Thursday, March 22, 2012

SSL certificate issues resolved

So after a bit of back-and-forth with Jumpline support (which was as supportive as hoped if not quite as responsive as hoped), I now have SSL certificates on my website (click here to see). This is cool, but the solution was not as obvious as hoped.
Apparently, the VDS manager (the software that manages my virtual domain) has some, well, quirks about how it expects things to behave. In particular, it requires that the certificate be actually named "server.crt" rather than whatever I defined in the httpd.conf file. Thanks to Andrew and Geoff at Jumpline, who went in and actually modified my server config to make this work, things seem to be working correctly now. It took 2 days of their futzing around to actually make it work, but it does seem to be working.
The other main problem is that I can't use multiple certificates as I'd hoped to do. I could do a wildcard certificate but that costs in the $400/yr price range - something I can't swing financially. So I wasted $12.99, which is sad but at least not an expensive object lesson. Still disappointing.
Now, though, I can begin to work again on OttoJotts for Facebook. I'll have to see how well it goes. I'm putting in a breakpoint, though - if I don't make progress for more than a day that I actually work on things, I'm going to punt and work on the web version instead.
Let's see what the next several days holds in store for OttoJotts...

Tuesday, March 20, 2012

SSL certificates and my web host provider

The past few days have been proven quite difficult - unexpectedly and disappointingly so. Here's the general gist of what's been happening.

I decided that rather than write a full front-end web interface for OttoJotts that I would be sneaky and do it for Facebook, creating a back-end for beta testing. This would give me a leg up on the FB version of the game and would still let me write most of the code needed for things without doing web development directly (I would be able to leverage some of my other efforts to help). I kept getting a failure from FB, though, and found out that it was likely based on secure browsing and a lack of SSL support from my game.
So I went online, found a cheap solution from NetworkSolutions ($12.99/yr for an SSL certificate - that's a good deal) and bought one for my FB subdomain. Installing it has been quite the exercise in frustration, though. For some reason, adding OpenSSL to the Apache service is simple. I just had to click on something, fill out a form, and bam! Installed. The certificates, though, are a different beast.
First, none of the documentation I've found match my configuration. I've been searching for, literally, days trying to find out what arcane incantation I'm missing to make this thing work. There are two separate configuration files - httpd.conf and ssl.conf. In different directories. Which one do I edit? What changes do I need to make to them? The information online seems scattered and confused - and doesn't match the configuration I have.
I've submitted a ticket with my hosting company to enlist their help, but some of the documentation now has me concerned that I won't be able to add a separate SSL certificate for my main site (the WWW one) and one for my subdomain (the one I'm using for the FB game) because of how OpenSSL is configured. Overall what I would have expected to be something that should be bog simple (because of the need for secure connections in an increasingly-connected world) has turned out to be the epitome of legacy manual entry. The only thing that would make it worse if I had to submit it on Hollerith (punch) cards! As it is, it's fortunate that I know vi as well as I do and can navigate my way around a Linux system.
I will update as things progress but for now I can just say that someone (not me) needs to figure out how to make this a lot simpler than it currently is.

Off-topic: "Microsoft" questions in interviews

I've been seeing a bit of traffic around the net these days about the so-called "Microsoft questions" and whether they provide any value (most recently I think I saw this on a blog). The questions most often raised is "shouldn't my code speak for itself?" and "what could this possibly tell you about me?". The answers are - "no" and "a lot". Let me elaborate.
I've been on the hiring side of the table for over 15 years. I've interviewed several dozens of people and hired only a handful of that total number. Did I pass up very qualified individuals? Yes. Did I make what I think, even in retrospect, were good decisions? Yes. The reason is that I picked individuals who answered those "Microsoft" questions well. Not always correctly, but well.
The reason behind the "Microsoft question" is to find out how someone thinks. I couldn't have cared less if the candidate got the right answer. Rather, I was looking to see how that person thought and approached the question. One of my favorites was the following:
Sherlock Holmes is looking for a new Dr. Watson. You are placed in a room with 3 light switches. Down the hall is another room where Holmes is sitting with a single lamp. One of the 3 switches controls the lamp. You can't disassemble the switch and can't see or hear anything outside of the room.You can play with the switches as long as you want but when you enter the room with Holmes you must tell him, with 100% certainty, which of the switches operates the lamp. How do determine which switch controls the lamp?
I love this question. But why? Because it requires the person to think creatively and "outside the box". I don't really care if you get the right answer. I want to know how you think. I always ask my candidates to think out loud so I can understand what their thought process is. How are they attacking the problem? Are they finding the obvious and hidden information in the question?
I was a Windows developer for several years and one thing that I learned pretty quickly was that if you didn't want to just make another version of Word with the Microsoft Foundation Classes (MFC), you really needed to find alternative solutions. MFC didn't always do things in ways that you thought it would. It often required some creative solutions to make the MFC do what you wanted. If someone approached the problem above with a straight-forward approach they'll fail. Same thing with MFC (or any other technology for that matter). Which means they'll get stuck easily and need some help. Which means that I or one of my leads would be spending a lot of time trying to teach this person how to solve problems, not just work through the hard problems of architecture and design. Just today I was talking with a friend about his experience in Drupal and the same thing came up. You can't always rely that things will work as advertised and sometimes you need to get your hands dirty to solve the problem.
The hardest thing I ever did on Windows was override a common dialog. If you're not familiar with these, suffice it to say that they are provided by the framework at a very low level in the system and that, while they provide some override functionality, what I got asked to do was not part of the traditional customization flow. I got some of the problem solved with some straight-forward work but it took some pointers from a senior developer to lead me to the final solution which required not one but two different class overrides. It wasn't just something I could Google (even though Google didn't exist yet). The final result was a small thing but it made the product manager happy and I learned quite a bit about how Windows messaging worked. Would someone unable to approach that problem above have been able to solve it? Possibly, but it have been far more challenging - and time-consuming. And for those people who just give up on the Sherlock Holmes problem they would have come back to me saying it was impossible (even though it apparently wasn't).
My wife's workplace has something of a mantra that there was one qualification you had to have and the rest they could just teach you (theirs was financially-based). I follow that same kind of mantra, but it's around creative thinking. If you can think creatively, you can usually work your way through or around almost any obstacle that pops up from a development perspective. Sometimes the answer is "can't be done" but if you have more than a hammer in your tool bag you'll have a lot of options to try before you come up with that answer. And that's what I like to see - meeting needs creatively and growing my developers.
So are the "Microsoft questions" important? The answer has to be "yes". They show that while you may not have the skills, you have the mindset to attack problems from a variety of directions. It shows you're tenacious and don't give up. That you have a variety of ways of framing a problem. To me, they're not just important - they are pretty much the entire interview.

PS - If you're interested in the answer the Sherlock Holmes problem, just post a comment and I'll vet your solution or send you the correct answer.

Monday, March 12, 2012

More updates

I don't want to sound like a broken record, so thankfully this post avoids that. I've been working on cleaning up the back-end PHP code for OttoJotts so I can create a basic web interface that will exercise the two-player game. One of the concerns at this stage is that I'm going to spend too much time on the iOS front end and less on the actual game play. By working on the back-end I'm focusing my attention on the actual play. This also has the benefit of being the basis for a web interface for other things.
I've almost completed moving all of the actual working code into functions that can be called from either the iOS-supporting PHP code or from an HTML page directly. Given my (relatively) intermediate skills in web development, I'm hoping I can get something written up without killing myself to provide access. Some things, like creating an account and such, I'll pass on as that will require some effort. Rather, I'll just do that manually for now and then later work on getting something coded up that's pretty and usable.
Overall I'm pretty happy with how things have been going. I know that there's an added security benefit to what I'm doing, which is definitely a good thing. PHP has had a reputation for being somewhat "security lax" but there are things that you can do to harden it. Part of this work is doing that hardening.
So, things are progressing even if not visibly. I'm hopeful that I'll be able to get this hammered out in the next few days and then I can work on the web interface. Then I'll be able to test the two player game code and, if everything's working well, be good to go. This does make me wonder, though, whether I should just do a web interface iOS app for the two player game and get the single player game out there. So do an OttoJotts solitaire version now-ish, get the web version working and then write a web UI wrapper app for the two-player game since I'm finding the two versions are radically different. Need to think this one over a little bit...
Until next time...