|
 |
Saturday, February 08, 2003 |
|
A RE-Reading Assigment: Refactoring.
I was getting really frustrated debugging a jsp yesterday. The screen revealed an ugly spew of System.out.println() debug statements had rendered my code unreadable. Realizing I was mired in reckless hacker mode, I turned off the monitor, took a breath, and decided to come up with three different ways to uncover the bug before returning to the keyboard. I grabbed my neglected copy of Refactoring for help. I had forgotten what fun this book can be.
I love the concept of code smells, "deciding when to start refactoring, and when to stop, is just as important to refactoring as knowing how to operate the mechanics of refactoring". I realized that I often resist working on this jsp-servlet project because I am not seasoned enough with J2EE to recognize the code smells. In other words, I know I am unhappy with the project's code, but I don't know why.
I also reviewed the catalog's "Composing Methods" and "Simplifying Conditional Expressions" sections. Below the name is a short summary of the situation in which you need the refactoring and a summary of what the refactoring does. Under Extract Method: "You have a code fragment that can be grouped together. Turn the fragment into a method whose name explains the purpose of the method." Under Decompose Conditional: "You have a complicated conditional (if-then-else) statement. Extract methods from the condition, then part, and else parts."
As for my jsp problem, the refactoring I used was not from the book or even Martin Fowler. It did conform to the structure of a good refactoring: it had nice, terse sections on Motivation and Mechanics, and the example was thorough (though it did meander off course at times). It was such a relief to locate this little gem, and the "Mechanics" to guide me off of the endless out.println() hamster wheel.
--------------------------------------------------------------------------------
See Also:
|
|
Wednesday, October 23, 2002 |
|
IBM news:
IBM puts power in new "blade" server. Big Blue unveils a prototype of a new high-end, compact server that will include a version of its Power processor.
[CNET News.com]
Note to self: AIX is IBM's version of UNIX (not HP's version).
HP Itanium, formerly known as the Compaq Himalaya, formerly known as Tandem.
HP to double the processor count in Itanium servers. Attempting to fill technology gap
[InfoWorld: Top News]
|
|
Monday, October 14, 2002 |
|
Java Xenc Framework
xmlenc 0.4 [freshmeat.net]
I may have posted this already. If so please excuse the repeats.
|
|
Sunday, October 13, 2002 |
|
Use Private Keys, no - Use Public Keys, no - ...
Jon Udell is opening a can of worms, I must not look...
I always knew there were ways to encrypt information and I accepted that. Then I was assigned the task of revamping our software licensing process. This required me to choose an encryption method. Choosing an encryption method required me to justify my selection against its alternatives. Justifying my selection required me to understand both my selection and the alternatives that I did not choose.
So I did some reading, and once I understood the difference between Private Key Encryption and Public Key Encryption, I changed my mind. Public Key Encryption surely seemed like the better choice.
If some rogue ex-employee were to take the private key and issue passwords for a discounted price, we could throw out the old key pair and replace it with two new keys. Because one of the keys of the pair is public, we could simply distribute it along with the encrypted information. No need to hard-code the private key in the software, right? No need to require customers to reinstall existing software, right? No need to maintain legacy password generation programs, right? (Anyone who has done this before, please comment...please throw me a clue...)
Yes, I thought I finally had gotten it. Public Key Encryption provides more convenience, more security, more robustness than Private Key Encryption.
I am trying to resist looking at Jon Udell's post. He is questioning his long-held assumption that Public Keys were the way to go.
Remind me why I need a public key. Dick Hardt, founder and now CTO of ActiveState, was prowling around the digital ID conference asking a deceptively simple question: "Why do I need a key pair?" ...
[Jon's Radio]
|
|
Wednesday, October 02, 2002 |
|
RSA debuts XML signatures security for Web
InfoWorld - 5 hours ago
RSA SECURITY HAS begun shipping its software development kit (SDK), RSA BSAFE SecurXML-C, allowing developers to add digital signatures using XML (Extensible Markup Language) technology to Web services, the Bedford, Mass., company announced Tuesday.
Locking Down Web Services eWeek
RSA Helps To Secure Web Services InternetWeek.com
[Google Tech News]
EDS ends alliance with PwC consulting following IBM purchase
[SiliconValley.com]
Success factors for KM implementation. Charles H. Bixler has written about practical success factors for KM implementation, and his list consists of: Strong unified leadershipAlign KM with mission and business needsCohesive and engaged teamUnderstand current problems and issuesCollaboration and communicationInnovationUnderstanding and appropriate use of current...
[Column Two]
Here's another note for that work-related project mentioned in my previous post:
Keep email templates out of the B2B realm, please..
I pretty much disagree with almost every point in Brand-Aid for Everyday Email, by Barry Stamos, especially for B2B communications.
I deal with about 100 clients on a weekly basis, and get probably 1,000 emails on average each week. Only one of them sends me email in a branded HTML form. You know which client I hate to receive email from? Yep, you guess it, that one.
[snip]
Also, I personally use two or three email clients, and some support HTML and others don't. Why risk the chance of having your message displayed horribly to me, if you don't know what kind of email client I'm using? Isn't the real message more important than your damn logo? I mean really? If you're emailing me for a reason, then it's probably important to you that I get the message quickly and easily, right?
[inluminent/weblog] [Don W Strickland: software]
Question for the author (inluminent): newsletters can contain multiple bodies, enabling the client's email program to choose which format to render to the user. If your email client chooses to render the html version, does it still bother you?
I am jotting this down because of a work-related project:
UseIt: Great points about Email Newsletters.
Do you publish a newsletter? Are you thinking about it?
If so, read this article from UseIt: Email Newsletters Pick Up Where Websites Leave Off
You'll find some great information, and gain a better understanding of what's important in a newsletter by today's standards.
[via Netmarketing]
When you're done with that one, go read this one about writing headlines.
[inluminent/weblog] via [Don W Strickland: software]
|
|
Sunday, September 29, 2002 |
|
Do C-only SAX parsers exist? (C-only means no C++)
|
|
Tuesday, September 24, 2002 |
|
More XML Homework
These Links are from the Developer's Guide to XML from TechRepulic
XML security: An ongoing process
"While none of these specifications has been fully realized and adopted, both the W3C and Oasis are working hard to provide security standards for XML. A few early solutions are already available, such as Phaos XML from Phaos Technology and alphaWorks from IBM. Demand for XML security increases as XML usage spreads. Conventional means for securing documents interfere with XML’s ease of use, but standards to address an alternative are fast becoming a reality."
[TechRepublic]
Links:
- XML Encryption (Xenc)
- "...the W3C and IETF propose a standard for encrypting the XML data and tags within a document. This would let you encrypt portions of a document, with the idea that only sensitive information needs to be protected. Encrypting portions of a document with different keys would allow you to distribute the same XML document to various recipients, but the recipients would only be able to decrypt the parts relevant to them."
- XML Signatures (XML-SIG)
- "XML signatures are used to ensure that the content within an XML document hasn’t changed....When used in conjunction with XML encryption, an XML signature ensures that the data sent is the data received..."
- XML key management specification (XKMS)
- "The XKMS protocol is a proposed standard maintained by the W3C...Several vendors, such as VeriSign, are heavily involved in this protocol and have developed toolkits and other applications to facilitate implementation of this specification."
Homework
W3C XML-Encryption Minutes, Boston, MA, 01 March 2000
xml spy
xml news
W3C XML Encryption Working Group
xmlhack: Relax NG schemas for XML Encryption and XML Signature
Specification of Element-wise XML Encryption
XML Security Library
