Pauses Café

It’s very easy to DOS someone’s access to Norwegian’s tax declaration online system. If you happen to know their personal ID (not too hard to find if you really want), you can enter 3 erroneous passwords on the Altinn web site and get the online access blocked for one hour

update. Even better! When you fail for the 3rd time, it doesn’t check how long passed since the second. I’ve tried with a delay superior of one hour, and it still failed me. This can clearly be improved: they should add a least the last failure timestamp together with the failure counter.

The problem is interesting: how do you maintain some kind of secure authentication? Every site has his own strategy and the chosen balance between security and ease of use never quite the same.

Hp does seem to have some interesting productivity improvement numbers thanks to agile methodologies…

Question for Windows Java developers. CTRL+Break doesn’t propagate to children. So how do you generate thread dumps when you have forked your program ? This can happen if you fork surefire in your maven2 project configuration.

Reading this maks me think that there’s no easy solution…. So how do you generate proper thread dumps?

It’s funny how event handling in Windows and Unix is different. On linux you will use a graphical tool to wrap a low level signal sending. On Windows you will use a keyboard shortcut, or… an API to send a “ctrlBreak” event.

It’s funny. I keep getting the same questions: “should I use cvs or subversion?”

So I’ll state my answer once and for all. The main thing you may not like about subversion is the way it handles branches and tags. You may also not like the fact that the repository is not stored in a text file format (be sure to have good backups) and that the checked out project takes much more space.

On the plus side for svn, I will remind:

• atomic commit, your whole repository version is identified by a single id (you want that for software tracability reasons, more on that later)
• directory and meta-data versionning
• diff and revert without network access
• plays nice with firewalls
• designed to be a drop in replacement for cvs for daily activities (similar semantics)

So now that the support is good with the tools (IDE integration, Java SVN library, etc…), you should probably switch. Especially as migrating could be as simple as freezing your project for the time it takes to run a conversion script.

As for those afraid of performance, sourceforge with its 130000 projects supports svn site wide. And they are happy of the performance. That should say it all.

So yes, I recomment svn, in most cases. And I am eagerly waiting for CruiseControl 2.5 to be released so that we migrate to subversion.

CruiseControl 2.5 is getting closer to release, Jeffrey made a release candidate some days ago (go grab it) and it should be out around this week-end.

Tuesday, after fighting against Murphy law for a long quarter, I had the chance to give a talk as part of a Continuous Integration workshop organized by the BeJUG in Brussels, Belgium.

The topic was on how to make the best of CC to continuous integrate maven2 projects. While of mostly technical content (XML must be your friend), I concluded on mostly general recommendations:

• You’re not alone. Use FOSS tools, and learn from the FOSS community, Everything is in the Open.
• Standardize, it will ease your pain and enable you to work on other issues. CruiseControl and maven2 have features to help you create those software factories.
• m2 with CC works. The support for m2 projects exists today in a simple, flexible and open basic solution.
• I’ve heard ‘we use custom solutions because we have special problems’ so many times. Most of the time we don’t. KISS. And if the FOSS tools don’t fit perfectly, try to use them (ask for help), adapt and maybe… contribute back.

I will add one point: M2 support in CC is still at its infancy. There are plenty of things we can and ought to do to solve the problems organizations face now that they create complex software ecosystems made of hundreds inter-depending modules. And I am pretty sure the FOSS community will come up with interesting solutions to these problems. More on that later.

The slides are available here and should appear shortly on the BeJUG’s site.

PS: we need RAIP

I think I’ve found my worse coding error in the past 2 years. It’s so stupid that I’ve lost more than an hour on that one.

Here’s the simplified code. So please, go on and shame me.

new TimerTask() {
public void run() {
MyClass o;
try {
o = pingServer();
...
} catch(Exception e) {
logger.error(""
+ o == null ? null : o.getXxxx(), e);
...
}
}
}

I should probably contact Jetbrains. A smarter IDEA would have detected it.

update: I made a request enhancement to IDEA.

hint: the answer lies in this