Modern Web Development for Java Programmers

We’ve just started to work on the curriculum of the new online training titled “Modern Web Development for Java Programmers”. This course will be taught by practitioners from our company, Farata Systems.  The initial desription is here: https://github.com/yfain/WebDevForJavaProgrammers.

Your feedback is appreciated.

Preventing Sublime Text leaks in Git

During the last year I’ve been using Sublime Text editor for all of my new text-writing activities.
During the last year I’ve been actively using the version control system Git for our O’Reilly book project.
During the last I’ve been using GitHub hosting for my public projects.

Here’s the problem. Say, you’re a like me – a technical person producing IT content in Sublime Text publishing it on Github. Now imagine, you’re not like me – you have a mistress, and one day you wrote her a love letter using Sublime Text editor. Do you want the content of this letter to become publicly available on GitHub? If you do, stop reading. Now.

Here’s the privacy hole. Sublime Text editor creates a file with the name extension .sublime-workspace. I don’t know all details about what Sublime creators were planning to store there, but it stores unsaved buffers, and I was surprised to see there  some texts that were not meant to be public. But it was available to the entire world on GitHub along with my other stuff! Open your .sublime-workspace and let me know if found some surprises there.

To fix this, you need to do the following steps (to the best of my knowledge).

1. Add the line *.sublime-workspace to the .gitignore file in your git repository. The .gitignore is a hidden file, where you can list all the files that should be ignored by Git in future commits.

2. Remove the existing sublime-workspaces file from your Git repository by issuing the following command:
git rm –cached YourFileName.sublime-workspace.

3. Run git filter-branch to remove this file from the history of all branches as described here.

3. Commit and push the changes to Github as usual.

If you’re new to Git and GitHub, you can watch our Introduction to Git video.

Here comes the bad news. Since Git is a distributed version control system, people who forked or cloned your Github repo  can enjoy (and sell to the yellow press) that bloody letter you wrote to the mistress. Back to CVS!

Starting new Web project

We had a project kickoff meeting this morning to discuss tools to be used. This is a consumer-facing single-page Web  application (SPA) that will also have a back-office part to be used by the business owners. During this meeting our engineers suggested a list of software. This list will grow, but I thought you might be interested to see it as it is now.

1. Web designer uses Balsamiq Mockups for prototyping and Twitter’s Bootstrap framework for styled components. We’ll use responsive design principles, so the app will look good on the mobile devices too.

2. Build tool: Gradle

3. Continuous Integration: Team City (JetBrains). We’ll configure automatic builds, unit tests, code coverage findbug.

4. Version control system: Git. The hosting site: Bitbucket. We’ll also use Bitbucket’s Wiki for doc, and Issue tracking feature for bugs.

5. Java Spring 4 framework. The version 4 is still a release candidate, but our engineers are convinced that it’s safe. IMO it’s a little too risky given the fact that the application should go live in 3 months, but we can always fallback to the earlier release. In particular, we’ll be using the following Spring modules: Core, MVC, Data (maybe), Boot, and Security.

6. Consumer-facing front end will be developed in HTML5 using AngularJS and Bootstrap frameworks.

7. The Back-office UI: HTML5 ExtJS framework.

8. Data persistence: MySQL 5.6

9. ORM: either none or MyBatis

10. Code Generators: Apache CXF for WSDL schema, our home grown Clear Data Builder for back office Ext JS-Java CRUD generation

11. Full text search: Apache Solr

12. Web Servers: Nginx server plus servlet container Apache Tomcat 7

13. Deployment – one self-executable Jar with embedded servlet container (Apache Tomcat)

14. Exploring monitoring of servers with Newrelic and Takipi.

15. IDE: One developer uses IntelliJ Idea, another – Eclipse IDE

The client and the project manager (yours truly) are based in New York, the back-end developer is from Toronto, Canada, Web designer and Web Developer/Team lead work from Russia, the sys-admin works from Ukraine. For deployments we’ll be using our data centers – one in Florida and another one in New York.

This is it for now.

Categories Web

How Many People do you Follow on Twitter?

I like Twitter. It’s a telegraph of the 21st Century. It’s quick, messages are short and up to the point. But I’m trying to keep short the list of accounts I follow. As of today I’m following 52 accounts, and this is a reasonable number. I mean, I am actually reading about a half of the posted messages.

When I see that someone is following more than a thousand accounts, it’s clear to me that he used one of these programs that can bump the number of your followers to thousands or tens of thousands. They work on a simple principle – if I’ll start following you, many people would follow you back just to be nice. Twitter API is simple, and any junior programmer can write a program that will automatically start browsing random accounts using as long as someone entered valid Twitter login credentials. Run this program for a day and the number of the accounts you follow will go over a thousand, and the number of your followers will substantially increase too. By doing this, you agree to manually sift through the thousands of messages to weed out only those that were published by accounts you really interested in.

This technique is being abused by people who are selling their “online marketing or search optimization services” to people who may even have no idea of what Twitter is. I’ll show you an example. Today, my Twitter account reported that I got three new followers. I usually take a quick look at each of my new followers. Let’s do it together. One of my new “followers” was Denise Landis.

twit

Let me assure you that this smiling lady has no idea of who I am. She “follows” more than 300K accounts and is being “followed” by more than 300K accounts. In reality, most likely she has a very slight idea of what Twitter is. Let’s apply the method of deduction to recreate the crime scene as Sherlock Holmes would have done.

One day, Denise, who runs the Web site “The Cooks Cook” got an email from an a company Marketing Spammers promising to increase the traffic to her site for a nominal fee. She has agreed. Then these marketing guys have created a Twitter account for her (she didn’t even know this word at the time), bumped up the number of her followers to over 300 thousands, and showed her how to poblish cooking related posts on twiter once in a while.

Web Analytics tools proved to Denise a substantial increase of the traffic to her cooking Web page, because many of these followers (myself included) clicked on that link in her Twitter profile out of curiosity (I did it just for the sake of this blog). Denise is happy. Marketing Spammers are happy. Denise has no idea that the vast majority of the followers will never go to her Web site again. Some anal people (like me) will take the time and block her account. I’m not going to bother reporting it as spam, cause Denise has no idea of what’s going on. Once in a while Denise cuts a new check to Marketin Spammers and they run their program again. A short term traffic increase is clearly shown on the Google analytics reports.

It’s elementary, Watson! Next month Twitter will become a public company valued between $10 and $12B. I’ll buy some shares in a couple of weeks ofter the IPO.
Congrats to Twitter and best of luck to Denise with her cooking business!

Categories Web

Healthcare.gov: Who Crafted the Suit?

I’m sure every person who is involved with development of commercial Web application knows about this huge failure – release of the healthcare.gov. I’ve been following this story too, because it’s about the software development – my bread and butter.

I don’t have experience of building Web applications that have to serve tens of millions of customers. I’m just a co-founder of two IT companies: one created software product that’s by more than 100K insurance agents, and the other one is an IT consultancy that helps customers in creating large online stores. But when it was reported that people can’t even login to the system, it was clear to me that the application would require some serious redesign. It’s not just about applying some patches here and there.

People who developed this site made their mistakes, but let’s not simply badmouth them – based on bits and pieces of information we’re getting, the roots of the problem are in the product owner – the government. The product requirements kept changing as recent as six months ago. Initially, the healthcare.gov was supposed to allow browsing insurance marketplace anonymously. WSJ wrote that the requirement to force people login just to enter the application was given only a month(!) ago, which required a very serious change in the application architecture. Now the IT contractors were tasked to introduce the infrastructure of authentication servers capable of processing millions of people.

The fact that this was a pet project of Barak Obama put tremendous pressure on people who were building this system. All these fanfares about October 1st opening were not credible as many other speeches by the President of the USA. CNN reports that the Web site was crushing during the tests with several hundred users, but the administration decided to go live anyway. WAT? Did they expect a miracle? A couple of years ago a prospective client called us for help stating that they’ve developed an online casino, which was supposed to go live in a month, but worked fine only if… there was a single user.

The statement that “our team is bringing some the best” and the brightest minds to fix the issue is promising, but it’ll take time to not fix, but redesign the system. I’m not the best and brightest mind, but I know how the best and brightest started working on this issue. They need time to learn the current version of the system, which some people say is a half-million lines of code. Three weeks after healthcare.gov went live it’s still not working. If a system can’t be fixed in three weeks, it has very serious design flaws. Sending navy seals won’t help here.

It’s funny to hear from people who were developing different component of the system statements like “We’ve developed only the UI portion of the system. After the user hits the button Apply Now, it’s not our code”. Other people happily report that the data hub is operational.

kostym
Forty years there was a popular Russian-speaking comedian Arkady Raikin. He had a sketch appearing in a very poorly crafted suit. He came to this made-to-measure suit store asking, “Who crafted this suit?” One of the craftsmen shows up asking “Do you have problems with the buttons?” “No, the buttons are sewn really well, but who crafted this suit?”

Computer World magazine wrote an article stating that healthcare.gov “didn’t have a chance in hell“. 94% of projects that cost $10M or more fail(!). The author of this article writes, “The healthcare.gov contractor was initially awarded more than $93 million for the project, but costs have been soaring above that.” OK. Was this a typical situation when the salesman of this IT firm was tasked to win this project at any cost, and later on “our guys would figure out how to deliver”? Or the IT firm signed off on a project scope that was substantially increased later on? This is a super high-visibility project, so there is a hope that we’ll find out who did the initial estimate of the job, and who changed the scope. Interestingly enough, at this point nobody remembers who and when introduced the requirement to force people to create an account first and then browse the insurance marketplace? Was it even in writing? Maybe an email? No? Nada? Nyet?

Recently Barak Obama said that the good part of being a president is that people always return your phone calls. There is another advantage of being president. When your subordinates deliver really bad software, you get to simply say “Nobody’s madder than me about the website not working as well as it should”. What do you thing would happen if I’d deliver to the client a non-working Web application and said, “Nobody’s madder than me?” Who am I. Definitely not the president of the USA. Sometime people don’t return my calls too. Oh well.

Actually it’s not that bad. You need to give credit to the administration that was able to quickly put together a team of people who take people’s insurance applications over the phone, and the wait time is not more than one minute. Another help is on the way too. According to a reputable online publication The Onion, the new and improved Obamacare program released on 35 floppy disks.

Something’s gotta give. But what’s going to happen with this nice looking girl from the Web site? Is she even married?

girl

Update. I was trying to give a benefit of a doubt to the team developed healtcare.gov site, but when a congressman said this morning that he couldn’t enter the date because the Web site was constantly complaining about the wrong date format, it clearly shows me that healthcare.gov was developed by a bunch of rookies that either have no clue (or don’t care) about how to do a basic validation. In this case the Web site should be redesigned from scratch.

Audible.com: a Poor Example of Usability

I’m a subscriber of Audible, an Amazon company, where you pay monthly fee in exchange for a pleasant purchasing experience of audio books. I like listening to the audio books while on the go or lying in bed. My smartphone is always by my side, and Audible created a free application for downloading and listening.

As an extra free bonus, Audible’s subscribers can download morning editions of The Wall Street Journal – listen to the latest news and editorials while commuting to/from work or getting to sleep. Nice! This is how the UI looks on my iPhone.

photo (5)

What would you do if today’s edition of WSJ is not shown in this list? The first reflex should be to refresh the list. Any truck driver from Alabama knows that applications that get content from servers should have this curved arrow to refresh the screen. I thought so too. But the Refresh button was nowhere in the vicinities. After multiple clicks I found the Settings screen, where UI designers have hidden the Refresh button. Why on earth would they do this? There were plenty of real estate on the main view toolbars!

photo (3)

Don’t get me wrong. Audible’s UI designers are not hopeless. They knew that many people would be having troubles finding the Refresh button, so they came up with an unusual solution. They’ve added an explanation of where the Refresh button is in the FAQ section of the app.
Needless to say, that the FAQ itself is hidden under the Settings icon. Well, as Sheryl Crow sang, “No one said it would be easy But no one said it’d be this hard”. But if you’ll find the FAQ, the first item there is “How do I Refresh Library” (ignore the fact that it reads “How to I” – this blog is not about QA). Well, if I get to this screen, the FAQ is sitting right under the “Refresh Library” anyway.

photo (4)

Hopefully, our Alabama truck driver won’t get into an accident while trying to find this well hidden feature. Anyway, as of October of 2013, the iPhone’s version of Audible app leads in my unofficial competition for the worst UI decision.

P.S. See that “Download All” button on the top image? Good luck on canceling dozens of downloads after clicking on it!

Phishing for Dummies

Everyone knows what fishing means. It’s when a man tries to convince a fish that this fat warm had nothing better to do but diving ten feet into the river.

Phishing is somewhat similar. Someone assumes that you are as stupid as an average fish and believe that every incoming email is a legitimate one and will happily bite into it. If you don’t like my definition of the term Phishing, read what the Wikipedia has to say:

Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.

Now let’s consider a real world example. I just got this email in my Yahoo! account (this is a reason why I decided to write this blog):

phishing1

If I was a regular fish, I’d simply clicked on the “Click Here” link and obediently followed all further instructions. But I’m as smart as a dolphin and immediately figured out that someone was trying to trick me. Let’s give this email a closer look.

First, the email came from some weird URL – @email.yahoo-inc.com and not from yahoo.com.

Second, it has this gibberish at the bottom: “Terms Privacy About our ads Advertise Developers”. These words are not even links to the articles Terms, Privacy et al.

Third, Yahoo! knows my name, and would address me as “Dear Yakov”, but not “Dear valid Customer”.

Fourth, the text of the email starts with “Due to so many complains on our server upgrades”. What a BS! Even if Yahoo! had many complains about their server upgrades, their award winning legal team would find better wordings to turn negative into positive, like “Due to our continuous efforts to imrove our service we’ve recently upgraded our state of the art server farms…”

If you are still not convinced, take a look at the following snapshot of my desktop. I’ve hovered (not clicked!) the mouse pointer over the “Click Here” link and took the following screen snapshot. Looked at the content of the Browser’s status bar at the bottom – this is a URL of the Web page that would be opened should I clicked on that link.

phishing22

Now we know the name of the phisherman! It’s http://www.highstreetproperties.com. If you’ll just try to enter this URL in your browser, you’ll see the page that reads “Error establishing the database connection”. I’m sure you’re dying to know were the actual “Click Here” link would have taken me, right? OK, as a good Samaritan, I’ll do it for you. On the count of 3, I’ll click. One. Two. Three.

phishing3

Boooring… Now even a fish with an avarage IQ can figure out that after entering Yahoo! ID and password, this information will be sent to the phisherman’s database located at highstreetproperties.com. Then these low class people will use this info to get access to your Yahoo! contacts and send them email (from your name) offerring to purchase these really nice blue pills that make miracles happen!

If you’ll examine the source code of the page, you’ll see that that name of the script at the phisherman’s site is called process.php. But do you want to know more details about this phisherman? Just go to the Networksolutions.com and use their whois service: http://www.networksolutions.com/whois to see who registered the domain name highstreetproperties.com.
phishing4

I hope you’ve enjoyed my real-world explanation of the Web security term Phishing. For more technical introduction to Web security read this chapter from our upcoming book on Enterprise Web development.

Categories Web

Why I Didn’t Mention Flash Player

I was making a presentation to our client on mobile development. It’s a strong Flex-Java IT shop, and our company helps them with Flex development. I was comparing pros and cons of native vs html5. Spoke about the hybrids too. During the Q & A session one person asked me if I was avoiding mentioning Flash Player on purpose?

At this moment I realized, that it was probably the first time when I didn’t even plan to mention it. It happened naturally. I still like the technology, but it would be unfair to lie to the client.

I answered that we are still using the Flex framework and AIR in our own software product that’s being used in insurance industry, and our company will continue helping customers who need help with Flex. The desktop version of our product uses Adobe Flex, and for tablets we use Adobe AIR. But I don’t see commitment from the Adobe to Flex or AIR. The compiled AIR application works slower on tablets. Creating a build with AIR for iOS can take from 30 minutes to an hour. I also said (may sound pathetic, but this is what I honestly feel), that I spent 5 years of my life with Flex, but with tears in my eyes I say “Don’t do it”.
 
This product was abandoned by Adobe, support for new platforms/SDKs is weak, Flash Player crashes a lot more often than three years ago, eats up all the CPU – it seems that it’s been simply ignored.

Now Adobe has a new pet called PhoneGap. Similarly to Flex, Adobe donated PhoneGap library to Apache Software Foundation. But this time Adobe has a plan to monetize on such a gift – they created a Build PhoneGap cloud service, which can package your HTML5 or Hybrid Web application as a native app. I like PhoneGap, and wish Adobe to succeed with this product. But Flex is going away from the enterprise Web toolbox.

My today’s hope is for Dart – an interesting language from Google that can run either in the compiled mode in the Chromium browser’s VM, or (automatically) turn the app code into JavaScript and run as usual. The Dart VM is not in Chrome VM yet, but you can run the JavaScript code generated by Dart in any browser (see http://try.dartlang.org/).

jQuery Mobile chapter is done

The draft of the jQuery Mobile chapter is done. As usual, your feedback is appreciated http://enterprisewebbook.com/#_jquery_mobile.

If there is something to be changed, please open the issue on github at https://github.com/Farata/EnterpriseWebBook. See something? Say something! 🙂

Started writing the chapter on Sencha Touch. This book never ends. It has already more than 500 pages. I promised O’Reilly that all drafts will be ready by mid-August. It’s not easy, but possible.

Please do me a favor, check the book’s text on your smartphone. We’ve implemented responsive design there, and it should be properly laid out on small screens too. Please leave the comment to this blog specifying the model of the mobile device, the name and version of its OS, and if the text looks decent there.

Categories Web

How we write a book for O’Reilly

In the past, to write a book the writer would need a quill pen. After a while, Microsoft Word replaced the goose feather. Today, any Word processor is not good enough. You need to have tools to generate the book content in various formats to be read on various devices. Things get complicated if you have more than one writer working on the book. Now you need a distributed version control system.

We’ve recorded a Webcast showing how we write a technical book for O’Reilly Media. This Webcast is not about the book itself, but rather about the process of writing the book and the software tools we use for it.

The recording is available here. This is an interactive recording – you can switch it to the full screen mode.