Earl Douglas

1. Talk about the user stories. Who is the user? What must the system do to serve the user?
2. Base the system design on user stories rather than system requirements.
3. Specify the tests (even if only in non-functional pseudo-code) before writing corresponding system components.
4. Identify the differences between public and internal system behavior.
5. Specify the public API. What information goes into and the comes out of the system?
6. Lock the public API. This becomes the data contract and service contract.

Here is a simple code I wrote back in the seventh grade. My goal was to create something that would be easy to write by hand, easy to read, and require no memorization of symbols as in a conventional replacement cipher.

Spring's @Timed annotation provides a convenient way to write JUnit tests which fail if they take too long. Consider the example Adder class:

Adder.java:

This class is tested using the TimedTest and associated Spring context:

TimedTest.java:
 

Whenever I install Eclipse or SpringSource Tool Suite in Ubuntu 9.10, I tend to forget about a little bug in Eclipse which, when paired with GTK+ 2.18 and later, causes certain behavioral oddities such as unresponsive buttons, missing selection options, etc.

The workaround for this is to set the GDK_NATIVE_WINDOWS environment variable to true. This is most easily done by creating a startup script for eclipse:

eclipse.sh:

File encryption and decryption is very easy with OpenSSL, which is installed on most any Linux system. Consider the following commands:

Encryption:

This will prompt for a password to use as an encryption key. The -a switch uses Base64 encoding for the encrypted output, which is handy for representing encrypted data as text.

Decryption:

An embedded Jetty server provides a quick and easy means of testing web applications. In this example I expand on A Secure RESTful Web Service, which requires manual steps of building and deploying a web application to an existing and configured application server. I introduce an embedded Jetty server which is started as part of testing, and enables tests to run without the manual steps of building and deploying the web application. It also eliminates the need to have a discrete application server available for testing.

I thought it would be fun to see if I could create a completely self-contained runnable web application that wasn't bound to the traditional application server plus WAR file pattern. After playing with embedded Jetty, and Maven's jar, dependency, and assembly plugins, I came up with a working solution.

Data at rest encryption is a commonly important pattern in any enterprise application within which certain information must be protected when placed in a persisted state. Among the difficulties of building applications that support data at rest encryption are distinguishing encrypted data from unencrypted data at the application layer, and the algorithms needed to handle translating from one to the other. An application which is aware that at some points its data may be encrypted and at other points it may not violates the practice of separation of concern.

Many coffee shops and book stores provide both a seemingly limitless supply of legal addictive stimulants and wireless Internet access. The two in combination yield a great opportunity to do some coding. The problem is that usually the wireless connection is unencrypted, leaving you vulnerable to anyone who wants to come along and sniff your traffic. To solve this problem, I once again reach into my bag of tools and pull out SSH, the oft overlooked Swiss Army Knife of secure communications.

REST-style architecture lends a comfortable aspect of familiarity to web services by enforcing a somewhat strict architectural style with which we have become accustomed to in our daily use of the web. It eliminates the unpredictable and sometimes obtuse web services definitions created in analogy to arbitrary verbs. It limits the types of actions taken by a web service to those of CRUD, and the resources on which to perform such actions to those identifiable by URLs.