Skip to main content

Worthless Practices (IBM's list)

I just saw via InfoQ that IBM maintains a list of Java EE best practices.

Now I've never really been good with bile, but there is just so many things wrong with this list on so many levels. Just listen to the title: "IBM WebSphere Developer Technical Journal: The top Java EE best practices". A bit of paradoxial, isn't it?

Let's take a quick look through the list and comment on each point:

1. Always use MVC.
Yeah, right. Always use MVC. Remember to design a rigid 3-tier architecture upfront no matter what sort of application you are going to build. Use Struts, right? Right.

2. Don't reinvent the wheel.
Well, duh. Struts, right? Right.
3. Apply automated unit tests and test harnesses at every layer.
I'd actually support this one if I could append "if possible".

4. Develop to the specifications, not the application server.
Well that certainly was a good tooting from the wrong horn, coming from the deranged nit-wits that gave us WSAS and WSAD.

5. Plan for using Java EE security from Day One.
Yes, and build it into your whole application using WebSphere Application Server's Java EE security(tm). There is no better way to tie yourself to your application server than using the embedded access control and security mechanisms.

6. Build what you know.
Well, duh. Struts, right? Right.

7. Always use session facades whenever you use EJB components.
How bout never using EJB components?

8. Use stateless session beans instead of stateful session beans.
Sounds a lot like Struts action thinking to me. Drink you own poison any way you like, EJB suckers.

9. Use container-managed transactions.
Uh. Yeah, using WSAS Transcation Management(tm)!

10. Prefer JSPs as your first choice of presentation technology.
Indeed! Never mind that JSPs is the most designer and developer unfriendly templating language around. I love having to compile my templates into servlets, then loading them into the application server!

11. When using HttpSessions, store only as much state as you need for the current business transaction and no more.
No kidding. I'll try to remember that session actually uses memory somewhere.

12. Take advantage of application server features that do not require your code to be modified.
Wait, isn't this the same as point 4? Except that it binds you to the functionality of an application server and thereby invalidates the point.

13. Play nice within existing environments.
I guess this means that we should use WSAS. Period.

14. Embrace the qualities of service provided by the application server environment.
Really, how much more of this list is going to be about WSAS ball-licking?

15. Embrace Java EE, don't fake it.
And buy our fully Java EE compatible application server today! Seriously, tell this to the thousands of developers who have uneccesarily suffered under EJB's.

16. Plan for version updates.
Yes, there will always come a patch for your WSAS installation. Usually the one that fixes the bug in WSAS which is paining your development. And the techies will tell you they can't install the patch before 6 months.

17. At all points of interest in your code, log your program state using a standard loggingframework.
Yeah.. WSAS logging is just lovely to look at and modify.

18. Always clean up after yourself.
Now this is the point where I really start getting annoyed. How bout you guys cleaning up after yourself? Your company is largely responsible for soddling the development of Java EE into the state it is today!

19. Follow rigorous procedures for development and testing.
Yes, develop and test as rigorously as the application server and the web framework forces you to. Make sure you have a 100 page testing plan that lines up the procedures.



Summary: Buy IBM, use WSAS and use Struts.

Bile being done, the text actually has some good principles and points, but the concrete solutions so provided are a bit too much 2002 for my taste.

Popular posts from this blog

Encrypting and Decrypting with Spring

I was recently working with protecting some sensitive data in a typical Java application with a database underneath. We convert the data on its way out of the application using Spring Security Crypto Utilities. It "was decided" that we'd be doing AES with a key-length of 256, and this just happens to be the kind of encryption Spring crypto does out of the box. Sweet!

The big aber is that whatever JRE is running the application has to be patched with Oracle's JCE in order to do 256 bits. It's a fascinating story, the short version being that U.S. companies are restricted from exporting various encryption algorithms to certain countries, and some countries are restricted from importing them.

Once I had patched my JRE with the JCE, I found it fascinating how straight forward it was to encrypt and decrypt using the Spring Encryptors. So just for fun at the weekend, I threw together a little desktop app that will encrypt and decrypt stuff for the given password and sa…

Managing dot-files with vcsh and myrepos

Say I want to get my dot-files out on a new computer. Here's what I do:

# install vcsh & myrepos via apt/brew/etc
vcsh clone https://github.com/tfnico/config-mr.git mr
mr update

Done! All dot-files are ready to use and in place. No deploy command, no linking up symlinks to the files. No checking/out in my entire home directory as a Git repository. Yet, all my dot-files are neatly kept in fine-grained repositories, and any changes I make are immediately ready to be committed:

config-atom.git
    -> ~/.atom/*

config-mr.git
    -> ~/.mrconfig
    -> ~/.config/mr/*

config-tmuxinator.git  
    -> ~/.tmuxinator/*

config-vim.git
    -> ~/.vimrc
    -> ~/.vim/*

config-bin.git   
    -> ~/bin/*

config-git.git          
    -> ~/.gitconfig

config-tmux.git  
    -> ~/.tmux.conf    

config-zsh.git
    -> ~/.zshrc

How can this be? The key here is to use vcsh to keep track of your dot-files, and its partner myrepos/mr for operating on many repositories at the same time.

I discovere…

Always use git-svn with --prefix

TLDR: I've recently been forced back into using git-svn, and while I was at it, I noticed that git-svn generally behaves a lot better when it is initialized using the --prefix option.

Frankly, I can't see any reason why you would ever want to use git-svn without --prefix. It even added some major simplifications to my old git-svn mirror setup.

Update: Some of the advantages of this solution will disappear in newer versions of Git.

For example, make a standard-layout svn clone:

$ git svn clone -s https://svn.company.com/repos/project-foo/

You'll get this .git/config:

[svn-remote "svn"]
        url = https://svn.company.com/repos/
        fetch = project-foo/trunk:refs/remotes/trunk
        branches = project-foo/branches/*:refs/remotes/*
        tags = project-foo/tags/*:refs/remotes/tags/*

And the remote branches looks like this (git branch -a):
    remotes/trunk
    remotes/feat-bar

(Compared to regular remote branches, they look very odd because there is no remote name i…

The End of GitMinutes (my podcast)

I'm just about ship GitMinutes episode 46, which is going to be the final episode. I'll just paste the outro script here, as it sums up the sentimental thoughts pretty well:

I’m happy to have finally finished [publishing the last episodes from Git-Merge 2017], just in time before Git-Merge 2018 takes place in March. I won’t be going there myself, so I’m counting on someone else to pick up the mic there.

It’s sad to be shipping this one as it is probably the last GitMinutes episode ever. To go a bit down memory lane, 6 years ago, my daughter was born, and as I used a little of that paternity leave to set up my podcasting infrastructure and produce the first few episodes. Initially it was just going to be 10 episodes and call the experiment finished. Instead, I got to 46 episodes, the last dozen or so lazily tailing the last few Git-Merge conferences.

To every one of my guests, thank you so much again for coming on to share your passion in this little niche of computer science a…

Joining eyeo: A Year in Review

It's been well over a year since I joined eyeo. And 'tis the season for yearly reviews, so...

It's been pretty wild. So many times I thought "this stuff really deserves a bloggin", but then it was too inviting to grab onto the next thing and get that rolling.

Instead of taking a deep dive into some topic already, I want to scan through that year in review and think for myself, what were the big things, the important things, the things I achieved, and the things I learned. And then later on, if I ever get around to it, grab one of these topics and elaborate in a dedicated blog-post. Like a bucket-list of the blog posts that I should have written. Here goes:
How given no other structures, silos will grow by themselves This was my initial shock after joining the company. Only a few years after taking off as a startup, the hedges began growing, seemingly almost by themselves, and against the will of the founders. I've worked in silos, and in companies without the…