Author Archives: Ajitesh Kumar
What is OAuth-based Authentication?
Although there are several articles on the internet on OAuth including the pages on http://www.oauth.net , I was unable to understand the concept behind OAuth by going through any one of those pages and instead kept wandering to several pages. Maybe, because I was impatient soul and wanted to land onto one page which could help me understand it all at just one page without me to wander another set of pages including image searches in Google for keyword “oauth” or “oauth authentication”. The only pages which matched my appetite is http://hueniverse.com/oauth/ . However, one has to patiently go through all of these pages to understand OAuth. This is quite …
List of Developers Sites from Top 5 Social Networking Websites
The article represents information on developers sites/blogs from top 5 social networking websites. https://developers.google.com/ Blog: There are different blogs maintained for different google products. However, one could checkout http://googledevelopers.blogspot.in/ for latest overall updates. The developer site acts more like a portal wherein the visitor gets access to some of the following: News feed from different Google developers blogs/pages related with different Google products APIs & technologies Developers tools such as API console, OAuth playground (interesting), project hosting (http://code.google.com) etc Various different developer programs Links to important Google products Feeds from https://developers.google.com/live/ . This one is pretty interesting as it shows the live streaming event happening on different google products or information around upcoming events. My personal …
Google Maps Embed API to Benefit Local Search Engines & Others
The article explores newly launched Google Maps Embed API and talks about the benefit to end users and, some of the business benefits to local search engines. Few days back, Google launched its new Google Maps Embed API using which any business could easily embed google maps in relation with their locations with simple & easy embeddable HTML snippets. Following is how the HTML snippets look like: <iframe width=”600″ height=”450″ frameborder=”0″ style=”border:0″ src=”https://www.google.com/maps/embed/v1/place?key={API_KEY} &q=Space+Needle,Seattle+WA”> </iframe> Lets look at the API parameters (in bold) above: place: Actually, “place” is used for the parameter {mode}. Other values for {mode} could be directions, search, and view. Read for details on different types for mode on …
10 Training Topics to Transform Rookie Developers to Good Developers
The article represents different topics on which training could be given to the rookie developers to orient them appropriately and help them become highly effective developers by writing code of great quality, doing good communication, helping fellow developers etc. If you are one who is involved in planning training programs or you are one of the rookie developers, you may want to check out following topics and do the needful. Please feel free to share your thoughts/suggestions for any other topics that could be useful. Following is a list of 10 training topics that could be covered in 25-30 hours, and that could help developers imbibe some of the characteristics …
Tools & Frameworks that were used to Build Instagram (Android)
The article represents different tools and framework that were found to be used in the android version of Instagram mobile app. Please give a shout if you disagree with one or more entries listed below. Tools & Frameworks Following represents a list of tools & frameworks, mostly, open-source that have been used to build android version of Instagram app: OAuth-Signpost (Authentication) Oauth signpost library is used to handle oAuth communication. Signpost is the easy and intuitive solution for signing HTTP messages on the Java platform such as Android in conformance with the OAuth Core 1.0a standard. Signpost exposes a minimalistic API designed for two purposes: Signing HTTP messages and requesting tokens from an OAuth service provider. The article on this page explains on …
Javascript Libraries to use for Faster Webpage Loading
The article explores the web page loading issues in relation with loading of static resources such as Javascript/CSS files and goes on to suggest Javascript libraries that could be used to enable conditional loading of JS resources thereby achieving faster webpage loading. Following are some of the common use case scenarios that, if taken care, would enhance faster web page loading: Conditional loading of Javascript files in various different pages: Many of the I-could-also-do-front-end-programming adopt the approach of putting all the resources such as Javascript & CSS files in one common file and include the file in different web pages. Some of these common JS files include jquery & other …
Tips to Load Your Webpage Faster based on Google’s Pre-* Recommendations
The article recommends 4 simple tips to load your webpage in faster manner based on Google Pre-* technology recommendations. These tips are based on suggestions by Google Engineer, Ilya Grigorik in his presentation that could be found on this page. Do note that most of these (such as pre-fetch, pre-resolve etc) are also part of their PageSpeed initiative. While I was reading the presentation, it struck me as to check out on who is leading the internet browser share in the market. Following is the plot I could come up with data based on browser usage statistics. And, the winner is Google Chrome. Thus, I found it relevant enough to …
What are API Managament Platforms & Why are They Needed?
The article describes API management platforms and why are they needed at all. What are API Management Platforms? As businesses start exploring about taking the API route to integrate their applications in one line of business (LOB) with applications from other LOBs or, expose their APIs to external partners, the need for one of these API management platforms start cropping up. Even before we go further, lets understand as to why an enterprise considers adopting the API strategy in the first place? Well, one full article could be written as an answer to this question. However, briefly speaking, APIs primarily allow enterprise and its different LOBs to achieve following objective: Extend/share …
Tips for Setting up Application Security Education/Training Plan
The article represents one of the education model that could be used to regularly educate your IT organization/team about latest security updates, attack patterns, mitigation techniques, security-related libraries and infrastructure, best practices and guidelines, etc . Now that application security is becoming an important aspect to take care, while laying out plan for application design and development, it becomes much more important to put a plan in place for educating application developers & testers. The primary objective is to create a security-aware development team (organization at large). Following is one of the model that could be used to achieve the above said objective: Security Awareness Training: Security awareness training to all …
Developers Take Away from Gmail App Enhancement on iOS 7
The article reflects on the developers take away from recent enhancements of Gmail App on iOS 7 platform (iPhone, iPad). The latest enhancements consist of background app refresh of email thus avoiding users to manually refresh and get new emails. Following is the description of technology behind background refresh feature. Background App Refresh using Pre-fetching The new update released for Gmail App for iOS 7 platform makes use of the iOS background app refresh feature. This would mean that iOS users are no longer required to manually refresh the app to get the new emails. Following is the excerpt from Gmail blog post: “The app now fully supports background app refresh, which means …
Technical Architect Interview Questions – Part 2
Following is the list of questions that were discussed by me with some of the guys appearing for the position of technical lead or architect, in last few months. Please feel free to share your opinion on them. Architecture Define the roles and responsibilities of technical architect, application architect, solution architect and an enterprise architect? The reason I asked this question was that the interviewee ended up mentioning all of these roles while introducing himself. And, while answering the question, he was unable to clearly define these roles. As an advice, please take care of mentioning about your role when attending the interview for the role of an architect. For …
Design Tips for Developers to Secure Cloud Applications
If you are a developer working on one or more cloud applications and want to know design and coding tips to make sure that you take care of appropriate security concerns, following represents some of the important areas to consider: Data Design: Data design is one of the key areas of concerns when one is developing cloud applications. This is primarily because cloud service model such as SAAS (Software-as-a-service) allows data related with different customers to be hosted on same database server. And, if data model, primarily related with multi-tenancy, is not designed in the nice manner, there are high possibilities of data breach wherein the attacker could get access …
Samsung Fingerprint Scanning API & Mobile Wallet Security?
This article explores the recently released Samsung fingerprint scanning API also termed as “Pass API” in light of security for mobile wallets. Pass API is released as part of the Samsung Mobile SDK 1.5 beta1 during the launch of Samsung Galaxy S5 mobile phone. One of the key feature of Samsung galaxy S5 is fingerprint reader. The application could use fingerprint reader to scan user fingerprints and verify against the users’ stored fingerprints on the device. This article presents an overview on the PASS API and, then, talks about how it could be used for mobile wallets’ security. What is Pass API? As mentioned on Samsung Developers Page for Pass API, …
Google PACO for Tracking Trends on Personal Stuff
The article talks about features & benefits of Google PACO mobile app that one could use for tracking analytics data in relation with personal stuff. Thanks for reading it further. Ever wanted to check on how are you doing in relation with some of the following habits on the personal front: Software Developer: How much time are you devoting on some of the following: Learning new technologies by reading one or more webpages/books Trying out/evaluating new tools & frameworks (this could be tracked on weekly basis rather than daily basis) Physical Training (PT): How much time are you spending daily on doing one or more PT exercises such as running? In …
OWASP Security Misconfiguration Example from PayPal.com
The article represents some of the examples of OWASP security misconfiguration vulnerabilities that I could figure out by spending sometime on the Paypal.com website. The article is just an educational one and is not written with any other intention. If you are from Paypal reading this, please get it right. Accessing PayPalObjects.com with URL, https://www.paypalobjects.com/ displays the fact that it is hosted on Apache Server. Take a look at the picture below. It looks like paypalobjects.com server hosts static resources such as CSS, JS and images file as I could figure out several of such resources link with base URL as paypalobjects.com. Password Recovery Module seems to be using Spring Webflow …
Tips to Quickly Get Started with Android Hello World!
The article is written for those curious ones (Java developers at all level) who want to quickly get started with Android programming. This is what I did and got started with few hiccups (in relation with starting ADB server) to get the hello world done. Download right set of tool: Visited the android SDK download page where I got option to download appropriate libraries/tools based on whether I am using one of the existing supported IDE such as eclipse. Although, I am an experienced Java developer and use Eclipse, I rather went with downloading entire ADT bundle consisting of eclipse and SDK platform/tools. Choosing System Type: While I downloading I …
I found it very helpful. However the differences are not too understandable for me