Have you seen a squiggly/corrupted image with some numbers/letters in different directions when you are registering or filling up a form in any web site? Just to make you understand what I am referring to, try to create a new Yahoo mail account. In the registration form there is a section titled “Verify your registration” and you can see the image I was talking about. That is called CAPTCHA. The CAPTCHA image could contain randomly generated letters and numbers in a distorted fashion only human mind could interpret. Why is it needed? Well there are robots and spiders (applications that spy the net) that try to misuse the web applications. These applications can mimic the input forms and submit it to a web application but it is way too hard to interpret the distorted image. This is one important security measure that can help avoiding bots spamming your application. I have used CAPTCHA in my blog. Where? Click on the comments link and you will see it.

Creating a CAPTCHA requires generating images at run time. There are open source technologies like GD and specifications like SVG (Scalable Vector Graphics) that can help create an image at run time. The CAPTCHA page on Wikipidea has programming language based implementation references.

Have you ever wondered if your packaged code could be reverse engineered? Back to source code? Take an example, say you are working for a customer and creating a system that is to be deployed on the customer’s environment. You package and deploy it at the customer’s site. But is it possible that the packaged code could be reverse engineered so that your source is viewable? If yes, are you consciously aware that it is ok? If you run into such a situation and you want your package not to be reengineered easily then what you are looking for is code obfuscation.

Code obfuscation is an intermediary step before compilation. Basically the code obfuscator software kind of transforms certain code that doesn’t alter the program’s output but makes it difficult to understand when reengineered. For example what if the variable names are translated to some random text? That’s one simple example; there are lots of other ways obfuscation can be applied. With J2EE and/or .Net one level of protection is already there since the code would be a .class or binary file respectively. Albeit it is not tough to decompile at least a java class as far as I know. Mocha decompiler is one that comes to my mind immediately. But with script based languages like, PHP, Ruby etc. code obfuscation might be needed if the system is going to be deployed at client/customer site as its interpreted and there is no intermediary file getting generated. Depending on the language, you might be lucky to have a tool to obfuscate or you might have to create a tool of your own.

A friend of mine who is an agile and extreme programming evangelist used to tell me that developers should get test infected and spread that infection. What he meant by that was that developers should subconsciously follow test driven development (TDD). Test Driven Development is a concept, a practice that says write the test code before writing the actual code. TDD does not belong to any particular development methodology and is just a best practice for developers.

Frameworks like JUnit help creating test code that can automate unit testing. Generally the unit testing code is written after the first version of code is built. What TDD preaches is to write the unit test code first assuming an operational system is available. Definitely the test code will fail because the code needed is missing. So fix the actual code what has been reported as error from the unit test result. Run the unit test again and see if it fails. If it fails write the code that will fix it. Keep doing this until the unit test passes. Basically here the test code is created first and the actual code is built with the execution results of the unit test. The advantage of using a TDD is it can drive the design of the program step by step. It helps the developer to think about the test cases before even the code is ready, this will help him/her think not just the happy path testing but also negative/failure tests. It also helps in catching bugs early on. It would look like TDD would take additional development effort but actually it saves in the long run because of reduced rework and great reduction of bugs cropping up when the QA team tests the system. TDD is like an addiction if followed as a discipline. Once addicted its difficult to get out of it as one would really enjoy the benefits of it.

The popularity of Wikipedia is due to the enormous content coming from users. Wikipedia is alive today because the users post valid useful information they have expertise on. The same wiki concept could be used internally within an organization for every project that is executed. Create an intranet wiki sites for all the projects and allow the team to add anything and everything around the project. The members would add content that they are aware of, for example the project manager would add the project plan, timelines, current status, milestones and what’s coming up kind of information. Likewise every area of the project is covered and the wiki becomes a repository of information for the project. The following are few advantages of maintaining a wiki for every project that is executed in an organization.

• All the team members will have access to all the information relating to the project in one site
• Since anyone could edit it provides an opportunity to review and refine the content by anyone. And Wiki works like a version control system, it does not delete the contents when something is edited rather it makes it a new version. So any content is not lost at any point of time.
• The wiki becomes a living site to know what is happening with the project and where it stands. This is something the management would want to see and can see by themselves.
• The Wiki becomes a place for anyone coming in new to the project and wants to understand the project and start working on the project.
• There is a digital footprint of the complete project execution which could be refered to any time even after the project is completed.
• Wiki is easy to use and basic content addition/editing does not require knowledge of HTML.

The following are the popular Wiki tools available for free.

• MediaWiki
• TWiki
• PB Wiki

The article “Extreme Performance Tuning” written by James McGovern and published in Java Developers Journal contains some valuable tips. These might look like minor code re-factoring changes but can significantly improve the performance of an application particularly if it is a web based application. During development the tendency is to forget thinking about the implications of the code when it is deployed and ready to use by users. A code that consumes resources beyond what it requires could cause catastrophic results when the number of invocations increases as the number of users using the application at the same time increases. So an ineffective code could cause that many times damage. The tips presented in the above article should be included as part of your standards/guidelines documentation and should be validated during the code review sessions of your project development lifecycle.

If you take your home, you have separate rooms that you specifically use for. You use kitchen to cook, hall as a living place, a guest room for guests and so on. If you had one big room with four walls and you do everything within those four walls will you call it a home?

In software engineering practice, separation of concerns addresses grouping of programs or modules that address a specific area of concern. Examples of concerns could be database related operations, view operations, all business operations etc. Separation of concerns makes an application componentized into compartments and each compartment is responsible for a specific set of actions related to the system. Physically the application could be one, but there is clearly a logical separation of concerns, just like there is one house with many rooms. Model View Controller (MVC) architecture basically addresses separation of concerns at a broader level. The controller is like a hall in the house that has entrance to other rooms, the model and view in this case. You certainly do not want entrance to every room from outside. The model takes care of business logic and handing databases and the view takes care of the presentation. The controller is the binding factor. Its like you want to go to bed room from kitchen, you come to the living room and then get into the bed room. Hence the roles and responsibilities of the components in an application following MVC architecture are clearly demarked and the concerns separated logically. There could be granular level of separation of concerns within the model, view and controller depending on the complexity of the system.

Separation of concerns has clear advantages. First it paves a way for a loosely coupled system meaning a component is self contained and has none or bare minimum dependency with other components. Next it helps in creating reusable artifacts. It is very important to start thinking in terms of separation of concerns and coding to the concern. No tool or software can detect it but it is a disciplinary thing.

“Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.”

Sorry if I made your mind twist and twitch reading the above passage! If you are a User Interface specialist probably you would have guessed what it is. The above passage is a standard text used by the user interface designer to fill in the content area of a page when he/she is providing the user interface screens. The above has been a standard dummy text since 1500s in the typesetting world. While you can find the history and the meaning of the above passage here, the advantage of the above passage is that it has equally distributed letters and since it is not in understandable text, the reader will focus on the fit of the style of the text in the page rather than getting distracted with the content. The UI screen’s with “Lorum Ipsum” content could be used within the development team in the organization to check if the font styling goes well with the overall layout. A lesson we recently learnt was not to make the mistake of showing the “Lorum Ipsum” screen to the customer who would want to see some valid content in the context of the application.

ATAM is a proven method for evaluating an architecture similar to quality assurance process on software development. Founded by SEI (Software Engineering Institute) of Carnegie Mellon university, this evaluation process involves architects and ATAM trained/certified representatives sitting together and validating the proposed architecture. One of the main advantage of such an evaluation is to validate that the architecture would indeed help in meeting the non functional requirements (NFRs). More information on ATAM is available here. ATAM is a disciplined process that can be followed in any organization which has an architecture team and would need a quality check on the architecture being produced.