Do not check email adresses!

2010/06/21 — laurent

You may have noticed that on some rare websites (≈99.999 % of internet websites), you have to provide an email address when you register. And most of the time the application running the website check if the email address you entered is valid.

But you know what? Most software developers (you know, the guys staying all day long in front of computers, the guys you call when you have a problem with your computer because they have some magical power that allows them to fix your problems) don’t know what a valid email address is!

Why do I say such things? Because each time I register on a website, it complains that I should enter a valid email address… but my email address is valid actually! What I’m complaining about is not that they check email addresses of course, I’m complaining about the fact they are rejecting valid ones. Like for an email spam filter, you don’t care that some spam emails still reach your inbox, but you hate when a valid email is dropped because it was considered spam.

Unfortunately, most email address filters that have been written are rejecting a lot of valid email addresses. Why? Because checking that an email address has a valid format is very difficult. Have a look at this summary of RFC’s email address format, you will understand what I mean.

So, if you are a software developer and you have to check the validity of email addresses, don’t bother much checking the email address format (or the strict minimum like “there is a ‘@’ and a ‘.’) because even an email address that have a valid format may be invalid (in the way that the corresponding email account does not exists).

For registration process it’s easily solved by asking the user to click on a confirmation link you send them to the given email address. Only then you will know that the email address is really valid.

Posted in Uncategorized. Tags: , , . 1 Comment »

Les Cast Codeurs

2010/06/14 — laurent

Si vous êtes développeur Java, vous connaissez certainement le podcast The Java Posse, 4 experts (Tor Norbye, Carl Quinn, Dick Wall et Joe Nuxoll) du monde Java (au sens large) parlant des news concernant Java, la JVM et tout ce qui touche de près ou de loin (voire de très loin) à ça, sur un ton en général très décontracté et humoristique.

Il y a un peu plus d’un an maintenant, 4 français (Emmanuel Bernard, Guillaume Laforge, Antonio Goncalves et Vincent Massol) ont décidé de faire quelque chose de similaire, le podcast Les Cast Codeurs, mais dans la langue de Molière. Je dois avouer qu’au début je ne voyais pas trop l’intérêt, étant donné que nous travaillons dans un secteur très anglophone, ça me semblait assez redondant avec The Java Posse, à part peut-être pour les quelques irréductibles gaulois qui ne comprennent toujours rien à l’anglais (et il semblerait qu’il y en ait encore pas mal en France ;-) ).

Récemment je me suis décidé à en écouter quelques épisodes, et c’est plutôt pas mal, même si dans l’idée c’est assez proche du Java Posse, le contenu et l’approche sont assez différents pour que ce ne soit pas complètement redondant. Sans compter que l’actualité française et européenne du domaine (si si, il y en a) est un peu plus abordée. C’est entre autre par Les Cast Codeurs que j’ai découvert le BruJUG.

Continuez comme ça les gars, ça me fait quelque chose de plus à écouter dans le métro ;-) .

Posted in Uncategorized. Tags: , , , , . No Comments »

The Power of Abstraction

2010/06/01 — laurent

During last BruJUG third half-time, Alex Snaps told us about a presentation by Barbara Liskov (also known for the Liskov Substitution Principle) in which she tell us a bit of computer science history, how the data abstraction emerged and so on.

It’s a very interesting presentation, it’s quite amazing to see that most of programming languages principles where designed 30-40 years ago. If you are a developer, I recommend you to watch Barbara Liskov’s presentation: “The Power of Abstraction”.

Posted in Uncategorized. Tags: , , . No Comments »

BruJUG

2010/05/31 — laurent

Last wednesday (May 26th) was the first BruJUG session, and I was there ;-) .

So, what’s BruJUG? It’s Brussels’ Java User Group, so if you are a Java developer living/working in Brussels, you might be interested to attend BruJUG sessions in order to learn some stuff, talk with other developers, exchange some ideas, have a good beer…

When I was in Paris, I was going quite often to the ParisJUG, which was the first JUG in France. BruJUG just started but it’s not the first one in Belgium, there is also BeJUG which is moving from cities to cities in Belgium.

What happens in Wednesday’s session? First of all it was in Google‘s office, aka GooglePlex,  which is quite a nice one and there was two presentations, a non-technical one on content strategy and a technical one on ehcache (and a bit of terracotta of course). Both were very interesting, you can read the session post on BruJUG website or on BruJUG’s wiki (there are some pictures too!).

Posted in Uncategorized. Tags: , , , . No Comments »

Login/Password autocomplete

2010/02/22 — laurent

A feature I really like in most web browsers, is the ability they have to “remember” my login and password for a given website. And I like the way Firefox does that, by displaying a non-intrusive notification bar at the top of the page while loading the page:

(I don’t like the way Safari does, by putting a modal window. So I have to already answer if I want to save my credentials before being sure that I entered the right ones)

I really like this feature for several reasons. I think it’s more secure than having to type my password. Some people may disagree, but to me, having that feature allows me to set a different password on every website I have an account on. Without that feature I will use the same password everywhere which is a very bad idea. If I use the same password everywhere, if somebody finds out what my password is, he will have access to all my accounts. And this is way much more easier than you may think:

  • lots of websites does not do the login procedure on a secure connection so intercepting data is not that difficult, especially with non-secure WiFi / free WiFi access points
  • lots of websites/companies store your password in plain text in their databases, so mostly anybody working in that company at some point in time may see your password (and I’m not kidding, I’ve seen that myself several times (If I was a bad guy, which I’m not by the way ;-) , I would already be the owner of thousands of emails/logins/passwords))

An other reason why I think using the web browser’s password manager is more secure is because if at some point a malware installs a key-logger on your computer (which is not unusual on Windows computers), each time you type your password it’s a chance more for the key-logger to record it.

And of course, web browsers save your passwords in a crypted file (and not in a plain text file as some people do, which is also not really secure). To me, the biggest downside of this feature is that I can’t log in a lot of websites if I’m not using my computer because I don’t remember my passwords.

So there is something I really don’t like when surfing the web, is when I use websites where, for some reason, Firefox/Safari does not ask me to remember my password. Until recently I didn’t checked why, I was supposing that the login form was done in a way that web browsers did not recognized it as a login form (maybe because of an intensive use of javascript). But it looks like I was wrong on that, and that there are people stupid enough to call “feature” the ability of a website to prevent your web browsers to store your credentials.

From what I have seen so far, several web browsers disable the auto completion/password manager when the attribute autocomplete="off" is set on a form or input field. First of all: this attribute IS NOT STANDARD. It’s not part of any HTML/XHTML specification. It seems it was invented by Microsoft for Internet Explorer a long time ago (why bad ideas always come from the same guys? ;-) ).

There is a page on Mozilla’s developers website explaining how works the autocompletion and how to turn it off, and the page on autocompletion attribute on MSDN website.

The second point is: ok, Internet Explorer has this stupid feature, why other web browsers have also implemented it? The final decision has to be done by the user, not some manager of a website who thinks that he knows what you want better than you.

The only point I see where it may be useful, is that it also works for forms other than login forms. For login forms your web browser always ask you if you want it to store your login and passwords in a secure place. For other forms, the web browser remembers everything, in a place that may not be secure, and without asking you anything, which might be quite bad when filling a payment form with your credit card number. At this point, what would be useful, is a way to say to the web browsers that some data in the form are sensitive information (so the web browser may ask you if it should remember those data, and in that case put them in a secure place).

If you have followed until here, my point is: the autocomplete attribute sucks, it does not solve any problem and annoys me.

How to make those broken websites behave correctly again?

Several possibilities:

  • use a web browser that does not understand the autocomplete attribute (I don’t know which ones)
  • if you are using an open source web browser that supports that attribute, remove the support from the sources, compile, enjoy (that’s one of the freedoms of open source)
  • if you use Firefox, use Greasemonkey

First time I heard about Greasemonkey was several years ago, but for some reasons my neurons did not connect together at that time and I did not realized the power of this Firefox plugin, until I saw Paul’s demo at FOSDEM. Since then, I love that plugin. Simply said, this plugin allows you to fix websites :-) . First thing I did after installing it was to fix my bank website, which was forbidding me to go straight to the login page and was also forcing me to open the login page in an other tab/window. Greasemonkey allowed me to fix that with one line of code (really only one line, and a simple one in that case). Greasemonkey also has a lot of user contributed scripts for several websites (from that I found one fixing the download links on Jamendo (in order to download directly the OGG Vorbis version of an album (which is not possible from the website) and without opening a stupid download window)).

Something I love, on the scripts website, is the following sentence, at the bottom of the website: “Because it’s your web”.

How to fix the autocomplete attribute with Greasemonkey? My first try, was with my company’s Outlook Web Access (yes, unfortunately there are some people/companies actually paying for that), and guess what? Somebody already did a script for that: Allow Browser To Save Outlook Web Access Password.

So I was wondering: “do I have to do a script on every website that use autocomplete="off"”? I ended up, a few minutes after, with that script (note: I don’t know javascript at all, any comments to improve this script is welcomed):

// ==UserScript==
// @name           Turn ON autocompletion
// @namespace      http://desgrange.net
// @include        *
// ==/UserScript==
(function() {
	function turnAutocompleteOn(element) {
		if(element.hasAttribute('autocomplete')) {
			element.setAttribute('autocomplete', 'on');
		}
	}
 
	for(formKey in document.forms) {
		turnAutocompleteOn(document.forms[formKey]);
	}
 
	var inputs = document.getElementsByTagName('input');
	for(var i=0; i<inputs.length; i++) {
		turnAutocompleteOn(inputs.item(i));
	}
})();

It’s a bit brutal, on every pages you visit, it looks for all forms and all input tags having the autocomplete attribute and set it to “on”. I don’t know how often this autocomplete attribute is used, so I don’t know yet the side effects of doing that on every pages (that’s why I have not put this script on http://userscripts.org yet).

Posted in Uncategorized. Tags: , , , , , . No Comments »

Logging in Weblogic console with Log4J

2010/02/15 — laurent

If you have developed a JEE web application using Log4J for logging and have it deployed on a WebLogic application server, you may wonder how to display the logs in WebLogic console:

Preparation

You simply need to create and add a Log4J appender. This appender will redirect Log4J events to WebLogic by using the NonCatalogLogger class. You can found this class in wls-api.jar or wlclient.jar (depending on your WebLogic version) from your WebLogic’s lib directory. For instance if you are using maven, you need to add one the following dependencies in your maven’s pom.xml (enter the version corresponding to your WebLogic installation):

<dependency>
    <groupId>weblogic</groupId>
    <artifactId>wlclient</artifactId>
    <version>10.3</version>
    <scope>provided</scope>
</dependency>

or

<dependency>
    <groupId>weblogic</groupId>
    <artifactId>wls-api</artifactId>
    <version>10.0</version>
    <scope>provided</scope>
</dependency>

Obviously WebLogic JARs are not in official Maven repositories (due to license/distribution restrictions, proprietary softwares always here to hassle you). So type the following command in your shell to add the API in your local maven repository:

mvn install:install-file -DgroupId=weblogic -DartifactId=wlclient -Dversion=10.3 -Dpackaging=jar -Dfile=wlclient.jar

or

mvn install:install-file -DgroupId=weblogic -DartifactId=wls-api -Dversion=10.0 -Dpackaging=jar -Dfile=wls-api.jar
Creating the appender

The appender needs to implement Log4J’s Appender interface, but it’s more convenient to extends AppenderSkeleton. WebLogic’s NonCatalogLogger class has some “debug”, “info”… methods like Log4J so the appender is just going to map one to the other.

Since you may deploy your application on something else than WebLogic (for instance I usually use Tomcat and/or Jetty for development/testing) you don’t want have it crashing your application because WebLogic classes are not here. The appender can check if the class is in the classpath (using Class.forName()) and do nothing if the NonCatalogLogger is not here.

In WebLogic’s console, there is a “Subsystem” column, we can set it in the appender to display the application name.

package sample.project;
 
import org.apache.log4j.AppenderSkeleton;
import org.apache.log4j.Level;
import org.apache.log4j.spi.LoggingEvent;
 
import weblogic.logging.NonCatalogLogger;
 
public class WeblogicAppender extends AppenderSkeleton {
    private static final String SUBSYSTEM = "SampleProject";
    private NonCatalogLogger logger;
 
    public WeblogicAppender() {
        try {
            Class.forName("weblogic.logging.NonCatalogLogger");
            logger = new NonCatalogLogger(SUBSYSTEM);
        } catch (ClassNotFoundException e) {
            // Not running on WebLogic server.
        }
    }
 
    @Override
    protected void append(LoggingEvent event) {
        if (logger == null) {
            return;
        }
        if (Level.TRACE.equals(event.getLevel())) {
            logger.trace(getMessage(event), getThrowable(event));
        } else if (Level.DEBUG.equals(event.getLevel())) {
            logger.debug(getMessage(event), getThrowable(event));
        } else if (Level.INFO.equals(event.getLevel())) {
            logger.info(getMessage(event), getThrowable(event));
        } else if (Level.WARN.equals(event.getLevel())) {
            logger.warning(getMessage(event), getThrowable(event));
        } else if (Level.ERROR.equals(event.getLevel())) {
            logger.error(getMessage(event), getThrowable(event));
        } else if (Level.FATAL.equals(event.getLevel())) {
            logger.critical(getMessage(event), getThrowable(event));
        }
    }
 
    @Override
    public void close() {
        // Nothing to do here.
    }
 
    @Override
    public boolean requiresLayout() {
        return false;
    }
 
    private String getMessage(LoggingEvent event) {
        return String.valueOf(event.getMessage());
    }
 
    private Throwable getThrowable(LoggingEvent event) {
        if (event.getThrowableInformation() != null) {
            return event.getThrowableInformation().getThrowable();
        } else {
            return null;
        }
    }
}
Log4J configuration

In your log4j.xml just define a new appender using the above class and add it to the root logger. Here is an example:

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
	<appender name="console" class="org.apache.log4j.ConsoleAppender">
		<param name="Target" value="System.out" />
		<layout class="org.apache.log4j.PatternLayout">
			<param name="ConversionPattern" value="%-5p %c{1} - %m%n" />
		</layout>
	</appender>
 
	<appender name="weblogic" class="sample.project.WeblogicAppender" />
 
	<root>
		<priority value="debug" />
		<appender-ref ref="console" />
		<appender-ref ref="weblogic" />
	</root>
</log4j:configuration>
Check

I have created a simple servlet logging some messages in debug, info and warn levels, let’s call it and see what happens:

It works! (OK, I was not going to write all that just to show something that does not work ;-) ). But be careful, as you can see, the debug message is not displayed even after setting Log4J’s level to debug. My WebLogic console is configured to display higher level messages. Don’t forget to check that it’s logging at the right level for you.

Notes

All source code in this post is in public domain, do what ever you want with it. I did it quickly so it may not work as you want, you are strongly advised to adapt it to your needs. I’m not mastering WebLogic at all (in fact I don’t really like that application server) so it may not be the best way to do it (and usually you should not need to do such things), and it is not at all certified in any way to be “production ready”.

Posted in Uncategorized. Tags: , , , . No Comments »

Post FOSDEM 2010

2010/02/08 — laurent

So last week-end I was at FOSDEM. First, it’s quite huge. Several thousand geeks in one location (if somebody hates open source, it’s the place to drop a bomb, lots of projects might also die afterward (I’m just saying that it’s not so cool on a risk management point of view, I’m not encouraging anybody to do such a bad thing ;-) )). A lot of smart people, good ideas, interesting stuff to see, to hear and free WiFi everywhere (such thing would be illegal in France nowadays :-\).

As usual with conferences, goodies review. What do we get: – conference program (on paper) – a bag (made from biodegradable material)

That’s all good to me. Quite eco-friendy and nothing is unnecessary.

Here is the list of sessions I attended:

Welcome (FOSDEM Staff)

Quick history of the FOSDEM and of course the FOSDEM dance.

Promoting Open Source Methods at a Large Company (Brooks Davis)

Brooks Davis told us how they managed to bring some of the open source way of working in a big aerospace company. I find incredible that in a company working for aerospace (and even any company doing software) some developers are still not using any version control system.

Evil on the Internet (Richard Clayton)

Quick presentation of what “bad people” are doing on the internet and how it works, with live examples of phishing/fake banks/fake escrow websites.

Visit the AA419 website for more information.

Mozilla Europe/Mozilla Foundation (Tristan Nitot/Gervase Markham)

Some info on current status and future stuff at Mozilla. Some discussion about the ballot screen.

Personal note: the ballot screen will appear for every Windows XP/Vista/7 users how do not have installed any other web browser. This is a decision of the European Commission imposed to Microsoft. But what about people working at the European Commission? Are they going to see the ballot screen on their computers? Obviously, like in any company managing their computers, this is going to be blocked in order to keep the “homogeneity” and ease of system administration. Guess what? I am working at the EC (as external contractor). Since I’m a developer, I can install whatever I want^H^H^H^Hneed on my work computer so I don’t have the problem (and in fact since I’m doing a bit of web development I’ve all major web browsers installed). Anyway, I will see if my colleagues get some choice for their web browser.

FLOSS: a key to self-determination in Internet life (Mitchell Baker)

OK, I can’t really summarize but it was interesting. Free and open source software have values, freedom related ones (at least). To some extent we can see those values in how the internet has been built and we need to be sure that those values are still going to drive the future of the internet and even take a more predominant place.

Hackability (Tristan Nitot/Paul Rouget)

Do you want the internet to be a place only for for-profit companies to sell you their products? I hope not (if you do, what the hell are you doing here?). An important thing that will prevent that is to be sure that the internet is hackable. That mean we can do what we want with it, event if it was not designed for.

I would like to give an example of a hackable product by design: a Lego box. When you buy a Lego box, it’s shipped with a manual with one or two (sometimes more) patterns to build what Lego thinks you might want to build with. But obviously, it’s for fun, and Lego does not forbid you to do anything else with it, on the contrary, they encourage you to do stuff they didn’t think you could do with it… and it’s quite normal since Lego bricks are done to build whatever you want.

On the internet it’s quite the same. You have bricks. Different kind of bricks, versatile ones (bits and bytes) on top of which people have created more complex bricks (HTML, HTTP, SMTP, IMAP, XMPP, XML, CSS, JavaScript…) allowing you to do any kind of things. But there are some stuff that are not following that concept. Take Flash for instance, here you have the Logo box already mounted and you can’t unmount it, you can play a bit with it but not that much.

Paul did a demo showing that the web is hackable (changing the UI of a website and with the help of Firefox/Greasemonkey change how to interact with the website), that Firefox is hackable (switching from a tab to an other by shaking his wiimote!).

HTML 5 (Paul Rouget)

The “theorical” part of the presentation was done by someone else but I don’t have his name (sorry). Anyway, since most of the stuff I developed so far were web applications, I was quite interested in this presentation (and of course because I have been too lazy to check by myself what’s new in HTML 5).

HTML 5 syntax, very pragmatic. HTML has been slaughtered on so many web pages that web browsers are now very good at understanding the understandable. So of course, instead of imposing a drastic syntax (like XML based stuff requires usually) that nobody is going to apply, HTML 5 is quite “user friendly” (in the way that you can type whatever you want, it’s going to work (uppercase, lowercase, it doesn’t care, you don’t close your tags? not a problem…)). I think web browsers (except IE of course ;-) ) are the perfect example of “be strict in what you send, but generous in what you receive”.

Anyway, lots of new tags like header, footer, aside, of course video, canvas

Paul did an amazing demo with a “simple webpage” turning out to be an interactive presentation with CSS transitions, video playing, 2D transformations, 3D ones… impressive.

Amarok 2.2 Rocking (Sven Krohlas)

I was an Amarok user for a long time but since I switched to the Mac it’s not the case anymore (even though Amarok runs on Mac). Anyway, the moodbar is back!

I haven’t played a lot with Amarok 2.x, but I don’t feel very comfortable with the UI. In 2.2 it’s a bit better. Maybe a part of the problem is that I don’t like KDE’s default theme.

It was a conference on free (as in free speech) softwares, but there are not only softwares that are free, there is also music. Go to Jamendo and listen/download a bit of music, you might discover good music under Creative Commons licenses (I recommend: Diablo Swing Orchestra and David TMX)

NoSQL for Fun & Profit (Tim Anglade)

A quick overview of what is NoSQL, no technical details, more a presentation for managers. Anyway, like lots of people I have suffered of SQL. For several reasons, first, it’s hard to find a project where a relational database is not badly used, a RDBMS can be very good at what it does (like PostgreSQL), it still needs to be used correctly, and secondly, because it was almost the only way “managers” did know about storing data. Who have never seen that kind of situation:

The manager: “On our new software we are going to use this programming language and that relational database.”

The developer: “I can understand that we need a programming language since we are going to write a software, but we don’t need a relational database for it.”

The manager: “Of course we need a relational database, every software use a relational database.”

The developer: “Well… no.”

The manager: “I’m the one deciding, you are only the mindless developer coding the stuff I ask so shut up.” (OK, maybe not that part)

Well anyway, NoSQL is a good idea to make sure that people know that we have choices on how we store data and that there are some ways better for some kind of tasks and others ways better for other kind of tasks.

Mozmill (Henrik Skupin)

A quick presentation of Mozmill, a tool used to do automated functional tests on Mozilla products (Firefox, Thunderbird…). Each version of Firefox in fact 225 versions of Firefox (75 languages on 3 platforms) and all of them should/need to be tested. It looks like at Mozilla they are not really in the test driven mindset (yet), and they are lacking of tests. Wait… sorry, when I say tests, I always think “automated tests”, it’s inhuman to make a person run a test suite manually, unfortunately to many people are paid for that. From what I understood they have some manual test suites for Firefox and fortunately they are trying to automate them.

You can see the mozmill generated reports for Firefox here: http://brasstacks.mozilla.com/couchdb/mozmill/_design/reports/_list/summary/summary

Towards GNUstep GUI 1.0 (Fred Kiefer)

GNUstep has been in development for ages and there is still no 1.0 version. So the question was “do we need to do one and if yes, what needs to be in”. Obviously, the answer for the first part is “yes” (so it will attract more developers, *BSD and Linux distributions will update their packages…). The second part of the question was not really solved. One proposition was to name the version 10.2 and has complete support of Cocoa 10.2.

L20n (Axel Hecht)

I’m not a specialist of internationalization (i18n) and localization (l10n), I know some issues regarding that but quite frankly, I didn’t really understood the presentation. It’s a bit more clear after a look on the l20n wiki. Sounds interesting to me since I think that the current way of doing (key/value) sucks a lot as soon as you have some non ultra-trivial stuff to do.

Étoilé: Where it is, where it’s going, why it isn’t there yet (Quentin Mathé/David Chisnall)

What have they done since the beginning in 2004? This is a project with few people but lots of ideas. One thing I find interesting is the CoreObject framework. Well in fact not the framework, but the ideas behind. From a user point of view, having to save your documents sucks. Why the default state is “in case of problem you are going to lose all your unsaved work” and not “in case of problem all your work is saved”? So here the idea is everything you change on your document is recorded, so you can do/undo/redo modification, close your document, open it again, ask to undo stuff you have done before… the history of your changes on the document have been saved all along.

Such ideas are not new, we have been talking about that for decades (well, not me, I’m talking about it only for years, I’m not that old ;-) ), but mainstream operating systems are still not implementing it.

Women and Mozilla (Delphine Lebédel)

Quick presentation of WoMoz.

Nepomuk (Sebastian Trüg)

Recent operating systems are now indexing datas so it’s fast and easy to search for stuff on your computer. Nepomuk is a “semantic” way of doing so (using RDF and so on).

Several functionalities are similar between Nepomuk and what I think Étoilé’s CoreObject do. But Nepomuk is based on “standards” like RDF and SPARQL.

Mozilla Panel Discussion (Mitchell Baker/Tristan Nitot/Mark Surman)

A discussion on Mozilla’s mission. Lots of questions about privacy. I confirm, Mozilla’s people have the right mindset (at least the mindset I like) and I’m glad that they are caring about the Internet.

Write and Submit your first Linux kernel Patch (Greg Kroah-Hartman)

A live example on what you need to do and how to do a patch for the Linux kernel.

That’s all

There are several presentations I would like to went to but we still have not invented a device giving us ubiquity.

I now have a lot more thinks to thing about, I may write down some of my thoughts here soon.

Anyway, a big thank you to the FOSDEM staff for organizing all that, to all the speakers and finally to all the people attending the event.

Posted in Uncategorized. Tags: , , , , , , . No Comments »

FOSDEM 2010

2010/02/03 — laurent

FOSDEM (Free and Open Source Software Developers’ European Meeting) 2010 is happening this week-end (6-7 february) in… Brussels! At ULB, about 10 minutes by foot from home. So guess what?

I never had the opportunity to assist FOSDEM before, so this time I’m not going to miss it.

I haven’t look at the planning seriously yet, there is a huge amount of stuff going on there, it’s going hard to make choices. At least I have seen that Mozilla is presenting some stuff, I hope I will be able to see Tristan at last (though I’m not sure it’s really fulfilling to listen to someone I always agree with (well, I’ve been reading his blog for several years now and I don’t really remember not agreeing on something)).

This reminds me I should find a way to start sharing with the community. I have been using open source softwares for years, on my day to day work, what frustrates me the most is each time I’m struggling with proprietary softwares (which I tend to avoid) while I know that the same problem with an open source software would have been solved much more easier (because of the help of the community and the availability of the source code).

So, are you coming?

Posted in Uncategorized. Tags: , , , , , , . No Comments »

CITCON Paris 2009: Mock objects

2009/10/12 — laurent
Interfaces

During the session on mock objects there was a digression about interfaces. I have seen too often interfaces in a way that I don’t like. I will use the same example as Eric:

Let’s say that you have a FileManager, providing some services to manage files I suppose ;-) , you may have an interface called IFileManager. And usually there is only one implementation of IFileManager which is FileManager.

I think this is wrong for at least two reasons:

  • Usefulness. If there is only one implementation, why do you need an interface?
  • Naming. The interface name should represent the “role”, so FileManager is suitable for the interface name, IFileManager has no meaning. Then the implementation should reflect what kind of implementation you have, like LocalFileManager, DistributedFileManager or a DummyFileManager for your tests (but not an ugly FileManagerImpl).

So usually, when I see a software with that kind one 1 to 1 relationship between interface and implementation and using bad names, it raises a warning light in my head, telling me that the person who wrote that code did not really now what he was doing (only applying some old and bad coding rules without trying to understand why it was useful for). As Antonio says, prefix ‘I’ for interface and suffix ‘Impl’ for implementations are signs of code smell.

I even have seen some interfaces with only one or two methods, the implementation had a lot more methods… and the concrete class was directly used in other classes… so yes, very useful interface :-/.

Sometimes, when writing tests, I need to mock some classes that I haven’t defined any interface for… and since several mock libraries are able to mock concrete classes I still not extract any interface.

I like simple classes, with simple roles, so mostly all public methods (except constructor and setters) are the “implied” interface.

So my point on interfaces is “use an interface only when you really need it” (that reminds me YAGNI):

  • when you need several implementations of a given “role”,
  • when defining some “ability” (sorry I don’t find the right term) like Clonable, Closable, Comprable, Serializable, Anything-able (if you can add “able” at the end, it’s a good sign that you might be able to extract an interface for that ;-) ).
Mock objects

So yes, we also spoke about mock objects. Steve Freeman was trying to explain us some stuff, I have the feeling that there was something in his speech that was enlightening but I didn’t really get it (that’s why it’s only a feeling for the moment).

What I remember is that, when writing tests:

  • mock the collaborating classes that change the outside world,
  • use stubs, dummy implementations, etc. otherwise.

I don’t fully understand the reason yet. But something I learn recently and that was says during the session: mock only the code you own, don’t mock external resources.

So for instance, if you have a Customer object, a table full of customers in your database, don’t try to mock JDBC classes like Connection, ResultSet and so on. Create a class accessing the data, let say CustomerDAO (I don’t like the name, but hey, it’s only an example), and then you can mock your CustomerDAO in your software.

I imagine that CustomerDAO will then be tested in integration tests (it’s a class using external software/server/stuff right? Can’t really unit test it (except maybe some data storage specific logic I may have to write in it)).

Anyway, it was an interesting session.

Misc

Books recommended during the session:

Frameworks:

  • jMock (the framework I usually use)
  • EasyMock
  • Mockito (more recent, I started using it a bit at work a week ago, looks quite nice)
Posted in Uncategorized. Tags: , , , , . 1 Comment »

Java Black Belt

2009/05/18 — laurent

Java Black Belt is a community website aiming at “building better developers“. Given the name, it’s targeting mainly Java developers but some exams cover Ruby, .NET C#

Every user has a belt like in karate, the color (from white to black) represents user’s knowledge of Java, common frameworks, tools… To get next belt you need to pass some specific exams and have a certain amount of knowledge points.

You get knowledge points by passing exams. An exam is usually a list of multiple choices questions, you need a certain amount of good answers to pass the test (around 80 % successful answers). If you fail an exam you need to wait some time before trying it again (around 15 days).

To get an exam you need some contribution points (except if you decide to follow the “Belt Track”, doing the exams in a predefined order). Contribution points are obtained when writing a question, reporting problems on a question, etc. So all the questions are created by the community, voted by the users (to have them accepted or rejected).

Since I mostly didn’t write anything in Java for a year and a half, I need to train myself a bit before taking an exam (I don’t really want to be forced to wait 15 days before trying an exam again).

So basically the website (until the black belt) is just checking your knowledge of Java and does not check if you are really able to write good code. In order to check that, the exam to get the black belt IS a programming task, but it’s not yet released (so nobody as a black belt yet).

One drawback I see is that several questions are useless. Since there is no point using Java without a proper IDE (as one of my colleagues says: “The power of Java is IntelliJ.”), questions about knowing by heart all the details of Java APIs, questions like “Does the following program compile?” are meaningless.

During my (short) career, I was interviewed several times and I interviewed several people. Quite often there are some technical questions to be sure that the interviewee knows a bit of Java, so sometimes I was asking questions like the ones found on Java Black Belt. Seeing the belt somebody obtained on this website will reduce the number of technical questions I have to ask, Java Black Belt already did it.

But in fact, if I need somebody in the team I’m working in, Java Black Belt is not enough. Of course it’s a hint about is knowledge, but it does not tell me how the guy works. But at least I have more time in the interview to ask those questions.

Posted in Uncategorized. Tags: , . No Comments »
« Older posts «
»