Search This Blog

13 December 2016

Keeping it localized

    We thought of implementing a small web app in Go for localization of resources and translations. There are such apps available:

    But then we thought it is not that important tool. The job can be accomplished in a shared spreadsheet. Like our example of issue tracking:

    The same can be done when we want to localize our resources or translate a text in multiple languages. One spreadsheet per language and we are done. No need for special tools, when everyone already is familiar and used to using the tool, in this case a spreadsheet editing program.

06 December 2016

Introducing Stunt developer analytics

    We are proud to announce that Stunt developer analytics is available. Although what we label it as, it has the potential to be used to collect any data on the client that is of interest to the user of Stunt, turning it in to a full featured analytics tool. It is bare metal, or as it is more common to say an MVP, containing the features that we considered most essential.

Repository of the project:

Server application and portal application:

Android client implementation:

Description of the project can be found at:

Automation, Not ?

    We all know that automation is good. No one likes boring repetitive task that can be passed to a machine to execute. But if we specifically and regularly are forced to change our code just to accommodate automation, well then "you are doing it wrong". Yes there are decisions that we need to make so that automation is possible, but it is possible through clean, well structured and maintainable code. That is it. (here is an article with the same opinion and some more things:
Automation should bend backwards, sideways and any other way to fit our workflow, not the other way around. Otherwise we are in the case of those memes, which mock "doing automation the manual way".

13 November 2016


    We were reminded to mention a great tool - Postman, because of this “New from Postman” issue:

    I don’t remember since when I started receiving these Postman newsletters, but they are great, Postman is great. And I am sure we would all be very surprised that there are a lot of people developing services or applications that consume services, that don’t use such tools. It may not be Postman, there are other solutions, but please do use something.

10 November 2016

Someone said let's self sign it

So I wanted to check my voting location for the Presidential elections in Bulgaria and I came across this on the GRAO website: 

Then in one of their pages they explain that the site is not secure and that the user has to install their root certificate in order to secure their connection to the website.

So they are using a self signed certificate and they are telling us it is OK.
Not cool guys. Don’t invent security. Just get a proper certificate !

01 November 2016

Store locations

Some time ago I came across an interesting puzzle:

In short we have some customers home addresses/locations and we need to place our store where there is the biggest concentration of people.

Here is our solution as an Android application, which uses k-means clustering algorithm. This way the engineers and marketers sent on distant planets can map the location of the population and calculate where is the most convenient location for stores, star ports and other facilities to provide the best customer service :)

Link to the repository at GitHub:

 Initial screen

 We add the population (coordinates are from 0-100), and input the area that the store is going to cover  (size is from 0-100)

 We see the store coverage area (the lighter colored rectangle) and the biggest cluster of population (the darker colored rectangle).

05 September 2016

Java reference notes

    The other day I saw the notes of a Junior Java web developer and it looked like a textbook. Well may be not like textbook, but at least a good quick reference guide. So I asked to photocopy them and here they are for everyone that may need it:

31 August 2016

Java WeakReference counterpart

We have all heard of different reference types - weak, strong, soft. We think that the WeakReference class is very useful. But we noticed the lack of StrongReference class and we think it can be useful as well. So here is our implementation of StrongReference:

1:  public class StrongReference<T> {  
3:      private T mType;  
5:      public StrongReference()  
6:      {  
7:          super();  
8:      }  
10:      public StrongReference(T aType)  
11:      {  
12:          super();  
13:          mType = aType;  
14:      }  
16:      public synchronized T get() {return mType;}  
17:      public synchronized void set(T aType) {mType = aType;}  
18:  }  

We are using synchronzed on the get and set methods, because we use the StrongReference concurently, and this was the use case we had in mind when creating it in the first place. But if your use case is different you can remove them.

25 July 2016

Validating an expected JSON

    Let's say we are getting a JSON from a service and we want to know if it is following the contract that this service has promised. When we use the JSON we would handle cases of missing keys, but we have to look at the actual response to see if everything is OK with it, and that takes time. What if we want an indication prior to that, that there is something wrong with the data of the JSON. We have implemented a few short methods that take as arguments the JSON that we intend to use and a JSON that is a model of the data that we expect to get. The method traverses the model and checks to see if the JSON that we are going to use matches it.
    We can also use it as part of our automation test for our service.
    How does it work. We have two JSON strings. One is a response that we get from a service and the other is a model of the JSON structure that we expect the service to return - the contract of the service to the clients/users. We check that the response corresponds to the model - if all the keys and structure of the model are present in the response, then it is valid.
Here is a short description of the algorithm:

Validate JSON
Does the key from the model exist in the response:
    No - response is not valid
        is the value a JSON object:
            Yes -> validate JSON object
        is the value a JSON array:
            Yes -> validate JSON array
                    else continue to next key.

    The repository for the project is at GitHub and contains implementation for Objective-C, Java and Go:

15 June 2016

List with sticky headers and List with sticky headers and expandable items

    Here is a project that implement a list with sticky headers - list that has two types of list items (lets say sections and items in each section), when scrolled to the top the header sticks to the top of the list.
    The other project builds on the same implementation, but we can collapse and expand the sections of the list.

The project is at GitHub:

02 June 2016

Remote work

    It means your office can be anywhere. It saves time and money. It is beneficial for the employee and the employer. And now working remote has an anthem:

(Fifth Harmony - Work from Home ft. Ty Dolla $ign)

Task tracking with shared spreadsheets

    We would describe how we can use a simple spreadsheet to assign and track new task - requirements, change requests, bugs, chores, etc.
    We would need some kind of could solution like Google apps or Office 365 where we can share documents between team mates who can edit them.
    We have a directory holding our tasks. In this directory there is a spreadsheet file for each task we have. Let’s say our project is called Rap. We would have a directory called RAP and inside it we would have files called Rap1, Rap2, Rap3, … with the number of the tasks.

In the spreadsheet we have a few columns:
   Number - which is the same as the filename, so we can decide to omit this column
   Description - description of the task. If it is a new functionality it would be a description of what we want that functionality to be. If it is a change request it would be a description of what we want to change and how. If it is a bug it would be a description of the incorrect behaviour and what is the correct behaviour that we want.
   Status - it is an indication of the position of the task in our workflow. In the example spreadsheet our workflow is:
       -ToDo - the task is in a list of task is sitting and waiting to be picked up.
       -In Progress - someone is currently performing work on the task. It can be that someone is defining the task, and filling in the fields of the task - it is being created. It can be that QA is performing work, or that the task is being implemented - developed.
       -QA - the task is ready for QA.
       -Reopened - the task has been to QA and it has not passed successfully, or that the task has been closed, but it has been reopened again.
       -Done - The task has been completed successfully.
       -Closed - The task has not been completed, but of some reason we have decided to not complete it (we don’t need that work done anymore), so we just close the task, but still keep it around for accounting purposes.
   Assignee - the person that the task is currently assigned to.

   We can have a comments section after the end of the description or we can have the comments as a separate sheet in the spreadsheet, it is up to us.

   It is popular to use Agile software development process, for example Scrum. When we plan a spring we would have a directory for each sprint and the tasks that go in that sprint will be moved in the sprint directory.
   In our example Rap project in the Rap directory we would have a RapSprint1, RapSprint2, … directories. We could also have directories: Backlog for all the task that are not completed, and not in an active sprint; Completed for all the completed tasks. After a sprint is completed we would move the completed tasks in the “Completed” directory and the ones that are not we would move to the “Backlog” directory. In the finished sprint directory we can place a file with statistical data what was done, which tasks, were in the sprint, which ones we completed, which ones we didn’t, hours spend for the sprint and whatever else we want to keep track of.  

   By using a simple shared spreadsheet we showed that we can manage our tasks and even have some functionality that is not available in some of the dedicated software solutions for task tracking. Here Here are screenshots of an example spreadsheet created with Google Sheets:

Good code organization

    We all have read code organization rules or the so called - coding style guidelines. The better ones have an explanation behind every rule. Otherwise it is just a dictatorship of personal preferences. And even not that much personal preferences, because a person would have a reason for the preference, so more appropriate to say would be personal habits and we can only hope they are good and not bad habits.
    In our opinion a good starting point for a rule is to forget of all the fancy features of the IDE we are using all the coloring schemes and imagine we can only use a file listing and a simple text editor without any markup highlighting. Then the decision of using one convention over another becomes apparent.

21 April 2016

Don't be clever

I remember reading a concept in a book, but it seems that I can't find which book it was. But while I was reading some of the Golang documentation I came across something that is in the exact same spirit. Here it is from the Golang Memory Model -

"If you must read the rest of this document to understand the behavior of your program, you are being too clever.
Don't be clever."

18 February 2016

Remote work

    One of the things that gets cited as an advantage to be physically in the office is collaboration. You get to walk to someone’s desk, meet with people face to face and chat, and discuss things. What actually happens is that there are always people “collaborating” - talking, most often near you, there is a constant "buzz"(noise) in the open space like it is a factory floor. Put on headphones, or ear muffs, you would say. So be in the office to be near people and in the same time think of ways to isolate from them. Make meetings only in dedicated places, you say. So be in the office to have the freedom to walk to anyone and collaborate, but forbid this and cripple it by requiring meetings be held in dedicated areas instead.
    What in our connected world prevents us from collaborating regardless of physical location. We have lots and lots of tools to connect, meet, talk, chat, collaborate all we need is an internet connection and it doesn’t matter where each of our team members is physically located. When you are collaborating with a person you are not interfering the work of lots of others that don’t need your noise and distraction. We could be at home, at a coffee shop, at the park, you name it, just pick the place where you could be most productive and that is your office.
    You could check out a book “Remote office not required” by 37signals:

14 February 2016

Native mobile applications with cross content

What is the right format for a mobile application? Some would insist on native only all the way, every day. Some would go cross platform in an attempt to save time and reuse development resources.
We would argue firmly against cross platform development. It doesn't matter if it is HTML/Javascript or C#/Xamarin (some of the most frequently used technologies for cross platform development). In the case of HTML/Javascript we would say that one would be far better off with just a mobile friendly/responsive web app. In the case of C# it is just plain doing it wrong, because it is almost impossible to have a C# developer that would be familiar with the mobile's platform SDK and almost no experience when it comes to the UI, because it is developed in the native platforms technique.
The way to go is definitely native. But what if you have a big amount of content that can be displayed in the same way for multiple mobile platforms. Then just use HTML pages for that content. We would have a native mobile application that uses HTML for part of the content (something that we like to call cross platform content). We could call it a custom cross platform solution/technology, because it is, and in the same time it is more appropriate to think of it as a native application with some (little or a lot) of HTML content with or without the capability to interact with the native code (depending if the solution needs it or not), because this is the intent purpose of this solution.
This is the sweet spot for complete set of capabilities on the device and time and resource savings.

Here are some native applications which can be used for templates where a custom HTML5 content can be added:

07 February 2016

SSL interception - Man in the middle attack

How to check visually for the security of a site we are visiting
When we open a site the address bar of the browser shows if the connection is secure (SSL). Usually there is a green padlock. If we click on it we can get detailed information of the SSL certificate that is used by the web site. If the SSL is an Extended Verification Certificate there is also an additional area that is green next to the padlock to get a quick visual indication that the site uses an EV certificate.
If we are using a connection that is passing through a proxy it can intercept the connection and start the communication with the site we request on our behalf, read all of the contents, resign it with a forged certificate and send it to us. Normally the browser won’t accept that certificate, because it has not been signed by the proper CA. But if someone has access to the machine we are using, he may have installed an additional CA in the browser and that CA is the one that is used to sign the forged certificate and it is trusted by our browser(it got installed in our browser by that person) and we would see a green padlock in the browser’s address bar. But there is no way that we would see the additional green area in the browser address field. If we know that a domain is using an EV Certificate, this can be used as a quick visual check to alert us that there is something wrong with the certificate.

Comparing the certificate fingerprint.
To verify that the certificate that a site is presenting is the actual certificate that was issued to that domain we need to check the certificate fingerprint. We can do that if for example we access the same site from another location/network which we know is secure and take the certificate fingerprint and compare it with the one we get from the other location/network, or we can use a site like 

which can provide us with the fingerprint.
In the browser we can click on the padlock (in the address bar) and select to see more information for the used certificate:

 In that window we can select to see the certificate and find out what the fingerprint is: