Some time ago (yeah, I could have blogged about this. In fact, I should have…), we started using Apache Cassandra to store user sessions for our web applications. To do this, we used Tomcat-Cassandra, a drop-in replacement for the standard Tomcat Session Manager. After a little while we stumbled upon two defects in the software, that were show-stoppers for us. It created Session objects always, even if the code used to process the request did not need a Session at all, and never evicted invalidated Sessions.
Manual testing does not scale. Just like manual anything doesn’t. This is no news. However, for various reasons people keep doing manual work. One of the reasons I hear the most is not knowing how. This is a valid motive, but a dreadful one as well. The team will enter a negative feedback loop: I don’t know how to automate I can’t learn how to automate because I have no time I have no time because I have to test manually I have to test manually because I don’t know how to automate Working with web applications, Selenium IDE is an amazing tool to break this negative loop.
I’ve spent the last days tracking down a bug in a Production environment, which I could not for the love of God reproduce locally. For future reference more than anything, I’m leaving here what I understand should be checked when trying to assertain environment differences affecting a Java Web application, sorted by (again in my opinion) relevance. The obvious: JRE version and vendor, Application Server version; Shared libraries versions; Database vendor, version, character sets, collations, and so on; Configuration for services that the application relies on; Application Server startup parameters; A long list of etc’s that may grow in time The point is that, for this particular issue, I’ve completely overlooked the shared libraries.
I’ve read Mocks Aren’t Stubs some time ago. However, it was not until recently, after having a discussion on TDD with a colleague, that I realized how strongly coupled a test is to the tested class' implementation when using mocks. Ever since I started using mocks, seeing how easy it is, I’ve been doing tests to archieve a high percentage of code coverage. Thinking the TDD way, this is plain wrong.
I’ll be attending SpringSource‘s Spring Core training this week. Two cool remarks from day one: Infrastructure beans in its own bean definition file After having heard this suggestion, I can’t believe I didn’t think of it before. Having plumbing beans on a separate file makes all the sense in the world. It is expected to change for different environments, so data sources for instance can be defined as pools or JNDI lookups for a web environment, and as stub beans for testing.
Our statesmen still don’t realize how important time is for IT systems. For the third time in a row, the rules for DST were changed less than a week before they would’ve been implemented. There’s no way vendors (or maintainers for FLOSS) can keep up with this kind of mambo-jambo. I’m trying hard not to turn this into a political rant, but it seems clear to me that this matter is being handled as almost every other subject by the government.
Spring Modules has been marked deprecated. In favor of Spring Extensions, says the page. Now Spring Extensions doesn’t have Annotations validation, a great feature of the former project. In fact, I couldn’t find these annotations or the necessary Validator Configuration Loader anywhere in Spring 2.5. So, for the time being, I’m using Validation 0.8a from Spring Modules, ignoring its deprecated status. If you’re using Spring 2.5 and Maven, do remember to exclude Spring from its dependencies.
Just in case you haven’t heard of it, there’s a new attack vector on the SHA-1 hash algorithm. This is causing all kinds of havoc in communities that use PGP signatures, since signatures are created with this hash function by default. As an accessory to this, GnuPG’s defaults for a key result in a key such that you cannot use the SHA-2 family of functions (you cannot use anything with more than 160 bits, or, more precisely, you can but it gets truncated), so you’re basically stuck with SHA-1 or RIPEMD/160.
As it is about to begin here in Argentina, I’ll be shutting down not only the lights at home, but also my computer and as much electrical stuff as I can. This means, everything except: One TV set, as Argentina is playing for the FIFA World Cup 2010; My fishing tank’s filter and air pump; A minimal set of inter-networking devices, as I’m not sure if every family member is willing to join the effort; Freezers.
In the many, many, discussions I had with almost every human being since the creation of Facebook, I’ve stated my strong opposition for this kind of sites. I consider them a huge invasion of one-self’s privacy. People tagging pictures with your name, without your authorization? C’mon! And this happens even if you don’t have an account created? This has to be illegal. Yet, I’ve managed to keep myself out of this circles until today.