Wednesday, December 10, 2008

2008 day job accomplisments

I had to put together a list of my accomplishments for my day job as a web developer/ analyst for a Philadelphia based stock brokerage firm so I thought i would repurpose that list here:

Financial Consultant Dashboard: I played an integral role in the design and architecture of a Financial Consultant (FC) Dashboard. I worked closely with the business to understand it's needs and goals and then gathered the requirements for this application. I also designed and mocked up user interfaces for widgets and screens. I also assisted with usability testing and findings analysis.

Financial Consultant Performance Reporting: I significantly enhanced the Performance Reporting tools i began developing last year, revamping the user interface and adding administrative data analysis features for branch, region and firm managers

SharePoint Development: I have begun developing business tools on the MS SharePoint platform. I have released a shared calendar to track Branch Office Visits, Blogs for the Taxable Fixed Income and Municpal Bond Departments and a document libaray with custom workflows to assist with on boarding related documents.

Conference Registration System: I developed a conference registration system which I go into more depth about here

Web Application Monitoring: I researched and then selected Web Application monitoring services from AlertBot, which have resulted in impoved up-time.

Purchase Order System: rebuilt a legacy PO system in oder to stream line the process and get more users on board with paperless system

SAML Single Sign-on System: I coded a SAML SSO system to allow our users to seamlessly access Rearden Commerce's travel booking site. I go into a lot more detail about this here

So, that's pretty much my year of webdevwork day job achievements.

Tuesday, November 4, 2008

typoLight review

While TypoLight is most likely a powerful framework, it is over complicated for the average user. The install did not go as smoothly as I had hoped and had to be redone a few times. Installing without a template left me in a place where I had no idea what to do to get a site up and installing with a template added so much content it would take hours to simplify. I wonder if, after you get to know the system you can just start with exactly what you need from a query rather than building it through the interface. It does seem to have a lot of features like event calendar, forms, and support for extension modules. The main issue at this point seems to be a lack of robust support community which is something that could change overtime.

Thursday, October 30, 2008

SharePoint Initial Impressions

I have recently been doing quite a bit of work with SharePoint. This hasn't been much fun becuase (at least as of yet) it doesn't involve much coding and relies heavily on microsoftian configuration. It has however, been very productive for a fairly low level of effort. In the past week alone, I have rolled out a couple blogs, a shared calendar and a document library, all with fine grain access control, desktop application integration, alerting and workflow. I did have to do a fair degree of customization to these apps, mostly involving disabling or hiding unnecessary functionalities. It has been very interesting learning about the power, limitations and of course bugs of SharePoint.

Friday, September 5, 2008

Single Sign-On with SAML and ColdFusion

My implementation of SAML is largely based on this post by David Rutter which is unfortunately riddled with errors that I spent more time than I would like to admit working through. His post and some of my background knowledge are from Phil Duba's Saml and ColdFusion Series which was very useful until about halfway through part 5 where it ventures out of my comfort zone into compiling java code for use within CF.

What I have done is merge the two approaches into a single solution usable on CF8(and possibly others although it has not been tested) for connecting to PingIdentity's PingFederate Service Provider server such as that used by Rearden Commerce.

PreReqs

  1. Download the binary(bin) Apache XML Security Library. I used the most current version 1.4.2.

  2. Unzip it and copy from xml-security-1_4_2\libs serializer.jar and xmlsec-1.4.2.jar into ColdFusion8\lib and restart the CF service

  3. Buy or Generate an x509 certificate and provide the public portion to you service provider. I will cover this in more depth in another post.


Now we are ready to get into the code.

We start with SAML Assertion XML and fill in the dynamic portions: ID's, dates and username.












#username#

urn:oasis:names:tc:SAML:1.0:cm:bearer









Now we will Sign our XML Assertion:


//injest the xml
samlAssertionElement = samlAssertionXML.getDocumentElement();
samlAssertionDocument = samlAssertionElement.GetOwnerDocument();
samlAssertion = samlAssertionDocument.getFirstChild();

//create the neccesary Java Objects
SignatureSpecNS = CreateObject("Java", "org.apache.xml.security.utils.Constants").SignatureSpecNS;
TransformsClass = CreateObject("Java","org.apache.xml.security.transforms.Transforms");
SecInit = CreateObject("Java", "org.apache.xml.security.Init").Init().init();
XMLSignatureClass = CreateObject("Java", "org.apache.xml.security.signature.XMLSignature");

//set up the signature
sigType = XMLSignatureClass.ALGO_ID_SIGNATURE_RSA_SHA1;
signature = XMLSignatureClass.init(samlAssertionDocument, javacast("string",""), sigType);
samlAssertionElement.insertBefore(signature.getElement(),samlAssertion.getFirstChild());

//set up signature transforms
TransformsClass = CreateObject("Java","org.apache.xml.security.transforms.Transforms");
transformEnvStr = TransformsClass.TRANSFORM_ENVELOPED_SIGNATURE;
transformOmitCommentsStr = TransformsClass.TRANSFORM_C14N_EXCL_OMIT_COMMENTS;
transforms = TransformsClass.init(samlAssertionDocument);
transforms.addTransform(transformEnvStr);
transforms.addTransform(transformOmitCommentsStr);

KeyStoreClass = CreateObject("Java" , "java.security.KeyStore");
//injest your previously created keystore
ksfile = CreateObject("Java", "java.io.File").init("c:\temp.keystore");
inputStream = CreateObject("Java", "java.io.FileInputStream").init(ksfile);
ks = KeyStoreClass.getInstance("JKS");
ks.load(inputStream,"SamlTest");
keypw = "mypass";
key = ks.getKey("SamlTest",keypw.toCharArray());
cert = ks.getCertificate("SamlTest");
publickey = cert.getPublicKey();

signature.addDocument("", transforms);

//optionally include the cert and public key
//signature.addKeyInfo(variables.cert);
//signature.addKeyInfo(variables.publickey);

signature.sign(key);

samlAssertionXML = toBase64(toString(samlAssertionXML), "utf-8");



and then we use a form to post it to the service provider









And there you have homegrown SAML Single Sign-on Solution In ColdFusion.

Here is the source file in it's entirety because blogger has a tendency to mangle code

Please feel free to post questions or comments.

Wednesday, July 30, 2008

FC Recruiting Workflow System

I need to provide a system where users will have the ability to post, comment and approve documents. In addition, his system needs to provide access control and groups. Work flow would also be nice if possible.

Due to the procedural changes being handed down from on high, I need to get this done in under 30 days otherwise, it turns into a pumpkin, or rather a project, as opposed to a Rapid Application and would then require voluminous paperwork and painstaking meetings.

While I could build something custom, I'm not sure that I can get all the desired features done in the time frame, so I'm looking at document management systems and frameworks I could potentially build off of.

I looked at M$ WSS, but quickly scrapped it due to the need to run Visual Studio 2005 on Windows Sever 2003, which makes it much less free (as in beer)

I then looked at Alfresco, which is very pretty but complex. The community edition comes in a large executable, which install a full java stack. It was not as easy to get running as I had hoped.

Next, was Knowledge Tree, which I found to be more usable and intuitive than Alfresco, although slightly less shiny. I am interested in pursuing this one, but also want to continue investigating other lighter weight alternatives such as Genus and others found on SourceForge.

Sunday, July 27, 2008

firefox extensions to have

The best thing about Firefox besides the good standards compliance, speed and reliability are the extension.

I'm running:
  • Adblock Plus
  • All-in-one Sidebar
  • Delicious Bookmards
  • Firebug
  • Web Developer

Wednesday, July 23, 2008

installing MediaWiki on Xampp

I am trying to install MediaWiki on Xampp which i thought would be a cinch but it's actually not.

UPDATE: Heres the solution DoKuWiki

Here is my account of where i am so far so that maybe we can make it easier for the next guy:

I downloaded XAMPP Windows 1.6.7 from http://www.apachefriends.org/en/xampp-windows.html#641
Install and startup goes fine

I downloaded MediaWiki 1.12 from http://www.mediawiki.org/wiki/Download and extract.

I created the wiki db.

I then pull up the wiki page on my localhost. My environment checks out. I proceed to fill out the install form. MediaWiki won't let me use a blank db pw.

I drop the wiki db and then create a new db user and have phpmyadmin create a db with the same name and give the new user full privileges on it.

MediaWiki install completes and tells me to move my config/LocalSettings.php to it's parent directory. I do that and then follow the link MediaWiki gives me and i get:

Warning: domdocument::domdocument() expects at least 1 parameter, 0 given in C:\xampp\htdocs\wiki\includes\Preprocessor_DOM.php on line 566

Fatal error: Call to undefined method domdocument::loadXML() in C:\xampp\htdocs\wiki\includes\Preprocessor_DOM.php on line 568

I Googled "MediaWiki Xampp domdocument" which leads me to a forum posting on apachefriends .org telling me to comment out extension=php_domxml.dll in my php.ini. I do only to recieve yet another error. ugh. more on this saga to come.

Friday, July 18, 2008

What I got out of the uPenn Web Symposium

This week I had the opportunity to attend the uPenn Higher Education Web Symposium.While the this conference was focused on IT Professionals working in Higher Education, there were world renowned experts in the fields of usability, user centered d3sign, CSS, AJAX and many others making it was extremely relevant to my work.

I attended a Full Day Workshop on Web Form Design best Practices by the esteemed Luke Wroblewski who currently works as a Principal Designer and Product Manager for Yahoo!.He also runs a design consultancy, LukeW, and a publication, Functioning Form.

Here are some web form best practices:
  • Put Labels above fields for increased readability and accessibility to screen readers and other languages
  • Don’t include non-required fields when possible.
  • If most fields are required provodie
  • If you are going to provide in-line validation, wait until the user has moved to the next field to validate
  • Make it conversational
  • “Keep, Cut, Postpone, or Explain.”
  • Less is more

These were culled from live to site analytics, usability testing, eye-tracking studies, and best practice surveys.

Thursday, July 3, 2008

Purchase Order System

In addition to my busy schedule of extra curriculars like Philly Ignite and Junto I have been busy at work with internal applications.

One such application is a Purchase Order System which allows for the generation of Purchase Order Documents in PDF. The system automatically notifies purchasing and accounts payable when a new PO is generated and when an existing PO is updated. It also includes search functionality to review existing POs. I used jQuery to do row striping and and highlighting. Here are a couple Screen Shots:

Wednesday, April 30, 2008

Philly PHPMeeup Presentation: TDD

Last night, I had the pleasure of attending a presentation about Test Driven Development (TDD), co-hosted by the The Philadelphia Area PHP Meetup Group and the Drexel Math and Computer Science Society.

The first presenter was Raymond Bokenkamp, Senior Programmer Analyst with the University of Pennsylvania School of Medicine. He gave a high level overview of TDD and the philosophy behind it which goes like this: programmers have to much to do and not enough time to do it (Stress). This leads programmers to not test as much they should or sometimes not at all. This leads to errors which leads to more stress.

As the name implies TDD lets the tests drive the development. This means that after an initial application concept, developers move immediately to listing possible tests for this applications. Tests are then programmed and run. Only then is code written to fulfill these tests. Once the test's are run, the code is re-factored appropriately and test are rerun until an error free program is produced.

Once again, the TDD work flow is as follows:
  1. List Tests
  2. Create tests
  3. Make tests work
  4. Re-factor
The key here is to write test which account for as many if not all possible use cases. This is a skill in and of itself which takes time to develop but is well worth the effort for the confidence, peace of mind, and of course low error code it produces.

The second presenter was Owen Winkler with Rock River Star, a Philadelphia-area web development shop specializing in PHP and Drupal development. Owen provided insight an into testing in general and a real world example of TDD utilizing SimpleTest, a popular PHP testing framework.

The presentations were very informative and reaffirmed my emphasis on thorough testing.

Tuesday, April 22, 2008

Working with DTS

I have been doing quite a bit of work with DTS, short for Data Transformation Services, a feature of M$ SQL, which facilitates getting data in and out of the db, among other things. One of the best features of DTS is the ability to set packages to run at regularly scheduled intervals. For instance, every night a csv file gets dropped in a networked folder. My package then ingests that file into our db for later use.

The easiest way to get started with DTS is to use the Data Transformation Services Import/Export Wizard and then save the package for later modification and use. This wizard is accessible by right clicking on a table and selecting from All Tasks Import or Export Data. I have found csv files to be much easier to work with than excel files.

A very useful DTS package i put together runs a query to pull the accounts that were added last the day before, dumps the data into a csv, emails the csv as an attachment and finally runs a query to update the records to show that they have been emailed.

Monday, March 3, 2008

Commas in Ext Currency Format

I'm using the fabulous Ext Javascript library through ColdFusion 8. It outputs a beautiful, full-featured grid complete with sorting and re-ordering of columns.

It has a US currency formatter called the usMoney Format Renderer but it lacks the all-too-useful comma separator when dealing with numbers greater than 999. Ext, did you think we were only small-time?

So i swapped out the current usmoney function in the util.js with this one. The math seems to work out but if you catch anything let me know.

Monday, February 11, 2008

Web Site Monitoring Service Business Case and Comparison

We currently have a need for external web site/application uptime and availability monitoring. In Order for a web application to effectively support business and client needs it must be available to its users. If it becomes unavailable the systems’ administrators must be notified promptly so that they can take appropriate actions. In addition, we have a responsibility to our customers and associates to ensure that the Service Level Agreements pertaining to availability provided by 3rd party vendors are being upheld.

This can be accomplished through the use of a Web Site Monitoring Service (webmonitor). Webmonitors test the availability of web sites from locations around the world at set intervals. Webmonitors can also perform transactions such as logins to help ensure that services are up and running as expected. If a web site becomes unavailable administrators can be notified by email or cell-phone via SMS. Webmonitors can also accumulate statistics for further analysis.

There are many webmoniter providers to choose from.

The "Best Buy" of the group has to be host-tracker, which has the most test nodes but is more bare bones in terms of functionality and reporting.

Next we have AlertBot, which has great support and is very easy to use but also lacks some of the more advanced test scripting and reporting features. What they lack in features they make up for in price and service.

AlertSite is the first that I would consider to be enterprise quality. They offer robust reporting I would feel comfortable handing off to upper management. The most interesting feature however, is a firefox extension called DejaClick, that records and then uploads and replays your actions at given intervals. This is a really great feature that allows you to do tests that you just can't with some of the competitors. Unfortunately, it does still have some bugs and is best used only in the hands of the advanced user.

Last but not least is WebMetrics which offers the most attractive and usable interface by far. The reporting is extremely robust and includes output to pdf. They also develop and maintain test scripts on behalf of clients at no charge. In addition, they offer other enterprise services like load balancing and RIA monitoring.

I'm in the process of getting proposals from these companies and will put together a comparison matrix including pricing when i get them.


Wednesday, January 23, 2008

Great PHP Datetime Conversion Snippet

Using PHP you can easily convert just about any date or time to the format of your choosing.

function strototime() which accepts English textual datetime strings and outputs timestamps can be combined with the date() function to output a formated date.

For instance,

date("n/j/y",strtotime($someDate))

will accept a datetime of pretty much any format and output it as mm/dd/yyyy.

This can come in handy when working with dates stored in a database as strings or when converting between International and US formats.

Thursday, January 17, 2008

Conference Registration System

I spent the better part of this week banging out a Conference Registration System in an effort to beat one our competitors (Goldman) to the punch, which I'm pretty sure we did. The system uses php for server side scripting and database interaction, MySQL database, and javaScript for form validation.

The system features
  • Registration form
  • JavaScript form validation
  • Email confirmation
  • Database backup
  • PayPal Payment Processing
  • PayPal Instant Payment Notification (IPN)
We rolled it out today with relatively no issue and dough has already begun coming in.

Thursday, January 3, 2008

FC Progress Report

As promised... Here is a screen shot of the individual FC Progress Report


It features a pretty flash graph and pdf for saving and printing

Wednesday, January 2, 2008

What I'm up to: FC Comission Reporting System

I have been working on a Financial Consultant (FC) Commission Reporting System. It is written in Coldfusion (CF) and takes advantage of some the great user interface enhancements in CF8 including:
  • tight pdf integration
  • enhanced Flash charting
  • ajaximified data grids utilizing the awesome Ext JavaScript library.
This system takes data from the Thomson Beta back office system, the dark side as it's affectionately known around here because of its black screen terminal look, and presents in a clear and compelling format which the FC can use to gauge progress.
Data presented includes:
  • Assests Under Management
  • Production
  • Distance Targets
  • Distance to Next FC
  • Firm Ranking
We are using an iterative methodology with monthly development cycle which allows us to deliver a high quality product quickly while continually improving the system as user feedback comes in. For our 3rd iteration, this month, we will be adding additional graphs and an aggregated view for Branch Managers. (screen shots coming soon)