Wednesday, December 28, 2011

The parable of the sadhu

0 comments
Yesterday I read this Harvard Business Review called "The parable of the sadhu", by Bowen McCoy.

This is a very popular HBR article where the author faces a moral dilemma in Nepal. When climbing the mountains, his group finds an Indian holy man - a sadhu - lying on the ice, suffering from hypothermia. The dilemma between taking or not care of the man and their own needs ends when they give him some aid and comfort, but carry and leave him close to a hut, not knowing for sure whether he makes to the hut and, for that matter, if he lived after that.

The discussion that comes up after that is what is limit of their responsibility in a situation like that.
"'Where, in your opinion', I asked, 'is the limit of our responsibility in a situation like this? We had our own well-being to worry about.'"
And after analyzing the situation, the author understand that...
"One of our problems was that as a group we had no process for developing a consensus. We had no sense of purpose or plan. […] Because the group did not have a set of preconditions that could guide its action to an acceptable resolution, we reacted instinctively as individuals. […] We had no leader with whom we could all identify and in whose purpose we believed."
 I don't to give away the entire article, but I must quote these paragraphs that summarize the lesson:
"Individuals who operate from a thoughtful set of personal values provide the foundation for a corporate culture. A corporate tradition that encourages freedom of inquiry, supports personal values, and reinforces a focused sense of direction can fulfill the need to combine individuality with the prosperity and success of the group. Without such corporate support, the individual is lost."

"That is the lesson of the sadhu. In a complex corporate situation, the individual requires and deserves the support of the group. When people cannot find such support in their organizations, they don't know how to act. If such support is forthcoming, a person has a stake in the success of the group and can add much to the process of establishing and maintaining a corporate culture. Management's challenge is to be sensitive to individual needs, to shape them, and to direct and focus them for the benefit of the group as a whole."
It is interesting to analyze our own corporations and if we provide the foundation for a corporate culture, if any. Do we encourage freedom of inquiry? Do we support personal values? Do we have a focused sense of direction? Oftentimes I think that "the individual is lost" in many corporate environments, like the author says above. And this is harmful to the company.

PS: Photo from Flickr (Creative Commons).

Java: how can a 1Gbit/s attack keep up to 100K i7 CPUs busy?

0 comments

This is a hash table vulnerability found in many web application platforms, like PHP, ASP.NET, Ruby, and Java (but not only Java). In one of the cases, 1Gbit/s can keep up to 1 million CPUs busy!

Microsoft has already posted an advisory on this issue. The video has more information about other platforms.

The video below was published today and contains more details on the vulnerability. It is quite interesting, especially if you're into security.

And here you can find a blog post with more details on the talk:

http://cryptanalysis.eu/blog/2011/12/28/effective-dos-attacks-against-web-application-plattforms-hashdos/

Monday, December 19, 2011

StackOverflow clone with RavenDB

0 comments
Today I watched the video below on how to build a StackOverflow with RavenDB. This was my first video on a document store database, and it was amazing to show show interesting and easy it is to use it for a site like StackOverflow.
I was surprised to know that RavenDB supports transactions and by its integration with Linq. Although it's a .NET solution only and requires a commercial license if you're not working on an open source project, it was good to start learning the benefits of a document store.
It also supports full text search, which is implemented under the hood using Lucene.NET.


If you're interested in getting your StackOverflow running, do the following:
  • Download RavenDB from RavenDB website
  • Extract RavenDB into a directory and run Server\Raven.Server.exe
  • Download RavenOverflow from its GitHub repository
  • Extract RavenOverflow in a directory and open RavenOverflow.sln in Visual Studio
  • Right-click on "RavenOverflow.Web" and click on "Set as StartUp Project"
  • Hit F5 in Visual Studio
The original post by the presenter can be found here.

Friday, December 09, 2011

DNS domain names: 253 or 255 bytes/octets?

1 comments
The question of whether DNS domain names are 253 or 255 is something that is hard to find a good confirmation on, but I hope to be able to provide the answer here in this post.

Let's start taking a look at some RFCs:


So it seems that the domain names should be up to 255 octets, right? That is not what Wikipedia says:


There is even a long discussion on Wikipedia about the right value here

And even an RFC mentions 253 octets:
  • "When the result of macro expansion is used in a domain name query, if the expanded domain name exceeds 253 characters (the maximum length of a domain name) [...]" http://www.ietf.org/rfc/rfc4408.txt

Then you start playing with Microsoft DNS or BIND, and tools on both Windows and Linux and see some interesting behaviors. For instance, nslookup on Windows times out when domain name is 255 characters against a BIND server. The version on Linux, however, you get an explicit error for anything longer than 253 characters (ASCII, hence 253 octets):

host <255-char domain name>
<255-char domain name> is not a legal name (ran out of space)

The answer lies actually in the good old RFC 1035 - thanks to a colleague for finding this definitive answer:
  • "Each label is represented as a one octet length field followed by that number of octets. Since every domain name ends with the null label of the root, a domain name is terminated by a length byte of zero." http://www.ietf.org/rfc/rfc1035.txt

The answer is that, over the wire, the domain name uses 255 octets. The first one is used to indicate the length, and there's a last byte that is a terminator. So what is left for the actual domain name is 253 octets - which can represent different numbers of characters depending on your domain.

Sunday, December 04, 2011

Microsoft Visual Studio Tips and Tricks

0 comments
As I am trying to become more productive using Visual Studio - even after some months at Microsoft, I still think I am more productive with Eclipse, I came across this good TechEd talk on Channel 9 on tips and tricks that taught me a bunch of nice things about Visual Studio:

http://channel9.msdn.com/Events/TechEd/NorthAmerica/2011/DEV305

I hope it helps you too.

Saturday, December 03, 2011

Visual Studio add-ins for pasting XML

0 comments

I compiled and installed a couple of Visual Studio add-ins that I thought quite useful for those dealing with XML, in particular pasting them into VS.

SmartPaster 2010
Allow you to past XML as comments, strings, and as StringBuilder – escaping the text as necessary!



          In my case, I had to paste a long XML from my API document and did not want to escape everything.
          This is the source site: http://smartpaster2010.codeplex.com/
o   Binary version did not load in Visual Studio 2010 64-bit (exception was thrown), so I recompiled it and it worked just fine.

Paste XML  as Type
         This add-in is really cool for REST APIs. You copy a XML (like from our MSDN documentation) and it paste it as a serializable type. All classes are automatically generated.



          It was included in Microsoft WCF REST Starter Kit Preview 2: http://aspnet.codeplex.com/releases/view/24644
o   It doesn’t have a binary version, so I compiled this add-in and made it available too