Skip to main content

Worthless Practices (IBM's list)

I just saw via InfoQ that IBM maintains a list of Java EE best practices.

Now I've never really been good with bile, but there is just so many things wrong with this list on so many levels. Just listen to the title: "IBM WebSphere Developer Technical Journal: The top Java EE best practices". A bit of paradoxial, isn't it?

Let's take a quick look through the list and comment on each point:

1. Always use MVC.
Yeah, right. Always use MVC. Remember to design a rigid 3-tier architecture upfront no matter what sort of application you are going to build. Use Struts, right? Right.

2. Don't reinvent the wheel.
Well, duh. Struts, right? Right.
3. Apply automated unit tests and test harnesses at every layer.
I'd actually support this one if I could append "if possible".

4. Develop to the specifications, not the application server.
Well that certainly was a good tooting from the wrong horn, coming from the deranged nit-wits that gave us WSAS and WSAD.

5. Plan for using Java EE security from Day One.
Yes, and build it into your whole application using WebSphere Application Server's Java EE security(tm). There is no better way to tie yourself to your application server than using the embedded access control and security mechanisms.

6. Build what you know.
Well, duh. Struts, right? Right.

7. Always use session facades whenever you use EJB components.
How bout never using EJB components?

8. Use stateless session beans instead of stateful session beans.
Sounds a lot like Struts action thinking to me. Drink you own poison any way you like, EJB suckers.

9. Use container-managed transactions.
Uh. Yeah, using WSAS Transcation Management(tm)!

10. Prefer JSPs as your first choice of presentation technology.
Indeed! Never mind that JSPs is the most designer and developer unfriendly templating language around. I love having to compile my templates into servlets, then loading them into the application server!

11. When using HttpSessions, store only as much state as you need for the current business transaction and no more.
No kidding. I'll try to remember that session actually uses memory somewhere.

12. Take advantage of application server features that do not require your code to be modified.
Wait, isn't this the same as point 4? Except that it binds you to the functionality of an application server and thereby invalidates the point.

13. Play nice within existing environments.
I guess this means that we should use WSAS. Period.

14. Embrace the qualities of service provided by the application server environment.
Really, how much more of this list is going to be about WSAS ball-licking?

15. Embrace Java EE, don't fake it.
And buy our fully Java EE compatible application server today! Seriously, tell this to the thousands of developers who have uneccesarily suffered under EJB's.

16. Plan for version updates.
Yes, there will always come a patch for your WSAS installation. Usually the one that fixes the bug in WSAS which is paining your development. And the techies will tell you they can't install the patch before 6 months.

17. At all points of interest in your code, log your program state using a standard loggingframework.
Yeah.. WSAS logging is just lovely to look at and modify.

18. Always clean up after yourself.
Now this is the point where I really start getting annoyed. How bout you guys cleaning up after yourself? Your company is largely responsible for soddling the development of Java EE into the state it is today!

19. Follow rigorous procedures for development and testing.
Yes, develop and test as rigorously as the application server and the web framework forces you to. Make sure you have a 100 page testing plan that lines up the procedures.



Summary: Buy IBM, use WSAS and use Struts.

Bile being done, the text actually has some good principles and points, but the concrete solutions so provided are a bit too much 2002 for my taste.

Popular posts from this blog

Encrypting and Decrypting with Spring

I was recently working with protecting some sensitive data in a typical Java application with a database underneath. We convert the data on its way out of the application using Spring Security Crypto Utilities. It "was decided" that we'd be doing AES with a key-length of 256, and this just happens to be the kind of encryption Spring crypto does out of the box. Sweet!

The big aber is that whatever JRE is running the application has to be patched with Oracle's JCE in order to do 256 bits. It's a fascinating story, the short version being that U.S. companies are restricted from exporting various encryption algorithms to certain countries, and some countries are restricted from importing them.

Once I had patched my JRE with the JCE, I found it fascinating how straight forward it was to encrypt and decrypt using the Spring Encryptors. So just for fun at the weekend, I threw together a little desktop app that will encrypt and decrypt stuff for the given password and sa…

Managing dot-files with vcsh and myrepos

Say I want to get my dot-files out on a new computer. Here's what I do:

# install vcsh & myrepos via apt/brew/etc
vcsh clone https://github.com/tfnico/config-mr.git mr
mr update

Done! All dot-files are ready to use and in place. No deploy command, no linking up symlinks to the files. No checking/out in my entire home directory as a Git repository. Yet, all my dot-files are neatly kept in fine-grained repositories, and any changes I make are immediately ready to be committed:

config-atom.git
    -> ~/.atom/*

config-mr.git
    -> ~/.mrconfig
    -> ~/.config/mr/*

config-tmuxinator.git  
    -> ~/.tmuxinator/*

config-vim.git
    -> ~/.vimrc
    -> ~/.vim/*

config-bin.git   
    -> ~/bin/*

config-git.git          
    -> ~/.gitconfig

config-tmux.git  
    -> ~/.tmux.conf    

config-zsh.git
    -> ~/.zshrc

How can this be? The key here is to use vcsh to keep track of your dot-files, and its partner myrepos/mr for operating on many repositories at the same time.

I discovere…

Always use git-svn with --prefix

TLDR: I've recently been forced back into using git-svn, and while I was at it, I noticed that git-svn generally behaves a lot better when it is initialized using the --prefix option.

Frankly, I can't see any reason why you would ever want to use git-svn without --prefix. It even added some major simplifications to my old git-svn mirror setup.

Update: Some of the advantages of this solution will disappear in newer versions of Git.

For example, make a standard-layout svn clone:

$ git svn clone -s https://svn.company.com/repos/project-foo/

You'll get this .git/config:

[svn-remote "svn"]
        url = https://svn.company.com/repos/
        fetch = project-foo/trunk:refs/remotes/trunk
        branches = project-foo/branches/*:refs/remotes/*
        tags = project-foo/tags/*:refs/remotes/tags/*

And the remote branches looks like this (git branch -a):
    remotes/trunk
    remotes/feat-bar

(Compared to regular remote branches, they look very odd because there is no remote name i…

The Best Log Viewer Ever

This is what it looks like when I want to have a look through the logfile, to see what a user did on one of our machines one day:


Read the whole story about how it works on the Viaboxx Systems blog (and upvote on DZone!).

Microsoft ups their Git efforts another notch

This week Microsoft announced first class Git support embedded in the coming version of Visual Studio.

Now, it's not completely shocking. We could have seen it coming since Microsoft started offering Git repos on CodePlex, and more recently offering a Git client for TFS. In any case, these are some big news. Scott Hanselman weighs on some features and some more background here.

For those who are a bit unaware of what the Git situation on Windows looks like these days, I've dotted down these notes:
Some explanation on these:

msysGit has long been The Way to use Git on Windows. It's basically a port of Git itself, so it's a command-line tool.GitExtensions (includes Visual Studio integration), TortoiseGit, Git Shell, posh-git and most other tools are powered by msysGit.libgit2 is a native library for doing Git stuff. It is developed completely separate from Git itself. The above tools could (and should) probably use libgit2 instead of hooking onto and around msysGit.Github…