Category Archives: General

Best way to persuade/communicate – Pyramid Principle

Recently I had a chance to read more on so called “Pyramid Principle”. Thanks to my mentor who wanted to discuss this very topic in my next mentoring session.

When i heard this topic for the first time, to be honest i was thinking of hierarchy in an organization which is often attributed to be of pyramid structure.

When i searched in Google, i got some very good pointers on what exactly this is and that moment itself i thought i should write a quick 100 word blog post on what i understood on this topic for my fellow colleagues.

Ok, coming to the point, the concept “Pyramid Principle” refers to an approach by which you can communicate something to someone, in a more methodical, concise and adoptable (yes, something which others are more happy to adopt) fashion.

Usually these kind of principle (complex as everyone would say.. :)) is employed to higher management who, in general doesn’t have much time with them. To be fair to them, they do process large amount of data and is entrusted to take top decisions under very little time (yes, that’s why they earn more money.. :)).

When you want to communicate something, usually follow the steps as below (advocated by Pyramid Principle):

  • Start with the answer (yes, your first slide can be the answer itself which the management has asked from you). This is often against your usual way of communication, as in the past, you give facts and figures first and then come to a particular conclusion. Yes, reverse the approach for you to be heard and accomplish what you would like to communicate. If the person whom you are communicating, has already parsed good amount of information in past on similar topic, just the first slide would be good enough for him/her to take a decision and move on.
  • After giving the answer, now its time to group things together and get into a bit more detail with very high quality facts and figures. The best way to get your higher management to listen to you is that, the facts should be grouped and it should not be more than three groups (just a rule which has seen success in past – scientifically proven as you can say). Grouping can be done in many different ways and in general can be classified as:
    • Time based – convey according to how it happened
    • Rank based – higher to low rank
    • Structured – break the main one into three main parts and present it

I think now you know why is it called “Pyramid Principle”. If not, what i understood is, start by giving pointed answer to a question (top of the pyramid) and then drill down as needed with more and more detail. The base of the pyramid would contain more finer details with more figures and facts.

The question is, should you use this for higher management only? The answer is, no. It can be even used when you write a simple mail (reply to a question obviously). This can also be used while answering a question from your higher management or even from your colleagues.

Simple, concise and to the point answer is always appreciated. Its a sign of leaders and i would persuade you to practice it right away.

If you like this topic, please share by clicking on various options in this blog post and help spread this.

Page Visitors: 235

Checklist when you are reviewing a product – technically and architecturally

When reviewing a product technically and architecturally, what are the important aspects that you can think off is listed below (with my experience). The list is just my compilation and in no way exhaustive. It also is not very structurally arranged but these aspects are quite important when such a review is being conducted. If this is useful information that you are looking for, please comment and i will make sure to expand each item more in detail, either as a new blog post or keep adding additional points in this same blog.

  1. Technical Standards alignment
  2. Maintainability aspects (Architectural patterns)
  3. Code Review, Coding standards
  4. Documentation
    1. System Architecture (Architecture Documentation)
      1. Technology View (Version of all Software’s)
        1. Logical architecture (Technically fully explained)
        2. Third party products used, if so Licensing details
      2. Data View
      3. Deployment View
      4. System component Interaction (Component diagram)
    2. Detailed Design Document
    3. Code Documentation
    4. Road Map (Software and technology used)
    5. Details of various exposed web services
    6. Details of other exposed interfaces
  5. Issue tracking system
    1. Dump required, it gives you
      1. Project Health
      2. Various other matrixes
  6. Basic SDLC followed
  7. Basic Configuration management followed
    1. Source Control
    2. Build mechanism
    3. Deployment mechanism
  8. Modularity of code
    1. OSGI capability (Deploying, starting, restarting modules individually)
  9. Performance and availability
    1. Load testing data
    2. Typical deployment time
  10. Logging and Auditing
    1. Transaction auditing
    2. Transaction logging
  11. Non-Functional requirements
    1. Document detailing this
    2. Parameters considered
    3. Any drawbacks
  12. Security
    1. Aspects considered
  13. Architecture overview
    1. Various layers (Client layer, Protocol adapter layer, service layer, business service layer, persistence layer, external interface layer)
    2. Various technology used in each layer
    3. Presentation tier, business tier, database tier, enterprise storage
    4. Components (Functionality – Tools mapping)
      1. Persistence
      2. Transaction management
      3. Job Management
      4. Security
      5. Locking
      6. Audit
      7. Caching
      8. Logging
      9. Web Presentation
      10. Software Distribution
      11. Reports
      12. Health Check & Monitoring
    5. Interface and messaging
      1. Support (web Services, XML, Proprietary)
      2. Modes supported (Email, FTP, MQ, TIBCO)
    6. Connection pooling
    7. Encryption
    8. Performance
    9. Distributed DB
    10. DB backup mechanism
    11. Inter module communication
      1. Dependency, coupling and cohesion
    12. ESB
  14. Architecture framework
    1. Objectives
    2. Approach
    3. Principles
  15. Customization carried for each client
    1. How is source code for each client maintained
    2. Code customization and reuse
    3. Product stack
  16. Standard SDLC in case of complex business process which encompasses multiple components/modules
  17. How are different modules maintained
    1. Teams
    2. Team size
    3. Team composition
  18. Business validation
    1. Approach followed
    2. Declarative or code based
  19. Any existing standards commonly available used while design. Eg. IATA
  20. Can existing application be migrated to this product
    1. SDLC followed
    2. Steps carried out
  21. Integration of system with external legacy systems
    1. Strategy followed
    2. Interface design mechanism
  22. Does it support user preferences?
    1. Favorite screens
    2. Various defaults like date formats, time formats etc.
  23. Application level basic setup configurations
    1. Configuration based
    2. Code based
  24. Authentication and authorization
    1. Level of authorization
    2. Screen based and functionality based
    3. Screen opening in view only mode
    4. Editable based on user role
  25. Internationalization
  26. Workflow
    1. Technology used
  27. Emails
    1. Technology used
  28. Branding for various customers
    1. SDLC followed
    2. How much time it takes to do minimal brand changes
    3. Can customers do the brand changes by their own
    4. Various mails and other configurations (user agreements, disclaimers) how can the customization done?
  29. Any content management system used?
  30. How is web session maintained?
    1. Offloaded to DB?
    2. Memory?
  31. Instant messenger support (web chat)
  32. Specific printers support (Dot matrix etc.)
  33. Barcode generation support
    1. Technology/third party software used
  34. How is various masters taken care?
    1. External sources
    2. Internally maintained
    3. If external customers require data to be sourced from external sources, is it supported?
  35. Different types of data integration mechanism used
    1. Web Services
    2. DB links etc.
  36. Business intelligence capabilities
  37. Data purging mechanism used
    1. Strategy followed
    2. Operational & archive DB
  38. Application hosting models used
  39. Details of exposed web services
  40. Testing capabilities
  41. Integration with ESB’s
  42. System exceptions, error handling and monitoring
    1. Exception classification
    2. Details available for debugging and root cause analysis
      1. User details
      2. Transaction details
      3. Severity
      4. Name of the server in clustered environment
      5. Transaction type – Asynchronous and synchronous
  43. Development environments, explain what is process followed
    1. Test
    2. Stage
    3. Production
  44. Transaction metering (quantity)
  45. TPS and Response time monitoring
  46. Clustering capabilities (Session replication)
    1. Scalability
    2. High-availability
    3. Load balancing
    4. Failover
    5. Fault tolerance
      1. Oracle data grid
      2. Storage level replication
  47. System performance and scalability
  48. Load test methodology – Process used
    1. Smoke test – to understand system behavior
    2. Single instance stress test – to understand the first breaking point
    3. Load test – simulating real life usage
    4. Endurance test – Assess the behavior of the application over longer periods
    5. Application profiling – to understand root cause of the problems caused
  49. Application benchmarking – How is it done?
    1. Users
    2. Machines
    3. CPU utilization
    4. Statistics
    5. SQL’s per second
    6. Transactions per second
    7. Availability percentage
    8. Business transactions per month
  50. Usability considerations
  51. Encryption methodologies used
    1. One way encryption – default algorithm used?
    2. Symmetric (private key) encryption – default algorithm used?
    3. Asymmetric (public key-private key) encryption – default algorithm used?
  52. User authentication mechanisms
    1. Active directory
    2. Single sign on mechanisms
    3. LDAP
  53. Certified platforms
    1. Operating systems
    2. Servers
    3. DB
    4. Browsers
  54. Recommended deployment models available
  55. Approximate planned outage
    1. Time
    2. Process
  56. Roadmap and planned software migrations
  57. Lessons learnt, how is it documented
  58. Bandwidth requirements
    1. Minimum
  59. Workstation configuration
    1. Minimum
  60. Source code maintenance
    1. Tools used
  61. Hosting models available
  62. Horizontal and vertical scaling capabilities
  63. Mobile support available?
  64. Rolling back of implemented delivery – Any process?
  65. Ensuring IT security standards – how is it achieved?
  66. For PCI relevant solution components is it certified according to PCI DSS?
  67. Training materials
    1. For train the trainer
  68. Disaster Recovery
    1. Deployment topologies
    2. Testing methodologies for testing DR

Page Visitors: 372

Windows Task Manager – Enhanced

Have you felt at any point that Windows “Task Manager” is limiting in functionality? If so, this blog will try to give a solution by which you will have much better details on various programs running on your Windows machine with lots of data at your finger tips.

By the way I haven’t done anything in this blog by myself, rather I would just point to a simple utility which will help you get these details… :).

The tool we will be using is Windows Sysinternals Process Explorer. It is provided as a free download from Microsoft.

Process Explorer:

You will need to download and unzip the Process Explorer package. The application does not have an installer, so unzip it somewhere convenient so that you can launch it when needed.

Complete details on the features of this simple program is detailed in the URL above.

Some screenshots which will make you use this enhanced Task Manager in Windows.

1 2 3 4

Page Visitors: 431

Regular Expression

Its really awesome to see people sharing their knowledge to everyone out there. If you need regular expression while doing a piece of code or while doing a validation in your application, you don’t have to break your head designing this cryptic code yourself. There are awesome people out there who are good at it and they are willing to share this with the world. Recently i had a requirement to look for a particular country’s telephone number scanning through various web pages. I found a tool which does this but it had a generic regular expression for phone numbers. I am not at all good at regular expression and to be honest, i haven’t break my head trying to learn this… :).

Because i am lazy, i thought i will give in a try in Google before doing it myself from scratch. When i did, i found some very useful regular expression, all being shared and kept well in a site below:-

There is another blog which lists commonly used regular expression, not exhaustive, but worth scanning through for your requirement.

I thought before i am too lazy to share it as a blog post, i wrote a quick blog for other readers.

Page Visitors: 138

How to keep yourself updated with latest technology trends

Its a quick read blog post and will not take more than 10 minutes to read the post completely.

Its very hard to cope with the every changing technology trends and keep yourself updated all the time. The technology also changes in such a fast pace that the things that you learn today cease to exists or gets replaced in a real fast pace manner.

But, we cannot run away from reality and we will have to keep our self update till you are in industry, otherwise, in no time the door will be opened for you to move out of the organization that you are working… 🙂

What i do?

I am not claiming that this is something you should do. Its one of the way what i try to do to make myself updated to some extend with the pace of technology change.

I go and subscribe myself to various RSS feeds, go frequently to some great sites (dzone, javalobby etc.) and look for blogs/articles which deserves a read. Once i decide on a blog post or an article, i first skim through it and see if it is very written. If so i start reading the first paragraph. If the blog really entices me, i try to put a time or save it in my pocket (bookmark application). When i get time, i start reading the blog with a notepad opened side by side. I try putting some notes in the notepad as i read. At one stage if the blog is so interesting, i try to put adequate things in my mind which i can use later on to churn my own blog in this topic. When i decide that the topic is good for me to write a blog myself, i start preparing a draft blog as i read. Things which i don’t know in this case deserves more read and i start googling stuff to get more details. My blog post slowly grows in size but without a structure. Slowly and steadily i try to put a structure to the blog post and start putting more sentences and figures. At the end of my read my blog will have my own content with some good attributions to the content from which i extract my blog. In the meantime if the blog deserves a practical session, i go on trying various tools and put these into practice.

If at the end i feel that my blog is a good candidate to be published and it does give reader a good though explanation on the topic, i put the reference section and go ahead and publish it.

Page Visitors: 1649

Application Security – SSO and FID

This post in no way is a comparison between SSO and FID. Theoretically both does have some similarities but there are some core differences because of which a comparison should be deemed unfair and unethical. Having said that, while I was posed with a question on OAuth, i did research a bit on this in the internet and this blog is a by-product of it. The blog post doesn’t go into detail on any of these but just gives some important links and relations with respect to it. They can use this as a very high level starting point in the quest to become proficient in this regard. I am still amateur and everything with regards to this post by the readers will be taken in positive sense and looked upon. If very good points are shared by the readers, it will be incorporated into the blog.

SSO (Single Sign-On) allows users to access multiple services using a single login credentials. In a true SSO, the user only has to provide credentials a single time per session, and then gains access to multiple services without having to sign in again during that session. But the term SSO, is being used at different place where it exactly doesn’t mean what i just said and can be bit confusing. You can have your our mechanisms of singing on to different application without user having to sign-on explicitly providing the credentials. This also application developers call as SSO. In true definition we cannot say that they are wrong but for a developer at times the term SSO can be bit ambiguous because of this. Some of the commonly used configurations are (detailed in wikipedia):

  • Kerberos based
  • Smart Card based
  • OTP token based
  • Integrated Windows Authentication
  • SAML (Security Assertion Markup Language) – an XML-based open standard using which authentication and authorization details can be passed between two parties, in particular between identity provider (IdP) and a service provider (SP). These terms will become more clear when we explain Federated Identity (FID) in detail. Just to give you some base details, here are their definitions from wikipedia:
    • Identity Provider (IdP), also known as Identity Assertion Provider, is responsible for issuing user identification to all the service provider on a need basis, establishing the credibility of the user interacting with their services.
    • Service Provider (SP) is a company/organization which provides various services to their customers.

Federated Identity (FID) is a place where the user stores their credentials. It can also be thought as a means by which to connect the various identity management systems together. In FID, the user stores the credentials with the home organization/service, called as “identity provider”. When a user accesses a service, the service ideally asks for a credential. Instead, the service provider trusts the identity provider and authenticates against it. Because of this, the user is not being prompted with supplying a valid credential. Google, Yahoo etc. are some of the platforms which allows users to login to third party web sites, application etc. using FID.

Now, is it right to interchangeably use SSO and FID. Theoretically its not wise to do so. Having said that both does provide a means of authentication with user entering credentials each time when accessing different services hosted separately. As wikipedia states, SSO is technically a subset of FID using which authentication aspect of security is taken care off.

I took in the direction of research and this blog post, to learn more on OAuth and what it is. To explain OAuth, i had to explain you what SSO and FID is. Now since we have a background of SSO and FID, lets come back to the main topic what I was after.

There are various technologies which are used as part of implementing FID. Along with some proprietary standards being employed, there are some well known standards like SAML, OAuth and OpenID. Now lets dive into each one in some detail. I could see many blogs/forums in internet which compares SAML and OAuth. As pointed out in this stackoverflow answer section, there isn’t any similarity between the two.

    • SAML (Security Assertion Markup Language) – the base details was covered earlier. Here, we will try to expand on this in more detail. As detailed earlier, three main parties are the principal (user), Identity Provider (IdP) and the Service Provider (SP). This is how it all works, the user requests for a service from the SP. The SP requests and obtains and identity assertion from the IdP. On the basis of this, the SP makes an access control decision which allows/denies the user from accessing the service which it requested.The below image is from a blog with gives a comparison between these various FID technologies which can be used.

A sample SAML use case

    • OAuth is an open-standard for authorization. It provides a method by which clients access the server resource on behalf of the resource owner. This can be used by end-users to authorize third party applications/services on behalf of them and without supplying credentials in the form of username/password. Now i think for a reader it is becoming more clear as to how relevant these technologies are with respect to FID.The below image is from a blog with gives a comparison between these various FID technologies which can be used.

A Sample OAuth use case

    • OpenID is an open-standard again which can be used for both authentication and authorization purposes. The user in this case registers himself with their preferred OpenID identity providers and use this account as a basis for signing into other applications supporting the OpenID authentication. The below image is from a blog with gives a comparison between these various FID technologies which can be used.

A Sample OpenID use case


Page Visitors: 515

Quick Scheduling

Are your partners/friends etc. in different places and doesn’t have a common platform to let each other know of their Yes/No for a meeting? You can use this awesome web application to do it in a very easy fashion. How secure it is, i cannot comment, but if these details are fine to be seen by others, this seems very good option for doing just this.

Disclaimer:- There might be other sites which aids you do just this but this is my suggestion. I am not saying that this is the best solution though.

Page Visitors: 145