Diverse – Page 9 – Fredriks anteckningar

Richard M Stallman till FSCONS

En profil som stenhårt driver linjen att människors rätt till frihet är en mänsklig rättighet – som är fullt förenlig med kommersiella intressen. “GNU-guden” Richard Mathew Stallman (RMS) kommer till http://FSCONS.org i år. En udda snubbe med skägg som tänkt till kring många frihetsfrågor.

Jag har lyssnat till honom vid två tillfällen och det brukar vara lite provocerande när han effektivt, brutalt och hänsynslöst svarar varannan fråga med: “Hur tänkte du nu egentligen? Eller tänkte du alls? Menade du verkligen vad du sa? Har du funderat över vad du implicerar egentligen? Nästa fråga, eller vänta – är det någon som har en intressant fråga så kan vi ta den först?”

Kata: Authentication Filter in Java EE

This is an exercise I’ve used to demonstrate how awkward unit testing can be if you can’t use a mocking framework. It’s an almost real work life situation (disclaimer: you should perhaps use container based authentication and JAAS) where we’re using API:s in a Java EE Server, adding two collaborators and then writing the logic combining it all.

No group has (yet) completed the entire task within 90 minutes – you might want to start/focus on using one collaborator only (I suggest the LDAP collaborator).

Originally posted on codingdojo.org.

When cleaning up a folder at work, I found this old document – it’s some form of a logical flow chart of the filter to write.

Here we go …

Background

In this Kata, your a programmer at ABC Corp and you’re making a new web app from scratch. After the head architect started working on this, it’s now up to you to make sure these tasks are completed:

allow authentication using request parameters
all authentication/login attempts should be verified agains LDAP
successful logins should be recorded in the single sign on registry

However, you’re not the only programmer (team) adressing this web app, so the LDAP is written by another team and what you have right now is this interface:

 public interface LdapAuthenticationGateway {
   boolean credentialsAreValid(String userName, String password);
 }

and the single sign on registry is also written by another team, leaving you with this interface:

 public interface SingleSignOnRegistry {
   boolean tokenIsValid(String token);
   String registerNewSession(String userName);
   void endSession(String token);
 }

Your job basically is to write one or more javax.servlet.Filter that handles incoming requests and act according to whether there’s a cookie with a SSO token, username+password parameters etc.

It’s assumed that there’s some form of DependencyInjection framework in place – to get a handle to the SingleSignOnRegistry or the LdapAuthenticationGateway, you’ll simply have to provide something like:

 public void setSingleSignOnRegistry(SingleSignOnRegistry registry) {
   ...
 }

About this kata

This “real life” scenario has been used to demonstrate how mocking (using Mockito) can be useful. We’ve combined it with BDD and JDojo@Gbg will try to practice TDD using this kata (without mocking) next time around.

(“Real life” is quoted – proper JEE authentication should be tied into the container etc etc … The point with this exercise is that it’s fairly easy to explain how it should work and what needs to be done here with “real” Java EE API:s, and then focus on the “How to develop” aspect (TDD), but also to show/talk about the difference between mocking and stubbing.)

Korsfunktionell syn

Sprang över denna bild som visar på en mogen organisation, eller som jag hörde någon säga vid lunchbordet:

– Ja, jag hörde att ni skulle bli agila på riktigt – flytta ihop korsfunktionella team i samma rum osv. När skulle ni “flytta”?
– Det gjorde vi redan i måndags – men var bara lugn: vi har fortfarande kvar flyttbara väggar mellan de olika delarna. PO, systemtest och PM har vi tryckt in i en egen liten modul.

PuTTY, socks5, etc

Sometimes, Windows and locked-up networks can’t really be avoided. If there’s a SOCKS proxy available, this is how to use it with PuTTY.

ssh proxy with putty — SSH Proxy Configuration with Putty

JsTestDriver

Most of my code writing time last week writing was spent in JavaScript land (or ECMAScript, wonder it the most commonly used name will ever change). I was to write a small templating package and had to write some new stuff and set out to use JsTestDriver and after a few minutes I was up and running in Eclipse.

The idea is OK I guess – run tests and production code in the same environment it will run in when deployed. There are a couple of cons to JsTestDriver (used through Eclipse) though:

if you’re configuration file doesn’t include the test file you’re trying to execute, there’s no clue to what you’ve done wrong – the panel in Eclipse will just show the green bar and 0/0 tests run.
if you have syntax (or construct like) errors in your unit under test, you’ll get the same behavior as above
sometimes you’re served a cached version of (some of) the JS source files – hence there’s a button to “refresh browsers” and it’s sad that it has to be there and that you actually have to use it
sometimes the engine gets into some strange state where it dryRuns the tests instead of actually executing them

Apart from that, its behavior is quite predictable. Minor issues:

running a test complete locks Eclipse’s UI thread
a Rerun quick command option would be great (Ctrl+3)

JsHamcrest

Another minor issue is that the “index” of JsHamcrest matchers is really hard to get an overview of. Whenever I wanted to use a certain type of matcher, it was really hard to quickly tell from the documentation if it was there or not. Go see for yourself and look for a matcher that mathes any object for instance.

JsHamcrest.Integration.JsTestDriver();

# get a list of matchers:
curl "http://jshamcrest.destaquenet.com/modules/matchers.html" | grep "dt id" |cut -d '"' -f 2 |cut -d '.' -f 3

JsMockito

JsMockito works really nice. The only thing that could’ve been better is the integration with JsTestDriver: when a verify step fails, you’ll get a good error message but you don’t get the typical feedback as from which line the verify/assert that failed was on. Not a big deal since you see which test that failed.

JsMockito.Integration.JsTestDriver();

Tecken på agil utveckling

Sitter och rensar ut gammal e-post och hittade följande som skickades till en kund när ett POC-projekt övergick i “vi gör lite mer än POC” (från 2008).

Som förespråkare för agil utveckling vill jag ju poängtera att

agila utvecklare aldrig undviker att “träffa” ett lager utan tvärtom har som mål att i varje utvecklingssteg se till att man tar ett “helt snitt av kakan” – man tar inte bara glasyren som vi gjort nu, utan strävar att alltid jobba sig hela vägen ner till botten (databasen) utan fusk eller genvägar.

Om vi har 30 minuter kan vi diskutera vilka agila principer vi skall hålla högt i detta projekt :)

Det förra projektet hade följande högt:

gemensamt kodägande

daglig regelbunden standup (med de tre frågorna: vad har jag gjort sedan senast, vad gör jag till nästa gång, har jag några hinder i vägen)

standupen får vara högst 15 minuter

planering i iterationer med synlig sprint backlog och …

… burndown chart

utvecklarna estimerar och planerar sprinten ihop med beställaren

sprintens backlog respekterades av alla

utvecklarna bestämmer egna dagordningen – alla jobbar med allt, inga revir

show and tell i slutet av iterationen

kontinuerligt bygge & test av koden

alltid körbar kod

sprintens backlog underhölls av och var till för utvecklarna och gav PM info om progress

endast återstående tid rapporteras

och halvhögt hölls

one shot build – ett kommmando är allt som behövs för att bygga och testa allt

retrospective – utan regelbunden utvärdering utvecklas man inte

gemensam arbetsyta (open work-area)

velocity – utvecklingstakt beräknades efter varje iteration utan indelning i mötestid, utvecklingstid, reviewtid, …

enhetstestning

coding standards – code review

och halvlågt hölls tyvärr

testdriven utveckling

automatiserad acceptanstestning

parprogrammering

och obefintligt var:

on-site customer

continuous deployment

relativa estimat i produktbacklogen (estimaten där hade rubriken timmar vilket var missvisande)

Det finns andra “agila tecken”, jag tog bara ett par ur huvudet och från http://jsolutions.se/2009/10/29/undersokning-om-agil-utveckling/

/Fredrik :)

View Generated Source in IE6

How to view/get the IE generated source /dom tree – copy the following into the address line:

javascript:'<xmp>' + window.document.body.outerHTML+ '</xmp>'

Git vs Mercurial

I’ll post my findings on why I prefer one over the other here.

Pro Git

feature branch workflow that doesn’t leave dangling branches all around (hg clone is a workaround imo).

Pro Mercurial

hg is one character shorter than git
hg st is many characters shorter than “git status” – it’s much more convenient
hg can reference commits using a short number and not only hashes
hg serve

Cons Git

None yet really.

Cons Mercurial

It’s Python. Clients use Windows. Too often a non-optimal match.

Other Thoughts

Eclipse is moving to Git.

With just a few branches and simple workflow, MercurialEclipse has served well. EGit just recently became useful enough for day-to-day work.

Gitorious is nice (and free), I’ve not seen a similar tool for Mercurial yet.

Lexmark E120n with cups

After a system reinstall (new system hard drive, this time round with Ubuntu Server 10.10 64-bit), I needed to setup CUPS again with a network connected Lexmark E120n printer, which works quite well. Linuxprinting.org however lists a PPD/driver that doesn’t work well at all – for larger files (PDF with airplane boarding passes) it just spits out one page and then stalls.

Enabling remote configuration of CUPS

All of this needs to be modified/added to /etc/cups/cupsd.conf, and then the host can be accessed using HTTPS and /admin/.

Listen *:631

# Restrict access to the server...
<location />
  Order allow,deny
  Allow all
</location>

# Restrict access to the admin pages...
<location /admin>
  Encryption Required
  Order allow,deny
  Allow all
</location>

# Restrict access to configuration files...
<location /admin/conf>
  AuthType Default
  Require user @SYSTEM
  Order allow,deny
  Allow all
</location>

And restart cups. This will however complain with “400 Bad Request” and the log says Request from "1.2.3.4" using invalid Host: field "hemma.wendt.se". This is because Debian/Ubuntu default config simply chose this setup. The fix:

ServerAlias *

Setting up the printer

Driver:	Lexmark E120n Foomatic/lj4dith (grayscale)
Connection:	socket://192.168.1.137:9100
Defaults:	job-sheets=none, none media=iso_a4_210x297mm

I’ve put up the PPD file I use should I need it again.

SMS Gateway API from 46elks

I just got an alpha invitation to try out the 46elks SMS API. These are my notes.

My Own Summary of The API

Several numbers can be tied to your account
RESTful HTTP API (with version in base URL) with JSON responses
BASIC HTTP Authentication
HTTPS
Simple GET web hooks / URL callbacks (per account and per number) for inbound delivery with message payload as URL query parameters

Nice

“Splitting and joining multi-part SMS messages are automatically handled by the API.”

Opportunities

Delivery Notifications

I’d like to be able to know if a text (SMS) has been received by the target recipient(s). We used this when we had several people “on standby”, if the first person was not reached withing one minute, we moved on trying to contact the next one.

A callback URL for delivery notifications (tracking) would be perfect.

Error Messages

The API docs doesn’t mention error codes/messages or what types of validations are carried out on the backend.

Non-plain Text Content

VCards is the type I’ve ran across previously.

Other Notes

Character encoding is said to be UTF-8 which is fine. The docs should perhaps be more clear on this since they accept parameters with GETs (and in URLs, there is not standard way of telling what character encoding is used).

I’d prefer if the URL callbacks used POST (and JSON payload). GET URLs are limited and even though not many users tend to send 1024+ long texts, my mother does and that would risk being cut off somewhere down the line (or software stack).

Delivery limits – how long will 46elks hold my messages when my server park is out? How many attempts at delivery will 46elks make?

The documentation should have perhaps used https in the examples.

Timeout limits for replying to a message should perhaps be in there, as well as the option to turn this feature off. If my service somehow is throwing error messages out, I’d prefer them not being sent to my clients.

Bottomline

As an alpha preview – this is great and looks really nice and convenient to use. A complete (send and admin account) interface can be written using HTML+JavaScript only. As expected, there are a couple of things missing from the API, such as cost information/account balance and perhaps type (prepaid, invoice, …).

Update: I put out the ~~quick hack~~ files I used to try the API on GitHub.