Sunday, October 7, 2012

Web Application Architecture and Design Considerations

 i was a developer/manager(what they call techno-functional manager in India) of a F50 Financial services company, now i am the lone programmer/manager/hacker/cto/vp of my startup. What should you consider before starting an e-commerce/social web site. It has user regr and *passwords*, user specific content, medium level sensitive data (i am multi-tasking with summer of 69) , emails going out and coming in, images or documents and news feed.

1) Denial of Service (a.k.a DOS attack)
2) Encrypting user password (or using open id like Google/Yahoo/FB)
3) Scalability
4) Fail over
5) Securing user password retrieval (forgot password)
6) A decent session id generation logic
7) Caching
8) What goes into RDB vs NoSQL
9) Search engine optimization (aka SEO)
10) Handle authentication and authorization when opening up services for mobile apps
11) Logging
12) Monitoring
13) Load Testing
14) Continuous Integration
15) Analytics (where are your users coming from, who is introducing them to you, are they going where they want to go, are they happy)

ok, now apply lean on this, does a start up site need all this on day one, what is MVP of the feature set.

1) DOS Attack, not day one,only a few ppl know, check if a config can prevent this (not more than 50 connections from one IP, but there can be master-slave or geographically orchestrated DOS)
2) Use FB / Yahoo / Google open id for registration (save the pain of salted hashed encrypted passwords)
3) Scalability: A good hosting company should give a harware (net-scalar) and software based load balancer, just make sure what you put into HTTP Session can be replicated (serializable) and don't rely on singleton instances(cache, connection pool) to always have data that you accessed before. Handle requests as if they are stateless, very little stuff should be put into session (reduce load on replication)
4) Not day one, if you can scale horizontally without user noticing it, then fail-over should be as easy as relying on hosting env.
5) N/A
6) Use tomcat, this has been internet facing for a long time
7)  Caching: TBD, find a framework that can do a better job than HashMap, distributed cache is a nice to have
8) Identify domain objects and then mark them as either RDB or NoSQL
10) TBD

Tuesday, October 2, 2012

Ad-hoc Distribution iOS Apps - Entitlements Issue

After spending my patience and 4 hours of time, of the zillion stackoverflow posts, found this TestFlightApp documentation that rescued me .

Issue: After blindly following apple docs on how to test the app on iOS device. Tried the same for creating a user testable version that can be distributed to others. Again blindly followed apples instructions for creating certificates and bundling a ad-hoc distribution version, but then it failed when i tried installing with the below error


Here is a Test Flight App Documentation. (Read Step 4 and 5)

I am re-posting the content just in case the link breaks

Step 4: Scroll down and expand the Entitlements section in the Summary tab. In previous versions of Xcode, you were required to create an Entitlements file and create a get-task-allow key. This is no longer necessary. Unless your application requires special permissions surrounding iCloud or Keychain Access, you are not required to create this file. Leave the Enable Entitlements checkbox unchecked.

Step 5: Go to the Build Settings tab and scroll down to the Code Signing section. For the two default build configurations (Debug and Release), select your Development Provisioning Profile for Debug and your Ad Hoc Provisioning Profile for Release. Leave Code Signing Entitlements blank.

In previous versions of Xcode, the most common entitlement set was setting get-task-allow to false. This caused an enormous amount of confusion. In Xcode 4.3 this entitlement is automatically set based on whether the app was built using a Development or Distribution Provisioning Profile.