Categories
general Java Security

Clover and Wikitree

Good news this week. Our purchase of Clover was approved and we will have our license keys in a matter of days. As of tomorrow it is going into our build and Cobertura is getting ripped out. You may recall I previously wrote about my issues with Cobertura. One problem was the latest version at the time 2.0.3 didn’t work with Powermock, even though 1.9.4.1 did. And the second issue I was having with it was the lack of Java 8 support since we are close to upgrading on our project at work. Well oddly enough early in this week I saw Cobertura had a new maven plug and a new release 2.1.1. I immediately updated to the 2.7 plugin to give it a go and it promptly failed on Powermock like 2.0.3. So I didn’t feel bad at all when 2 days later I found out our Clover purchase request had been approved.

The other thing I have been messing around with in my spare time is Wikitree. Wikitree is basically a Wiki meets Ancestry. Full disclosure I am currently an Ancestry.com subscriber. What I like about Wikitree vs Ancestry is that in theory it is 1 tree that everyone is working on. Instead of everyone having their own trees and you sort of connecting to other people researching common ancestors and pulling some of their data the goal of this project is just one tree and you link in when you meet up at common ancestors. This seems like a better model for collaboration assuming that the people with your common ancestors are open to working with you on their pages. They also seem to do privacy well which Ancestry does in that if people are alive there is a much more limited set of information that is released and the farther back you go the more information that is public. Now I have one HUGE complaint with wikitree. They don’t support SSL. Not for the entire site, nor even just the authentication page. This is pretty ridiculous in 2015. If they had it on the authentication page at least your password wouldn’t be flying in plain text, but your session could still be hijacked. At this point I think it reflects pretty poorly on any organization if they don’t support basic web security. Worse on a site like this where they purport to protect the privacy of people working on it, without actually taking the most basic of steps to do so.

Me being me I figured I would email Chris Whitten the founder of the site. And to his credit he immediately got back to me, however his response was less than satisfactory. He stated the following:

Hi Jeffrey,

We worked on implementing SSL site-wide and it was much more difficult
than expected. We could protect just your login password, if that’s
your concern.

Chris

To me this sort of is someone who fundamentally doesn’t really get it. While protecting the privacy of my login password is a good start at this point given the sensitivity of some of the information (Birth dates, Mother’s maiden names, etc), I would expect that security is a higher priority at the site, but apparently that isn’t the case. Hopefully they make it more of a priority as I would like to make it my main family tree site and migrate away from Ancestry, but if they don’t care about their members security I am not sure if I will be able to do so.

Categories
general

Spam Comments

My blog must be getting noticed by the bots. When I first started writing I had more posts than attempted spam comments. Then for a while I was at parity. I would write something new and I would see another spamy comment in the quarantine area. Now they are starting to kick into overdrive and have greatly eclipsed the number of posts I have. Luckily the WordPress tools and plugins are great and seem to catch them all. So there is that to be thankful for.

Categories
general

Project Estimation

The thing I dislike most in software development is when they ask me to estimate how long a given project will take. I am about to start a new project so of course the first thing that is asked for is to do some research and try to figure out what the high level tasks of the project will be and estimate how long they will take. This seems like a reasonable thing to do as obviously if the company is going to invest a lot of money into a project they want to have sort of a guess how much the project is going to cost. Additionally if the scope of the work is outside the time frame in which they need the feature they can decide whether or not to limit the scope of the project or add resources to the project. So all in all I can see the need and the point of it, but I think I dislike it cause I am not very good at it.

The first project I led at my current company I came up with a bunch of estimates and actually did a pretty good job of identifying the major areas of work that needed to be done. I went through and applied my time estimates and based on the features I felt I understood very well I delivered fairly tight estimates and the features I had less understanding of I added extra padding for research and learning time. Then I got into the project, and the parts I thought I had the biggest handle on was actually much bigger than I had realized. I had I think 2 weeks of work on one aspect that actually ran like 6 weeks. I believe the whole project was a 3 month project. So of course the project manager was sweating it a little bit. I told him don’t worry I always hit my dates and if I think the date is in danger I will let you know immediately. As we went on the other aspects that I didn’t feel like I understood as well turned out to be easier than expected and I made up the time there. By the end of the project I delivered on the exact date I had promised 3 months previously and I didn’t put myself into a death march so I considered that a successful project. From an estimation point though maybe it was a failure as all my estimates were off even though I delivered what they wanted when they wanted it.

So here I am again working on an estimate for a new project wherein the date is already known. I guess at this point my thinking is make sure I have a decent enough understanding of the project so that I have the resources to hit the date, and hopefully the experience of that first project will help me to not be too aggressive on the parts that I think I understand as there are probably some icebergs and also not too lax so that at the end I deliver on the date we need it or a week or 2 early and have enough resources to do so that I am not in a death march. Wish me luck.

On a positive note I resolved all the issues with our new SonarQube server instance and we transitioned to it last Friday. We are now able to use the plugin in IntelliJ to download the data and analyze our local projects which is a big step forward. Additionally running it as one unified Sonar job from the parent pom instead of invoking it on each maven module has resulted in a speedup by 10 minutes on our builds with Sonar analysis and better Sonar coverage overall (Previously some taglib libraries and a few other small things weren’t being analyzed).

Categories
general

Calling all Dr Who fans

For all the other Dr Who fans that might come across this I am taking a Massively Open Online Course about the show that starts in a week. If you are interesting in the show you should join me. You can sign up here. A link to the Facebook page is here.

Categories
general

Themes for 2015

As my Christmas vacation draws to a close I am starting to think of themes for 2015. Why themes and not goals or resolutions? Well I think resolutions are sort of setting yourself up for failure and goals are very rigid so I am going with more general themes.

  • Obviously the first theme I am working towards will be updating this site at least once a week ideally with something technical that I have learned during the week or thoughts on a problem I am solving.
  • Next on the agenda I would like to try to read more. I haven’t been reading as many books as I like to during 2014. But at the end of the year I have been picking up the pace a bit so I hope to read at least 2 books a month. My system I have been using is to try to get through 10% of a book a day on my kindle.
  • I would like to spend more time doing stuff in Spring Boot this year. I have been reading Greg Turnquist’s Learning Spring Boot and it is a great book which I strongly recommend. He seems to lay out the information right when I want it in the book and has saved me tons of time that I would have spent digging in the docs for answers otherwise.
  • Anyone who knows me know that I am not a big front end person, but as a full stack developer I need to know all the layers of the stack, so I think 2015 is the year that I need to learn Angular JS. I learned Knockout JS in 2014 and appreciated how much more productive it was for things than just jQuery and it seems to me that the market is all going Angular and people say it is more productive than knockout so it is time to give it a try.
  • I am hoping to do some architectural updates at work. I am ready to get our stack upgraded (I want to be on Spring 4.1 and Java 8 at a minimum and ideally JPA 2.1 as well instead of 2.0). I always prefer to run the latest stuff so I will be working hard to make sure that I can do so. On that note I submitted a Jira for the issue holding me back on Spring 4.1 related to the aspectj-maven-plugin. With any luck I will be on Spring 4.1 at work within the next 2-3 weeks. Java 8 may take a bit longer as it is going to mean a container upgrade.

Anyway that is what I have come up with so far I am sure more things will apply as time goes on, but this is a good start to my year plan. Now to enjoy my final 2 days of vacation before I return to work.

Categories
general

Bulletproof Coffee

I have been hearing a lot of talk about Bulletproof Coffee lately. I decided to take the plunge and give it a shot this morning as who doesn’t like a good body hack. I made mine with 1 Tbsp of Kerrygold butter which is the normal butter I eat anyway and 1 TBSP of virgin coconut oil. I ran it through the magic bullet to blend it and gave it a go.

I have to say the butter seemed way to rich for me in a cup of coffee, I found myself continually adding more black coffee to the mix to tone down the flavor. I used coconut oil instead of MCT (medium chain triglycerides) Oil as that is what I normally eat anyway and I am not convinced about MCT yet vs something more natural. Here is an article talking about MCT vs coconut oil. In theory I like the concept as someone who sometimes eats a Primal Diet I have seen the benefits of a higher fat diet, for both appetite control and weight loss so this seems to fit right into that.

The question is did it do anything for me? So far I am not noticing any difference as far as mental clarity goes on day one of it, I will see how it works for appetite control. I suspect it will work for that based on previous experiments with a high fat diet. Will I make it again? I think I will try it again to get a better sample than just one day, but I don’t think I am going to blend it anymore. I don’t like the consistency of it blended, I would rather drink coffee with oil on top of it instead. I will post again if I see any different results from future experiments with it, but for me right now, the jury is still out on it.

Categories
general

Google Apps for Business

So when I finally resurrected my domain after it being idle for probably about 10 years I was thinking oh I should just roll out google apps to host my email. Back in the day I ran haskovec.com off of a Sparc Server I had running I think Solaris 10 maybe, but I am not 100% sure on the version of Solaris anymore. I just ran it off of my DSL and I used dyndns to map the dynamic dns to my home DSL as I was too cheap to pay for a static IP. At that time I was running a postfix smtp server for email.

Fast forward to now, I had been considering getting a Raspberry Pi and bringing this stuff back and then I remembered seeing the offer from Amazon about free EC2 on micro-instances. I realized free hosting for a year, a real static IP and not having to fool with hardware at my house and EC2 it is. This time around I was thinking hosting my own email is too much work and the spam filtering never seems as good as going with gmail, so I figured I would sign up for googles free for 10 email addresses account. Only it doesn’t exist anymore. I needed an email to get my SSL Cert setup so I signed up for the 30 day gmail just to get that setup. As I got to thinking about it, I was like no way I am keeping this around as I am not planning on using this email so why pay for it? After some google searches and messing around I am running postfix again just to forward messages to my main email account. Problem solved and it was a free solution!

Categories
general

Why a blog now?

Here I am again messing around with wordpress.  Why?  Well I have been sitting on my domain name forever and not doing anything with it so it is one way to extract some value from it.  Another thing I was considering was that as I have moved up in my software career I find myself more and more in the role of mentoring newer developers and I feel like I can solidify the things I am learning myself by documenting some of the things I have come across.  It also allows me to ramble on about anything I want and who doesn’t like that?  So anyway I have decided to give this a go, we shall see if I stick with it, but here goes nothing…