A Java geek

Oct 12, 2014

You shouldn't follow rules... blindly

Some resources on the Internet are written in a very imperative style - you must do that in this way. And beware those that don’t follow the rule! They remind me of a french military joke (or more precisely a joke about the military) - but I guess other countries probably have their own version, regarding military rules. They are quite simple and can be summarized in two articles: Art. 1: It’s mandatory to obey the orders of a superior. Art. 2: When the superior is obviously wro

Oct 5, 2014 code coverage quality

Your code coverage metric is not meaningful

Last week, I had a heated but interesting Twitter debate about Code Coverage with my long-time friend (and sometimes squash partner) Freddy Mallet. The essence of my point is the following: the Code Coverage metric that most quality-conscious software engineers cherish doesn’t guarantee anything. Thus, achieving 80% (or 100%) Code Coverage and bragging about it is just as useful as blowing in the wind. For sure, it’s quite hard to have a fact-based debate over Twitter, as 140 chars

Sep 28, 2014 exception management good practice quality

Throwing a NullPointerException... or not

This week, I’ve lived again an experience from a few years ago, but in the opposite seat. As a software architect/team leader/technical lead (select the term you’re more comfortable with), I was doing code reviews on an project we were working on and I stumbled upon a code throwing a NullPointerException: that was a big coding mistake. So I gently pointed to the developer that it was a bad idea and that I’d like him to throw an IllegalArgumentException instead, which exactly th

Sep 21, 2014

Thank you Mr Beck

Two weeks ago, I was at the JavaZone conference for the first time. There, I facilitated a Vaadin 7 workshop and presented an Introduction to Mutation Testing. Moreover, I attended many great talks by brilliant speakers, but one was really head and shoulders above the lot: 'Software Design, Why, When and How' by Kent Beck.

Sep 15, 2014

Another valid Open/Closed principle

I guess many of you readers are familiar with the Open/Closed principle. It states that: Software entities (classes, modules, functions, etc.) should be open for extension, but closed for modification This other Open/Closed principle is completely unrelated, but just as important. It states that: When 'something' is opened by one’s code, one MUST close it as well!

Sep 7, 2014

The best there is at what it does

Before anything else, please check the reference to the title if you didn’t get it. This week, Vaadin released its version 7.3 with the new easily configurable Valo theme. I just had to blog about this on my other blog, morevaadin.com, which uses Jekyll as static-site generation engine. The problem I had to tackle is that not only did I not use Jekyll since 5 months, my laptop had been remastered and I had to re-install the software. Now, with the help of my friend Google, I managed to

Aug 31, 2014 design exception spring

Using exceptions when designing an API

Many knows the tradeoff of using exceptions while designing an application: On one hand, using try-catch block nicely segregates between regular code and exception handling codeOn the other hand, using exceptions has a definite performance cost for the JVM Every time I’ve been facing this quandary, I’ve ruled in favor of the former, because 'premature optimization is evil'. However, this week has proved me that exception handling in designing an API is a very serious decision. I&#

Aug 17, 2014

Past, present and future

Dear readers, This week won’t be a detailed technical article: last week’s was the 250th post on this blog, time for a little introspection, and thinking about the past and future. Speaking about the past, my first post was written on this blog on April 7th 2008 - more than 6 years ago, to announce I had successfully passed the Sun Certified Java Developer 5 :-) At that time, I didn’t really know what a blog was for, I just wanted to have one and I used it sometimes like Twitt

Aug 10, 2014 JSTL security Spring MVC

Sanitizing webapp outputs as an an afterthought

For sure, software security should be part of every developer’s requirements: they should be explained and detailed before development. Unfortunately, it happens in real life that this is not always the case. Alternatively, even when it is, developers make mistakes and/or have to make with tight (read impossible) plannings. In the absence of security checks automated tools, sooner or later, an issue will appear. I’ve been thinking about a way to sanitize the output of a large-scale

Aug 3, 2014 owasp spring security

Session Fixation and how to fix it

These last few weeks, I’ve been tasked to fix a number of security holes in our software. Since I’m not a security expert, I’ve been extremely interested in this, and have learned quite a few things. Among them is the Session Fixation attack. The context is an online Java application. One part is avalailable through simple HTTP, where you can do simple browsing; when you enter credentials and successfully log in, you’re switched to HTTPS. This is a very common setup fou