afongen
Sam Buchanan's weblog.

Open Source Testing

December 22, 2003

I went looking for free and/or open source coverage testing tools as alternatives to Clover and jcoverage and found Open Source Testing. Handy.

IT Symposium Day One Braindump.

December 10, 2003

I'll have to collect my thoughts later, but a quick few notes on the Government IT Symposium. I kinda hate to unceremoniously dump these notes here without taking the time to think things through, but some things didn't make it into my written notes, so they end up here.

• The project management sessions were largely worthwhile. One in particular, on dealing with the people part of a project, was especially insightful and one I'll write about later.
• During a spirited discussion at lunch, someone said they were trying to enforce use of only Internet Explorer at their agency because it was "the most secure." I have to track this guy down to find out just what the hell he's smoking. :) He said something about how IE doesn't "punch through your firewall" like Netscape. Seriously, I'm going to find him to figure out what he means. That particular discussion was cut short because someone was afraid of a holy war in an otherwise civil conversation (a justifiable but unnecessary fear).
• One of the best lines of the day: "Outsourcing is good. Consultants are bad." Yep, that's the attitude out there.
• Another good line, but not tongue-in-cheek: "Business requirements should be kept separate from technical requirements."
• Everything I heard today about best practices in project management flies squarely in the face of how a certain project that I have not yet ranted about here has been mismanaged from day one. Just like I and many of my colleagues been saying all along, but apparently to the wrong people.
• Project management is not about managing, it's about leading.
• Even though it was never brought up today, I am even more convinced that agile methodologies like Extreme Programming are to be given serious consideration. I will definitely get back to that point someday soon.
• The wireless network was slow, and I was one of the few people there with a laptop. It didn't turn out to be as useful as it has at other conferences, so it stays home tomorrow.

Okay, now off to sleep. More sessions tomorrow.

Government IT Symposium

December 09, 2003

Starting tomorrow I'll be at the Minnesota Government IT Symposium. If you'll be there, drop me a line (sam at afongen dot com). Or just look for me: I'll be the hostile-looking guy in the corner, wishing there weren't so many frelling people.

I see that there will be a wireless network. Good; I was worried. In fact, "the network will blanket the RiverCentre and extend up to 30 miles away!" Show-offs. Now I can take notes with SubEthaEdit and see if anyone joins in. 'Course, how much do you want to bet that I'll be the only one there with a Mac?

The Symposium itself looks mostly worthwhile. I just couldn't bring myself to attend the day-long seminar on government web sites ("Usability, Ethics, and Accessibility"): I would have been bored out of my mind. I figure the project management seminar will be more useful for professional development. I'm still trying to make my mind up about some of the shorter concurrent sessions. As usual, there are some times when none of the sessions grab me, others where I can't decide between several.

Speaking of conferences, it's been suggested that I submit a proposal to do a session on web accessibility at an upcoming conference. It's a good idea ⅀ I'm all for faculty learning more about how to make their online course materials more accessible, and I know that I could do a compelling session — but I don't think that I'll submit a proposal. My mind is so very elsewhere right now, mostly immersing myself in the fun-filled world of Java web development. Maybe I'll try to do something at ITeach, which comes later this spring.

Battlestar Galactica

December 08, 2003

I've been waiting for this for months, and here it is. Battlestar Galactica just started on the Sci Fi channel. I have only vague memories of watching the original as a kid, and they're campy memories at that, so I can't be too disappointed. Heh. No, I'm being unfair, it looks very cool. I mean hey, Cylons can have sex.

Spectra now Open Source.

December 06, 2003

Macromedia have open-sourced Spectra, their ColdFusion-based content management system (originally Allaire Spectra). They're no longer developing or selling it, so why not release the source?

Of related interest: FarCry, an open source CMS using ColdFusion MX.

When private isn't.

December 06, 2003

On Friday I was getting a crash course in the JBoss/Spring/Velocity combination that we're experimenting with at work. We started with a trivial class, something like this:

public class Person {
  private String firstName = "Peter";
  private String lastName = "Penguin";
  public String getFirstName() {
    return firstName;
  }
  public String getLastName() {
    return lastName;
  }
}

The template did something like this:

<p>Name: $Person.getFirstName() $Person.lastName</p>

We used both the getFirstName() getter method and the lastName variable to demonstrate that it worked both ways. But I didn't really understand how, since lastName is private. I vaguely remembered some way around this security restriction but couldn't remember the details. Not that it mattered, since it was unlikely that the technique was being used in Velocity, or even that it would work in a web environment.

So what's going on? I renamed getLastName() to getLname() and the template stopped working. Ah ha! Turns out that the template engine sees the lastName variable and makes a reasonable stab at the getter method's name. That's a handy technique to keep in mind.

But what about this security restriction workaround that I thought I'd seen? Was I out of my mind? Amazingly, no! In "Subverting Java Access Protection for Unit Testing" Ross Burton writes about something that I've been wondering for some time: how to do decent unit testing in Java without making all my variables and methods public or subverting my design just to make them available to test code in the same package.

The Java Reflection API allows the program to introspect arbitrary classes at runtime, accessing members at will. Most competent Java programmers should know this much, but what many don't know is that the security layer preventing you from accessing private members is only optional, and can be turned off. This allows the system code to be written without explicitly planning the unit tests, and if the unit tests really do need to access a private or protected member, they can.

Excellent. This makes proper unit testing so much easier, as you aren't restricted to "black box" testing of just public methods. Wonderful. Maybe reading the fine print in the API documentation is worthwhile, after all.

Aaagh! I have free time!

December 02, 2003

Don't worry, I don't actually have anything of the sort. But I can relate.

Quick Links

December 01, 2003

I really have to set up a linkblog.

• Beyond Instant Messaging, picking up on some of the themes that makes Jabber so interesting to me, such as incorporating presence awareness into applications.
• The Opte Project, beautifully mapping the Internet.
• Access Control (aka Authorization) in Your J2EE Application.
• Authentication in IIS.
• Java vs. .NET Security, Part 1.
• Web security news feeds on OWASP.

Perl Advent

December 01, 2003

The 2003 Perl Advent Calendar is here.