Home     RSSRSS

Archives: Process

Special HTTP Verb to request and view Documents online

May 28, 2019 by kiranbadi1991 | Comments Off on Special HTTP Verb to request and view Documents online | Filed in Development, Others, Process, Project Management, Security

First American Financial Corp’s recently exposed good amount of data(885 million files related to real estate data) to the external folks.Probably this leak impacted close 885 million folks assuming each file relates to one property and one person or family.

The leak mainly happened by modifying the URL parameter of the request. I have written quite a bit of code to fetch some files for viewing online, downloading etc. etc..

Most common way of writing these type of functionality is that you write a controller class to get file for viewing(render document on browser for viewing),you have some service layer which populates file template, and then some data access layer which either fetches data based on some id from database or cache store to populate the template.All these steps along document viewing happens most frequently via GET verb. Of Course you can have secured GET requests.

The whole purpose of GET verb is to fetch the resource which it does as described  in specs. However I feel document viewing is special type of use case which I believes requires a special http verb to deal which browsers most of the times can provide inbuilt protection for cases like First American Financial Corp (similar as Browsers prompt for double submits).

This verb will help to solve other issues as well like malware, excessive ads, virus problems, etc. etc.. This verb will make web much cleaner.

PS : Though I know that First American Financial Corp’s leak is due to poor development practices but I believe that generally browser or Web specs should provide first level of defense against these types of lapses.

Linux vmstat command

April 4, 2019 by kiranbadi1991 | Comments Off on Linux vmstat command | Filed in Database, Development, Environment, Memory, Performance Engineering, Process, Web Server

I have been spending  bit of my time on EC2 Amazon linux. So thought of just making a note of some of the commands I frequently use.

It helps me to look directly at my site for information on this command rather than googling and spending time for the information in the internet for this command.(All I need is what each column stands for)

vmstat gives information about processes, memory, paging, block I/O, traps, and CPU activity. It displays either average data or actual samples. The sampling mode can be enabled by providing vmstat with a sampling frequency and a sampling duration.

vmstat

The columns in the output are as follows:

Process (procs)  r: The number of processes waiting for runtime

                             b: The number of processes in uninterruptable sleep

Memory      swpd: The amount of virtual memory used (KB)

                     free: The amount of idle memory (KB)

                     buff: The amount of memory used as buffers (KB)

                     cache: The amount of memory used as cache (KB)

Swap                   si: Amount of memory swapped from the disk (KBps)

                            so: Amount of memory swapped to the disk (KBps)

IO                         bi: Blocks sent to a block device (blocks/s)

                             bo: Blocks received from a block device (blocks/s)

System                in: The number of interrupts per second, including the clock

                             cs: The number of context switches per second

CPU (% of total CPU time)

                            us: Time spent running non-kernel code (user time, including nice time).
                             sy: Time spent running kernel code (system time).
                             id: Time spent idle. Prior to Linux 2.5.41, this included I/O-wait time.
                            wa: Time spent waiting for IO.

Some additional flags for vmstat are

-m   -  displays the memory utilization of the kernel (slabs)
-a    – provides information about active and inactive memory pages
-n   – displays only one header line, useful if running vmstat in sampling mode and piping the output to a file. (eg.root#vmstat –n 2 10 generates vmstat 10 times with a sampling rate of two seconds.)
          When used with the –p {partition} flag, vmstat also provides I/O statistics

Tags: , ,

My Thoughts on “Customer sues Epicor after ERP software project attempt ends in ‘big mess”

March 11, 2012 by kiranbadi1991 | Comments Off on My Thoughts on “Customer sues Epicor after ERP software project attempt ends in ‘big mess” | Filed in Process, Project Management, Small Businesses

This is an interesting case where in the customer sues the vendor for failing to implement the ERP Project as per the agreed timelines and probably budget.ERP projects has their own challenges with regard to implementation and requirements gathering process. I do fully agree with ParknPool that it does impact the bottom line of the company when ever the key systems goes off line for some reasons.I have seen the mess that happens specially if you are multi million dollar company having sales/order booking partners located  in various locations across the country. Given that most of the key information about the clients like credit limit/ account balance/banking details etc are often interdependent and located in the same systems in ERP, it becomes a kind of challenge of the company officials to work without this information.Manually taking orders and updating the payment is just impossible given that during peak seasons there exists lot of chances of human errors or creating intentional gaps by sales team. Remember no matter how high your position is in the company or no matter how close or deep relationship you have with your clients or customers, there always exists a risk that you might go beyond the credit limit allocated to the customer if you are super busy sales guy and has bonus attached to your monthly targets.

So why this case is interesting , there are number of reasons for this ,

  • Implementer failed to read the requirements correctly.”Because we’re a drop-ship business, we need to invoice our client after the last item ships, because they could ship from multiple locations,” Fonner said. “The Epicor system couldn’t deal with that.”. Though the requirements looks 4 lines statements, I am sure it takes at least 2 weeks to get more clarity on this requirements and at least minimum 4 weeks to implement this.(This is based on my experience).
  • There was also an attempt to change scope  which we often see in some projects due to various reasons.”Epicor also performed something of a bait-and-switch with ParknPool, initially saying that the company’s need would be met with a specific set of software modules, but then saying that more were required after the project started, Fonner said.”. Most service providers tries to do this indirectly in cases where they feel the client can provide still more business.This is just an immature and terrible thought  that is surely going to backfire on you.
  • Software implemented was untested.If you are deploying in production any software which is untested, there exists a risk that you are going to do a  business in loss at least this is true for Software which are as complex as ERP systems. These systems often has lot of information with regard to inventory, finance ,rates and client information etc. I can go on writing as how various departments in the company sees an ERP systems. Its just a very high risk decision to implement an ERP in actual usage without testing for validity of business rules implemented.
  • Its just not easy to sue the seller here for the simple reason that during the implementation phase,I feel there wasn’t any legal check points or milestones to measure percent completion of work.If there were check points, ParknPool could have seen the red flags right after some days of execution start.Checkpoints are must in any projects to see where we stand.
  • This should be interesting case to follow as I have seen many companies changing vendors due to bad quality of management, improper execution or  just operational loopholes or lack of quality for the work done. Suing the vendor for bad quality or incorrect or incomplete implementation is something I feel should have some impact on the way IT Industry works and the way outsourcing works.In all, this case should definitely benefit IT industry in some way specially at least in defining the legal definition of “DONE”.

         

Technorati Tags: ,

Tags: ,