Sunday, December 25, 2005

Penang Bridge

Was trying to locate some traffic information related to the penang bridge. Finally found a site hosted at blogspot which contains image from so called bridgecam(webcam) that promises real time snapshot of the situation on the bridge. There is a also live video feed available. So the next time you wish to visit Penang, check out the traffic information on the Penang Bridge first or you could spend hours stucked in traffic. Actually, I feel that the guys are UEM are quite smart to have mirrored the bridgecam to blogspot. It is quite safe to assume that UEM's server will not be able to cope with high volume of traffic(if more publicity is given to this site). Since most of the information are quite static and blogspot is able to cope, it is only smart to mirror it there instead of their own servers, thus saving on bandwidth and resources. The next step to take will be to mirror the image snapshots to blogspot too.

Saturday, December 24, 2005

Print your own money

You can print some money to buy properties, utilities companies, railway companies and also to build hotels via this page. No, don't get me wrong. I am not asking you to counterfeit, this money is used in monopoly. *hehe*

Thursday, December 22, 2005

62NDS.COM - virus code

The following site allows you to view the source code for computer viruses in txt files. Most of these viruses are written using VBS, (VBS = paradise for virus writers, courtesy of Microsoft - disable it, and install MS Virtual Machine or Java Virtual Machine instead) and are normally sent by email.

Read more

kennysia.com: Guide To Buying Gifts For Men

Great gift buying guide from Kenny. Any of you gals out there planning to get the perfect christmas present, take a look at this article.

World's Ugliest Tie!!?? - For Counsel

Don't Give this Tie to any Man You Care About--unless, perhaps, he's the President of an Ice Cream Company. But, even then think twice.

Read more at www.forcounsel.com/prod...

Friday, December 16, 2005

Mercedes Benz

Read this from kennysia.com. Real funny From Indian standup comedian Kumar "Bloody Germans. I hate Germans. Why? The Germans make Mercedes Benz. Malays sell Mercedes Benz. Chinese buy Mercedes Benz. We Indians? We wash the bloody Mercedes Benz!"

Read more at www.kennysia.com/archiv...

Jazz Club Event

Friday, December 09, 2005

A good plan to increase your annual income?

Nowadays, it seems like we hear complaints everywhere from permanent staffs in the Malaysian IT industry about their companies spending a minimum of three to four times their salary to hire contract X-Men. And it is not like these X-Men can carry the responsibities or duties of more than one local developers. I have heard more negative feedbacks about X-Men than positive ones. Some even conclude that whatever codes developed by these X-Men will need rewriting/refactoring, so there is no productivity gain but losses. No way are they cheap too. So why are they being hired? I have seriously no idea. But since the IT industry has a trend towards looking highly upon X-Men and are willing to pay sky high figures for them, I came to think of this idea. We will group our local developers together. Someone go and get PR or citizenship from X-Men's country and setup a company there. Then, outsource the local developers as X-Men with X-Men's prices. Wouldn't this be a win win situation? The companies think they are hiring X-Men and the locals get great pay. However, we might need to learn how to shake our head when agreeing to something and tan ourselves a bit. We might even have to learn how to mumble during conversation so that anything we are trying to say could not be understood by anyone hearing it. And to ensure you can code like X-Men, learn from The Daily WTF. If they suspect you are not X-Men, show them you know how to write a False Detector.

Thursday, December 08, 2005

Primary Keys

During my college years, I was taught about RDBMS and keys. The keys, also known as constraints in some DBMS, are primary keys (PK), foreign keys (FK) and unique keys. When we draw entity relationship diagrams, we were also advised to lookout for keys and identify them properly as proper primary keys and foreign keys will ensure referential integrity. I was taught to look out for unique keys in a table and use that as a primary key. If I can find a single column that is unique, I can combine multiple columns (composite key) and make them unique. I can group them together and name it as a primary key. Now, after years of development, I still wonder if this is the correct way to do things. There are a lot of disadvantage to the way I was taught. As an example, say you have identified that in a manufacturing department, a product code is unique. Theoretically, we can use this as a primary key. As a primary key, other tables as foreign keys will also reference this. Now, imagine this product code is being used as keys and are stored in product table as PK, invoice table as FK. One day, they decide to change the product code. How do you proceed to do that? As primary key, the code cannot be changed. Even if the database allows it, it will be difficult to change, as you will need to ensure that it is changed at all referencing table. Isn't this a headache? Therefore, I feel that it is better if we maintain a unique identifier, which could be randomly generated or sequentially generated as a primary key instead. This key should have no meaning to the business record. It should be mainly a database table level key only. Now if we apply this to our product table, the product code is simply a unique column on its own with the primary key being another column. The referencing tables such as invoice will use the unique identifier as the foreign key. Any changes to the product code just require changes to one table only and your referential integrity is intact. You also do not need to worry about using composite key as your primary key. Isn't this a cleaner solution? However, selecting data from tables design in this way could lead to slower response, as we will need to join the product table each time we search for a particular product from the invoice table. Compared to using the product code as the key, which we could directly use the product code as a criteria in the invoice table, it will definitely be slower. By how much, I would not be able to say. So, there is this question again, do we strife for better manageability or better performance? For me, I would like better and easier design as we could always scale our hardware. Hardware is cheaper than cracking your head finding expertise to maintain your database.

Why is everyone making the same mistake?

Hopefully, Linux or Solaris can grow fast enough to compete with Windows in terms of ease of use before I need to make the switch. As seen here Microsoft is investing in X-Men. I too believe it is not a wise move as so far, I have not seen really successful implementations by investing there. Maybe the projects and company I deal with are too small compared to what Microsoft is investing and implementing. Anyway, there are a few things quoted which I don't really agreed on. India's highly skilled professionals, low-cost operations, a booming economy, good telecommunications links and a rapidly growing market have made many a foreign companies announce big investments or increase existing investments in the country. India does have highly skilled professionals, however this doesn't mean that the country is full of highly skilled professionals. It could be just a tiny weeny size of India's population that is highly skilled. Anyway, those really highly skilled Indian professionals would had left for States where they can earn a higher income. Therefore those left behind would not be highly skilled and could not survive the booming IT industry by competing with skills and technical knowhow. So, they cut their prices and try to remain competitive. That's where you will get your low cost, by paying for monkeys who are willing to work for peanuts. They might have the best telecommunications links, but have any of you ever try to have conversation with them? I can speak to them face to face and could not comprehend what they are saying as their slang is very heavy. Even worse if you do video conference with them as their body signal for agreeing with something is the same as ours for disagreeing with something. Imagine, you asked them "is it ok?", and they say "Yes" while shaking their head. You would be so confused as to whether they are OK, or not OK. All I can do now is shake my head and say, it is not right do to so...

Tuesday, December 06, 2005

MSDE/MSSQL on Windows 2003

X-Men promised to deliver a solution on DB2 and Websphere. However, on the date of delivery, they came and said that their developers had a change of mind and now it is on MSDE and Tomcat. I will never every know what and who gave them the right to change operating environment? Anyway, they promise me that MSDE is free even for production use and if MSDE is not good enough, I can always purchase license for MSSQL and run the solution with MSSQL. If I really dislike both, I will have to wait for them to rewrite the code to fit DB2. So, do I have a choice? Anyway, so they came and do the setup and installation as promised. We provide them with a Microsoft Windows 2003 machine complete with latest fix pack. They proceed to install MSDE and Tomcat. Took them quite some time to do it. After a while, they complain to me that my Windows 2003 does not belong to a domain and they can't get the MSDE to work properly. They said their development environment back home has domain, so I have to give them domain environment or upgrade to MSSQL. I was really pissed. Anyway, I got instructions to give them whatever they asked for, just to see the system up and running. So, we got them MSSQL. Then they claim they need help on setting up MSSQL. This X-Men really want a foot when you give them an inch. So, we have to plead with Microsoft development team to send someone to install for them. After installing the MSSQL, we left them to setup their application. After a while, they came back and ask for the Microsoft guy assistance again. They said something about url configuration for MSSQL. Guess what, they actually need the JDBC url. I mean, they are suppose to be Java Developers sent from far far away to do setup and installation on Java Web Application, and they are asking for JDBC connection url from a Microsoft guy? How low can they get? Anyway, sensing that they are drowning in troubles, I offered help again. Looking at system, I see that the MSSQL TCP port is not available under netstat. Suspecting something amiss, I check the system log. There, in plain English sentence, it is stated that Microsoft Windows 2003 is smart enough to disable the TCP port because MSSQL is not patched and is vulnerable. So smart of Windows, but how come it doesn't prompt us when it disable? Or did it disabled and prompt but the X-Men didn't notice or had ignored it? So, all those crap about MSDE on domain is absolute bullshit. It was because of not patched version of MSDE that's why it is causing error. So, I ran and grab them a MSSQL Service Pack 4 (IIRC) and pass to them to install. I told them specifically to install the service pack and then try the setup again. I left them for a few hours and when I return, no progress. Ask them why, and they said that they installed the service pack but still cannot connect. Seeing what I did with netstat earlier, they become smarter and showed me that the port is still not opened. Damn these copy cats. To cut things short, they blame the sky and the earth for things not working and left for something to eat claiming that they skipped lunch earlier the day. Curious, I googled on how to check MSSQL version, seems like you can't just click help about to do it. You need to connect to the db and issue a command. I did as per what I found in Google and found that the version is still based. No service pack installed. Pissed again that these X-Men doesn't know what they were doing and wasting my time telling me bullshit, I installed the service pack myself. After installing, I even setup their Tomcat so that it can connect properly to MSSQL for them. I could it get everything working even before they finish their meal. I am no genius and I have never used MSSQL with JDBC before, so I can only assume that these X-Men are either fools or do not know what they are doing. Next time if you are given the duty to do integration, make sure you know your JDBC settings in and out. For example, in this scenario, if they were smart to connect using netbios(or is it some other protocol) instead of TCP, they won't need to waste so much time and effort. Or if you are a Project Manager in charge of delivery, make sure you pick the right guy who knows well enough to bring along with you to do integration.

Monday, December 05, 2005

TM Net Online Services Security Breach

I was trying to access TM Net Online Services via Firefox earlier today to check on my streamyx bill. I click on latest bill and was shown the 3 most recent 3 bill available. I click on the button for English version and nothing happened. I was like...is this another IE only website? Anyway, being curious and nosey today, I looked into the source. Seems like it is just using JavaScript to load a new URL based on the selection you have made. Maybe Firefox was unable to render because they never encode the URL string. Anyway, that's not my story today. Being curious as to how will TMNET prioritize security, I tried to cheat it a bit. To my horror, I was able to pull out other subscriber's information easily. I was able to pull up other subscriber's bill. On those bills are their amount owing, mailing address, account no and user id. Imagine this information falling into evil hands. Anyway, I think you must be pretty excited as to how to cheat the system. Just login to https://tmbill.tm.net.my and generate your own bill. After that just change the number to any random number and if you are lucky you will hit other ppl's bill. Example : https://tmbill.tm.net.my/SelfCare/Maintenance/invoiceTemplate.jsp?language=ENG&invoicePoid=0.0.0.1%20/invoice%204450807148%200 You should change the number after "invoice%20" sans quote and before "%200" sans quote. Please do not misuse the information. Based on my assumption, just increment or decrement the last number will easily get you more bills.

Maxis direct debit

Few years ago, I switched from DIGI Prepaid to Maxis because back then DIGI's coverage is not as good as Maxis. Furthermore Maxis was having a lot of promotions for new sign ups. I subscribe during one of their aniversary promotions and got RM30 rebate every month for two years. I also signed up for direct debit which allow even better rebate. Today, I no longer get this direct debit rebate from Maxis, even the discount for making calls above RM100 no longer applies. My bill has increased tremendously. Is this how Maxis rewards their customer? Or are they trying to make me switch to another plan or even another operator? By staying with Maxis now, I am losing a minimum of few hundred ringgit a year compared to switching. However, it is difficult for me to switch now as I wish to retain my number. I still have a lot of old friends who might be calling at this number. Until the day I can migrate this number to another operator, I have to stay. I think Maxis should reconsider giving rebates for direct debit. Or have some other type of benefits like points system where the points can be used to redeem rebates for new phones. Actually, Maxis can earn if everyone switch to direct debit. They have less staff to maintain for payment collection, less manual work and can even earn interest from the money they collect early. With direct debit, they collect the payment on the first day of the bill, compared to manual payment where I can opt to pay on the due date, which is a one month duration. Imagine 1 million subscriber paid one month earlier and each subscriber's average bill is RM100, Maxis gets 1 million x RM100 interests for one month. Isn't that some amount of money? Anyway, since Maxis has decided that they favour new sign ups compared to retaining loyalty of existing customers, I am cancelling my direct debit and wish everyone else does so. Why help Maxis to earn more when you can make them waste more with the resource they need to chase us to make payment, send more notification to ask us to pay bill, suspend our line, resume our line, etc. So, call 123 on your Maxis mobile NOW and CANCEL your direct debit.

Thursday, December 01, 2005

OCBC eCafe

Few weeks ago, I was trying to register for OCBC's eCafe(click if you are using IE only), OCBC's online banking system. At first, I access their site using Mozilla Firefox and was not allowed to proceed as the site had blocked access from any browsers other than IE. So, I switch to my IE and proceed to register myself. I manage to follow the on screen instructions for a few steps but at step no 3, or was it 4?, I was shown a very generic error page which says the system is currently not accessible and please try again. As an amateur web developer, I think I can recognize the types of errors. Anyway, I immediately called the support no listed on the error page and lodge my complaints. And so, my trouble begins. The support personnel are very friendly, however they are a bit annoying as they will force feed you with whatever manual and faq they have and force you to follow the exact steps. I thought these type of follow the steps only occur during UAT. When a system is live, you must anticipate the users to try every possible means of ways to break the system. Anyway, I was not trying to break the system, just trying to register myself. After lodging the complaint, I immediately call a close friend of mine who currently is working in OCBC and ask her to help me register. I wanted to confirm that this is not my pc environment error. If the pc in the bank works, then it will be my pc error. However, she too have the exact same problem as me, so I am pretty sure by now that it is a application server side error. The support personnel called me few times to query on my JVM. At first I did not expose the fact that I myself work in Java. I am not an expert, but I think I know how to setup my JRE correctly. Anyway, I followed whatever they said and they confirmed that I do have JRE(duh!!) and the version is the correct one. Unable to proceed any further, they decided to contact me later. One bad day, I was busy and pressured in work. This unlucky support personnel from OCBC called me. She ask me if it is possible for me to reinstall my JVM and she will walk me thru. Frustrated, I told her I don't need help in reinstalling and my JVM is of the correct version and there is absolutely no problem at my side, please please look at the server logs. She still insist I reinstall. MY GOD, if I can even setup JRE correctly, do you think I will be developing in Java, troubleshooting Websphere and debugging J2EE applications? I sternly and harshly told her that I do not wish to reinstall, please check the application instead. I am really sorry for her to have called me at that moment otherwise I would had explain slowly to her. Today, I think she finally had escalated it to their application developers. Another OCBC staff called me today and ask me to try again, this time log down the time I encounter the error. They need it for reading the logs. I mean, WTF, do you need the time of error in order to fix bug? As a bank, shouldn't there be someone monitoring the logs and fixing things as soon as error crops up? Imagine the monetary transactions throwing exceptions here and there and nobody check cause nobody logged the time of error. Purpose of a log file for the application to inform if error occurs and it can't be fixed. Judging from OCBC requesting the time from me, I can only assume that hundreds of exceptions are thrown in a day and they are not able to find mine. I can only wish them luck that their application was not from "X-Men" land or else they will only be able to see "Exception occured" with no details at all. Maybe, they might not be able to find the error at all and will tell me no error was encountered as the X-Men might had use the following try{...}catch(Exception e){//do nothing} Anyway, another thing I wish to say is if OCBC is so sure that so much users will have problem with JVM, why do they use applet in the first place? Or they could had made sure that they applet can run using both Microsoft JVM and Sun JVM and also be version compatible. Doesn't this deny lot's of users from using their services? Why is there a need to use applet in the first place? If they had already allowed only IE to be used, they should use ActiveX technology and signed it properly instead. Anyway, from my assumptions now, I think OCBC's IT department is not doing a very good job. Maybe, they have a lot of X-Men there. Updates: OCBC IT called me again, got the timestamp for checking logs. Then they called me again and concluded the userid I chose had already been used. So I change to a new one and now it works. However, I still feel that it should had presented me with a more meaningful message instead of a generic error page. Anyway, thanks to the support at OCBC, I can finally manage my OCBC banking at home.