Pencils Down

I see a lot of these types of ads recently:

- we need a god (not just good, but a god) programmer

- must know every programming paradigm known to man

- you will be responsible for all of us making a living

- oh yeah, we are just about out of seed money since the owner’s went to that off-site in Banff

There is never any mention of the employer’s skill set.  I understand they need a good developer, but there is no mention of whether any of the owners have a clue about running a company.  There is no balance of skills/work between the employer and the employee. 

Maybe this is just the latest version of failing to outsource for cheap labor in the Far East: if we have to pay an American make sure we are getting our money’s worth.

---

Date: 2010-03-08, 1:18PM EST
Reply to: x@craigslist.org

---

Full Time PHP Developer 

(Our) specific homepages serve tens of thousands of students throughout the country and provide single-click access to email, Facebook, classes, athletics, food, news, and entertainment. We are looking for the following…

- A highly motivated person.
- An excellent working knowledge of PHP/MySQL and web application development.
- A minimum of 2 years experience in PHP development and preferably a computer science or related degree.

Proven excellence in the following technical skills:
- PHP
- MySQL (optimising/scaling)

Additional experience in the following areas would be a huge plus:
- CodeIgniter
- JavaScript (jQuery)
- Adobe Flex
- Experience building scalable web applications
- Amazon Web Services
- Apache 2.x
- Some Linux Server Administration
- Web Application Benchmarking
- Data Mining
- SVN
- Experience with APIs (Google, Twitter, Facebook Connect)

• Location: Boston, MA
• Compensation: Competitive + Full Health + Stock Incentives
• Principals only. Recruiters, please don’t contact this job poster.
• Please, no phone calls about this job!
• Please do not contact job poster about other services, products or commercial interests.

Uncategorized Hiring

A lead developer with expertise in database systems was recently promoted to project lead working in a team that was short-handed.  It seemed like a reasonable fit, at first.

Since then Ihave learned:

- The project is a modern Java web app (they hired 2 junior C (not C++ or GUI) developers from other units)

- There is no architecture, so the developers are doing things like investigating the use of Spring or not.

- The project must be shipped in a few months.  This appears to be a collosal communications screw up: the contract says delivery so many days after signing, the client delayed signed for months, once signed the client assumed the clock had been ticking all along the signing was just a formality.

- The company we work for is strictly waterfall development with very long test cycles.  Given the expected ship date the project needs to go into test phase in a couple of weeks in order to meet their delivery date (per contract) or face penalties.

- Since our company is very concerned with security all 3rd party software used (tomcat, Spring, commons library, etc…) must get approval from lawyer types who go over the specific license agreement for the software involved.  Especially of interest is anything developed by non-US parties.

- There are no written requirements beyond a few paragraphs in the contract.

- There is no UI-design, it is being done by the aforementioned C developers.

- Like everyone else in the world there are constraints on hiring, so it is likely the project will not get a Java developer to help out.

That’s about all I can think of so far.  I am always amazed this kind of silliness still goes on in the world.

Uncategorized Java, Management

Great article on highly voted programming errors - includes examples, workarounds, attacks.  Article is at http://cwe.mitre.org/top25/

 The 2010 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most widespread and critical programming errors that can lead to serious software vulnerabilities. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.  (click on link above for more)

Uncategorized Security

The icefaces Resource button for download is a convoluted hack. Every time icefaces decides to paint the screen your resource must be completely available and rendered. This is extremely painful for messy stuff like generated PDF’s and the like.

I just switched over our code to use links to a servlet. On the jspx we have:

<ice:commandbutton
  partialSubmit="true" id="printButton" disabled="#{bean.printDisabled}"
  immediate="true"
  action="#{bean.print}"
  value="Print...">


This lets you “correctly” gray out the Print button where there is nothing to print. With the resource it is either present or not - kind of ugly UI design.

When the user clicks on the Print button I store whatever POJO I may need into a singleton storage mechanism. Something like a HashMap where the key is the time in mills since 1970. For our user base this is granular enough. You may need something stronger. Then we call the servlet:


JavascriptContext.addJavascriptCall(
  FacesContext.getCurrentInstance(),
  "window.open('viewFile?file="+ id +"', " +
  "'myWindow', " +
  "'width=600," +
  "height=300," +
  "directories=0," +
  "location=0, " +
  "menubar=0, " +
  "resizable=0, " +
  "scrollbars=1, " +
  "status=0, " +
  "toolbar=0');");


This just opens a popup serving up the ‘file’ requested. The servlet is in the same ear/war file so it can see the print store and uses the file id passed to retrieve the POJO data out of the print store. I was thinking it might be cool to post XML to the servlet, but this seems easier to do.

Uncategorized

This is one of those errors that shouldn’t happen.  However, due to lazy-loading Hibernate is smart enough to realize you have loaded an object once before during a session and does not attempt to do so again - even though you have deleted it during the session and it should not be a part of any collection anymore.

A workaround I have started to use is to set the version of objects I am deleting to -1 and the later in time when I am about to persist or merge an object I check to see if the version is still valid first.  This includes objects I delete by hand and objects that may be about to be cascade deleted that I may later on attempt to persist/merge.

I am sure there is a smarter way to do this, but this works well.

One thing I was toying with was the error message that comes up for this exception usually mentions the object using the standard notation of <object>@<hashcode> where the hashcode that prints out is null.  This is a little wierd as the hashcode that I have in my entities is a int not an Integer, so I can’t tell how to poke at a null int to get the same effect as my invalid version/deleted flag.

Uncategorized Hibernate

If you want to have a button to download a file in icefaces you create a button like:

<ice:outputResource id=”printButton”
    resource=”#{controller.print}”
    attachment=”true” label=”Print…” type=”button”
    fileName=”report.pdf” mimeType=”application/pdf” />

and have the backing bean look like:

public Resource getPrint() {
    //assume we have created the PDF and read into a byte stream oStream
    return new ByteArrayResource(oStream.toByteArray());
}

The side-effect is that the backing bean is evaluated constantly which means you keep building the PDF file.

The other problem is if you don’t have anything to download, what do you do.  It turns out to be pretty simple: just return a null.  In that case the button will not even be displayed on the screen!

    if (data.size()==0) return null;

Uncategorized IceFaces

We have several wizards in the application we are developing under JBoss/icefaces/Spring.  We had decided some time ago to provide long running sessions to allow the user to move between wizard screens and then finalize (commit) later in time.

This all works pretty well until you get to a delete operation where there is some non-primary constraint involved.  The typical culprit is a unique ‘name’ for an object.  As you all know Hibernate takes all of the underlying SQL operations and lines them up in roughly the order of INSERT, UPDATE and then the DELETEs.  (There are a few other cases that do not apply here).

So, in a wizard if the user does something that boils down to add a thing called X, delete a thing called X and then add a thing called X again - your app will die.  Using the above Hibernate ordering you end up with INSERT X, INSERT X, and DELETE x throwing a constraint violation exception.

We have played with a few ideas here but none of them ‘feel’ like we are using Hibernate correctly:

• Don’t delete, just mark the record - doesn’t solve the unique constraint
• Cache deletes by hand - painful coding
• Delete forces a flush - violates the whole point of the long transaction/session

Leaning towards the last one now, but client may want #2.

Uncategorized Hibernate

This lovely, intuitive message from icefaces means you are doing something interesting on the page in question.  In our case it was a simple redirect to another page based on state.

The solution is to use the push server from icefaces 1.8.  The servlet changes the mechanism used for communicating with the backend and indirectly fixes the above ‘error’.

Uncategorized IceFaces

I guess I never liked this.  I always thought your conscientious manager would evaluate your work and reward accordingly.  Now, I wonder if this has ever been the case.

In a large company even the lowliest manager is pulled constantly in other directions to the detriment of the project, priorities become fluid, interactions with the team and/or it’s product became less and less tangible.  So, in this case, there is no way anyone is noticed unless they whine.

Hence my working in smaller companies several times over the years.  This is a less obvious.  The manager in a small company is usually wearing many hats and is pulled in so many directions on a constant basis that you have the same level of indirect acquantance with how things really work or any individual’s achievements.

When someone is boasting it’s so blatantly obvious and putrid that you can’t help reach for the barf bag.  However, it appears to ‘work’.

Currently at the larger company there are several people (whom I know are at the top of the salary range) who are constantly boasting/bragging/complaining loudly about the most trivial aspects of their work load.  I think this behavior is being rewarded with regularity.  Hence their range and title.

I feel like I am trading my soul for a few pieces of silver.

Uncategorized Corporate Culture

This is really very cute:

Pick a stupid database connection (the plugin install provides the Xtreme db sample).

Grab a table and plunk it into the Data section of the report

Create your POJO

Under the Crystal Reports tab at the top of the screen in Eclipse click on Set Data Source

Click OK on the warning (doesn’t really mean anything as far as I can tell so far)

Select the New POJO option

Specify the POJO package/class you created above

In the discrepancy comparison between the dummy db table and the POJO either Remove and change every column as you see fit.  All of the Remove options must be eliminated.

Hit Ok.

You now have your POJO as the CR data source.

BTW, if you change the POJO then you have to go through a similar set of steps.

Uncategorized Crystal Reports, Eclipse