Md Imran Hasan Hira
"We human being, always find a solution, maybe not today, but if you really want to solve a problem, there’s always a way" – Ma Yun @ Stanford, 2013
Category Archives: Software Engineering
Mar 7 2021

Is there a way to secure java source code?

by Md Imran Hasan Hira

The question:

Suppose I am working on a Java project and want to distribute it to others for different purposes (testing, release, etc.) Usually, I’d build a JAR file and then share it. Being platform-independent, it can run on any OS. Downfall is, the JAR archive can easily be extracted and from there, anyone can decompile the .class files and retrieve the source code. Is there a way out of this?

[ On another note, compiling a C++ program generates .exe/.out files which can be executed by the respective OS. Using Launch4J I can convert JAR to EXE. But for Linux, I haven’t found any such solution (except writing a script and executing the JAR through it) ]

— by Ataf Fazledin Ahamed

The answer

There are different ways depending upon which satisfactory level it is  

1. Obfuscating the source code: It’s basically going through the source code and replacing the variables+function names in just plain a/b/c/d, so when decompiled, they look like zombies had written that code. The decompiled version is a perfectly working java code, which, with enough motivation one can find out code logics. You can use proguard like tool to do the obfuscation and it has a way to keep a mapping of which symbol means what.

2. Converting java jar to exe/binary: This is again an encoding procedure, just on totally different machine level code.

#1 only gives you basic level of protection, because there are already decompilation software (i.e. JD Decompiler), you just drag&drop your jar file, it shows source code, organized by packages  

#2 is a bit hard to reverse engineer, takes lot of toil, though it exposes the execution sequences once reverse engineered. I would say it is a decent enough way to guard the source code.

There is another way, which is encryption.
3. Encrypting the byte codes, store the encryption key in a secure place. And then use an installer to get that key, decrypt the source and put it somewhere in the destination computer. Or use an executor which does the same thing at runtime, leaving no persistence trace of decompiled source codes.

Now to keep the encryption key secure, obviously you don’t distribute it with the jar itself. Rather you probably keep it in a server, and then when someone buys your licence, you deliver the key. You can also generate encrypted bytecodes based on your customer and ensure per customer encryption.

There is another way, which is more secure to manage key. You know there is a tiny chip in our sim card/credit card/national smart id card. It’s basically a secure element based usb token. This chips are made in a way that information extraction is really hard unless proper pin is matched. You can take this token and store your software license key inside that secure hardware token. This way, when the usb token is inserted, your software will read the key from usb(given a valid pin), and decrypt the bytecodes, load the java classes on the fly. And all this happen in operating system runtime memory, so it’s harder for novice developer to hack in. I did it back in 2013 and it’s a lot fun to play with bytecodes.

But then again, engineers with customized operating system can still read you decrypted bytecode from memory and get your code. That’s why, this type of solution is normally used in Bank, where a lot of security standards are followed and maintains complied legal laws. Basically such kind of companies where security is extremely essential and your client themselves guard the source code.

So you see, depending upon how much valuable your source code is, you spend your effort on securing it. Starting from hobbist projects, to business project, to nationwide govt security projects, this effort varies.

Efficiently managing license keys is like catching thieves. Delivering desktop installer is like 90s way. You release a version and then it chases you until your death because now you wanna add new feature, fix bugs, need to release new versions, do crush analytics and deprecate old versions. That’s why more and more companies going to software as a service model to avoid the whole chain of software distribution. Also not all distribution pipeline fit all customers. Hence we still have softwares distributed with full installer. The most common question that businesses have to answer “Is this source code worthy of the effort to keep it secure?” None the less, software distribution itself could be an interesting topic 🙂

Categories: Code analysis, Software Engineering | No Comments »

Feb 15 2020

BUET Club Gamearena first mockup

by Md Imran Hasan Hira

We, few ex-university mates had a long cherish that we will have our own gamearena where students can submit their bots to play against certain games. This is the first mockup of the application. Needed to clear thoughts on my head. Will work on towards implementation.

Categories: Software Engineering, System Design | No Comments »

Jan 24 2020

How do you make “Formal definition of things”

by Md Imran Hasan Hira

This note is a followup of previous note (Why formal definition of “things” is important).

I would like to categorise alignment situation into following buckets –

  1. Meetings/discussions
  2. Tasks in jira/trello/gitlab
  3. Application/Services/systems/pipelines
  4. etc.

Meetings/discussions

It’s quite easy. We need a board/paper to draw the topics being discussed. We draw some boxes to represent entities. We draw the options being argued upon. A simple table might look like below. The person co-ordinating the meeting/discussion can volunteer to do this –

| Options  | Pros | Cons | Winner |   |
|----------|------|------|--------|---|
| Option 1 | ...  | ..   |        |   |
| Option 2 | ..   | ...  |        |   |
|   ...    |      |      |        |   |

Also, whenever someone asks questions – “What do you mean by this?” , we might need to be patient enough to explain the intermediate parts. Personally I am more biased to visualised representation in a discussion.

Tasks in jira/trello/gitlab

It’s important to mention details in the task ticket. For example, when there is a multi step task, it helps a lot if all the steps are written upfront. This gives an early idea about which section of the system is the expected work for corresponding ticket. Any kind of context is helpful.

Instead of Just error, include where it happened, who faced it, basically a correct way to reproduce the error. If it’s not reproducible, at least mention where it happened, how it happened.

It takes time to write these details, but if we don’t write it, we might have to spend similar amount of time explaining the same thing over chat/face2face to the person working on it. Better to have it in the ticket.

Application/Services/systems/pipelines

Explaining a system out of nowhere isn’t easy. If the system is large/complex, that’s even harder. The idea is to take scientific approach – break it into pieces, flows, something like lego.

Here is one way to describe a system –
1. A bunch of blocks representing individual scripts/crons/modules/systems/storages…etc.
2. A set of entities representing data structures, the data that is being passed around
3. A set of lines, drawing connections among #1 and #2

There are many more ways to describe a system. We can write pages of documentation with system design diagrams. Coming up with workflows. Any such kind of representation helps people to discuss over a system. Those formal definition makes sure that both people are talking about the same piece. And that facilitates a healthy debate.

Categories: Software Engineering | No Comments »

Dec 10 2019

What is a “Formal definition of thing” and why it is important

by Md Imran Hasan Hira

This note is about alignment in term of concepts while discussing any topic.

Working in a multi-cultural company has it’s own benefit and tricky things. People come from different styles, different behaviours. One thing common among us is, we want to solve our customer’s problem. The most important part in a discussion is to be aligned on the topic that is being discussed. Being able to understand the terminologies that is being used in the discussion, really helps everyone.

It can happen that people arguing about the same thing for some time. Even if they don’t argue, but keep talking same about the same thing, that is more worse than just wasting the time. It creates miscommunication/confusion and people have to revisit the same issue after a few days or week. “Formal definition” is here to rescue.

What the heck is this “formal definition” ?

Any form of representation that can be seen/read by more than one person at the same time, can be considered as a formal definition.It can be in written form ( i.e. documentation, wiki, email etc.) or visualised form ( i.e. diagrams, flowchart… etc.). These persistent things helps people to look at together and thus tie on what each one is talking about.

  • What is the benefit of “formal definition”: It’s easy to follow up with defined terminologies. It’s kind of a quantisation. With formal definition, people can argue about the specific system, avoiding personal conflicts. Once things are quantised, we can compare among solutions, we can discard old/suboptimal stuff and explore better stuff.
  • Why waste time in explaining if we can just fix it in minutes: Well, we are developers/engineers. We can fix things quickly. But for other people or for a developer who doesn’t have the context, will spend more time in understanding what we just did in two minutes. Some situations it might take more time than making a formal definition.
  • Traps of not doing formal definition : There is a common scenario when people say “we are just building things”, “the thing is changing too much” or “it’s too early to write formal documentation”. All these phrases are valid, and we all know that premature documentation is costly to maintain. But we need to make sure we have at least high+mid level definitions from where people can start further documentation.
  • When is “formal definition” not required : Formal definition might not be required when people work alone and don’t have to explain things to others. In booking.com we don’t have much of these scenarios.

Dude, isn’t it what we call ‘documentation’ ?

It is close to documentation. It’s a marketing technique to sell similar product in new packets :p The reason why I avoided “documentation” because I think there is a different perspective. Just “documentation” isn’t helpful. Making sure audiences are aware of the documentation is also important. We need to tie terminologies with context. The part I want to emphasise is whenever we have discussions with another person, we might be thinking that the other person already knows this. But in reality it may not be. With ‘formal definition’ keeping in mind, explaining the terminologies upfront, we can improve the outcome. Or at least that’s how we keep us aligned 🙂

Categories: Software Engineering, Uncategorized | 1 Comment »

Jun 30 2018

Do you need a Computer Science degree to become a software engineer ?

by Md Imran Hasan Hira

The short answer is — NO (probably the short sighted answer too)

The medium level answer is — You do not necessarily need a Computer Science degree to become software engineer. All you need is Software Engineering knowledge.

To answer in detail, let me ask a question, so that we can narrow down the confusion clouds.

How would you achieve software engineering knowledge ?

There are couple of ways —

  1. Get a Bachelors/Masters in Software Engineering ( Academic degree )
  2. Get Bachelors/Masters in Computer Science ( again Academic degree )
  3. Start studying/practicing on your own to build software ( Personal effort )

#1 is straight forward. But it can happen that your country/university doesn’t have “Software Engineering” as a subject. Then you can follow #2 as an option.

If none of “Software Engineering” or “Computer Science” is available to learn academically, then you can go with #3, which is start studying/practicing on your own. This self study might also happen even if universities in your country has those courses ( i.e. you weren’t qualified enough to pass the admission ).

Not qualifying the admission process doesn’t mean that you can’t be a good engineer after 5 years. It means that you aren’t qualified at that admission moment. If you try consistently and have the proper learnings, you can be a good engineer within similar range of time.

It can also happen that you studied completely different subjects than computer science ( i.e. Statistics ) and later moved to Software engineering.

Back to our main point, CS degree. Why are we talking about two degrees — “Computer Science” and “Software Engineering” ? To know more details, let me explain how has university subject evolved.

In our society, we try to solve a lot of problems and sometimes general people do not posses enough knowledge. If a country needs a lot of medical doctor, and there isn’t sufficient doctors in the country, it’s a good decision to invest in Medicine study. So government funds medical sectors, build medical schools, compensates student fee. This is a long term policy, so that after 5/10 years, the country has enough medicine experts.

The same policy apply for other subjects as well. Depending on the country need ( or policy makers realization ), universities open subjects for further specialization. For example, In Bangladesh University of Engineering and Technology, we didn’t have ‘Computer Science’ subject before 1986. Then it started in a very small number of students ( 30 student per year). Later we saw that we need to more computer science experts and increased the capacity ( 120/year ). Now a days few universities even provide “Software Engineering” as a standalone Bachelor degree. It’s all up to how we foresee the need.

If someone really knew that his final goal is being a Software engineer, then they can focus solely on Software Engineering knowledge for the very beginning. This way they can specialize their skills by avoiding other general computer science knowledge (hardware details) which might not be needed for a specific industry/field/…etc.

Not knowing general computer science terms is not a big problem if the person posses strong analytical skill. They can learn it on purpose while working. But a person already having that knowledge will be faster in learning deeper, given that they both put same effort.

That means, if you achieve fundamental knowledges, you can expand your practice area to other domains quickly. At the end of the day, it depends upon the availability of subjects in Universities and your passion to study/practice.

This pictures reveals a path to become a Software engineer after having computer science knowledges-

As you see there are lots of topics that are covered in Computer Science. But depending upon your work, you might be needing few of them directly. If you move from a Banking Software company to Ecommerce application company, then you gotta know the concepts of their stack. Things are learnable. People can learn them either in university or self practice. Here is a little bit complex picture ( there are more connections , I skipped some of them to avoid spaghetti )

Fundamental knowledges that you see on the top of the above picture, You can get most of them from Universities. It’s also possible to get them if you got proper neighbors. I mean, not all people have parents/friends/uncles who are university teacher or software engineer. Anyway, Universities helps by providing a dedicated learning process.

And then there are business knowledge which you can specialize while working in certain situations. Another interesting part is self learning. If someone thinks that they can learn it by self practice, that is also welcome.

To grow your career, I would suggest — why not both ? Getting into a university will give you the chance to know from more knowledgable people. At the same time if you keep practicing self studies, then you specialize on your desires. Happy Learning!

Categories: Software Engineering | No Comments »

Jun 26 2018

কম্পিউটার সায়েন্স ডিগ্রি কি সফটওয়ার ইঞ্জিনিয়ারিং এ কোন কাজে লাগে ?

by Md Imran Hasan Hira

এমন প্রশ্নের সম্মুখীন হয়ে কিছুক্ষণ মার্কামারা পজিশনে বসে ছিলাম। কি করলাম এই জীবনে CSE তে B.Sc. করে! What is life?

যাই হোক, “What is life?” এর দুশ্চিন্তা থেকে বেরুতে একটু সময় লাগল। তবে কিছুক্ষণ ভাবার পরে যা বুঝলাম, তাতে মনে হল প্রশ্নটা একেবারে অবান্তর না।

আমি যে কোম্পানিতে কাজ করি, সেখানে কিছু Software Developer আছে যাদের Computer Science এ অ্যাকাডেমিক ডিগ্রি নাই। কিন্তু তারাও খুব ভাল coding করতে পারে, ভাল system বানাতে পারে। কিভাবে পারে ?

কৌতূহল থেকে তাদের background নিয়ে খোজ নিয়েছি আগে। সেটা বললেই ব্যাপারটা ক্লিয়ার হয়ে যাবে। কারও কারও ব্যাকগ্রাউন্ড EEE, Physics, Statistics। কেউ কেউ আবার ডিপ্লোমা, কিছু আছে কোন ডিগ্রিই নাই। হাইস্কুলে যে ম্যাথ করে আছে সেটা দিয়েই দিব্যি কাজ করে যাইতেছে।

একটা মজার ব্যাপার হইতেছে যাদের সরাসরি Engineering ব্যাকগ্রাউন্ড, তাদের সাথে technical কথাবার্তা করা সহজ, কারণ তারা টার্মগুলো/কনসেপ্টগুলো অলরেডি জানে। কিন্তু বাকিদের যাদের সরাসরি Engineering ব্যাকগ্রাউন্ড না, তাদের সাথেও technical কথাবার্তা চালানো যায়। একটু সময় লাগে। তবে তাদের Analytical Knowledge ভাল হবার কারণে, একবার তারা কনসেপ্ট বুঝে ফেললে আর সমস্যা হয়না।

তখন বুঝলাম যে, যাদের ক্যারিয়ারের শুরু অন্য জায়গা থেকে, তারা বছরের পর বছর ধরে কয়েকটা বিশেষ টপিকে কাজ করতে করতে সেটাতে Specialized Skill grow করেছে। আমাদের ডিপার্টমেন্টের ৪ বছরের কোর্সে Computer Science এর ব্যাপারে আমরা ঠিক একইভাবে এরকম কিছু knowledge অর্জন করি। এর সবগুলোই যে একটা কোম্পানিতে ব্যবহার করা যাবে এমন না। তবে যেহেতু এগুলো Fundamental Knowledge, তাই দেখা যায় এগুলোকে খুব সহজে বিভিন্ন ক্ষেত্রে কাজে লাগানো যায়।

আমাদের CSE কোর্সের কারিকুলাম এমনভাবে ডিজাইন করা, যেটাতে Computer Science এর অনেক শাখা-প্রশাখা কাভার করে। এবং এই জিনিসটাই আমাকে কাজের মধ্যে একটা অতিরিক্ত সুবিধা দেয়। Software Requirement থেকে শুরু করে, কখন কোন ধরনের Computer System যুতসই হবে সেগুলা খুঁজে বের করা, কোন একটা problem এর efficient সমাধান খুজে পাওয়া, এগুলাতে আমি দেখি Departmental কনসেপ্টগুলো অনেক কাজে লাগে।

তাই, আমার মনে হয়, ভাল Software Engineer হবার জন্য Computer Science এর জ্ঞান এর দরকার আছে। খুব বেশী জেনারেল জ্ঞান এর দরকার আছে কিনা, সেটা বলা একটু কঠিন। কারণ “Engineering” অলরেডি একটা specialized skill. তার উপর “Computer Science & Engineering” আর একটা specialization । এরপর “Software enginerring” সেটার গভীরে আরেক ধাপ বিশেষ পড়াশুনা। কেউ যদি শুরুতেই এত ডিটেইল লেভেলের specialized skill গ্রো করতে চায়, তাতেও যে সমস্যা আছে এমন না। ফাইনালি শিখলেই হইল 

 

Categories: Software Engineering | No Comments »

Jun 20 2018

Career as a Software Engineer – Part 2 ( Planting the seed )

by Md Imran Hasan Hira
( Link for Part 1 – Career as a Software Engineer – Part 1)

আজকের পোষ্ট কিভাবে তিমি মাছের চটপটি দিয়ে সেমাই রান্না করবেন, সেটা নিয়ে। স্যরি, কিভাবে দুই টাকা ইনকাম করে এক টাকা খরচ করবেন ? ধুর ছাই, কিভাবে টিউশনির টাকা দিয়ে ভবিষ্যত কিনবেন…

খুব কঠিন একটা প্রশ্ন দিয়ে শুরু করি, ক্যাম্পাস লাইফে পোলাপান কিভাবে সময় ব্যয় করে ?
১। র‍্যাগ কর্নারে আড্ডা দিয়ে
২। স্বপ্ন দেখে ( ঘুমিয়ে/দিনের বেলা )
৩। টিউশনি করে
৪। ফুটবল খেলে
৫। পার্টটাইম চাকুরী করে
৬। টিচার ফাইটীং করে
৭। ডিবেটীং ক্লাব, ক্যারিয়ার ক্লাব, সিস্টেম ডিজাইন ক্লাব এই সমস্ত হাবিজাবি(!) কাজ করে
৮। … Read the rest of this entry »

Categories: Software Engineering | No Comments »

Jun 10 2018

Career as a Software Engineer

by Md Imran Hasan Hira

সফটওয়্যার ইঞ্জিনিয়ার হিসেবে ক্যারিয়ার
( টার্গেট অডিয়েন্সঃ সেকেন্ড ইয়ার/+ )

বুয়েট থেকে কম্পিউটার সায়েন্স পড়াশুনা করে সফটওয়্যার ইঞ্জিনিয়ারিং এ ক্যারিয়ার নেয় কতজন ? আমাদের ‘০৭ ব্যাচ যদি চিন্তা করি, তাহলে আমি একটা ঝটপট কাউন্ট দিলাম। যতটুকু জানি, তার উপর ভিত্তি করলে আপাতত আমাদের অনুপাতটা এখন এরকম –

নন আকাডেমিক চাকুরীজীবীঃ ৫০ জন ( সফটওয়্যার ইঞ্জিনিয়ার, সরকারী চাকুরী, কিংবা নিজের কোম্পানি )
মিসিং ডাটাঃ ২২ জন ( এদের ব্যাপারে আমি নিজে জানিনা দেখে বলতে পারতেছি না )
আকাডেমিকঃ ৪৮ জন ( পড়াশুনা কিংবা ইউনিভার্সিটী ফ্যাকাল্টি )

আমরা পাস করে বেরিয়েছি ২০১৩ সালের ফ্রেব্রুয়ারীতে। এই পাচ বছরে অনেকেই অনেক রকম কাজ করে ফেলছে। উপরে যেই অনুপাতটা আছে, তাতেও কিছু গড়মিল আছে। সময়ের সাথে সাথে কিংবা ব্যাচ-টু-ব্যাচ এইটা কিছু পরিবর্তন হয়। তারপরেও আমি অনুপাতটা বললাম এই জন্য যে অনেকের মনেই প্রশ্ন থাকে – “বুয়েট থেকে বের হয়ে কয়জন দেশে আছে?” বা “পাস করে অ্যাকাডেমিকস এ আছে কতজন?” । দেখতেই পাইতেছ “সফটওয়্যার ইঞ্জিনিয়ার” আর “আকাডেমিক” প্রাআআয় সমানে সমান। আসলে এই নাম্বার গুলা যতটা না গুরুত্বপুর্ন, তার থেকে গুরুত্বপুর্ন হল একজন নিজে কি চাচ্ছে। যেমন ধর অনেকেই পাস করে শুরুতে চাকরিতে ঢুকেছিল, কিন্তু এখন পড়াশুনা করতে বাইরে চলে গেছে। আবার অনেকেই যারা এখন পড়াশুনা করতেছে, কিছুদিন পর তাদের একটা অংশ বের হয়ে চাকরিতে ঢুকবে। Read the rest of this entry »

Categories: Software Engineering | No Comments »

Jun 30 2017

Five rule of thumb for a backend developer

by Md Imran Hasan Hira
Five rules of thumb for a backend developer, so that your peer can live a happy life.
  1. The name populate_data() doesn’t help much. The first question comes up to mind – What kind of data? So if there is name for your data, use that, instead of just data.
  2. Instead of warning fixed or bug fix, please write at least an oneliner of what warning you fixed.
  3. And then, instead of just fixed the warning, include the actual full error/warning message from stacktrace at the end of commit message.
  4. The names process() / execute() / handle() is ok in case of library/framework methods. But for general purpose, please specify what you are processing/executing/handling. For example process_million_dolar_payment() / execute_superman_command() / handle_http_request() …etc. At least try to use longer if you can. It helps with fewer grep results.
  5. Don’t have any on top of my head now :p

Categories: Software Engineering | No Comments »

Jun 27 2017

How to keep your brainchild alive

by Md Imran Hasan Hira

This note is about maintaining a system, putting much effort, growing it like your baby and then doing (or not doing) something that will let your brainchild die.

Reasons that make a kid dead

I found several common causes that can contribute to make a system dying –

  • Writing complex code – I have to say the obvious truth, Complex Code is hard to understand. Creating a new domain to solve an existing domain, may need rethinking.
  • Not enough training/education – If you haven’t educate other people about your system and there aren’t enough interested people with knowledge to maintain the system, it’s hard to continue.
  • Hacking without healing – Hacking is good, but if we don’t clean the patch ( as part of homework ), future patches on top of existing one, will create cavity into the system. Hack & Improve is better than Hack & Forget.

Now, if we see these as problem, we can find a way the fix them. One important part is to have enough educated people. To get people to jump in, we have to spread the knowledge among other developers. And that’s the hardest part.

Preparing new parents for your brainchild

How does a developer feel interest on a item / project ?

  1. Because it’s on the backlog
  2. It looks promising on the business outcome
  3. It looks super cool and challenging
  4. Wow, this helps other peers ( as well as humanity )
  5. ……etc.

How can we attract other parents, if the business logic is too complex?

Building the solution with one man army is not a scalable process. Old commanders will eventually retire one day ( 🙁 ). Newer soldiers will join the force. So the system need to be simple enough for those people to start with, to get into the system. Or, or, or, at least tasty enough to be allured.

Finding solution for complex business problems isn’t easy. Also, “easy” is a relative term. For a community, it depends upon average level of agreement  of complexity. It depends upon culture, depends upon way of working.  And then there are wars between tabs vs spaces , roles vs flat duplicates, subclasses vs copy/pastes, one liners vs details,  inline brackets vs newline brackets, ……………….endless. While we can’t agree on all of them, we can communicate and enhance our perception towards these, which in turn might help in agreement between concepts.

I myself, don’t know the best solution to attract new parent for a brainchild, and this also depends upon specifics. But these are my thoughts to remember while building a new system.

Finally, I think it’s all about being updated. Being updated with the styles, experiences, best practices. May be including the explorations of new generation trends, and if they fit, embracing them, if they don’t, fighting against them. Happy fighting and saving all kids 🙂

( In a mission of saving all the kids, Because we can, and we will )
Imran Hira

Categories: Software Engineering | No Comments »

« Older Entries
Theme by Ali Han | Copyright 2025 Md Imran Hasan Hira | Powered by WordPress