When someone tries to search for someone on Google, the search engine does its best to aggregate the information it thinks is relevant to the person you’re searching for. It might show their blog, Twitter and Facebook account, for example. With the advent of Google+, Google now has a stronger handle on identifying which information is actually relevant in positively identifying a person search.
Searching for my name on Google, for example, I get something like the following:
As you can see, Google now has a custom search result template for displaying a summarized Google+ profile. This can be really handy for some people, but there’s no reason why you shouldn’t take the time to make sure it displays not only the right information, but also the information you want it to display. You know, just in case someone pops your name into a Google search box.
Updating your Google+ profile
Once I got into Google+ during the limited beta, the last thing I wanted to be doing was diving right into my profile page and making sure it had correct, updated data (I went straight to +Hangouts, admittedly).
Google uses a few tidbits of information from your Google+ profile to personalize your personal search result. Right off the image above, you can see my current location and my occupation, so I suggest you take the time to update these.
Before you start, make enable editing on your profile by clicking the Edit Profile button.
To change your current location, scroll on down to the section called Places Lived. Clicking on that general area will pop up a window like the following:
Click the pin of your location to mark it as current.
The other thing you might want to take note of is your personal description, which you can edit by clicking the line of text right under your name.
Updating your personal site links
Your personal Google search result also lists links to sites which you name as descriptive of you. These can be pretty useful in redirecting interested people into the sites that matter and/or relate to you the most. These can be your personal blog, maybe your Facebook, Twitter and/or Flickr, or whatever.
Google+ maintains a list of sites related to you on your profile page as well, under a small widget entitled Links. As before, click on this widget to edit your personal list of sites.
You can list as many of the sites you want to relate to your Google+ profile here, but most importantly, you can also specify which of these sites are specifically about you. From what I can tell, these particular sites are what Google attaches to your personal search result.
Additionally, Google+ also gives you suggestions on what sites it thinks belong to you but you haven’t added yet. You may want to consider those as well.
Checking your personalized search result
Aside from trying to Google yourself, you can also go directly to your Google account settings and check out how Google will lay out your personal search result. By checking it from here, you can tweak privacy settings (what’s public and what’s not) and other Google-related settings across different services.
You can get here by clicking your avatar’s thumbnail on the top bar, and clicking Account Settings.
Doing that takes you to the Google Account Settings page. Mosey on over to your Profile and Privacy tab, and you’ll have a first-hand view of how your personal search result will look like.
Take note that from this page, you can also check how your Google+ profile looks when viewed by any specific user to make sure that no sensitive information is displayed to the wrong people.
Yes, you read that right. Apparently, programmer or not, hacking Citigroup was simple enough that all it took was for you to open your favorite browser.
It’s no secret that Citigroup had been hacked in early May (even though they’ve managed to keep it secret anyway until early June). With a good handful of groups falling to hacks (including Sony‘s Playstation Network, Acer and Bethesda Softworks), the hack against Citigroup’s website might seem like an incident that could easily be dismissed in the chaotic shuffle. What makes it solidly notable, however, is just how easy the Citigroup hack was performed (which, might I remind, compromised about 200,000 private accounts — roughly 1% of Citigroup’s clientele).
In the Citi breach, the data thieves were able to penetrate the bank’s defenses by first logging on to the site reserved for its credit card customers.
Once inside, they leapfrogged between the accounts of different Citi customers by inserting vari-ous account numbers into a string of text located in the browser’s address bar. The hackers’ code systems automatically repeated this exercise tens of thousands of times — allowing them to capture the confidential private data.
So what? Well, frankly, it makes us programmers looks bad.
What exactly is up here?
When you log into a secure website or service, one of the fundamental things it has to do is to remember you, the user, as authenticated. Every time any of the website’s protected pages are accessed, it remembers that you’re logged in, and lets you do whatever you need to do and mostly gets out of your way. This is exactly the reason why any website doesn’t require you to login every single time you perform an action — and one of the major reasons why we hate Windows Vista‘s UAC.
The NY Times article shares that the hackers just kept changing an account number in the browser’s address bar while logged in, and BOOM they’ve managed to get thousands of private information. That’s scary to say the least.
If you’ve been quite an observant Internet denizen, you’ve probably noticed that a website’s address sometimes has weird numbers, letters and symbols when you jump from page to page. This (called a query string) passes information to the website’s server about what it is you’re trying to access.
For example, you can access one of my friends’ Facebook profile page by visiting https://www.facebook.com/profile.php?id=1480610895, which will make Facebook pull out user account number 1480610895, which supposedly corresponds to Shiela Ching (free exposure, Shiela!).
You can actually try to change that number and it’ll give you the corresponding Facebook profile page on every try. Try it out. Keep on adding one to the ID number or whatever.
Where did Citigroup go wrong?
Citigroup most probably implemented something along the same lines as the Facebook example above: the account number of the account you were trying to access was embedded somewhere in the website address.
Admittedly, this calls for some slack: doing this is not fundamentally wrong. It’s actually a very common thing to do and is very practical in a lot of purposes. Was this one of those purposes? I’d even argue that yeah, it is.
Citigroup didn’t trip up in the method they chose to allow users to access accounts. First and foremost, they required users to actually login. No way could you have gone this route if you were not. Secondly, the method of access is arguably practical and efficient, given the nature of the data that needed to be passed between server and computer.
Rather, their system seemed to lack a vital security check: that which counter-checked whether or not the current user actually had access to the account they were trying to access.
Citigroup’s site basically had a very loose approach to authentication. Once you’re logged in, it assumed that you were only going to access your own account/s and didn’t bother to check if you had access to them at all. And besides, why should it? All the specific links to the account/s you had access to were probably spoon-fed to you via links or whatnot in the UI. Why would you even think of having to manually change the account number in the browser address?
Personally, I think Citigroup blatantly assumed that it wouldn’t occur to users to change the account number on the website address on their own. I’d say that that’s a pretty bold move, if not stupid.
There’s definitely a crucial lesson to be learned here.
Ed Westwick (aka Chuck Bass) is now here in the Philippines as Penshoppe‘s newest endorser, and one of the ways the company is kicking the festivities off is to offer a chance for three young ladies to meet Westwick in person. Only thing you had to do was get yourself into Penshoppe apparel, take a photo of yourself doing your best trailblazer impression (like Penshoppe’s current marketing campaign) and tweet it at them.
So one of my colleagues here at Hewlett Packard is apparently a big Chuck Bass fan. You’d probably be able to guess where this is going.
She yoinked on my heartstrings to play photographer for her (along with NExUS hunk + fellow photog Krismond Gutierrez), and these are the photographs she and I went with for the contest. Took a fair amount of shots across three different venues, though I liked our stint on the car park rooftop, so I definitely went with those the most.
Of course, the Penshoppe logo is obviously not mine; it’s smeared right onto the pictures for contest purposes. I definitely think the black and white feel for the photos is great, although some of these came out really well under the yellow afternoon sun as well.
Snapped this photoshoot using Sugarcubes, my trusty Nikon D90, using a Nikkor 50mm f1.8 prime.
Deferred objects are a new addition to jQuery 1.5, and are meant to strike a cleaner division between executing a task and waiting for the task to complete (and reacting accordingly). In this article, we’ll talk about what deferred objects are and what they can do for you, and finish everything off with a simple example application.
If you’ve worked with Javascript a fair deal, then it’s probable that you’ve run across callback functions before. These are most prevalent in asynchronous operations (AJAX comes to mind, of course), and basically provide a way to execute something when an asynchronous operation completes (e.g. react accordingly when an AJAX operation succeeds or fails).
Let’s take a vanilla pre-jQuery 1.5 AJAX request as an example:
$.ajax({
url :'ajaxservice.svc/method',
data :'{}',
success :function(){alert('YAY!');},
error :function(){alert('gulp!');}});
Now, with the advent of deferred objects in jQuery 1.5, all $.ajax() derivatives now return deferred objects, which allow you to do the following:
var $defer = $.ajax({
url :'ajaxservice.svc/method',
data :'{}'});
$defer.success(function(){alert('YAY!');})
.error(function(){alert('gulp!');});
“So what?”, you may say. Well, if you haven’t noticed, the syntax on registering function callbacks is now more akin to the standard way of registering handlers in jQuery, such as with .click() or even .bind() and .delegate(). This allows us to chain registrations into the more familiar way of doing it in jQuery.
var $defer = $.ajax({
url :'ajaxservice.svc/method',
data :'{}'}).success(function(){alert('YAY!');})
.error(function(){alert('gulp!');});
$defer.success(function(){/* perform additional operations */});
The less-noticed advantage of this syntax (and, in my opinion, it’s greatest boon) is how it enables us to easily slap on multiple handlers onto the task’s result events, just like with the vanilla jQuery events such as .click(). The example above shows just that: we registered two separate function literals as two separate handlers for the success callback of a single AJAX operation.
// remember why we stopped doing this in the first place?<a onclick="alert('DOM Level 0 click handler!');" href="#">Argh!</a>
The old JSON parameter syntax of registering handlers on AJAX calls only allowed us to slap on one callback per event per call. Of course, we could go and create a function literal that calls all the necessary function handlers, but as systems scale and grow more complex, it gets harder and harder to maintain and keep track of everything that’s expected to happen when something happens.
Taking stuff one notch higher
While deferred objects make it so much easier to attach multiple event handlers on a single asynchronous call, that’s easily eclipsed by the fact that deferred objects also allow you to do the exact opposite: performing a task once several tasks are completed.
Let’s tackle this with a more real-world example. Imagine that we had a web page that makes two AJAX calls: one to get data from the server, and another to get an HTML template markup snippet. What we aim to do is that when the two AJAX calls resolve, we want to get our HTML template, slap the fetched content somewhere in it, and append the result into the current page’s DOM.
var flags =[];var my_handler =function(){if(flags.length==2){// do something with the data and HTML template in flags}};
$.ajax({
url :'ajax.svc/getdata',
success :function(m){
flags['data']= m.d;
my_handler();}});
$.ajax({
url :'ajax.svc/gettemplate',
success :function(m){
flags['template']= m.d;
my_handler();}});
The code above definitely has a number of improvement points going for it, but it effectively illustrates how we may go about with doing the business case we raised. While the code is easily readable and effectively clear, it suffers from the same problems that scalable applications aim to eliminate: as the code expands and the system grows more complex, we’re looking at maintaining larger and larger blocks similar to that above, and eventually that will just be too difficult to maintain and someone will likely trip up.
Along with deferred objects, jQuery also exposes the new $.when() utility function that takes care of managing tasks similar to the one above.
$.when(
$.ajax({ url :'ajax.svc/getdata'}),
$.ajax({ url :'ajax.svc/gettemplate'})).then(function(data, template){// do something with the data and template});
$.when() accepts any number of deferred objects (which $.ajax() derivatives now return), and automatically attach event handlers to the tasks as a singular collective. The resulting data from each deferred object are mapped to the handler function’s parameters in the same order as they were declared (i.e. the resulting data from $.ajax({ url : 'ajax.svc/getdata' }) is mapped to data in the function literal in the .then() call, and so on).
This construct accepts three primary handlers:
.done() – called when all deferred tasks succeed
.fail() – called when at least one of the deferred tasks fail
.complete() – called as soon as all deferred tasks complete, whether or not they succeeded or not
The .then() is shorthand for declaring both .done() and .fail() : the first parameter takes the on-success callback, while the second takes the on-fail callback.
Creating a deferred object
While $.ajax() derivatives now automatically return a deferred object, you may want to manually create deferred objects in your code for specific purposes.
To create a deferred object, you simply call $.Deferred(). These objects basically have three states: unresolved, resolved and rejected.
Deferred objects start off as unresolved, and are either resolved or rejected based on a task’s outcome. When manually handling deferred objects, you’d want to either call .resolve() or .reject() based on a task’s outcome.
Let’s build our own deferred logic example
To put everything we’ve discussed together, we’ll try to create a very simple system that makes use of deferreds.
We’ll use an application that has three INPUT fields. The user is expected to fill up all three fields, so we want a task to run when all three fields have been completed. For this example, we’re going to use deferred objects to update a simple message when all three fields have been filled up by the user.
To start off, here is our completed application:
Form is incomplete.
First Name
Second Name
Third Name
Let’s get started!
We’ve got three INPUT fields that we want filled, so it makes sense to create three separate deferred objects; one for each field.
var $deferreds =[];// our INPUTs are inside a DIV#example-pane, so we set the context to that
$('input','#example-pane').each(function(i,e){
$deferreds[i]= $.Deferred();});
We then initialize the task to perform once all our deferred objects resolve. In this case, we just want to change the text in a simple SPAN element.
// we use the JS .apply() method to call the $.when() function with the elements// of an array laid out as the function arguments
$.when.apply(null, $deferreds).then(function(){
$('#example-pane span').text('complete').css('color','#6d6');});
Finally, we need to manually resolve our deferred objects at the proper time. In our example, we want to resolve the corresponding deferred object when the value of an INPUT field is changed.
Our example can use some improvements (like caching $('#example-pane') for example), but hopefully it has been a clear illustration of how jQuery deferred objects can work with you in your code.
Windows Communication Foundation (WCF) has quickly become the de facto standard when it comes to modular messaging in distributed applications. In this article, I’d like to show how we can harness the power of WCF web services via a PHP front-end.
Setting up the WCF service
If you already know how to set up a standard WCF service, then you’re good to go. There’s almost zero configuration that you need to do with creating a WCF service when you’ve got a PHP-based endpoint in mind, and frankly, that’s the whole beauty of it all.
WCF basically provides an interface for the developer to create standards-compliant service endpoints, and that means creating services running on SOAP and the WS-* specifications. WCF does a pretty darned good job of hiding all the semantic complexity required from the developer (but I’d argue that the standards will still be worth a look, just so you know what’s happening), and it just all magically works out of the box.
In all Hello World fashion, let’s create a simple Translation service. We’ll have a single ENtoJP operation which, obviously, translates English to Japanese.
[ServiceContract]publicinterface ITranslation
{[OperationContract]string ENtoJP (string text );}
publicclass Translation : ITranslation
{publicstring ENtoJP (string text ){if( text.Equals("Hello World", StringComparison.CurrentCultureIgnoreCase)){return"Ohayou Sekai";}else{return"Could not translate.";}}}
Obviously, our Translation service is not up to snuff. Not only does it translate English to Japanese only, but it only knows how to translate one single phrase. But it’s a valid WCF service, and we’ll roll with that.
To check if you’ve got your WCF service up and running, just pop it’s URL into your browser, and IIS should throw you a page that looks something like this:
Hooking up our PHP front-end
With our WCF service up and running, let’s proceed to making our PHP page talk with it.
PHP 5+ does a stellar job of parsing SOAP (which WCF uses), so it shouldn’t be a problem. PHP 4+, on the other hand, has to rely on third-party libraries that come nowhere near the performance of PHP 5+’s native SOAP library. For the samples below, I’m assuming PHP 5+.
Make sure that the php_soap.dll is active on your Apache. If not, you’ll need to pop open your php.ini file, search for php_soap.dll, uncomment the line, save and restart Apache.
With that out of the way, the simplest way to call the WCF service is using something like:
The SoapClient class takes care of consuming our WCF service for us, and exposes the operations available through our client instance. As you can see, our client assumes the same ENtoJP() method defined in our service, and it accepts an array for arguments as what looks like key-value pairs.
If everything was done correctly, the PHP file should echo out the proper “Ohayou Sekai” translation.
This is just something I noticed earlier today while working on a wicked prototype for my jQuery lecture class.
I fashioned a quick layout showing a repeating array of 100px x 100px images on a page with a fixed width. Check out how different browser (modes) fared.
My markup had the exact same rendered layout for all of Internet Explorer 8, Mozilla Firefox 4.0 and Rockmelt 0.9 (which as far as I know is using the latest webkit foundation that Google Chrome is also using).
But popping this same markup up on Internet Explorer 9 gets me this:
Looking at my markup, the image slip above can be corrected by adding an additional two (2) pixels on the container’s fixed width. Simple enough, but it makes me wonder why the latest IE either slips up on the CSS box model, or doesn’t provide the leeway that’s present not only in other modern browsers, but also in it’s IE8 predecessor.
And along with Google’s continual search for better search, comes their experimental +1 button. Users who decide to opt in to the experiment get an additional button beside search results that they can use to vote it up, and nominate it to other users. Ideally, the more plus-ones a result gets, the greater the result’s credibility, and we can just imagine that that somehow makes its way to how Google’s algorithms score searches.
The experimental Google +1 button is displayed right beside search result titles.
Your personal plus-ones also serve as something like a favorite tag, and results you’ve voted up will be visible in your profile (which you can also choose to make public).
The concept isn’t new; I personally do this on a regular basis over on Stack Overflow (and the other StackExchange sites), and within the proper audience, it’s highly effective. It’s just a matter of time, however, before we see for ourselves whether or not the whole Internet is actually a proper audience for the idea.
.NET’s LINQ (or Language-Integrated Query) is definitely not something I’d exactly call new, but I’ve been trying to work with it in a little more detail recently (and have a bit of fun in the process). LINQ definitely has it’s merits, and I’d like to share how using it simplified a significant amount of business process logic in an enterprise project I’m working on.
A business situation
Let’s illustrate a simple example. We have a company, which has a number of groups, which in turn have a number of employees. We want to be able to know who the boss is in each group, according to the following criteria:
We can name a certain employee as a boss. If an employee is the only boss in a group, then he/she is considered the group’s boss.
If no employee in a group had been named as boss (or if there are more than one bosses in a single group), then the boss if the employee with the largest salary (because, let’s just say it, our bosses definitely have the largest salary among us, haha).
If two or more employees share the title of having the greatest salary, then the employee with the longest tenure is considered the boss.
This is a simple enough situation in the sense that it can easily be translated into something else entirely and show up as a related problem in a lot of applications.
Tackling this with LINQ
Let’s assume that we’re working with a Group object here, which has a property called Employees of type List<Employee>. We can define the group’s boss using something like:
Boss =
Employees
.SingleOrDefault<Employee>( x => x.IsBoss)??
Employees
.OrderByDescending<Employee,double>( x => x.Salary).ThenBy<Employee,int>( x => x.HireDate).ElementAtOrDefault<Employee>(0);
For the most part, the LINQ expressions themselves are pretty much straightforward and readable. I’d say that the thing that a lot of .NET programmers would do a double take on is that ?? coalesce operator in the middle (it’s certainly not that well-known!). If you don’t know what that is, here’s a good read on it. (You learn something new every day!)
Can you simplify the above code even more? Let me know in the comments!
Doing that the standard way
If you might notice, the code above had been written on one semantic line of C# code. While I’ve split the code into several lines for readability, you can actually come up and write that all in one line of code (check out the single semi-colon!).
Just to illustrate how great that actually fares, here’s some code written so that we tackle the same problem “the long way”.
// check for employees that have been named as boss
List<Employee> explicitBosses =new List<Employee>();foreach( Employee employee in Employees ){if( employee.IsBoss) explicitBosses.Add(employee);}if( explicitBosses.Count==1){ Boss = explicitBosses[0];return;}// check for salary and tenureforeach( Employee employee in Employees ){if( Boss ==null){ Boss = employee;continue;}if( Boss.Salary< employee.Salary){
Boss = employee;}elseif( Boss.Salary== employee.Salary&& Boss.HireDate> employee.HireDate){
Boss = employee;}}
Of course, we can actually shorten and optimize that in some ways (like combine the two foreach blocks) but we’ll be sacrificing some readability with that. (That, and maybe the fact that I’m just too sleepy to work it out further / care.)
I just got my hands on the Dragon Age 2 demo over on Steam, and I was absolutely sold on it after giving it a really quick run-through. It’s mighty slick, with what seems to be a really compelling storyline, beautiful video and a fast-paced battle system designed to get you into the dirty details of the fight.
Just thought of snapping some screencaps while I was at it (I wanted to try out Steam’s new screenshot feature as well). Check some of my gameplay shots below. Note that the Dragon Age 2 demo only allows for medium graphics quality (it goes all the way to very high). Even so, these are some pretty impressive graphics nonetheless.
Bethany, the female mage, casts Cone of Cold into the battle fray.
Here's another shot of that Cone of Cold spell from another angle.
The protagonist performs a two-handed slash against a Hurlock.
The protagonist performs Mighty Blow, a two-handed weapon style skill for the Warrior class, causing the protagonist to jump and slash down on a target for increased damage and force.
Several Hurlocks burn as Bethany casts Fireball into the middle of the fight. The protagonist stands in the middle, unfazed.
A generic dialogue shot. Bethany confirms with the protagonist on the path to take.
Here's that same scene with the camera zoomed in.
Some more battle shots.
The protagonist performs Whirlwind, another two-handed weapon style Warrior skill, cutting down all hostiles within melee range.
... and also, Whirlwind's after effect.
A short cutscene cues in, and a menacing ogre enters the fray.
Fighting against an ogre and some Hurlocks. Let me just say here that one of the things I really liked with the battle system was how quick attacks were loosed. Attacks were done in SLASH-SLASH-SLASH-SLASH combo-style fashion, instead of traditional RPG-style where there seemed to be a "cooldown" in between attacks.
... and a quick cutscene of the protagonist dealing the final blow.
Of course, Dragon Age isn't Dragon Age without dragons. Here's a quick (blotched up) shot of one.
Another quick cutscene. The Dragon Age 2 storyline seems to be told by that dwarf guy as you progress along with the game.
Here's a shot of the game itself, after getting through the tutorial segments. Here you first get a taste of playing with a party, along with some other environment elements.
Here's another shot of the environment gameplay. The background image of the codex notification on the left pans slowly and differs depending on the nature and message. For example, arriving on a new place gave it a nice art backdrop of the city. I thought that that was a real nice touch; helped me get immersed into the game's lore.
One more environment shot.
Leveling up is pretty straightforward: you assign some points into character attributes as you like. What's nice about the DA2 interface is that it gives you a quick rundown of the effects of your point allocations right then and there. For people like myself who don't want to dabble too much into computing my DPS, for instance, it's right up there for you with handy tooltip descriptions.
You also get to improve your character by learning abilities and talents. Dragon Age 2 has a rich skill tree, and it seems that some characters also have customized skill trees. The protagonist's Warrior skill tree here has six (6) families (I've highlighted the "Two-Handed" weapon style family of skills).
Here's the skill tree for Bethany, who is of Mage class.
And, of course, a great interface as well for selecting talents and skills. Hovering over a skill gives you a description, some detailed numbers of the effects, and some flavor text or lore at times. As I remember, diamond nodes are activated skills, circles are passive skills and hexagons are sustained skills.
Building on the previous Dragon Age's relationship system, Dragon Age 2 now has a relationship meter that goes to two extremes (like Mass Effect's Paragon / Renegade score, I guess). From what it looks like, it isn't necessarily bad to progress some characters towards "Rival" instead of "Friend": some specific character skills are unlocked in the skill tree depending on whether a character feels friendly around you or not.
You’re in a pinch: you have to hand over a hefty file to some of your colleagues and/or friends. Email somehow won’t cut it. File sharing sites like YouSendIt and FileFactory are too clunky to work with right now. And sending via DHL is just out of the question.
I seriously need to read documentation more often.
Apparently, Dropbox, that wunderbar of a file-syncing application, has such a feature built-in. And, apparently, I didn’t know it did until just some days ago. (I know, whatever, right?) It even lets you share with people who aren’t using Dropbox.
When you first install Dropbox, it comes with a pre-defined set of folders, one of which is named Public. Any file you chuck into this folder is publicly accessible via a URL link that’s automatically generated for you. Don’t worry — the link is only known by you, at least until you share that link with others.
Sharing a file via the Dropbox Public folder
Just right-click on any file in your Public folder, and select Dropbox > Copy Public Link. You can then paste the URL link to your file anywhere (maybe tweeting it out, for example, to your followers?).
The file will be available whether or not your computer is online (via Dropbox magic), and whether or not the recipient is using Dropbox. That’s mighty handy!
Dropbox also comes with a Photos folder, and it comes with a somewhat similar function: automatic online photo galleries! Be sure to check it out as well.
If you’re not using Dropbox yet, you really should. I recommend signing up right here. It’s completely free (as in beer), and we both get extra space for our files.
Tech+Life+Music is a technology / programming blog authored by Richard Neil Ilagan.
We learn something new everyday, and this serves a bit like a repository of the interesting stuff, challenges and boss fights I come across in my work and play. I blog mostly about progressive front-end development in .NET, jQuery and generic programming for the web.
Follow me on @techlifemusic, or add me up on Facebook and/or Google.
Hooking up our PHP front-end
Discussion