Programmers, you should check this out. Cloud9 IDE has the biggest innovation in IDEs since Microsoft brought us Visual Basic: everything runs on the cloud.

It’s “development as a service.”

What does that mean? Well, instead of coding in text files sitting on your computer, you code directly in the browser window. Here Rik Arends, CTO, and Ruben Daniëls, CEO, show me how it works and explains what it’s good for.

“It’s aimed at developers who want to use the new stuff,” they say.

What do you think? Will you build with it?

Comments

Like most of the C++ programmers I know or have met, most of us have been taught that C++ is an Object Oriented Programming Language. I’d like to put an end to that now, and say that C++ supports the Object Oriented Programming Paradigm. Let me try and separate the paradigm from the programming language first.

Paradigms

A Paradigm is:

From the 1960s onward, the word has referred to thought pattern in any scientific discipline or other epistemological context. The Merriam-Webster Online dictionary defines this usage as “a philosophical and theoretical framework of a scientific school or discipline within which theories, laws, and generalizations and the experiments performed in support of them are formulated; broadly : a philosophical or theoretical framework of any kind.”

– Wikipedia Entry on Paradigm.

The Wikipedia article on the matter describes it in a way that suggests that it is a way of thinking, of reasoning, and of formulating intellectual constructs. Therefore I submit, that the Object Oriented Programming Paradigm is merely one way of modeling solutions in terms of objects. Why is the distinction between the paradigm and the programming language required?

It’s funny us humans have a way of associating words with concepts. If you say something is an Object Oriented Programming Language, then it can’t be anything else right? But C++ is not that at all. C++ supports the same programming paradigm that C supports — which is the Imperative Paradigm — and the Object Oriented Paradigm as well as some concepts in the Functional Programming Paradigm. C++ has one powerful programming paradigm that it supports which not a lot of other programming languages support: the Generic Programming Paradigm.

So let’s start out first by showing that C++ is not just an object-oriented programming language. Let’s take one tenet of OOP and let’s implement the same using GP. Let’s try Inheritance first.

Bucking Inheritance

In C++, you can define a class which inherits from another class using four different types of inheritance (public, private, virtual, and protected). If you need to see how that’s done in C++, look here. This is one of the three basic tenets of OOP, so how do you do it with GP? The answer may be surprising: you don’t.

In Generic Programming, inheritance is just an implementation detail of a type. What’s important in Generic Programming is not the type, but the characteristics or the requirements on the type. If you’re familiar with Python and Duck Typing, then you’ll understand how in GP you pretty much rely on the same thing:

template <class Duck>
void foo(Duck & duck) {
  // do something with duck here
  quack(duck);
  quack(duck);
  kill(duck);
  cook(duck);
  eat(duck);
}

The way I put it up there, it really doesn’t matter what the type of `duck` is: what matters is that, for the function `foo` to compile, then there should be functions `quack`, `kill`, `cook`, and `eat` that take in a parameter of type `Duck`. What `foo` is doing is imposing requirements on the type `Duck`. We can then reason about the requirements on the types, rather than the ancestry of the type. This is what Concepts are. More specifically:

A concept is a set of requirements (valid expressions, associated types, semantic invariants, complexity guarantees, etc.) that a type must fulfill to be correctly used as arguments in a call to a generic algorithm. In C++, concepts are represented by formal template parameters to function templates (generic algorithms). However, C++ has no explicit mechanism for representing concepts—template parameters are merely placeholders. By convention, these parameters are given names corresponding to the concept that is required, but a C++ compiler does not enforce compliance to the concept when the template parameter is bound to an actual type.

– Boost.Concept_check

So let me say that again, you can forget about using Inheritance in your C++ programs to model requirements on parameters to algorithms and use Generic Programming instead. This means you use Inheritance for other more useful means (that does include limited forms of re-use) than modeling an “is-a” relationship.

Paralyzing Polymorphism

Next up in my OOP hit list, I’ll take on polymorphism. Inheritance is not so interesting if all you’re doing is taking on the properties of the parent type (in C++’s case, you can multiple parents — and believe me, that’s a good thing, but that’s for another time). If you’re using Java you have at your disposal a very nice concept of the `interface`. This concept is very important, but at the same time very rigid in the light of OOP.

In C++ you have the “virtual” keyword where you describe a class’s member function to be a virtual function, so descendants of that type can override the functionality of the function and the proper dispatch can happen at runtime. This is a very powerful concept that a lot of software is already built upon. My point is that it’s not all the while pointless, it is perfect for situations where you need the kind of dispatch necessary. However, there is a different way of doing it at runtime.

Like the earlier point I was trying to make about Inheritance, GP doesn’t rely on structure or hierarchy of types to implement algorithms. The sad part about runtime polymorphism as implemented by the C++ virtual keyword is that it still relies on inheritance for the override to happen. Luckily, there’s a good alternate to this method that works just as well.

The problem the virtual keyword is trying to solve is that of runtime dispatch. If you think about it a little, all that is really necessary is to call the correct function based on the type of the parameter — or the type of the object for that matter. There are two ways of achieving this with GP:

1. Tag Dispatch. The common pattern for Tag Dispatch relies on performing static or compile-time checks for the type of the parameter, and calling the appropriate overload implementation for the actual function.
2. Function Wrappers. The idea is you should be able to perform runtime dispatch based on criteria other than just the type of the object that hosts the virtual member.

With Tag Dispatch, you can perform the wiring at compile-time reducing the need for runtime dispatch. If for example you already followed the advice of bucking inheritance for function parameters, you can then think about doing the dispatch based on the type of the parameter too:

template <class Duck>
void foo_impl(Duck & duck, already_dead) {
  // no need to check if duck is alive nor kill it
  cook(duck);
  eat(duck);
}

template <class Duck>

void foo_impl(Duck & duck, wild_and_dirty) {
  quack(duck); quack(duck);
  kill(duck);
  foo_impl(duck, already_dead());
}
template <class Duck>
void foo(Duck & duck) {
  foo_impl(duck, typename Duck::tag());
}

This static dispatch is useful if you just had a lot of different duck types, and just place a nested type `tag` on each type that was either `already_dead` or `wild_and_dirty`. This saves you a virtual function call, or an if statement to check whether the type of the duck is a live one or a dead one. You can then see how building algorithms in this sense makes your functions more generic and more extensible — if you have a different specification based on a new tag, you just add that tag dispatch overload and you’re done with it.

With Function Wrappers, I’d point you to Boost.Function and Boost.Bind — I’ll leave you to imagine a simple aggregate type that you can easily initialize with the correct function wrappers to specific implementations, which you then deal with in your algorithms.

Edifying Encapsulation

There’s nothing really bad with the concept of encapsulation, except that this usually means it’s time for the tightly coupled game. What I mean by this is you then have types that know about other types in a manner that usually it wasn’t intended to know. Think about it this way: Java used to have collections that only dealt with Object references — you had to cast them Object references into specific class references on your own. This is just bad design — think about the last time you had to write a container type that wasn’t really re-usable in a different context other than your application, and you’ll see why that feels wrong. Think about the way Python or Ruby deals with lists and you don’t know what the elements of the list are — and it’s too late to find a bug when you accidentally append a string to a list that was only meant to contain integers — and then you’d wonder why these are “modern” programming languages.

Contrast that to the way the STL containers work: containers have one implementation (well, except for the ugliness that is std::vector<bool>) and you supplied it with the type of the things it contains. That is a good way to think about encapsulation in GP. The point of encapsulation is that the algorithms that deals with a data type’s internal state is encapsulated in the implementation. Notice I didn’t say ‘type’ or ‘class’ and instead meant ‘implementation’ because if you look at the tag dispatch example above, you can totally implement an algorithm external to a class and still treat is as part of the implementation of a container.

What’s also good about the STL container implementations is that they define the concepts that each container models. This means anybody can then implement their own abstract data type and model the Associative Container concept that the STL provides, and then have their implementation suddenly usable where algorithms rely on an Associative Container. Notice that doesn’t mean anybody needs to derive from the same base — which removes all notions of coupling all together. In GP, even the weakest of coupling is too strong, and isolating the components and algorithms from the details of types is the whole idea.

Outro

This is the second day I’ve written something longer than a thousand words on the blog, and here I’m attacking one of the fundamental things that makes C++ totally misunderstood which is the assertion that C++ is an Object Oriented Programming Language. Others before me — and far more experienced than I am when it comes to developing things in C++ — have already read countless number of articles and books about the subject. The one that prodded me most and got me into more into the modern way of doing C++ is the one by Andrei Alexandrescu about (well, what else) Modern C++: Generic Programming and Design Patterns Applied.

The next time you’re designing another C++ application or thinking of improving the extensibility and re-usability of your code, think about doing it in the modern C++ way and use Generic Programming instead of just boring all rigid Object Oriented Programming. I guarantee it will change the way you do C++ programming and how much cooler C++ programming can be.

Comments

Preparation and examination for a Microsoft certification is the assured method of being a genuine Microsoft solutions professional. In the fairly distant past, the most recognized and sought-after Microsoft certification was the Microsoft Certified Systems Engineer (M.C.S.E.).

Well as time has passed, Microsoft no longer offers the M.C.S.E for its newest products. The M.C.S.E. only pertains to their 2003 server product line. Microsoft offers new certifications for all of their current product lines. Newer certifications, for example, Microsoft Certified Information Technology Professional (M.C.I.T.P.), Microsoft Certified Technology Specialist (M.C.T.S.), Microsoft Certified Desktop Support Technician (M.C.D.S.T.), Microsoft Certified Systems Administrator (M.C.S.A.) and Microsoft Certified Database Administrator (M.C.D.B.A.), fulfill most of the major IT scope. Other certifications focus on niche cases.

So, while M.C.S.E has been the best known certification that Microsoft offers, many more current certifications will solidify your Microsoft products knowledge. You can work your way to becoming a Microsoft Certified Architect, or even a Microsoft Certified Master! In Microsoft’s own words: “Microsoft Certification helps validate the skills you use every day. It helps you improve your technology problem-solving skills and your performance on the job. Go ahead. Strive for the rewards, respect, and recognition you deserve. Become a Microsoft Certified Professional!”

VMware Certified Professional (VCP) The VCP is the base certification for VMware. The core competencies for this class are to install, manage, and deploy a VMware system. Unless you are already a VCP or have other certified VMware trainings, you will need to take one of 3 five-day courses before you can take the VCP exam.

VMware Certified Design Expert (VCDX) The VCDX is the highest level certification. Once you have a VCP certification, you can then request a review of your VMware knowledge and experience. If you qualify, you will then be permitted to take both an Administration and a Design exam. Passing those exams then allows you to prepare and submit an implementation plan, at which you will defend during a later interview. If you can jump through all these hoops (without falling), VMware will bestow upon you this certification.

VMware Certified Advanced Professional (VCAP) The newest of VMware’s certifications, VCAP is designed to be an intermediate level certification. The certification process of the VCDX is thorough, and the VCAP was created to fill the void of the VMware professionals that were not quite ready to attempt a VCDX certification, but certainly have the experience and training far above that of which is required for the VCP. A VCAP offers either an Administration or Design test, and your certification will reflect your specialty based on which of these tests you choose to take and pass.

For more information, head on over to: http://mylearn.vmware.com/portals/certification/

Linux There are various Linux certifications available, which makes choosing the right certification difficult. You could get a distribution/commercial level certification, i.e. from Ubuntu, Redhat, Novell, etc. However, these certifications could limit your career options if a job opportunity comes up utilizing a different distribution from what you are certified in. Therefore, a more general Linux certification would be ideal, and the Linux Professional Institute supplies this. In fact, this institute provides some of the same certifications listed above on behalf of those organizations, but also supplies their own tiered certification system. Depending on your career goals, you can choose one of three certification levels to aim for, but for the purposes of a LAMP developer, Level 2 is recommended. Cost: ($160 per exam ~ approximately $640)

Apache There is no official or widely accepted Apache certification. Therefore, obtaining a Level 2 LPI Certification will give you the proper background for Apache. Most of the objectives of the second exam in Level 2 of the LPIC revolve around Apache operation and configuration, and thus will properly certify that you know Apache. Cost: ($0 – Included in LPIC)

MySQL There are multiple options for MySQL certification. You can get one of four Sun Certified MySQL accreditations from Oracle. This is as simple as an Associate Certification, meaning you are familiar with basic operations of MySQL, to a Cluster DBA Certification, meaning you can build, administer, and maintain large cluster databases. In between these two levels are the Developer and regular DBA options, which is one of the certifications you should aim for if you are seeking a career strictly as a LAMP Developer. Cost: ($195 per exam ~ approximately $390)

PHP Lastly, there is PHP. Zend is the industry leader in PHP, and thus you should seek your PHP certification from them. Cost: (approximately $160)

Keep in mind there are other great LAMP related certifications out there, but that this mix is a good recommendation if you are building your career in LAMP Development. Let me know in the comments if you think I’ve missed a crucial certification.

The certifications we’ll cover today often contain the terms “ethical hacker” or “penetration tester.” This simply means that the holder of such a certification should be able to test systems for vulnerabilities and then fix or mitigate the impact of any security holes that are discovered.

The Certified Ethical Hacker C|EH certification is probably the most well known of the exams we’ll cover today. This certification even has its own government approved version, the Certified Network Defense Architect C|NDA. No doubt, the word “hacker” was a bit too scary for some government folks and so they had to have an alternatively named version. Comments by some computer security professionals didn’t help either. Marcus Ranum said, “There’s no such thing as an ‘ethical hacker’ – that’s like saying ‘ethical rapist’ – it’s a contradiction in terms.” The other term commonly used, “Penetration Tester” obviously did not appeal to the government either. The C|NDA is only available to members of certain government agencies. The C|EH certification, however, is available to anyone who meets certain criteria, either having completed 67 modules of coursework or by submitting proof of 2 years of relevant information security work experience. The exam lasts 4 hours for 150 multiple choice questions for a fee of $250. When considering this certification beware its reputation among some in the security crowd as the aforementioned professional noted. However, know that companies do not seem to mind the term “hacker” even though it is often wrongly used by the news media to mean “computer criminal.”

Another security certification available is the Council of Registered Ethical Security Testers Certified Consultant. This is a very well respected certification. CREST bills themselves as a professional body and trade association with a mission to represent the information security testing industry. However, the certification has varying prices only listed in British pounds on their website. The fees include training courses that must be taken before the exam. So if you live in Great Britain this might be an option, otherwise you might decide to pass on this one.

The Mile2 Organization offers the Certified Penetration Testing Engineer (CPTE) certification. This certification is much like the other two in that it covers similar material. It costs $2,695 to take the required coursework and the exam. The exam is only 100 questions. Two hours and 40 minutes are given to take the exam.

Lastly, there is the Offensive Security Certified Professional (OSCP). This certification is offered by the group that created one of the most famous Linux Live CD’s for security testing, the Backtrack Penetration Testing http://www.backtrack-linux.org distribution. Backtrack was one of the first security testing Linux Live CD’s that offered the Metasploit Framework, one of the most powerful security testing tools available. This certification is the only one that actually requires proof of real penetration testing skills by demonstration in a lab environment. While a very new certification, the OSCP is certainly the most interesting of them all.

Well that’s all of the certifications that are specifically targeted at security. There are a few others, like the Cisco CCNA for example, that are often viewed as viable networking and security certifications, but they cover much more than just security. With more and more software vulnerabilities found every day, now is as good a time as any to get certified in computer security.

The one I’m sure everyone’s heard of, the CompTIA Security+ is well known but often thought of as the easiest to obtain. As of today, the exam costs $258 to take. Passing the exam requires a score of 560 on a scale of 100-900. This exam recommends having two years of networking with a focus on security. Exams taken/passed after January 1, 2011 will expire after three years. Exams taken/passed before this date will remain “lifetime certifications.”

An organization even older than CompTIA, called the Information Systems Audit and Control Association offers the Certified Information Systems Auditor (CISA) certification. This certification is US Department of Defense approved. While more targeted towards auditors, a well trained auditor can find security issues that users and management would never think of. The exam gives 4 hours to answer 200 questions. A score of 450 is required to pass on a scale of 200 to 800. The exam can cost anywhere from $345 to $575 depending on various factors. The certification requires a minimum of 5 years experience of professional Information Security auditing.

Likely to be the second most well known and certainly the most internationally known, is the Certified Information Systems Security Professional (CISSP) created by the non-profit International Information Systems Security Certification Consortium (ISC)². This certification has 250 multiple choice questions, six hours to take the exam, requires a score of 700 or greater for passing, and costs $450 if you register early enough. Late registrations raise the price to $599. Five years of professional experience is also required for this certification. The CISSP is only valid for three years and much be renewed after that. While the CISSP covers a broad range of subject matter, it has been criticized as doing only that and not really covering any subject matter in depth. Even so, CISSP professionals salaries are known to be often in excess of $100,000 a year.

If you’ve ever heard of the SANS Institute then you might have heard of the certification entity they oversee called the Global Information Assurance Certification (GIAC). The certifications are linked to the training that SANS provides while focusing on vendor-neural security techniques to keep ahead of the “black hats.” Nearly two dozen certifications focusing on security, auditing, management, operations, and secure coding are offered by GIAC. The secure coding exams range from 50 to 100 questions for $349. All other exams, except the GSE, are $899. GIAC certifications are Internationally renowned as it is believed by many that anyone who has a GIAC certification really knows the subject matter extensively.

In Part II of this article I’ll cover some of the more obscure exams like the Certified Ethical Hacker exam. Until then, stay tuned.

LPI has a wealth of informative information on their website.

• Procedure for taking exams
• Detailed Objectives and Sample questions for the LPIC-1 exam

And if thats not enough there are many free resources out there, here are just a few:

• Wikibook on the LPI Certification
• IBM LPI exam prep
• O’Riley’s LPI Certification in a Nutshell, Second Edition
• A Practice Test Part 1 Part 2
• Free LPI Training Manuals

There are also several companies who offer exam prep materials at a cost:

• TestKing
• Apex Web Media
• Actual Tests

The free resources are recommended as they cover just about everything. With these resources anyone can study for the LPI LPIC-1 exam and then take the exam for $160. In todays rough job market this could be the thing that gets a foot in the door where a resume without might not.

So, why wait, go get the LPIC-1 now!