Explaining object-oriented programming

Here, in an excerpt from a 1994 Rolling Stone interview, Jobs explains what object-oriented programming is.

Jeff Goodell: Would you explain, in simple terms, exactly what object-oriented software is?
Steve Jobs: Objects are like people. They’re living, breathing things that have knowledge inside them about how to do things and have memory inside them so they can remember things. And rather than interacting with them at a very low level, you interact with them at a very high level of abstraction, like we’re doing right here.
Here’s an example: If I’m your laundry object, you can give me your dirty clothes and send me a message that says, “Can you get my clothes laundered, please.” I happen to know where the best laundry place in San Francisco is. And I speak English, and I have dollars in my pockets. So I go out and hail a taxicab and tell the driver to take me to this place in San Francisco. I go get your clothes laundered, I jump back in the cab, I get back here. I give you your clean clothes and say, “Here are your clean clothes.”
You have no idea how I did that. You have no knowledge of the laundry place. Maybe you speak French, and you can’t even hail a taxi. You can’t pay for one, you don’t have dollars in your pocket. Yet I knew how to do all of that. And you didn’t have to know any of it. All that complexity was hidden inside of me, and we were able to interact at a very high level of abstraction. That’s what objects are. They encapsulate complexity, and the interfaces to that complexity are high level.

The whole interview here

Object and Array literal in JavaScript

This post is mostly for my own reference as I seem to keep messing this up. :O

The basics

{} is an object literal


[] is an array literal


properties can be accessed via . and [] notation:


Object literals can be set using literal values or strings:



Cloud Compute uptime


I have been hearing some criticism on Azure reliability lately. So, I decided to check out if anything I hear has any base by trying to compare Azure VM’s against other IAAS’s and I was quite surprised instability of Azure when putting side-by-side with its competitors.

Even though I don’t use Google Compute Engine personally. I decided to compare it together with EC2 and Azure VM’s since it is among one of the most popular ones.

I think Azure is very nice platform, I use it daily (Office 365 and VisualStudio.com) but they’ve effectively priced me out every time I need to get a server up quickly. Then I always end up to EC2 (Which I like also) but I would like to run some servers on VM’s. Just to get first hand experience how is it to operate real stuff on their beautifully designed Azure Admin.

Disclaimer: I have not used in-depth research on the topic. This is just what I found out by looking numbers from CloudHarmony. If you have more in-depth knowledge on the topic. Please comment the post. I would love to hear it.  

Here are the numbers from CloudHarmony

1 Year Global Uptime

You can see that average downtime has been 3.3 hours per region where as EC2 had 14 minutes. But if you are running IAAS on here it makes much more sense to look about the uptime of the regions (datacenter). As a sample I put up Europe here to see same numbers from 1 year on Europe data centers.

1 Year Europe Uptime

This is actually looking worse for Azure and Google where as very good for Amazon.

If however you are planning to run IAAS on some of these cloud services, do your own research and include the specific services your VM’s are running. I recommend also paying close attention to the monthly/quarterly uptime trend in addition to aggregate uptime numbers.  I would also recommend building your application/infrastructure  cloud agnostic so you are not married to them (yeah, easy to say…).


Install Subversion in Yosemite

SubversionI had some problem with Subversion repository because the repo is using version 1.8 but the SVN version that ships with xCode is version 1.7.

To update SVN on MacOS 10.10 you need to first uninstall old version. You can do that just by deleting the binary.

Type in console:

Then remove it

Use then Homebrew to install new version.

It takes few minutes to install.

I also had to link SVN again on homebrew (maybe i had some old references)

… and it’s done.

Screen Shot 2014-11-01 at 16.02.17


Time for SSL-only internet

There is really no reason why you should not be running  only HTTPS (also known as HTTP over TLS, or Transport Layer Security), on your website. Even you are not running any authentication today there is a good change you will in the future. Furthermore, if you care about SEO Google is going to rank your site higher when you have taken care of security (See: HTTPS as a ranking signal). 

I have been lately configuring few sites to run in HTTPS and here are some tips.

  • Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
  • You need dedicated IP, it’s easier that way
  • Buying certificate. If you are new on HTTPS and you are not sure which certificate to buy, then buy the cheapest one with single domain. If you are paying more than 10 USD for the certificate and you just need to get your website working on HTTPS then you are probably paying for extra.
  • Make sure you are use 2048-bit key certificates, I don’t think anyone is selling anything else anymore.
  • Use relative URLs for resources that reside on the same secure domain
  • Use protocol relative URLs for all other domains. This means you need to ensure that all third party services support SSL because otherwise you’ll give your users browser warnings alongside some security concerns. For example if you use javascript CDN make sure URL’s are pointing src=”http://cdn. => src=//cdn
  • Check out Google Site move article for more guidelines on how to change your website’s address
  • Don’t block your HTTPS site from crawling using robots.txt
  • Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.
  • Configure redirect from HTTP to HTTPS
  • I recommend RapidSSL or PositiveSSL I have been using PositiveSSL from namecheap but there is even cheaper ones in https://www.cheapestssls.com/. Also there is free certificate at https://www.startssl.com/ but I have not try it personally. Though, free is probably never free. Maybe it is OK for test enviroments and sandboxes but I would use RapidSSL or PositiveSSL for production. 

Be secure out there… you can test your server security level and configuration with the Qualys Lab tool.


HTML5 relevant tags for iOS Web App

Here are some tags that are relevant to build great mobile experience. It is mostly for iOS but Android (Chrome) seems to follow it as well.

This is mostly for my own reference as I bump to this all the time.



Getting started with Sitecore MVC

Earlier this summer I finished my first Sitecore project in MVC. I have worked on some Sitecore implementations before where there has been a mix of MVC and WebForms but this time I had a finally change to make presentation ground up so naturally I chose MVC. I have to admit I never felt in home on .NET webforms even I have been working with .NET since version 1.0. For me whole point of abstracting away some of the difficulties of a stateless protocol has always been giving more confusion than benefits. Probably because I was coming to .NET world from web development and I had never been developing in Windows. Anyway, what gave me quick start to MVC in Sitecore was these two videos.

Sitecore MVC – Getting Started (Part 1)

Sitecore MVC — View Renderings, @Html.Sitecore(), and Custom Models (Part 2)

Rethinking cloud-based ECM

I work these days with Adobe Experience Manager which is part of the integrated suite of products known as the Adobe Marketing Cloud, the Adobe Experience Manager connects with Adobe’s analytics, social media, targeting and optimization modules to create a holistic solution and Sitecore Experience Platform that connects the Web Content Management system with the Digital Marketing System to link together channels, engagement automation and analytics with third party tools. Both of these Experience platforms turns my focus on “CMS as platform“. CMS as platform has born due the lack of CRM solutions that integrates and understands web and social media. This hole has left room for CMS to fill this problem. Although, Adobe and Sitecore are both have been built on top of traditional CM to support cloud and therefore I am not sure if these platforms will solve Cloud -part on real Enterprise Content Management Systems.

So what would be the real Cloud CMS?


If we forget current CMS’s and think from the technology perspective Cloud and Enterprise Content Management one rather interesting concept is to rethinking use of data and presentation to completely different level. Since the Internet is big API of data. I have been playing with the thought where data does not need to be centrally stored but instead it can be loaded from many sources using open API’s or simply scrapped using crawlers. Then on CM side using advanced caching mechanism to stored into central package that can be handled with workflows. Just image a web page where the server that is serving a page is only having information about the presentation, cached content but the data can come from anywhere from the Internet. I could use SkyDrive over Office365 as data storage or Google Drive for generic content. I can host comments from Facebook and video’s from Youtube. If I were having social content I could stream content from a site like Wikipedia. All in the same stream. The CMS on this case would be playing role of brand manager with simple CM functionality that backtracks the changes and workflows and provides editors very easy mashups for social media  Internet snippets and content. The role of the CM editor would be more of an Author who through workflows controls the content produced in any media and social media site. Regular editors could use already familiar tools on the Internet to produce content and use CMS just to low level editing,  construct and page design from the Internet media. This would optimise management of web and social content in the same stream without loosing control of the processes.

OK, I admit this would be rather brave change for some that require full control but nothing that cannot be solved with today’s technology. I also think rethinking data out of “CMS” would free CMS more to evolution of marketing and experience control.

How does OpenSSL vulnerability affects me?

If you are running Unix and HTTPS you should review your server. If you are website user on Mac or Windows you might need to change your passwords on some of the services. 

I found this good FAQ summarising the vulnerability from Reddit and thought to copy & paste here:

— clip —

What should I be doing as a user?

If you’re on Linux, update to the latest openssl libraries (ensure that the package was updated today and covers CVE-2014-0160). Ubuntu and Debian already have packages out to fix this.

If you’re on OSX, the latest openssl available there is 0.9.8, which is not vulnerable. You don’t need to update anything (unless you installed a vulnerable version manually, in which case you should update)

If you’re on Windows, it doesn’t come with openssl. If you installed it yourself (through cygwin, for example), you should check what version it is and try to update it if is a vulnerable version.

If you did have a vulnerable version of openssl installed, you should restart all of your computer applications after you update it to ensure they start using the new library.

What should I be doing as a sysadmin / website administrator / other?

Immediately update openssl libraries on any system having vulnerable versions which are hosting SSL/TLS services. Again, make sure the update covers CVE-2014-0160. If you’re using openssl 1.0.0 or older, you’re not vulnerable to this bug.

It is probably reasonable to consider any private keys from vulnerable services to be compromised, and as such you should replace those keys/certs and revoke the old certs. Failure to revoke the old cert could mean that any private keys acquired using the vulnerability could then be used to impersonate your site on the internet with full PKI trustworthiness – a very bad outcome.

Can I test to see if an external website is vulnerable to this?

Unfortunately the only way to determine if a website you don’t manage is vulnerable to this is to try and exploit it. I’d recommend against trying this unless you are fully aware of the potential legal repercussions of doing so.

What does this mean for accessing my bank / facebook / other random website?

If the website you are connecting to hosts SSL (HTTPS) and has this vulnerability, an attacker connecting to that website can view a small window (64k) of memory from the application which is terminating SSL. This window may contain a lot of things, including SSL certificates, SSL session data, or usernames/passwords, depending on the design of the terminating app.

As such, the most prudent thing to do would be to avoid connecting to those services until you can be reasonably assured that they are not affected by this vulnerability. Unfortunately this is a bit of a quagmire as determining if they’re affected is difficult to do. There is no good solution to this, other than to wait for those various websites to confirm they have fixed the issue, or to verify they aren’t vulnerable through third-parties or by testing yourself (see above regarding legal repercussions of testing yourself).

If you find that a site which you have used was vulnerable to this issue, you should change your username/password as soon as it has been confirmed fixed, for prudence sake.

Luckily most bank software is very slow to update (meaning they’re often on openssl 0.9.8, which isn’t affected), or makes use of proprietary SSL libraries, and as such it is unlikely that they are affected by this vulnerability. I’ve seen tests against a bunch of banks and saw no notable ones which are affected by this vulnerability. Unfortunately there will be some financial institutions affected by this.

— clip —

Is this a design flaw in SSL/TLS protocol specification?

No. This is implementation problem, i.e. programming mistake in popular OpenSSL library that provides cryptographic services such as SSL/TLS to the applications and services.

In following Elastica’s CTO Dr. Zulfikar Ramzan walks through the mechanics of the Heartbeat (Heartbleed) flaw (at a high level), how an attacker can exploit it, and its underlying ramifications.

OpenSSL Heartbeat (Heartbleed) Vulnerability (CVE-2014-0160) and its High-Level Mechanics from Elastica Inc on Vimeo.

See also http://heartbleed.com/