The Portable Contacts’ wiki page shows some of the services using the open standard at the moment. Since the driving force behind Portable Contacts, Joseph Smarr, now works for Google it’s no surprise that they have continued their support for exposing Google Contacts in this way.

There are a few libraries to help developers integrate Portable Contacts in applications: a Java library called jpoco and a Ruby client too.

Sociable

Another open standard, OpenSocial, is compatible with Portable Contacts. OpenSocial has been adopted by sites like LinkedIn, MySpace, orkut, and Yahoo!. As Joseph explains on the Portable Contacts website:

“The OpenSocial and Portable Contacts communities chose to wire-align our respective specs in order to maximize widespread adoption of a single API for accessing people data.” – Joseph Smarr

Portable Contacts might not be widely known yet but the opportunities to access your contact data without duplicating it is increasing.

Cisco VPN Mac Client

Jonathan — Sun, 16 Mar 2008 16:39:30 +0000

I needed to get VPN access using a Cisco VPN client over the weekend. I didn’t have access to the PC version so I decided to search for a Mac version if there was one.

Thankfully MacUpdate came to the rescue and I found a Mac flavour of the Cisco VPN client and I was able to use the saved .pcf file I’d been sent.

There was one problem I came up against. I imported the .pcf file and tried to connect to the VPN connection. It failed saying that the IKE Port was already in use by another VPN client. I had been trying to use the Mac OS X VPN client to connect using some of the settings in the .pcf file but that failed, probably due to the encrypted Group Password that I’d have needed.

The solution came from forums about needing to add a setting to the .pcf file. When you’ve imported the .pcf file into the Cisco VPN Client, it copies it into its own profile folder. Close the VPN client and open up a Terminal window and navigate to the profiles directory:

cd /etc/CiscoSystemsVPNClient/Profiles/

Open the .pcf file you wish to use in your favourite text editor (nano for me) and add this extra line to the bottom:

UseLegacyIKEPort=0

Save it and try loading it again. Worked first time for me!

Now the only trouble is that the Mac Remote Desktop Connection application just can’t handle sending the backslash character from a non US keyboard. The word on the blogs were that even the latest version 2.0 beta didn’t fix the problem after years of it kicking around. Still its so useful that its not that bad.

A little SugarOS on your Plesk?

Jonathan — Thu, 13 Sep 2007 22:32:40 +0000

There are many quirks which are picked up by using a website management package like Plesk. My remote Linux server has this installed by default on it, and it does simplify a lot of basic operations. It does become difficult when standard Linux / Apache information doesn’t help because Plesk rearranges things into its own way of doing things.
This has been improved in the latest version installed ( version 8 ) as the virtual hosts directory is finally under the /var/www/ directory more like a standard Apache setup.

I’ve been wanting to trial the open-source customer relationship management software, SugarOS. I kept finding a block at Install Wizard Step 2 where it did a system check and failed at accessing the PHP Session directory.

Many attempts at trying to get the PHP is_dir function to acknowledge its existence failed.
All files under a virtual host’s main httpdocs directory are by default owned by the Linux username which is the FTP username assigned when creating the domain, with a group of ‘psacln’. I tried to add the ‘apache’ group to the Linux user for that virtual host, but that didn’t help either.

A quick search for ‘Plesk PHP session writable’ on Google uncovered a relevant forum post which was on the SugarOS forums site. I also found a helpful post by Aaron Gadburry on using the vhost.conf file with Plesk to configure additional options for each Plesk virtual host. Do not try to edit the httpd.include file because Plesk will just overwrite it next time you change something with the web front-end.

So in the end, all I’ve done is added a vhost.conf file containing:



php_admin_value open_basedir "/var/www/vhosts/DOMAINNAME/httpdocs:/var/lib/php/session"

and then ran the command that Aaron mentioned:

/usr/local/psa/admin/sbin/websrvmng -u --vhost-name=domain.com

You should now be able to get past that pesky step 2. Happy CRM-ing.

[Edit]
You will need to amend the original vhost.conf to add the BlowFish directory if you want to set up Incoming Email mailbox monitoring. I found a forum post about getting a blank page after setting up an incoming mailbox which helped fix it.

It should now read:



php_admin_value open_basedir "/var/www/vhosts/DOMAINNAME/httpdocs:/var/lib/php/session:/Blowfish"

Stored procedure error handling in SQL Server 2000

Jonathan — Thu, 30 Aug 2007 15:59:25 +0000

Today, we’re continuing work on our multipart message aggregation upgrade for a future Esendex release.

One part of the investigations this morning has been looking into how we manage the database access as we add parts of an incoming message to it for later processing. As we have multiple servers processing inbound messages, there was the potential for two threads trying to write to the database simultanously with different parts of the same message. Both could look at the database and think there were no existing parts of a multipart message, and decide to try and insert a new multipart message record.

During this work we found out that SQL Server 2000 will still raise an SQLException error despite error handling put in T-SQL.

A quick mockup test yesterday revealed that two competing threads could indeed try and insert twice despite checking for an existing record and caused a Unique Key error 2601. As this was all being coded in a stored procedure we looked to see what error handling T-SQL provided us.

Whilst you can detect the error number after a T-SQL statement in a stored procedure by querying the global variable @@ERROR, you cannot prevent SQL Server 2000 from sending an exception error to the calling script. Therefore the following snippet does work, but you will still get an exception thrown. This is not the complete script but highlights the additional features which we used to get this working:

-- stored procedure snippet

-- declare a local variable to hold the error number
-- The global variable @@error gets reset after each
-- command so you would lose the error number following
-- the next statement should you wish to do extra things with it
-- like return it back to the script calling it

DECLARE @err int
...
-- update the parts received
UPDATE [PendingMultipartMessage] ...

-- check to see if the update ran by checking
-- the SET value of @multipartMessageID from the ID field

IF (@multipartMessageID is NULL)

BEGIN
  SET @multipartMessageID = NEWID()

  INSERT INTO [PendingMultipartMessage] (...) VALUES (...)

  SELECT @err = @@error

  IF (@err = 2601)

  BEGIN
    -- try updating instead of inserting as the record
    -- exists as the 2601 error says there's already a unique key
    UPDATE [PendingMultipartMessage] ...
  END

END

All that’s left to do is to wrap your stored procedure call in a try…catch wrapper and catch any SQLExceptions and check they’re not 2601. You can do what you like with the error, but choosing to ignore it means your application will no longer fail.

Improvements in SQL Server 2005 have afforded developers a TRY CATCH definition in T-SQL to help catch errors within stored procedures. This feels a lot more sensible as the database is the singular resource we’re trying to gain shared access to and it should be able to handle these errors internally without an extra callback. Just to remind you, the mainstream support for SQL Server 2000 ends in April 2008.

Of spam and things…

Jonathan — Tue, 28 Aug 2007 13:27:15 +0000

It’s been a few times this last year that I’ve been the victim of a domain spam attack. Sending email appearing to be someone else isn’t a difficult thing to achieve. Yet when someone takes one of your domains and sends spam, well I was going to say on my behalf but I never asked them to, it gets very annoying.
I’m currently processing over 50 emails a day with people’s email servers returning spam blocked or unknown mailbox responses.

My spam filter for my Mail application on my Macbook Pro is excellent at learning as it goes. With unknown users or error messages, collected from having a ‘catch-all’ address, it struggles to cope as they are genuine errors which I don’t necessarily want consigning to the bin automatically.
Sure you could apply a security certificate to your outgoing mail to prove that it is you that’s sending, but there’s a lot of unnecessary traffic being generated by idiots.
Traffic aside, this style of attack also doesn’t help the reputation of whoever owns the domain, a side effect which I’m sure isn’t lost on those who perpetrate this kind of thing. The one time I did get a real complaint from a user, I wrote back to explain the situation but thankfully it was a personal domain. Wonder how many businesses are affected by this kind of thing? Maybe they don’t have catch-all addresses to try and stem the flow of ploughing through malformed or misaddressed mail.
Until such time as my spam filter adopts a psychic approach to reading my mail, I’ll continue to ride out these waves and grumble at the speed of the internet clogged down by all this unnecessary traffic.
(Conspiracy theories that ISPs have no drive to stop spam because they can continue to move to charging people for bandwidth usage as the internet (or rather their copper based networks) reaches capacity, in a hark back to the days when we were on dialup and paying for time online are welcome here)

Checking it out

Jonathan — Wed, 22 Aug 2007 10:56:50 +0000

I have a feeling that a lot of small to medium development operations will still be using Microsoft‘s Visual SourceSafe to manage their central code-base despite its limitations.
Given that Microsoft have since addressed this hole in their development offerings with the excellent Team Foundation Server which offers a seamless experience within Visual Studio 2005 and a raft of source control features woefully missing from Sourcesafe.

Not wanting to turn this into too much of a rant about SourceSafe, today’s observation concerns SourceSafe’s supposed ‘Multiple Checkout’ feature when used with Visual Studio 2005.

When checking out a file that someone else has already checked out, normally you’ll get the following handy error:

This is fine and you can continue by selecting Yes and all is well.
There are times where I want to change around the Project’s References to point them to another project in the same solution instead of a precompiled DLL when I want to be able to step through code provided from another project.
If someone has the project definition file (.csproj) checked out, then we run into a problem with Visual Studio vs SourceSafe. They may have the file checked out because they’ve been changing references over, or maybe adding some new content to the project.
If I attempt to change the references when someone else has the file checked out, multiple checkouts mean nothing. You get this handy little error:

Followed swiftly by:

So much for multiple checkout, hey?

Have you got the Bug?

Jonathan — Mon, 13 Aug 2007 16:28:29 +0000

Being involved in web development work, I have to have a wide range of browsers installed to make sure what I’m creating is accessible to as many people as possible. Whilst I still have a soft-spot for Opera, it is without a doubt that Firefox is the Swiss Army Knife of all browsers.
The ability for developers to add-on functionality has created such a rich platform for linking useful tools with web browsing that there’s nothing finer in my humble opinion.

Here’s a few addons that I can’t live without:

The latest addition to this list has been Firebug.

Firebug integrates with Firefox to put a wealth of development tools at your fingertips while you browse. You can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page

I find the ability to browse the HTML and CSS source without needing to open a new window invaluable, but also it will time how long each of the elements take to download which is great for working out what’s slowing down the rendering of your page.

IETab allows you to render pages within Firefox using the Internet Explorer engine. Perfect for viewing those picky websites like Sharepoint or any bad web applications that only render properly in IE.
And the Web Developer toolbar is just a no-brainer for anyone involved in web development.

If anyone else has any suggestions of addons that you can’t live without, let me know.

Credit card regular expressions

Jonathan — Fri, 10 Aug 2007 15:44:38 +0000

Following on from my previous post about credit card authentication with regular expressions, I thought I’d share my other discovery.
The BIN Ranges list I found showed a list of Visa cards which were designated ‘ATMOnly. Figuring these would be a good thing to filter out during validation.
There’s plenty of regular expression help about joining pattern matches with logical OR clauses, but what about wanting to specify patterns which prevent certain things coming through?

Any card number beginning 4 is a Visa card. This is simple to do in a regular expression

^4.*

This will match anything beginning with 4. Not very useful though as it’ll match anything, including text like ’4CORNERS’. So we’ll refine it to only look for numbers after the 4. There are two ways of doing this:

The more formal set definition
- [0-9]
The shortcut
- \d

^4[0-9]*
^4\d*

So that’s better now it only accepts numbers, but there’s a limit to the number of digits in a card: 16 normally but can be 18 or 19 in some cases (there is an entry on the Barclaycard BIN Ranges document that says some Maestro can be as low as 12!)

^4[0-9]{15-18}

This would accept a 17 digit card number which isn’t valid, so we have to start grouping conditions to get these two possible outcomes using the pipe character ‘|’ as a logical OR operator.

^4([0-9]{15}|[0-9]{17-18})

The next challenge is to stop the ATM Only cards being let through. The list of these I found from Barclaycard’s BIN Ranges document, however I stress you should check with your own card processing service to see what their particular rules of operation are before copying any of this blindly.

In order to prevent certain matches being made, we need to make use of a ‘look-ahead’ operator. When a regular expression engine is checking to see if there’s a match, it works from left to right normally. So when it’s checked ‘^4′ is present, it’s moved its pointer to after the 4, ready to check what’s next. In my previous example, what we asked it to look for next were 15, 17 or 18 more digits. However, we want to jump in before that to make sure that none of the ATM Only prefixes are present.

To do this we use the ‘(?!)‘ operator. What this does is has a look for a matching pattern without moving the pointer along the string, and fails if the match is found. Formally it’s defined as “Match if suffix is not found”; suffix refering to the fact the string will be checked from the pointer onwards, looking right.
One of the ATM Only card ranges starts 490300-1, meaning anything starting 490300 or 490301. To check this is NOT present, we do the following:

^4(?!9030[0-1]{1})([0-9]{15}|[0-9]{17,18})

That’s the basic idea. Here’s the full list, but I stress this is a) probably out of date already and b) may not be complete or may be incorrect for your application.

patterns = "(^4)" +
                                        "(?!9030[0-1]{1})" +
                                        "(?!9031([0-2]{1}[0-9]{1}|3[0-4]{1}))" +
                                        "(?!903[4-9]{1}[0-9]{1})" +
                                        "(?!9040[0-9]{1})" +
                                        "(?!90419)" +
                                        "(?!90451)" +
                                        "(?!90459)" +
                                        "(?!90467)" +
                                        "(?!9047[5-8]{1})" +
                                        "(?!905[0-9]{2})" +
                                        "(?!91001)" +
                                        "(?!9110[0-2]{1})" +
                                        "(?!9110([3-6]{1}[0-9]{1}|7[0-3]{1}))" +
                                        "(?!911(8[3-9]{1}|9[0-9]{1}))" +
                                        "(?!92183)" +
                                        "(?!928[0-9]{2})" +
                                        "(?!987[0-9]{2})" +
                                        "[0-9]{15,19}$";

Disclaimer: This code is not production-ready nor should it be used directly without thought or modification to fit your own purposes. No responsibility or liability is accepted for any fraud, losses or inconvenience for following this advice which has been given in good faith as an documented example only. That should cover it

Maestro, music please

Jonathan — Fri, 10 Aug 2007 12:52:01 +0000

We’ve been working on a change request to add Maestro to the credit cards that we accept for ecommerce payments. Switch started in 1988 but has now merged with the Maestro network owned by MasterCard in the UK.

Until recently, if you took Switch payments then UK customers who had new Maestro cards would still be ok (as long as you accepted the new 6759 prefix for your payments) however with the merging of the worldwide card base there’s a whole new set of card numbers which need validating.

A quick search on 18-digit Maestro cards that HSBC have been issuing raised a few e-commerce shopping cart forums where people were confused about these new card types. So I thought I’d share my findings:

Validating payment card details is important to catch incorrectly entered details from the customer before requesting payment authentication from your banking service, saving unnecessary external calls.

Information from BarclayCard‘s site about card type formats showed though that Maestro cards can have 16, 18 or 19 digits. This is an important deviation from the standard 16 digits that used to be a quick check.

We ask the customer what Card Type they want to pay with in order to present the relevant input fields to collect all the information the bank requires for that type. Issue number and start date are two common items of information which can be mandatory or optional depending on the issuer.
Using BIN ranges, you can detect what kind of card an entered number represents. You could have a single step where a customer enters their card number, and based on that then it would prompt for other information. The trouble is that there are card features that say that items like Card Security Number are optional, so it’s down to the individual card issuers’ preferences.

Based on the Card Type selected, we then validate the details the customer has entered to make sure they make sense. To do this, we make use of Regular Expressions. For ages, regular expressions have been a black art to me. They are very powerful but at first glance mean little to the uninitiated. The advantages of regular expressions can really be seen when using them for validation as you can specify the ranges of values that are valid.

The regular expression we’re using to authenticate Maestro cards is:

(^6759[0-9]{2}([0-9]{10})$)|
(^6759[0-9]{2}([0-9]{12})$)|
(^6759[0-9]{2}([0-9]{13})$)

Each pattern match is separated by ‘|’ characters to indicate OR. The leading ‘^’ and the trailing ‘$’ on each expression means that the pattern has to match the beginning and end of the string. Therefore, this has to match exactly and not just be a substring of the card number we’re comparing this with.

6759 is the literal match for the Maestro card leading card number digits. The BarclayCard document says that the next two digits can between 00 and 99. The pattern states we’re looking for two numerical digits 0 to 9. The last bit of the pattern then make up either the remaining digits to make the card number 16,18 or 19 (10, 12 or 13 remaining characters). We could’ve easily just matched using 12, 14 or 15 digits instead of splitting it out, but this retains the formatting specified in the document.

The new regular expressions are working really well now, and with a change of validation, can look forward to welcoming new customers who prefer paying with Maestro.