12.16.06
Posted in Java at 1:56 am by skoobi
Here is a funny, satirical comment from Daniel Spiewak on Java code produced by different people (student, professor, developer…).
We can probably draw a parallel with the funny quotes about Java I previously cited.
My opinion is that every Java developer is aware that everything he does is far more complex than it should be. However, abstraction is the key foundation of Computer Science, and most people agree that C is a good abstraction over ASM and Java/.Net are good abstractions over C. So, what is the limit of abstraction ? Are frameworks, Design Patterns, Factories and new abstractions all over the place a good thing ?
What is sure is that people who start using frameworks and libraries use even more of them. So, even if it is not a perfect solution, there is something great in that.
Permalink
12.11.06
Posted in Java, Web Development at 12:14 pm by skoobi
Sun just announced J2SE 6 and many java bloggers are relaying the information..
Something important for the web development community in this release is the support for scripting languages. In fact, the trend, that has been started with Java Hotswap, is to create tools that allow Web Frameworks to be more productive for developers.
Indeed, developers are tired of the develop / build / deploy cycle, and would prefer to work with the PHP-like develop / reload in browser development cycle. Well, scripting is a step in that direction, and would allow to :
- Keep the domain layer as strongly-typed POJOs, that are unit-tested and constantly refactored to keep a good design.
- Write the Web Controllers (the C in MVC) in any scripting language (the view being written in any already-existing templating language, such as JSP or Freemarker). This allows rapid development and since the view is hardly reusable anyways, it’s better to throw it away and recreate something from scratch when needed.
Efforts toward that direction have already been started, as relayed by these few blog entries and articles :
So, now the next step is to have universal support for that kind of development, and have better IDE support that will allow refactoring both in the scripted controllers and the view (JSP, Freemarker..). In fact, there is currently no way to make sure nothing is broken besides writing functional (Selenium, Canoo Webtest, HttpUnit…) tests.
Permalink
Posted in Methodologies at 11:52 am by skoobi
Jonathan Locke wrote a post about Meta Patterns. I don’t exactly understand what he means by using the “Meta Pattern” expression, but this definitely looks exciting.
In any case, I am curious to see one or two examples of these Meta Patterns to truly understand his thoughts.
Permalink
Posted in Web Development at 9:00 am by skoobi
An interesting post about HTML, CSS is available here. It’s definitely worth reading it.
Permalink
12.10.06
Posted in Java at 11:28 am by skoobi
Glen has a short tutorial on how to perform validation using Spring Valang (which is part of Spring Modules, which provide additional modules to integrate external projects with Spring, like OSCache, etc..) . While it is certainly better practice to choose XML validation instead of writing Validator classes manually, I personally prefer the @Annotations approach that is possible using Webwork / Struts 2.
Not only does it make people more productive by avoiding the need to edit 5 files at the same time (The Java class + the HTML/JSP/Freemarker template is all we should need to edit while creating a web application… Take a look at Tapestry 5 ), but it also shows the validation code at the same place at the code, and thus helps to maintain both.
However, I believe both approaches are not the way to go. We all use the validation features provided by our lovely MVC frameworks because it is handy, but when you think about it, validation should be part of the domain. The domain classes should be intelligent, they should have as much behavior as possible, and validation is one of the thing the domain should provide, in order to maintain integrity. For instance, if a domain layer has 2 User Interfaces (Web, and Swing, let’s say) interacting with it, the validation rules should only be implemented once, in the domain, not twice, because the integrity checks must be centralized.
But the frameworks are not quite there yet :
- Declarative (using annotations, for instance) is built into MVC frameworks and as such, are only tightly integrated to the view, not the domain. So, it requires more efforts to do validation on the domain. (Think of it as Spring MVC or Webwork validation, that automatically returns to the form and repopulates the data in case of an error VS throwing an exception that you have to handle manually)
- Validation defines constraints, and as such, is best expressed declaratively. However, if one wants to check constraints in the domain, it is necessary to either programmatically do it, or use AOP (maybe coupled with Annotations) to do so. However, it is still unclear whether AOP is a good thing to implement domain features. Lots of people tend to think of AOP as a way to implement cross-cutting TECHNICAL concerns, such as security, cache, or transaction demarcation.
Has anyone ever thought about that issue ? Have you implemented (programmatic) domain validation (maybe using Hibernate Validator, which is limited to persisted classes ?) on a real-life project ? What do you think about it ?
Permalink
12.09.06
Posted in Java at 3:02 pm by skoobi
Jurgen - whom I totally agree with - has written a very nice post about Procedural-Object programmers.
Most people tend to forget that Designing/Coding a piece of software is not about getting things to work, but more importantly, about getting things to work in an elegant way.
And the biggest problem is that it is really hard to define what “elegant” means. My personal opinion is that the Open Source world is full of very good practices that help drive the decisions. Sure, some software are crap, but looking at how Spring, Compass, Hibernate or other Java developers solve technical problems is in any case very informative.
Another problem is about designing the domain. For that part, I urge anybody to look at “Domain Driven Design Quickly” or Eric Evan’s Domain Driven Design book.
Permalink
Posted in Unix / Linux, Web Development at 2:12 pm by skoobi
No matter who you are (Lambda internet/network user, Software Developer or System Administrator..), you are most-likely affected by the proliferation of accounts and passwords.
The problem
As an Internet user, you need to keep track of one account/password pair for each website you use. It is then necessary to choose between having the same password everywhere (the weakest part of the security chain is thus the weakest website…), or maintaining a potentially long document with all the website/password pairs…
As a Software developer, you need to keep track of all the system passwords (.htaccess passwords, database URL/passwords, accounts on the companies’ computers, and so on..).
Finally, as a System Administrator, you need to keep track of all the system’s passwords, which include each application’s password (MySQL root password, SYMPA password, LDAP Manager entry’s password, root passwords on each machine, Apache SSL certificates keys’s protection passwords….). Additionally each administrated (web) application has its own “admin” account with an associated password, and these applications’ configuration files often include passwords for other components of the system (database accounts/passwords, LDAP password, …). Even efforts such as using centralized LDAP authentication result in having some LDAP’s binding account in the configuration files…
Not only it is a mess to administrate, but it is also a very nice way to forget/mess up with permissions and this can result in weak systems that are easily hackable, because of the complexity.
The solutions
The solution to improve the end users experience would require the whole internet to switch to Single Sign On Solutions. Some vendors are pushing centralized SSO solutions, like Microsoft Passport, which is a pretty criticized solution, both technically and ideologically. Others are pushing open, distributed SSO solutions, like OpenID and LID.
Now that everybody is talking about the “Web 2.0″, it is time to think about improving the user’s experience and security, and this implies adopting one of these technologies in a large scale.
Concerning the Software developer’s and System Administrator’s problem, the problem is way more complex. Sure, the total number of accounts and passwords can be limited by using centralized authentication schemes for applications that support it - all should in a perfect world - (You can find more information about using a centralized LDAP repository for Linux/PAM on this page. If you go this way, you will have to find a good, secure distributed/network file system to share /home directories), but the way applications are currently designed does not open the door to an easy solution. Each application/server has a special “admin” mode that gives the user more permissions, and it is common practice to protect that account using a user-defined password.
So, I’d like to know if anyone has ever thought of something nice that could potentially change the world for system administrators and software developers ? One thing I can potentially think of would be a solution where specific roles would be defined and standardized (system administrator, database administrator, ….), and each application would work with the system to validate a set of credentials (and check that the given user has the required role) supplied by the user before giving the permissions. In other terms, this would be some kind of PAM with the addition that system groups would be standardized. And frankly, with the number of applications and needs, I do not really see this as a possible solution.
Another option would be to switch to certificates to authenticate the users. Coupled with well-defined discovery+ storage solutions, there could be some /etc/certificates folder (+ some mechanism to associate certificates with applications roles) containing public keys that applications would lookup in order to validate user credentials. This would imply that each application could somehow challenge the user who would have previously stored his private key on a system that would act as a mediator between each application and him. Humm.. well.. this doesn’t really sound as an easy solution to me…
Permalink
12.06.06
Posted in Java at 9:20 am by skoobi
Java HotSwap support is being improved with each release. More information about it can be found in Jonas Bonér and Geert Bevin posts.
The goal of hot swapping is to allow the JVM to take new versions of the classes into considerations without reloading the JVM/Application.
Jonas believes it is a bad idea, but I think he refers to the ability of HotSwap to be used for AOP-like byte code instrumentation. Jonas seems to be heavily involved in AOP framework development, so I am not going to contradict any of his claims.
However, I DO believe that HotSwap can be used to improve the developer’s experience. Consider a web application that contains 100 Hibernate classes and takes 20-30 seconds to load. Most of the development time is spent loading and reloading the context, for each slight change in the Controller and View layers. Baiscally, if you want to add some stuff in a web page, you have to
1] Modify the action (Struts/Webwork Action, Spring MVC Controller, or Tapestry Page) to load the data from a database
2] Modify the view (.jsp/.jtl for Spring/Struts/Webwork, .html for Tapestry)
3] Deploy the application (30 seconds)
4] Test it. See that there is an error.
5] Correct the error, re-déploy the application (another 30 seconds)
and so on…
So, one of the solution is to use Jetty to deploy the application (for instance, using the Maven2 Jetty6 Plugin). This allows for hot-redeployment of JSP pages, but does not take the new classes changes into consideration. Jetty + Tapestry 5 is an attractive option for developers since it allows for hot deployment of both the HTML and Java code. This is awesome, except that I believe it should not be the MVC Framework’s job to do all the gory details of detecting new classes, re-loading the new ones, and so on. It is necessary to have a generic solution that will benefit all frameworks without specific support from them.
And this solution is called Java HotSwap. I am looking forward to having IDE support for that, that will allow to forget, once for all, this costly change-build-redeploy process.
Permalink
Posted in Java, Web Development at 3:04 am by skoobi
With globalization, Character Set problems are becoming more and more frequent, and are sometimes even a headache, as Mark Pilgrim and Scott Balmos highlight it in their respective posts entitled Determining the Character encoding of a feed and String encodings - another thorn in interop. Character sets are no more than a simple mapping between characters and numbers, and some encodings, such as Unicode UTF-8 tackle the interoperability issue correctly.
So, the real solution to all these problems would be to leverage UTF-8 as the default encoding for every application. If communication is necessary with a legacy system that does not support UTF-8, then whatever ISOxxx encoding is acceptable in a small wrapper that translates the stream to a UTF-8 one. In order to accomplish this :
- Make sure the default locale on all your systems are UTF-8. Recent linux distributions like Ubuntu luckily default to that.
- When writing or reading anything to a stream, Java (and I believe other languages too) defaults to the default encoding on the system. Do NOT trust this value, and make sure to only use the Reader/Writer constructors (example: OutputStreamWriter provides a few constructors that take the Charset. Use these constructors at ANY COST, and possibly write Jalopy rules that prevent the use of the default ones).
From a more general point of view, it would be desirable to have UTF-8 everywhere : Domain Name System (which stil uses ASCII), SMTP (which reverts to ugly hacks to allow people to write non-ASCII characters), etc…
The internet is an international place, and as such, should not be ASCII-centric. This means that if the standardization organisms (IETF, ..) do not realize this, we are going to see more and more forking such as China’s reform to its DNS, which is obviously a bad thing for the community since it creates more interoperability issues.
Permalink