Tag: development

My Thoughts on Tabs versus Spaces

There are two debates that will never be solved. The first is VIM vs. Emacs and the second is Tabs vs. Spaces. For the VIM vs. Emacs debate, I use VIM, only because it is the first linux-based editor I learned to use and no, I do not need to look up how to quit out of VIM (it is :q by the way, you can use :wq to write to file and quit). Instead, I would like to focus on the other eternal debate, Tabs versus Spaces. Before I delve too far into the topic, let me share some background.

Day Job

My job title at work is Developer. It has not always been this, but development is what I have been doing during my tenure there. Primarily, I create custom web applications and reports using PHP, HTML5, and CSS. Over the summer I spent some time re-writing some older code that I written. There are a variety of things to think about when making web apps, like following HTML standards, accessibility, alt on images, and the like. One aspect that is often overlooked is how the source code looks when it is viewed in an editor. Many developers overlook this aspect when it comes to web coding. Yes, the primary concern is really making sure the product works and meets standards, yet future maintainability should also be a concern particular when you need to go back and look at some code that you have not looked at in a while. You likely do not want to spend an inordinate amount of time deciphering your unformatted code.

Being able to look at the source code and have it look decent is something that I have been doing for a long time. One way that I achieve this is to line up equals signs. Here is an example of what I mean:

$short1           = "short";
$longvariablename = "long";

I could just use a single space or tab after the end of a variable name, but the code generally looks better when everything is lined up. Usually there are a number of variables within a particular function, file, or other scope of code. I would always try to line up the equals signs. This usually allows me to know what I am looking at without having to look all around the code.

However, while I was reworking the code, I came to the realization that this is somewhat wasteful. Not necessarily because of the extra keystrokes, which is part of it, but because of the amount of space that the file takes up on the drive. There is another aspect that I was thinking about as well.

Side Thought

While I was re-writing the code, there was a nagging thought in the back of my mind, the size of current webpages. With the proliferation of JavaScript-laden webpages, as well as ubiquitous tracking in general, the size of webpages have significantly increased over the past decade. Web developers often overlook

Tabs versus Spaces

My position is to use tabs whenever possible. The reason I think this is due to the size of the file. Examples are always good, so let me provide one. Say you have a file that is 2 kilobytes in size. It is small, and this file uses tabs throughout where needed. The file size is small, and generally smaller than the size of a cluster on a hard drive or SSD. Now, imagine replacing all of those tabs with four spaces. You have now quadrupled the size of the file from 2 kilobytes to 8 kilobytes. Even with this, the size of the file may still be smaller or just at the size of a single cluster on a disk.

Now, let us extrapolate that. Say for instance you have a 1 megabyte file that uses tabs and you replace each tab with four spaces. The file size has again quadrupled but now it is four megabytes in size. Even if the file is only called once in a while, it is still a rather large file. Let us extrapolate this further. Imagine the file is called 1000 times per day and at 4MB, that is now 4GB worth of bandwidth used. If you are on an internal network that may not be a concern, but on the internet it can become one.

Exceptions

I should clarify, the above example is only meant for interpreted code, not complied code. For the source of compiled code, it may not make a difference. It should also be noted that you could use a strip-whitespace function for some languages, however, depending on the language this may result in the script being misinterpreted.

I know some language style guides indicate what should be used, where most indicate spaces. If I was going to release something as open source and to be used by a wide variety of individuals I would likely follow the style guide of the language, but for personal projects, I will continue to use tabs.

Closing Thoughts

Maybe it is just my thinking, but reducing the overall code size of a project is a good thing, particularly if it is a web-based application. Not only will this save on storage space, but it will also save on the bandwidth consumed by users who are often saddled with a bandwidth cap. While I can understand the need for following a style guide, it is also possible that the time the style guide was written that some considerations were not taken into account. Lastly, do not do what the top image does, that is just wrong and is prone to errors.

TLS and Development with OS X Server

I was working on an application for my own usage, and I was using my iMac as a webserver to test some APIs. Now I had originally built this application as an iOS 8 application, but I wanted to update it to iOS 9 and possibly add some 3D Touch shortcuts.

The issues began with the first compile and attempt to run on my iPhone 6s Plus. As expected the application compiled, installed and ran, except when it did run, I got an error stating “Cannot connect to server”. Since I built the application from scratch, I knew that this was a custom message for when the server is down, or if you put the wrong server name in for the settings. As with any issue, I took a look at the Xcode debug window and noticed what the error said.

NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824).

Now, I thought about this and realized that this was likely due to iOS 9’s new feature App Transport Security (ATS). App Transport Security is the new feature that does not allow, by default, in-secure connections. Well, I knew I have a valid SSL Certificate, so I knew that was not the issue. After doing some searching, I began thinking about what the issue could be. On a whim, I opted to check my server against SSLLabs’ site. This is what I received as a result:

The server supports only older protocols, but not the current best TLS 1.2. Grade capped to C.
This server accepts the RC4 cipher, which is weak. Grade capped to B.
The server does not support Forward Secrecy with the reference browsers.

To verify that my hunch was correct, I used an Apple provided application, nscurl, to get Application Transport Security information. The syntax for this application go to terminal and perform the following:

/usr/bin/nscurl –ats-diagnostics [URL] Where URL is the URL you want to check.

The results you receive will indicate whether or not the server passes. If the server does not pass, it will show you why it does not pass.

Configuring TLS exceptions for 
---
TLSv1.2
2015-10-18 19:33:17.400 nscurl[2053:84062] CFNetwork SSLHandshake failed (-9824)
2015-10-18 19:33:17.401 nscurl[2053:84062] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
Result : FAIL
---
TLSv1.1
2015-10-18 19:33:17.410 nscurl[2053:84062] CFNetwork SSLHandshake failed (-9824)
2015-10-18 19:33:17.411 nscurl[2053:84062] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
Result : FAIL
---
TLSv1.0
2015-10-18 19:33:17.425 nscurl[2053:84062] CFNetwork SSLHandshake failed (-9824)
2015-10-18 19:33:17.426 nscurl[2053:84062] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
Result : FAIL
---

This is the result I get for my test server. This exact error message means that Perfect Forward Secrecy is not enabled. Hence, my test server is not capable of being able to do any development without modifying the application. As a side note, this is the exact same result for Apple.com as well.

As mentioned above, there is a fix that developers have to add to their Application’s info.plist file. The exact information is below. In the code below, replace “example.com” with your server.

NSAppTransportSecurity

  NSExceptionDomains
  
    example.com
    
      NSExceptionRequiresForwardSecrecy
      
    
  

What bothers me about this result is that developers cannot use the latest security best practices by default. I briefly looked into how to enable perfect forward secrecy on Apache, the underlying web server on OS X Server. But, I quickly learned that even if I wanted to modify the Apache configuration, it would be futile. In order to support perfect forward secrecy, you need to have at least OpenSSL 1.0.1c. The version of OpenSSL that is installed with OS X 10.11 El Capitan, which is also utilized by Server, is 0.9.8zg. As of this article, the latest version is OpenSSL 1.0.2d, and 1.0.1p.

I get the fact that Apple would not expect a majority of their developers to utilize OS X as the basis for testing. Many would instead be using services like Amazon S3, a virtual private server, or some other test server. However, that does not mean that some users would not want to use their Mac as a test server.

Yes, Apple does provide the ability to opt out of Application Transport Security, but if a developer is building an application for a small business who runs some of their web services on a Mac running OS X Server, it is not feasible to force developers to reduce security when running Apple’s own products.

Unfortunately, until Apple updates OpenSSL to be 1.0.1c, or later, applications cannot be hosted by OS X 10.11 El Capitan without developers adding exclusions.

I do realize that it is entirely possible to do an OpenSSL upgrade using either brew or compiling it myself, however this is not always feasible and can ultimately cause system instability. It would be much preferred for Apple to upgrade the bundled version with OS X. Ultimately this would provide everyone with the best security.

I really hope Apple fixes this. I know OpenSSL is used to perform a number of different actions within OS X, but I do not understand how Apple could not accommodate developers who want to use their Apple’s own platform for testing applications. It just seems counter-productive. In addition to perfect forward secrecy, TLS 1.2 is not supported either. This was also introduced in 1.0.1c.

Dev Topic: Hungarian Notation

I have spent the last few weeks thinking about programming, specifically variables, and how to name them. There are many different approaches to naming variables. One of the ones that is bandied about, and question quite often, is the Hungarian Notation. Hungarian Notation is the idea of putting the type in the name of the variable. An example of this might be “str” for string, or “int” for integer, or “bln” for boolean.

Conversely, there are those who never put the type within a variable name. Examples of these variables names might be “firstName”, “zipCode”, or “countryCode”. These three examples are somewhat basic and most people can infer what type of information is going to be stored in these variables. However, there are times when it may become less obvious. For example, the variable “userID”. What type of data is stored in this variable? It could be an integer, to tie a user to a database row, or it could represent a username, like “bob123”.

The debate between the naming conventions used leads to this question “When is it appropriate to use each type of naming convention?” Well that depends on many factors. For me, the biggest is which programming language am I using. When I am using Objective-C, the type of variable must be declared.

Objective-C


NSString *firstName;
NSString *lastName;
NSInteger *userID;
BOOL isReady;

With the three variable names above, it would be quite obvious what type the variables represent. However, when I use PHP or Javascript, it may become less obvious. In PHP, you can specify what type, but by default all variables are just that, variable. No keyword or type information is assigned. They can contain any information and be of any type. See the code below.

PHP


$firstName = "";
$lastName = "";
$userID = "";
$isReady = "";

As a person looking at the code, you cannot explicitly know what type of information is expected. You can infer but you do not know with certainty. If you assign the wrong type of data to the wrong variable, it can completely break an application. The same is for Javascript, where the only way to declare a variable is using the keyword of “var”.

Javascript


var firstName;
var lastName;
var userID;
var isReady;

With PHP, and Javascript, Hungarian Notation becomes quite handy. When using Hungarian Notation, your code may look like this:


$strFirstName = "";
$strLastName = "";
$intUserID = "";
$blnIsReady = "";

Javascript


var strFirstName;
var strLastName;
var intUserID;
var isReady;

As you can see, you can more readily discern what type of information is being expected. Now that one situation when to use each type of notation is answered, the next question becomes, “Why have different naming conventions?”

The answer to this one is quite simple, readability. With the proliferation of open source projects, there are many individuals who try to understand how an application or program actually functions. To make it easier on them, it is best to use some sort of convention, when it is appropriate. Besides the benefit of other individuals, as a developer it also makes it easier for you to read your own code later on.

As an example, my largest web, which has about 175 database tables, has a total of 107525 lines of code, between PHP, HTML, CSS, and Javascript files and all of this spans almost 1500 files. A good chunk of this code was written almost six years ago now. If I were to look back at some of the original code and did not use Hungarian Notation, then I would most likely have to look back at certain things and re-construct what I had written. While this almost certain to happen regardless of how long ago a piece of code was written. Nonetheless, it does take away from current productivity and forward momentum.

I am not advocating that everybody use Hungarian Notation, but merely to think and plan ahead for when you have to come back and look at code. Additionally, if you are looking to open source your code, be sure that it is readable to your audience. This means, somebody besides yourself. Also, do not forget comments, even if they are basic so that everybody can get some idea of what is the intention of a certain bit of code is meant to accomplish.

Daily Run Down 06/13/2013: Morning Edition

Here is this morning’s Daily Run Down.

Social Issues/Human Interest

General News

International

Politics

Obits

Science/Space

Financial

Gaming

Gadgets

Law

Technology

Internet

Social Networking

Mobile

Security

Developer

London/Britain/UK

Personal

Funny

Chicagoland

Total Number of stories: 74

Look for more news stories this evening.

Daily Run Down 06/09/2013: Evening Edition

Here is this evening’s Daily Run Down.

Big News

Social

General News

International

Politics

Obits

Health

Science/Space

Financial

Historical

Tips and Tricks

Gaming

Gadgets

Reviews

Technology

Internet

Social Networking

Mobile

Rumors

Software/Apps

Security

London/Britain/UK

Personal

Funny

Chicagoland

Total Number of stories: 115

Look for more stories tomorrow.