Knowing that someone uses a specific software can be used against the user. Sometimes, an attacker has to use sophisticated techniques to guess which software is behind the initial website. These could be 404 requests or some malformed queries to get the detailed stack trace or specific page organisation. It turns out, the number of requests required for detecting AEM equals 1. In this blog post, I will leverage that fact. Here, I present a technique for discovering Adobe Experience Manager using a regular, random web crawler.
Software is a young and exponentially growing industry. Many developers think, especially in my beloved web dev, that we left our scientific culture foundation and moved to something that is driven mostly by fashion. Can we bring good patterns from other, much older industries? Recently, I joined the ham radio community, became a licensed operator, and I have 3 things to share with you that we should consider in the software development world: conversation schema, openness for change, regular drills. I think these points may sound controversial, hence in this blog post, I am going to explain each of them.
I know most of people are not used to working from home. I get that. I do respect not everyone wants to go offline/online, resign from their work outside the home, leaving the environment that is meant to be a place for rest, not for work.
Nowadays there are problems with working remotely that started to be more visible, and I want to share with you some basic rules that are important while working from home. Most of them will look very obvious but I assure you - they are not for vast majority of people. Let’s make these rules clear then!
The last Christmas article - about most common Java bugs - was a success for me and this blog. This time we will take a look into OSGi bundles, which I consider as the vital top architecture for many products (like Eclipse, Jira, Adobe Experience Manager). On the other hand, OSGi is often treated as yet another Dependency Injection container, which is wrong by definition. Let’s take look at the tree mistakes developers and architects are making with their OSGi ecosystem’s design.
Java 14 is coming with a new feature - NPE’s
getMessage()method will return a description which object is null and, therefore, a cause of an error. The feature is called “helpful NullPointerExceptions” which sounds very nice. But is it really helpful? How is it working? Are there some downsides?
Overtime, exhaustion, internal pressure and suicidal thoughts - we all have been there. The project you’re working on is “almost done” and you just need to fix up a few things. But at the very last moment it turns out that there are “another few” things to change. What can you do? Your website is going live in a month! That means you and your team is going to take an overtime and try to do all at once. You are in “crunch time” now. Could you do some activities in advance to avoid such situation?
Clamp.js has just one purpose: it monitors a container. If text inside doesn’t fit into it, the overflowing part of the text is replaced with ellipsis. Simple, right? It supports only block containers, because of its dependency on
clientHeightproperty. The library is very useful, especially when content suddenly overflows from the design that has been done and signed-off months ago. In a such situation, it’s very hard to step back. At this point, it’s engineer’s responsibility to support that ugly corner case.
This is the very good piece of code I used before - it is 9 years old already! Moreover, it supports browsers which do not support the native
-webkit-line-clamp) CSS feature.
In the 21st century, when accessibility is quite important, developers are asking different questions that 9 years ago. How does Clamp.js work with various devices, especially screen readers? Do they read the entire text or just the clamped one? Is it safe to use in WCAG compliant websites?
My mental abilities (actually lack of them) pushed me to software engineering. Seriously. During my childhood and adolescence I had big troubles with remembering things. A poem to learn? No way. Geography or history? In these fields you were a good student if you remember dates, names, locations. I just couldn’t remember these things that were coming to me out of blue. Mathematics in primary school was also painful: multiplication tables. That was awful! I remember other kids were just immediately writing a number based on input and I had to perform some calculations in runtime (6 times 9? That’s 6 times 10 and minus 6). The funny thing is it turns out that processors are not keeping multiplication tables, oh what a shame, we learnt absolutely useless portion of knowledge. On the other hand, understanding of complex behaviour or systems was relatively easy (as long as I understood the motivation behind: it was damn easy to learn trigonometric functions by unit circle rather than some ridiculous rhyme where cosines is negative). Without a struggle, I learnt physics, somewhat of electronics and programming.
When I was a bit younger, an interviewer (some Java developer) asked me:
Do you know SOLID, boy? What does
I hope it’s worth going there, Dawid.
Kociamadka said to me when we were getting up around 5 o’clock, 3-4 hours before Confitura’s Grand Opening. That’s not the best time to wake up, wash up your arse, make a quick coffee and run for the train - which we barely catch up, by the way.
Yeah it’s going to be fun, love.
To be honest, I was not 100% sure. A few people were like: “yeah, it’s not going to be as nice as it was years before”, “ you can watch it later on at YouTube”, etc. That’s true without any doubts - I mean, compared to the world-class conferences it’s quite local, without major contributors to our Programming World, etc. At the end of the day, it’s not a gig when one is paying a monthly salary to get there. Conferences, especially in Poland, recently made a big step forward in being “fucking big gigs”.
I know, your code works, but…
I am going to do the review of SOLID principles for tests, mixing my own experience with top-shelf publications about testing and clean code in general: let’s take a look at approaches we can apply in our greenfield or brownfield projects. Do you know how to prevent rewriting all tests when implementation (but not necessarily behavior) is changing?
Eclipse, Adobe Experience Manager, Jira - what do they have in common? They all are using OSGi container. OSGi is a container of bundles. There is a very important bit of bundles architecture then. Keep in mind, that OSGi is nothing similar to classic DI mechanisms, as it defines another layer of isolation: bundles. Guice or Spring still can be used within OSGi container separately for just a one bundle. Within the bundle, the framework provides special Class Loader which is loading all classes based on the configuration of the bundle and a context of its execution. You can think about single bundle as an isolated runtime environment with components, explicitly defined packages and services as an external way of communication.
This week I was attending the InfoShare conference. I want to share the most important bits of the conference - presentations, that inspired me to do next steps in my career development. Are they purely technical?
Constructors in object oriented programming are very important static methods - they start an existence of every object. Regular Java code is full of constructors, and we actually used to them as well. But can constructors be better and worse? Sure. I made a list of 4 bad constructor rules that came up first to my head.
Good practices are so boring so let’s see how we can make other engineers’ life worse!
How many design patterns do you know?
How do you implement Observer?
What Java class has been implemented with Decorator pattern?
Every interview was starting with these questions. How many design patterns I don’t know? I read the book, I knew every single coming from Group of Four. Heck, I had these patterns taught in the University!
Are they used now, anyway?
As I mentioned in my previous post about Java 11 HTTP client, API comes with asynchronous method for making requests. Boom! That’s your head, it blows up.
I wanted to write an interesting piece of code so I did partially. An asynchronous website crawler! It isn’t very useful though, I don’t think Google engineers will be interested even if it makes lovely fart sounds, which it doesn’t.
TLDR; I don’t find this method very useful for things like crawling websites, especially there is no single point of data exchange, however it looks very useful for not sequence-sensitive activities. The call itself is simple enough to understand and apply to your codebase though.
Here it is: the shiny
HttpClient::sendAsyncmethod! This time I am going to crawl my girlfriend’s blog about having cats at home, which I guess it’s worth to check out if you have a nasty fur ball already or going to have one. It’s polish language only, but for God sake, can’t you use Google translator? I am writing this blog with its help all the time. You’re welcome :).
There are a lot of crap flying around about the Bitcoin. Is it going to crush down? Is it worthless? Why did prices go down? Hell I know! Maybe people just found out “cryptocurrency” doesn’t mean “privacy” and all history of transactions are public and it’s matter of time to find out who did which transaction? Who knows… Don’t even ask me these questions, Bitcoin is a nice introduction to the thriving market of numbers aka fintech. But, what I care the most is the technology behind.
I am fine with BTC “distributed” database (blockchain, probably only cats haven’t heard about “blockchain”). Each node currently stores about 20G of transactions. It’s the same gigantic ledger for every one. Well it’s not the redundancy I would normally approve but whatever - it’s about money. “Storing money has to be expensive” - said banker.
Regardless to the market problems, do you know how your Bitcoin node connects to other nodes? I did not.
Meet Andrew - a software engineer. He is doing a lot of software engineering crap. Everyone likes him. He was a rockstar here and there. Recently, he took over the old project some other people abroad were working on for a few years. Everyone was saying that this project is a nightmare and people were quitting job because of it, but not Andrew. He was the right guy here.
— Shite, how shitty is this shitty code?! So much, so much, nananana - he was silently singing all the time reading that code. His behaviour wasn’t impressive, but people kept thinking he is a genius. Every weirdo has to be one. Unless not. Anyway, he hated that code, which had many nested ifs, not enough code coverage and, which was the worst thing in the Universe, integration tests that took ages every single time someone tried to run it.
Once he asked his manager to throw away the codebase. He would re-write it again. It would be better, shiny code that he and everyone else will understand. No doubts to it. His superior agreed, considering Andrew’s fame in the office, to get rid of the entire codebase and re-do the analysis phase, apparently missed or done in two minutes.
That was the moment everything was getting so funny and scary.
Software engineering accepts playing with other’s code. I struggled for a while before started doing it. I was doing it wrong though. It isn’t just the software your competition is writing. It is about all software products at all!
Now I am relaxing with Witcher 3 on my Xbox and that’s actually is fun. Don’t try to bother me, I am working now, fool!
Any HTTP Client library in Java is a hell to me. Comparing to other technologies like Groovy which have built-in APIs, Java sucks. Projects use Apache HttpClient API for trivial tasks like testing, which I consider as a brain rape because of the usage difficulties. When the HTTP client was introduced and incubated in Java 9 I was like:
Finally, we have our HTTP client, at least for testing!.
Now it’s officially moved to
java.net.httppackage. I had to try it on my own in the home laboratory.
Recently, I wrote a blog post about performance of Java Data classes. Many people pointed me out I did not write a JMH test. Instead, I wrote simple microbenchmark on my own, based on the Java performance book. Because it is, apparently, unreliable I had to write JMH test as well and compare results - trying to explain why it’s different. Let’s answer outstanding questions.
What do you think? Am I, in fact, totally wrong here?
Hello, fellow programmers! First of all, I wish you all Merry Christmas! Spend this time well, there is not many moments for rebuilding family bounds these days. This is the special, Christmas blog post. I named it that because it’s fun comparison with one of the most known Polish carols (listen it here, play it now) - “Bóg się rodzi”. The name is “God Is Born”. Polish word for God - “Bóg” - reads as same as “Bug”. How programming-ready this language is!
Today, we are going to discover the most common Java bugs I have seen in my Java journey. Hope you won’t find them under the Christmas Tree :D (that’s another polish tradition - we are putting presents under the tree).
BTW: Funny thing. Let’s go back to the day I started writing this blog. I thought I would never find enough topics to blog weekly. Now, the number is amazing. Optimistically, I should write about all of them in 2090. I am just saying - regardless to many people’s opinion, the blog exists.
I recently wrote a constructor:
Cuboid(double width, double height, double depth, byte r, byte g, byte b)
It doesn’t look right. There are many values of the same (and similar, like bytes-doubles) type. On the other hand, what can be wrong with many parameters? I started to instantiate these cuboids. The order of parameters was obvious but I had to check it few times - it’s very painful. And, yet, I wrote it myself! What if someone else will try to use it?
But hey, I can create additional data classes, right? So, I created two POJOs (Dimension and Colour) and changed the constructor to:
Cuboid(Dimension dimension, Colour colour)
Parameters now are related to the purposes they serve: dimension and colour. During the code review I received an honest but scary feedback though:
Classic Daw. Are you mad? This is really inefficient way, you are creating new instances! R U MAD?!?!?!?!?!?!
It made me nervous. Is creating these classes a bad thing? We are not writing here some serious, highly-performing stuff, just regular code that helps other people to solve their problems. I was really confused - is the guy right? Many people would say that object instantiation takes too much time in JVM. They are correct, however, the next question is: “How long?”.
I needed to know. It is obviously an additional work to a computer but the advantage is significant for other programmers’ work. I had to test in on my own. Let’s do the microbenchmarking.
— Oi, manager! I need a raise!
— Do you? Ok, fine. But you know what? I need a race horse; can you buy me one?
— I see no reason…
— Well, yeah, me too.
Do you like coffee? I am crazy about it: I love the roast one. I like an espresso rather than just regular, diluted cup of coffee. It has more aroma. Once I have made an exception: my coffee-maker made me “Espresso Lungo”. After that day my stomach hurts every time I am drinking it again. People can connect the taste or aroma with an event in a memory. I have to remove Espresso Lungo from “my personal drinks” menu.
That day, right after a stand-up meeting, my team leader called me. He said I should talk with some other guy. He was quite interested in our component we were delivering.
The era of HTTP/2 is almost here.
HTTP/3? Not so fast. The standard is still in progress but big player is using it already. Which one? Google of course - actually they implemented QUIC protocol in… Chrome 29. With 28th of October we are speaking about HTTP/3, not QUIC anymore.
There are few nice docs about the protocol and hints how to build a server. We are going to answer question “what does HTTP/3 means? Should I throw away my knowledge about HTTP stack away and learn something new?”
tl;dr is: no. The Key Difference is the Transport Protocol.
Writing this blog is time-boxed due to my actual work. It’s around 20-30 minutes a day. Yet the outcome satisfies me, at least in terms of my learn-how-to-write progress.
That’s why I hate problems with tools. Recently, this laptop didn’t leave my home through the window because one of my cats likes to sleep on it. Ubuntu 18.04 upgrade took Jekyll and other Ruby-based apps down for a long while. Googling, investigating and fixing the problem took me the whole time which I should spend on writing another blog post (about my first Kata exercise notes). Jekyll server wasn’t working so previewing the blog as well. I was getting mad and I asked myself “why I am not able to fix that problem for ever? How come I am not able to isolate the Jekyll service from my laptop’s issues?”. The answer was hidden in the question.
I got a brand new Hykker X Range keyboard as a gift. Its click and clack sounds are nice. It turns out that I love mechanical keyboards and won’t replace my Hykker X Range for any non-mechanical keyboard, especially for typing shitload of code and full of hate emails.
This two years period was really great, especially it helped me a lot with my wrist pain. My fingers weren’t swollen after 8 hours of working anymore which was a significant accomplishment.
Now, after two years of click and clacks which can rise from the dead, it’s broken. The space key is not working at all. Few others, like tilde, are hanging up sometimes and then I need to push them harder. I thought this is just a human feature, but it looks like pushing harder applies to switches as well.
Because of my laziness, I haven’t considered buying the second keyboard so far, especially this model isn’t longer available in Biedronka. Primal soldering skill woke up inside me and told me I need to fix the keyboard on my own.
Three years ago I wasn’t sure I am ready for remote work. Is it really as cool as some people describe?
It turns out it is!
I am sharing the 5 most important things every remote software engineer needs: seniority, trust, proactivity, security and writing. These are based on my personal, 3 years long experience of working from home for big companies and doing it well. This article is not meant to scare you about transitioning from office-based to remote work however it describes downsides of this form of software engineering.
I was preparing to write a small analysis of my first Code Kata exercise, created a run script for it and:
It wasn’t versioned yet!
So essentially I have overwritten the entire file I was working on yesterday! That was 15 minutes of work, but recreate the same code without afterthoughts I have done already in my would be almost impossible!
I was pissed off. My gf was like “you have to write it once again, not a big deal”. I googled “how to undelete a file in linux”. It wasn’t a recipe that I was looking for - it was only about files that were just removed, not overwritten.
There is a solution though.
Have you ever thought why people are using Vim at work? The answer is easy: for money, of course!
How come? Well, this is pretty simple. Now I am going to connect all of the dots for you.
Spring is not the only solution for building web-based applications. There are few alternatives to functions it’s delivering.
Spring is a heart of many web (but not only) projects. Most programmers are like “start.spring.io is the only place where I kick off every project”. Telling them they could work without it will end up with bruises and a loose tooth.
But it’s not about why Spring is wrong. Is there any alternative to it? Why we love it so much that nothing is good enough to use? Maciej Próchniak presented yesterday at Confitura conference few alternatives to the most used framework in the Web world. It is not a surprise since Maciej is a big fan of OSGi and he mentioned it multiple times in previous talks. I was really looking forward to his talk this year and I wasn’t disappointed at all.
The short answer is yes and no. But why is that?
There is the essence that cannot be automated in any way. It is a specific part of human nature: the intention. On the other hand, there are few things endangered.
Agencies. They are everywhere. If you have a Linkedin account you know exactly what I am talking about. My incoming box reminds me of Monty Python’s sketch. I get plenty offers daily. Usually they are about working for companies that are looking for specific client and project, lol.
The existence of agencies is not bad at all. In fact, they might be really good places to work, allowing specialist to do what he or she love to and securing job position even for a years with many end-customers. In that case margin agency earns is completely fair for both sides (worker and agency).
What is the bad agency then? How is it happening that people are unhappy with job they have got? I can generalise few things that I have experienced already. I hope that after reading this small blog post you would be able to recognise patterns below and reject bad offers. Most of senior developers are already familiar with these, although this might save years of shame for inexperienced programmers. Wish you nice reading! :)
First of all - I am not against writing tests or doing TDD. This might be misinterpreted and Uncle Bob and his TDD approach will come here and smash my face. I can’t understand effort put in writing useless tests. This post presents only my personal opinion and if you are writing exactly that type of tests you can rethink those or simply disagree. Having different opinion is not a crime. In both directions.
If you run an IT project, you probably familiar with failures. This happen so often that people are asking the same question “everything was alright all the time, project was heading in a proper direction and suddenly everything crashed”. Mostly because funds wore off. Usually no one is thinking about developers that made a mistake. Nevertheless they are driving this project, in fact, they are the muscles.
The truth is they tend to make a mistake. A nasty one - that can cause soon and unexpected failure. Let’s find out what is it.
subscribe via RSS