In my last post I talked about the applications of cloud computing, and my own personal challenge to commit to using them over their desktop versions. What I forgot to mention is what is in store for the cloud computing world. Currently, the main languages that make it to the browser are HTML, Javascript, and CSS. These languages are parsed by the browser and presented to the user for display or interaction. For more in depth content, such as the video I've included in this post (if I can sit through it, you can), these take plugins where the browser passes control to compiled code that generally runs outside of the browser. The dominant choice for functionality like this is usually Adobe Flash, although Java has shown it's uses. The general process is when you want to watch a video, an HTML page is sent to your browser containing an object tag that tells the browser what file to pass to what plugin, the file (the video content, most likely flash video, flv) and the video player code-base (written in compiled ActionScript, I believe) are passed on to Adobe's flash plugin for your browser, at which point the ActionScript is run, which parses the video and displays it frame by frame in the flash control which the browser has next to no control over. A further, more humorous, and probably much more accurate, breakdown can be found here.

There's a lot of layers between the hardware and the software. No code from the web gets direct access to the processor, which previously has been part of the security in the web. Google has a nifty approach to ensure that code can run directly on the processor while also providing a good layer of security by preventing access to the OS. Google Native Client, often shortened to NaCl, yes sodium chloride, does just that, brings compiled code into the browser. I haven't looked into supported languages, but I believe anything compiled for an x86 will run. Assembly, C/C++, and potentially even .Net (theoretically, you can compile directly to x86, bypassing the JIT compiler that might not be present on the client machine, but I haven't tried it). Cloud applications today seem to mostly be based around storage, but if NaCl becomes a new standard and gets widely used, then the internet could be a powerhouse of functionality both in storage as well as processing. I'm probably more excited for NaCl than I should be, and it's still in it's early stages, but someday the need for desktop applications will be gone. With a web driven UI and NaCl powering the code-behind, cloud computing will slowly evolve into a computer that is simply a monitor, keyboard, mouse and processor.

Thanks to the internet, information is readily available anywhere and everywhere. From desktops and laptops to mobile devices, even TVs! The internet has expanded beyond just making information available anywhere to include services that let you store some files, manipulate others, share all of it, and be able to access all your information from any computer that has internet access. There are a lot of pros and cons to working in the cloud. The biggest con is that it requires the internet, and usually fast internet. Of the pros, the best seems to be that you can access all of your stuff from ANY computer connected to the internet, and as smart phones get smarter, they can help keep you connected to your Cloud services. This school year, I challenge myself to do as much as I can in the cloud.

The college world can be demanding, but the internet is ever changing; adapting to whatever needs the users can come up with. There will be papers to write, research to be done, presentations to give, group projects, all sorts of of expectations and requirements. Nothing would be worse than a hardware failure and losing all of your projects and data. Last week, I received a frantic call from a web designer friend who was working on images for a site. She would edit them and place the finished images on her external HD. Her HD was brushed off the table and fell two feet, just enough to really mess things up. I did what I could over the phone to help her, but my best advice was to begin re-editing the images as fast as she could for her deadline that afternoon. It goes to show that these setbacks are random, sometimes inevitable, and always inconvenient. So it's better to be proactive rather than reactive. I mentioned to her about services such as Dropbox that would easily let her sync incomplete folder from work to her home computer so she can wrap them up and sync them back with her computer at work. This is part of the reason I want to relocate all that I can into the cloud. To be preventative about losing data.

Another reason is that new, upcoming operating systems are going to migrate into the cloud. Chrome OS, Google's OS, is going to be purely in the cloud. The profile you sign into will be your Google account that all Google services are linked to. I believe this to be the first of many OSs to make such a leap into the cloud. Alongside this OS, Google's been providing so many cloud based services and features that it's almost more of a challenge to remain out of the cloud. Google Mail keeps 8 GBs of emails available to you at any computer with an internet connection. Google Docs keeps a variety of types of documents at your fingertips for editing or sharing. Google Calendar is a great tool for scheduling and with the new tasks feature set (also integrated with GMail) then tracking school assignments doesn't get easier. Picasa will let you store and edit all of your pictures. Google Voice (also integrated with GMail) can keep you connected with all your friends, family and coworkers right from your computer! Even though Google seems to have saturated the cloud market with all of it's projects, there are many other websites that provide powerful web based services for your cloud computing pleasure.

If you haven't been using Dropbox, you must have been living under a rock. Sign up, and in no time you'll have 2 free GB of space that you can sync across any number of computers. Not enough space for you? Refer other users to the site to expand the size of your account up to a whopping 10 GB! Aside from the obvious use of keeping files synced between 2 or more computers, sometimes I need to transfer large files across the internet. With Dropbox's fast connection, I can upload to them, and download it on the other side faster than a direct connection across the internet could ever accomplish (at least for residential accounts like mine, it's faster).

There are so many sites popping up that I can't take the time to list them all (although here is a pretty good list of some of them). My goal this year is to take advantage of as many of these services as I can as alternatives to desktop software. By next summer, I want to be able to sit down behind any computer/device with the internet and have equal access to all of my files.

Problem solving is needed for any branch of software development. Looking at a problem and being able to find a fast, efficient way to solve it is what software development is ultimately about. It takes a whole new level of problem solving skills to design secure systems. Systems that can keep out the most dedicated of intruders and yet be a hassle-free experience for those who truly belong there. Computer Security is a fascinating field with unique challenges but for those of you interested in entering the field, you'll probably need a change in mindset.

First, some terminology. It's not unusual for developers to take on several different positions in a project, such as database admin and programmer for a website or some other project. This means that the developer wears several "hats." As hacking eased itself into existence, "hackers" unknowingly formed two different groups: white-hatters and black-hatters. A black-hatter is what most people erroneously think of when they hear the term "hacker." Black-hatters infiltrate, penetrate and generally abuse a system for their own personal gain, for another person's lose, or sometimes simply because they can. A white-hatter uses all the same tricks and exploits that a black-hatter does except that they do no damage. Sometimes a white-hatter is hired to evaluate the security of a system by attempting to break it and reporting their findings back to whoever hired them. Not all white-hatters make a career out of it though. To some, its about the expansion of knowledge and facing the challenges that hacking presents.

It's very easy to look at a service or system and think about what it explicitly does for you, i.e. it's intended use. Such as an automotive repair company. The general system is that you bring in your car, they work on it, you pay and leave with your repaired car. In a very simplistic view, that's it. In computer security you need to look for ways to abuse the system, once you know it's weaknesses, you can begin repairing them. You'll be looking for unintended happenings that may introduce instability or invalid results. Some repair shops have insecurities though. If a car is to be worked on for an extended period of time, often times the owner can leave and come back and claim the car by using a last name. When the owner comes back, they could be confronted by somebody who won't recognize them, somebody who wasn't working when the car was dropped off and the owner of the car left. In such situations, it's possible for a 3rd party to arrive, claim to be somebody using just a last name, pay the bill and leave. Yes the 3rd party has a cost they have to pay that they normally wouldn't have to pay if they weren't trying to swindle the shop, but it's a small price considering they came with nothing and left with a car. This is an authentication insecurity, where a user of the system is not properly validated and is taken by their word. Small honor system insecurities like these can be found in almost every line of service. Imagine if this same sort of social engineering took place with a child at a nursery and a black-hatter claims to be a parent. This would especially be easy if the child is new to the daycare and dropped off by one parent and expected to be picked up by the other parent. It takes minimal information about the system and the targets to be able to upset the intended use of the system.

A more real example, one that I discovered myself at my own school, would be the website my school makes available to all students and faculty. It keeps track of things like their financial information (like how much they owe the school), signing up for and dropping classes, the school directory and many other services tailored to each student. As with most colleges, students are given an ID number, in our case a 7 digit number. The site starts by making a user sign in using their active directory account name and password. None of the pages were HTTPS and (for whatever reason) they put a lot of information in the query string of each webpage. While browsing around one day doing normal student related activities on the site, I noticed the query string contained the key of xyz and the value of *gasp* my student ID number. I began hunting around and found it was in the query string of almost every page of the site. My science teacher would post grades where everybody in the class could see them, but to prevent associating a name with a grade, he'd put up the student ID along with the score so you'd only be able to determine you're own score and a general understanding of how everybody else did. So I popped in a few of those student IDs into the query string. At first the page came back reporting something went wrong, so I figured that some of the other query string values carried other user information, so I systematically removed name/value pairs out of the query string until it finally worked. I came up with a template where I could insert somebody else's ID and I could see almost any information I wanted on the school's site, including personal financial information. I didn't like the idea of any other student being able to see my information, so I saved a few notes in notepad, including the template URL, and went to my school's IT department.

My school fixed the problem in about a week. Security has since been their top priority. The lesson to be learned here is that authentication information should not be stored client side in query strings or cookies. It's an ASP.Net website; they could easily store authentication information in Session["StudentID"] or some other server side, session based variables. That would move the security hole to the ASP.Net Session ID which is time sensitive and harder to obtain.

Computer Security requires a whole new paradigm of thought. When developing a system, you have to think of how somebody will purposefully misuse your system, along with what they can obtain or do. Security is not something that exists strictly in your own code, either. In my school's example, even simple things like query strings and cookies can render your system insecure. Some simple exercises you can do are design your own system, then try and break it. If you break it, patch the error and try to break it again. After all, the worst case scenario is somebody who knows the system inside and out. There are also many sites out there to help you practice your system penetration skills. The better you are at gaining entry, the better you can become at protecting your own systems.

Windows Presentation Forms (WPF) brought a lot of cool features to C#. Hardware accelerated rendering, XAML backed control layout, and more versatile ways to bind your data to your controls. In WinForms there were ways to bind data base schemes to controls, but all in all it was a pain and rather limited. WPF opens up binding to almost any type. If you don't know what binding is, binding is when a particular property is "bound" to a control such that when the value changes, the control is updated, and in some cases, if the control is changed, the property is updated. I've thrown together a very basic application to help demonstrate some of the basics of binding, let me walk you through it.

The example I learned binding on was a simple Address Book application, storing names, numbers and other information about your friends and family. Let's cut the chit chat and jump into it. For a simple address book, we need a class to hold all the information for a single person. Here's the class I used:

public class Entry {

    public String LastName { get; set; }

    public String FirstName { get; set; }

    public String Email { get; set; }

}

Before you ask, yes, they have to be properties, public fields are not good enough. Why? Why not. I'm sure it has to do with Reflection, when I find out the details, y'all will be the first to know. Moving on! Normally I would set each properties set to be private, but I'm going to show you how to do Two-Way binding, and for that to work, it'll have to be able to read and write to the properties. Now that we have the structure for an entry in the address book, let's create the collection to hold multiple entries. In the main form, I added an ObservableCollection<Entry> object as follows:

public ObservableCollection<Entry> AddressBook { get; private set; }

We're going to be binding to this as well so it will also have to be a property. Now that we have an individual entry defined, and a place where we can hold multiple entries, we need a place to display them. Back in the main window, I added a ListView with a few Column Definitions:

        <ListView x:Name="ContactsList" ItemsSource="{Binding Path=AddressBook}" Width="300">
            <ListView.View>
                <GridView>
                    <GridViewColumn Header="Last Name" Width="95" DisplayMemberBinding="{Binding Path=LastName}" />
                    <GridViewColumn Header="First Name" Width="95" DisplayMemberBinding="{Binding Path=FirstName}" />
                    <GridViewColumn Header="Email" Width="95" DisplayMemberBinding="{Binding Path=Email}" />
                </GridView>
            </ListView.View>
        </ListView>

Let's break down the ItemsSource property and see what's going on. Like any other attribute, it's just another name/value pair, so far pretty normal. To denote that we're not simply adding text to this attribute, the entirety of the attribute's value is wrapped in curly braces. The first word inside the brackets is the word Binding, indicating that's what we're doing.  Next is the area where parameters are passed to the binding. For the ItemsSource of the ListView, we simply set it to the ObservableCollection<Entry> we made in the code behind. This means that for each item in the ObservableCollection<Entry> there will be an item in this ListView. As we dive deeper into explaining the layout of each item in the ListView, since we previously bound the ObservableCollection<Entry> to the whole control, then for each item we can bind to the properties of an Entry. That's what DisplayMemberBinding does, it relates a property on the Entry object to use to display within that column.

If you run the app now, you'll notice that it doesn't display anything in the ListView. We don't need to just relate the Binding to the property in the XAML, but we also need to relate an object to the controls. In order to do this, we set the DataContext of the window to the window itself. It sounds redundant, but we can set this DataContext to any object. Let's also add a starting entry to our ObservableCollection<Entry> so we can see when it works.

AddressBook = new ObservableCollection<Entry>();

Entry test = new Entry() { LastName = "Ogburn", FirstName = "Corey", Email = "coreyog@gmail.com" };

AddressBook.Add(test);

this.DataContext = this;

Now if you run the application, you should see my entry in the ListView. That's fine and all except that we can't add or remove or even edit these entries. It's simply a viewer and that does us no good. Let's add a few textboxes so when you click an entry, you can edit it's information. Previously if we wanted to do this, we'd attach to the SelectedIndexChanged event and use the SelectedIndex to retrieve the information and fill the textboxes. Binding will save us a step here too. We don't have to write a single line of C# in order to copy information from the ListView into the textboxes. Here's the XAML of these textboxes, positioning attributes have been removed for conciseness:

<TextBox Name="FNameBox" Text="{Binding ElementName=ContactsList, Path=SelectedValue.FirstName}" />
<TextBox Name="LNameBox" Text="{Binding ElementName=ContactsList, Path=SelectedValue.LastName}" />
<TextBox Name="EmailBox" Text="{Binding ElementName=ContactsList, Path=SelectedValue.Email}" />

We are not limited to binding to properties in the code behind, we have access to other controls in the window. By specifying an ElementName in the binding string, we can Bind directly to another control's properties. Here, we bind to the ContactsList ListView control, and we set the path to it's SelectedValue, which is an Entry, and then to the Entry's properties. Now when the selected value of the ListView changes, these controls are updated to display the newly selected value's properties. Again, without a single line of C#. The binding flows both ways here, so if you change an entry in the textboxes, you change the entry in the ListView, and even all the way back in the original ObservableCollection<Entry>! In the project I threw together for this, I added a new and delete button. Neither of these buttons directly impact the ContactsList ListView, they both impact the AddressBook and thanks to the binding, the control is updated.

This is a very basic example and will get you headed in the right direction. As we've seen, binding simplifies a lot of complexities for handling lists and binding across events. XAML and binding join together to help handle the controls separately from the code behind. No longer are you required to write C# code to handle some of the more menial visual aspects. Features like this is what makes the Model-View-ViewModel design pattern possible.

As promised, here's the project files. Play with them, experiment, keep track of your friends' and family's contact information, do whatever.

The Singleton Pattern is one of the more useful design patterns I've run across. Not because it can be used everywhere, it actually has very few applications where it's needed, BUT when it can be applied it makes things so much easier. Sometimes you just need one instance of a class for the lifetime of the application, but you might need that instance in a large variety of locations in your code, such as if you had a class with a connection to a file, another computer or a database but in several different places in your project you need that connection. Without this pattern, you either elevate the scope of that instance to a global status or you pass the instance to every method that needs it, leading to complications about having it available in methods that don't need it, e.g. if your main method calls methodA, methodA calls methodB, and methodB needs this instance, you'll have to pass it through methodA that doesn't need it. So what's the answer? How can an instance be accessible anywhere without losing control of the scope? The Singleton Pattern is how!!! Simple to implement, a Singleton Pattern entails changing only a few things to a normal class. All you have to do is make the constructor private and provide a public static method, traditionally named GetInstance(), and it either makes the first instance, or it returns that instance.

public class SingletonExample {

    private static SingletonExample _singleton = null;

    private SingletonExample() { }

    public static SingletonExample GetInstance() {

        if (_singleton == null) {

            _singleton = new SingletonExample();

        }

        return _singleton;

    }

}

Bam,  you now have a Singleton class! Just call SingletonExample.GetInstance() instead of creating a new instance (which you can't even do since the constructor is private), you get the exact same instance. From here on out, you are free to design the class like any other class with private and public methods and properties. To me, it's one of the simplest design patterns to implement and it solves a big design problem.

What if I need a limited number of instance for a limited number of connections and want to use this great pattern to keep those instances available anywhere in my code? That's an oddly specific question, with an equally oddly specific answer! The Multiton Pattern! It's just a subtle change from the Singleton while having the same results.

public class MultitonExample {

    private static Hashtable _multiton = new Hashtable();

    private MultitonExample() { }

    public static MultitonExample GetInstance(String instanceName) {

        if (!_multiton.ContainsKey(instanceName)) {

            _multiton.Add(instanceName, new MultitonExample());

        }

        return (MultitonExample)_multiton[instanceName];

    }

}

If you follow it, if you call GetInstance with one string, you would receive a different instance than if you passed a different string. This isn't limited to strings either, a better alternative might be to use a struct with constructor parameters, if that struct hasn't already been used to create an instance and store that instance, then the struct can be used to create a new instance with different parameters. Maybe we wanted to use a Multiton to connect to multiple computers on a network, we could make a few changes like the following:

public class MultitonExample {

    private static Hashtable _multiton = new Hashtable();

    public String IPAddress {

        get;

        private set;

    }

    public int Port {

        get;

        private set;

    }

    private MultitonExample(ConnectionInfo info) {

        this.IPAddress = info.IPAddress;

        this.Port = info.Port;

    }

    public static MultitonExample GetInstance(ConnectionInfo instanceInfo) {

        if (!_multiton.ContainsKey(instanceInfo)) {

            _multiton.Add(instanceInfo, new MultitonExample(instanceInfo));

        }

        return (MultitonExample)_multiton[instanceInfo];

    }

}

public struct ConnectionInfo {

    public String IPAddress;

    public int Port;

}

I don't have a test app prepared to show you how this works. I do know of a good example though, Random Number Generators. It's best to use them in a Singleton Pattern because they're usually seeded with a current timestamp, if two random number generators are created too close together, they'll produce similar output. Instead, if two or more different places in your code needed a generator, they could use the same one which would result in more random output for both of them. This does bring up the question of multithreaded-ness and the Singleton/Multiton Patterns. If you're using the one of the patterns in a threaded application, make sure the type that you're working with is thread safe or there's bound to be some problems. With thread safe types, there shouldn't be a problem implementing either of these.