Seva Lapsha at Work & around

Software Architect, Project Lead

Archive for the ‘integration’ Category

Android adware removal story

leave a comment »

Yesterday started getting random spam ads on my OnePlus 2​:

  • overlay ads of certain popular junk games,
  • fake desktop icons linking to Google Play Store of same games,
  • fake missed calls linking to there.

It was virtually impossible to figure out the responsible processes without additional tools, mainly due to the hiding tactics of the adware.

To start I tried few most popular adware removers from the store, but they either didn’t detect anything, or crashed during the scan (maybe the adware killed them while they were running).

The first success was brought by Addons Detector (with all advanced detectors enabled). After another fake icon appearance it traced it to com.google.googlesearch (“Search”) which comes with AirPush component.

airpushdetector

Then I googled and found the package at AVG Threat Labs Android App Reports and used AVG to find one more malware process com.android.main.view (“Processor”) which was reported to have AirPlus in it.

The processes were installed as system apps. So the easiest way out was to use Titanium Backup Root Pro I already had installed (my phone is rooted).

After that I tried to dig further to understand how these processes appeared on my phone in the first place. I didn’t install any new apps recently, neither run any updates on root enabled apps. So the adware probably was here, but didn’t expose itself for few months.

I’m very conservative to give root access to software without trust research, but don’t rule out the chance that the junk could be injected with one of the few Aptoide originated apps I experimented with few months ago.

However, since AVG also identified 2 preinstalled bloatware apps to come with other dirty ad frameworks, my current hypothesis is that AirPush crap was on the phone from the very beginning, patiently waiting for its time to activate.

Written by Seva

2015-12-09 (December 9) at 05:33:07

Zend Framework View Script Recursion

leave a comment »

We know that in Zend Framework View Scripts it’s possible  to run in a recursion using a View Helper – either Partial, or Action, or a custom one.

However all of these become a certain execution overhead in case we need just a simple one-time tree traversal. Also for readability purpose, it would be nice to have the recursion defined inline.

Luckily, since PHP 5.3 we can use self referencing closures to define the behavior within the script:


<?php
$showTree = function(array $entities) use(&$showTree) {?>
 <?if(!$entities) return?>
 <ul>
 <?foreach($entities as $entity):?>
 <li><?=$entity->getName()?></li>
 <?=$showTree($entity->getChildren())?>
 <?endforeach?>
 </ul>
<?}
?>
<?=$showTree($this->entities)?>

Written by Seva

2013-04-03 (April 3) at 11:37:04

Making Collective Decisions

with one comment

While preparing to shrink up and replace my single role of Lead Software Architect with a Software Architecture team –

Decision Making

Making architectural decisions might seem easy and fun, but can have multiple consequences which can affect state and integrity of the software, the architecture team, the R&D teams and the whole company. We aim to make the decisions in the most responsible manner with taking all the relevant factors in consideration. Sometimes we do consult wide community of developers and PMs in early stages, sometimes we do that on later stages, but what’s very important, we never attempt to dictate our decision without majority consensus.

The common flow of taking a decision is the following (CRAFT):
  1. Collect information about the subject from provided private and public sources. If necessary, use in-company resources reuse their existing experience.
  2. Research the gathered information and prepare a draft of architectural opinion with a list of alternative solutions and their advantages and disadvantages.
  3. Acknowledge the opinion of all the interested parties. Accept and react on all the provided input.
  4. Finalize the decision and make it effective. Make sure it’s acknowledged, accepted and adopted by all the relevant parties.
  5. Track the execution of the decision. Learn from the experience, reopen the flow if necessary.

Written by Seva

2011-12-13 (December 13) at 10:49:28

cURL HTTP1.1 empty POST bug

with 2 comments

Today we spent almost 2 hours on a weird discrepancy between our development and staging environments. It’s pretty rare, that I experience such low level issue, thus in my opinion it’s worth mentioning here.

Last weeks we were busy developing integration to a new data vendor. Everything went well until we deployed the application to stage.
Suddenly we started receiving HTTP status 411 on one of the calls. Since we work with cURL library, which we believed is stable enough, we thought the problem is somewhere between the source code and environment configuration.

Later we found that the same request gets accepted if sent from a client other than cURL (e.g. chrome-poster). The unique about this request is that it’s sent with POST method (the vendor’s strict requirement) but the content body is empty.

In the end we discovered that newer version (since 7.20) of cURL interprets missing body as a negotiation request – sends Expect: 100-continue header and Content-Length: -1.

So, the immediate solution was to send empty content body (zero-length string) to cURL, which aligned the behavior in all the environments.

On the way we discovered a useful option CURLINFO_HEADER_OUT, which enables a possibility to further retrieve the headers sent by cURL to the remote host. From now we use it in our error handling mechanism to trace the sent headers as well.

What can we conclude from this story?

  1. Try to synchronize the software of all of your environments. If possible, use exactly the same version OS version, libraries, tools, etc. It’s very easy if you host your applications on VPS and use VMs for development and staging servers. The least convenient case is when you have OSs of different architecture and (e.g. Windows for development and Linux for production).
  2. Don’t underestimate importance of error handling. Find the optimal level of handling for your application, which will be easily extended and configured.
Hope my sincere advices will help you, my dear friend, to save your precious time.

Written by Seva

2011-08-03 (August 3) at 12:47:35

Phing plugin for Eclipse PDT

with 6 comments

I love Ant integration into Eclipse JDT – it provides smart editor, handy auto-completion, and the most important – fully functional debugger.

Recently I have been laboring on porting a deployment system from shell scripts to Phing, a loose PHP port of Ant. And naturally, I miss the above. I still get a little aid from Eclipse – since Phing’s syntax is very close to Ant’s, I can at use Ant editor for Phing files to enjoy property navigation and target integrity validation.

I would be more than happy to announce that I’m going to fill the gap and implement Phing plugin for Eclipse PDT, but unfortunately – I’m too busy and too lazy. On the other hand, if you, my dear friend, will suddenly decide to accept this challenge, I can gladly invest my time in architecture, design, review & testing free of charge.🙂 Or should I anyway try to start it myself?

Written by Seva

2010-04-15 (April 15) at 12:31:09

Competing design attributes: performance vs. maintainability

leave a comment »

Q. Is performance more important than other attributes like ease of use, maintainability etc? When designing your new code, what level of importance would you give to the following attributes?

A. You should not compromise on architectural principles for just performance. You should make effort to write architecturally sound programs as opposed to writing only fast programs. If your architecture is sound enough then it would allow your program not only to scale better but also allows it to be optimized for performance if it is not fast enough. If you write applications with poor architecture but performs well for the current requirements, what will happen if the requirements grow and your architecture is not flexible enough to extend and creates a maintenance nightmare where fixing a code in one area would break your code in another area. This will cause your application to be re-written. So you should think about extendability (i.e. ability to evolve with additional requirements), maintainability, ease of use, performance and scalability (i.e. ability to run in multiple servers or machines) during the design phase. List all possible design alternatives and pick the one which is conducive to sound design architecturally (i.e. scalable, easy to use, maintain and extend) and will allow it to be optimized later if not fast enough. You can build a vertical slice first to validate the above mentioned design attributes.

(c) Whoever

Written by Seva

2010-03-16 (March 16) at 12:51:42

Posted in development, integration, software, thought

Tagged with

Is Facebook PHP HipHop bullshit?

with 17 comments

Update: with the release of HHVM 2.0 the below becomes entirely obsolete. Cheers!

Yes, it finally happened – Facebook announced the PHP to C++ translator. Hurray!
So, after reading the post I can assume it:

  1. parses PHP code,
  2. extracts PHP AST,
  3. converts to C++ AST and
  4. generates C++ code.

Honestly, it’s not the best way of optimization, but probably is a quick win (BTW, why did it take for them so long?), which theoretically might indeed generate efficient C++ code.

But wait, what do they report? “We’ve reduced the CPU usage on our Web servers on average by about1 fifty percent3, depending on the page2.”

I have some doubts:

  1. Where is the objective and comparative statistics?
  2. Did they even collect the general statistics, or just tested some pages to see the difference?
  3. 50%? That’s it? And how about the fact that C++ is actually 3-500 times faster (also here) (That would be 70% to 99% reduce of CPU). In fact the well known PHP Accelerators provide the same level of performance improvement as HipHop! It’s interesting, did they try any of them before entering the so called “Hackathon”.

In addition to reflections above, looking at the profiles of 2.5 coders which hacked the translator, I sorrowfully tend to estimate that the answer for the question in this Post’s subject is positive. Nevertheless I’m full of sincere hope that further info will dispel my suspects and prove that HipHop is actually a brilliant peace of software.

Written by Seva

2010-02-03 (February 3) at 02:05:49

Posted in development, integration, php, software, thought, web

Tagged with