Facebook Security & Privacy

Once again, it’s customary to include the post that I did for last year’s lecture on “Facebook Security & Privacy“.

Sometimes, “Security” is inversely proportional to “Privacy”. E.g. Airport tightened security reduces people’s privacy. In contrary, the more privacy people want, the less secure their data will be.

Chiang Kai went on to talk about Code Injection. It’s really quite fascinating. He did warn us that there are IT security laws in Singapore and therefore we shouldn’t try it at home. Err… ok.

Even though I have posted this in my previous post, I still think this is a good refresher.

Basic Security Objectives

  • Confidentiality
    • Protect from eavesdropping
  • Integrity
    • Protect from modification
  • Availability
    • Protect from denial of services

Can Your Killer Web App Scale?

I’ve attended Zit Seng’s lecture last year and I happened to blog about it at “can scale?“. However, last year I was still quite noob at web technologies. But in retrospect, I realize that some of the higher level general concepts stuck with me ever since last year. At least I know there’s such a thing called “load testing/balancing”. I think I got to know a bit more about what “Firebug” can do from that lecture too. I also got to know about how Drupal is very slow from Zit Seng’s blog at http://zitseng.com/. All these couldn’t have been possible if it’s not because of ZitSeng’s lecture.

This year, equipped with more experience, I think more things actually make sense to me. At least I don’t get @@ 30 minutes into the lecture.

This is the rough outline for today’s lecture

  • Infrastructure Issues
  • Performance Monitoring
  • Load Testing (Commercial Solution: HP LoadRunner)
  • Basic Optimizations
  • What’s in the Real World
  • Other Interesting Stuffs

ZitSeng mentioned about his encounter with a certain Drupal app that does 46,000 syscalls per page load! Other Drupal apps also does around 6000 syscalls. In comparison, a simple normal Hello World PHP app only uses 200-300 syscalls, WordPress does around 700+. Read more about this at Building Scaleable Web Apps – Syscalls
I know “sprites”, I used them when I was making my own games using RPGMaker 2000. It’s a very smart way to optimize an application. Load one big picture and ask CSS to pick a particular component out. I knew I’ve heard that CSS can do that too, but somehow it didn’t stick. I think it will this time round. Use CSS sprites.  Example (I grabbed it off SmashingMagazine post)


Key Learning Points from “High Performance Web Site: Essential Knowledge for Front-End Engineers – Steve Souders” & “ApacheCon Europe ’06”

  • Make fewer HTTP requests
  • Make JavaScript and CSS external
  • Use a content delivery network
  • Reduce DNS lookups/Avoid DNS lookups (in .htaccess, etc)
  • Avoid .htaccess
  • Pre-render popular content (caching)
  • Make popular content static

SSL creates plenty of CPU overheads at both web server and client browser. One possible solution is to relieve the web server of processing SSL e.g. Hardware or separate server.

End of lecture reflection: I think 60% of the stuff still flew past my head but I’m glad that I understand at least 40% of it, I think. Just like what Zit Seng has said in the beginning, the takeaway from this lecture is not technical skills, it’s more about the “appreciation” of the issues involved when we scale our app. I remember Sebastian (Jollideal) telling me that he refers to his CS3216 notes as his Jollideal.com website scale. I think he’s referring to ZitSeng’s lecture notes. So ya, true real world usage.

For our final project team mate, let’s aim to grab the CS3216 achievement badge “refer to ZitSeng’s lecture notes”!


Some key quotes:

“We need experts who understand the entire stack!” – Zit Seng.

“Network issues are “fun”‘ – Zit Seng

“Q: What is Acceptable Web Response Time? A: There is no standard. User satisfaction is achieved when experience exceeds expectations. Do better than your competition. Do better than your users’ expectations.” – Zit Seng

“Slow client ‘hogs’ your server” – Zit Seng

Singapore River Recce


Today I’m a tourist. To put Ben’s advice into action, team Singapore Heritage Mobile took a stroll down Singapore River, following our very trail that we’ve developed for the mobile assignment.

Aside from the hot and humid weather, it was very fun! It’s also very comforting to see that the geolocation feature really work as advertised. However, I think the feature can really be improved further. Right now it only tells you that a particular landmark is x metres away or ‘you are here’. Not really useful as it doesn’t say which direction. Most important of all we cannot assume that everyone knows how to read a map. Especially when our current map doesn’t really have key landmarks to help pinpoint where you are. I guess if we use Maps API this problem should be solved as it should work like how Google Maps or GPS works. Constantly polling the location from GPS, WiFi access points and cell towers.

Alan also suggested that we should take the leap of faith and develop a native iOS app instead. Honestly I’m all for that idea. But that also mean 110% commitment from everyone in the team. That would also mean me dropping a few other external commitments, which I think it’s definitely worth it. Heck, I think this is the best opportunity to hone my programming skills than ever, which happened to be one of the key reasons why I decide to take this module again. I’m all in team, 110%! Let’s do it!

Back to the app…

I have to agree with David. Having gone through the trail myself, I think the main purpose of our app, other than feeding the users with historical juicy stories, is to keep our users entertained while travelling from.one landmark to the other. Audio narration seem to be our best bet right now. But we are also open to suggestions, anyone?

Work aside, this trip is really awesome because I think we know a bit more about each other i.e. David and his Utown adventure, Alan and his NOC experience, Zhenling and her hair braiding skills ;D, Kenneth and his gaming insights and last but not least Sharon and her awesome husband Derrick! Derrick accompany us all the way patiently even though he is not exactly part of the project! Model husband siol! Lucky Sharon.

Oh ya, thanks to my awesome team mates, I got a time travel encounter with some kuli from yesteryears. Photos are on the way. Oh ya, I heard I got to cameo in some random tourist’s photo as well.

Posted from WordPress for Android