Just received a great link from Martin Smith on the Asterisk-Java dev mailing list: Help Vampires.
The page includes everything you need to know:

• How to identify them
• What to do if you are a Help Vampire
• How you can reform them

A lot of help vampires originate from countries that provide cheap outsourcing capabilities for companies in Europe and the US. Interestingly enough these vampires usually receive support from employees and contractors working for (and paid by) just the companies that enjoy the cheap prices of offshore development.

• Help Vampires: A Spotter's Guide

Add a comment

Posted by Stefan Reuter on March 11, 2008 2:15:00 AM CET #

WHOIS is a simple TCP-based protocol that is widely used to provide human-readable information about domain names, registered networks, NIC handles and more. It dates from the old-ages of the Internet and is described in RFC 3912.

Usually you will use WHOIS to lookup the technical or administrative contact of a domain or network in case of technical (like DNS problems, routing trouble) or legal issues. Today I had a look at a .com domain and what I received was something like this:

$ whois ibm.com
Registrant:
International Business Machines Corporation
   New Orchard Road
   Armonk, NY 10504
   US

   Domain Name: IBM.COM

   ------------------------------------------------------------------------
   Promote your business to millions of viewers for only $1 a month
   Learn how you can get an Enhanced Business Listing here for your domain name.
   Learn more at http://www.NetworkSolutions.com/
   ------------------------------------------------------------------------

   Administrative Contact:
      DNS Admin, IBM
      IBM Corporation
      New Orchard Road
      Armonk, NY 10504
      US
      +1.9147654227 fax: +1.9147654370

Network Solutions has long been known to seek additional revenue from their NIC services by adding "creative" features, but selling ads in WHOIS (obviously available since the end of last year) just sounds crazy.

References

• DomainNameNews: Network Solutions Enhanced Whois Listings Provide Advertising to 1 Million per Day

Add a comment

Posted by Stefan Reuter on February 23, 2008 11:20:00 PM CET #

Today I had a look at the different options to compress files (in this case for backup purposes) on a Ubuntu system. The most common tools to compress files are gzip and bzip2. They have both been around for a long time, are available on most systems by default and are nicely integrated with other utilities like GNU tar (using its -z and -j options).
7-zip and the algorithm it uses (LZMA) is not that common on UNIX-like operating systems. It is well-known as a free alternative for WinZip on Windows systems and was started back in 1998. For Ubuntu p7zip – a port of 7-zip to POSIX – is available in universe (sudo apt-get install p7zip).

My test file was a MySQL dump with a size of 163 MB that contains mostly text. I was interested in the compressed file size and in the time it takes to compress and uncompress the file.

Here are the results:

For the test I ran all tools with their default settings, i.e. without providing any special options.

Gzip is still a great tool and provides good compression without consuming a lot of computation power. Bzip2 is much slower and only provides slightly better compression. 7-zip consumes a bit more cycles than bzip2 but results in far smaller compressed files. Speed for decompression is even better for 7-zip than for bzip2.

So if time is important (think of on-the-fly compression) gzip is the tool of choice. If you don't care too much about processing speed and need very good compression have a look at 7-zip. The only advantage bzip2 has over 7-zip is that bzip2 is part of most default installations and is more common. Let's hope this will change in the future, especially integration with GNU tar would be great.

References

• gzip Homepage
• bzip2 Homepage
• 7-zip Homepage
• p7zip for POSIX systems

Responses[13]

Posted by Stefan Reuter on February 18, 2008 3:05:00 AM CET #

Agile software development has been en vogue in this decade. It started with the popularity of Extreme Programming (XP) and Kent Beck's series of books on the topic.

One of the values stated in the Agile Manifesto is "Responding to change over following a plan" and is accompanied by the principle

Welcome changing requirements, even late in development. Agile processes harness change for the customer's competitive advantage.

While I generally consider most agile practices as common sense, some of they may also cause trouble.

Being agile encourages customers to feed the development team with ideas on the spur of the moment while non-agile processes enforce proper planning. As a result of the slower time to market more formal processes prevent short-run ideas from being implemented and consuming resources that were better spent working on future-proof core requirements. Besides this those short-run requirements clutter the system if not properly removed once they are no longer needed.

A nice solution is to use differnt processes for differnt systems. Agile processes are best deployed for systems with a short lifetime and requirements that are not fully understood upfront. Examples for this kind of systems are public facing web applications like web stores. More formal processes are well suited for core systems with a long lifetime where maintenance cost is an important factor and stability is key.

This separation allows new ideas to be tested in an agile environment and move them to core systems once they become mature and turn out to be important features in the long run. When they will finally reach the core system the requirements are well understood and can easily be specified in a formal way - so the formal process is not a burden but a line of defense for feature creep.

Which systems belong to which category depends on the type of your business. If you are a bank your accounting systems will probably fit the "core" category as will the systems needed for compliance and trading. The public facing systems and systems mainly used for sales could benefit from an agile process.
The following questions may help you when you classify your own systems:

• How long do you expect the system to live?
• How stable are the requirements for the system?
• Will your system undergo frequent changes?
• How important is the system for your company in the long run?

If you are planning new systems you can also use this classification to define your system boundaries.

Responses[3]

Posted by Stefan Reuter on January 27, 2008 1:58:21 AM CET #

Today we had an interesting bug in a small web application developed for a customer in the financial industry. The application is based on the Spring Framework, secured by Acegi Security and makes heavy use of AJAX (powered by DWR).

Everything went fine while testing with different browsers from Firefox to Safari and Internet Explorer in different versions. Finally we have started testing in the target environment - well locked down and without support for ActiveX controls from untrusted sites. IE6 needs ActiveX for its implementation of XMLHttpRequest (XHR) - the heart of AJAX. If XHR is not available DWR automatically switches to using IFrames to emulate XHR. This usually works well and has already been used in the previous version. Nevertheless the application just didn't work: Every remote call failed with a not so user friendly error message: "The specified call count is not a number: null".

Remote debugging of Tomcat showed that DWR is trying the read the request data using req.getInputStream() to parse it. When using IFrames reading from the request's input stream fails immediately and returns null, when using XHR it works fine. The main difference is the content type of the requests "application/x-www-form-urlencoded" for IFrames and "text/plain" for XHR. As IFrames do work without Acegi but fail with the Acegi filters in place I guess Acegi does mess with the requests when it wraps them in its SavedRequestAwareWrapper.

I didn't have the time to further track it down, but I created a small workaround that falls back to using req.getParameter() if reading the stream fails.

The following snippet shows the modification made to DWR's ParseUtil.java:

in = new BufferedReader(new InputStreamReader(req.getInputStream()));

while (true)
{
    String line = in.readLine();

    if (line == null)
    {
        if (paramMap.isEmpty())
        {
            Enumeration nameEnum = req.getParameterNames();
            while(nameEnum.hasMoreElements())
            {           
                String name = (String) nameEnum.nextElement();
                paramMap.put(name, req.getParameter(name));
            }           
        }
        break;      
    }
...

And who is to blame? Well, as with many interesting problems that's hard to decide. It's just a combination of multiple pieces of software mixed with environment constraints. I guess it's something that just happens and reminds us that testing is not useless.

Update 2008-02-22

Joe has just released DWR 2.0.3 that includes a fix for this issue.

Responses[2]

Posted by Stefan Reuter on January 24, 2008 12:24:00 AM CET #

BEA is well known for its J2EE application server Weblogic and recently extended its product line to a SOA stack branded Liquid. Oracle has its own J2EE compontents mainly derived from Orion Server and branded as OC4J. They also have a SOA stack called Fusion.

So you might ask what the future of these products will be.
Oracle already acquired three different business application suites in the past: J. D. Edwards, PeopleSoft and Siebel. Does it make sense to develop three different product lines of business application suites and at least two different product lines of Java EE and SOA middleware? Probably not.

This uncertain future may make companies reevaluate their current technology stack for middleware applications. They will notice that there is an alternative beyond the IBM Websphere dinosaur and JBoss which is now RedHat. The alternative is Apache Tomcat and Spring Framework mixed with some Terracotta if you need distributed shared data.

Spring basically allows you to assemble your own application server. Transaction management, security, remoting, O/R mapping, clustering – just add what you need when you need it. Basically there is not much left where Spring does not offer a proven solution. On the other hand the features where commercial J2EE servers have been strong in the past (compared to other stacks) are becoming less important:

• EJB remoting will be replaced by web services
• entity bean style O/R mapping has already been replaced by Hibernate (where EJB3 tries to catch on)
• load distribution and fail-over is easy in a world of HTTP or JMS based web services
• clustering of data is less important in the stateless world of services

In the end the uncertainty caused by Oracle's acquisition of BEA could very well further increase the growth of Spring and the open source components it makes so easy to combine.

Add a comment

Posted by Stefan Reuter on January 19, 2008 1:45:00 AM CET #

Yahoo! officially announced support for OpenID for all its users. OpenID is a decentralized single sign-on protocol already supported by an increasing number of web sites like LiveJournal, Zooomr and Blogger. Yahoo!'s OpenID service will be available in public beta on January 30th.

There have been rumors about AOL playing with XMPP. They've setup a test server at xmpp.oscar.aol.com that allows connections with most Jabber clients out there. You can try to log in to ICQ with the username icqnumber@aol.com on server xmpp.oscar.aol.com on port 5222. TLS is required.
The server is a bit overloaded right now so you might encounter connection problemns. As far as I know there hasn't been an official announcement for the new service from AOL.
It seems they do not (yet?) support server to server connections so you can't add AOL contacts to your XMPP buddy list of another provider, but maybe they change this later on.

The increased awareness of big sites with regard to open standards looks really promising. Let's see what 2008 will bring us.

Add a comment

Posted by Stefan Reuter on January 18, 2008 9:40:00 PM CET #

Though there are some great ideas around to provide a global single sign-on infrastructure for web applications like OpenID today's reality is different:

• usually one account per web site - hopefully with different passwords
• IMAP accounts for email
• accounts for instant messaging networks (MSN, ICQ, Jabber)
• accounts for your workstations at work, at home and for your notebook
• PINs for your various credit and debit cards
• account numbers and PINs for online and telephone banking
• access codes for door locks and physical access control
• and you probably can think of a lot more...

MobileKnox aims to make your life a bit easier by providing a secure store for your account data on your mobile phone.

If you are like me your mobile will always be with you. That means you will always have access to your credentials whether you are at work, at home or on the road.

MobileKnox runs on most Java-enabled mobiles and PDAs and is accompanied with a small desktop application that runs on all major platforms (Windows, Mac, Linux) to synchronize passwords with your device.

References

• MobileKnox Website

Add a comment

Posted by Stefan Reuter on January 17, 2008 1:44:00 PM CET #

Chalain blogged about Dishonest Programming and provides a few tips on how to write moral code by being honest with yourself, with the compiler, and with your coworkers.

I think the first ones are most important:

• Name functions for what they really do.
  Make sure your functions do what the name implies. Review your code to identify large parts that are doing different things like checking for preconditions or handling errors and extract them.
• Let your yea mean yea and your nil mean nil.
  If you write a function called createLink() it should create a link or clearly indicate failure (e.g. by throwing an exception). Side effects that are not reflected by the name should be well documented.

Few code is ever written to be dishonest but as new features are added and bugs get fixed in a hurry it is easy to become immoral.

References

• Dishonest Programming

Add a comment

Posted by Stefan Reuter on January 11, 2008 2:53:56 PM CET #

Sin-Yaw Wang put up a nice Theory in Compensation:

Your earned pay reflects the improvements of your skills. Companies do this in a zig-zag way: sometime over-paying and sometime under. The gap between these two lines cannot be too wide for too long. Either you will find a new job that pays your market rate, or the company will fire you for not giving your money's worth.

He concludes:

Ask first, when you are thinking of a new job, if you will be learning new skills. Don't ask if it pays better. You compensation will keep up with your skills, sooner or later. If you are not learning new skills, then you are simply being harvested.

Well said. I guess many companies out there just find it easier to pay more than to make sure their employees gain a real chance to develop their skills.
My experience is that even if they deploy formal processes for career planning, they often miss the point in what really matters to increase the value of their employees.

References

• Sin-Yaw Wang: A Theory in Compensation

Responses[1]

Posted by Stefan Reuter on January 4, 2008 11:28:00 PM CET #