Cathi talks about Extender Providers

A while back, Cathi Gero and I got into an extended discussion about the Decorator design pattern, and she brought up the .NET Extender Provider implementation, which I frankly admit I hadn’t seen before. Now she’s blogged about it and based on what I read there, I’ve got to admit, it’s a lot more like an aspect than an actual decorator–the ProvideProperty attribute essentially acts as a pointcut, and the extender provider itself as the advice. (The weaver is arguably either VS.NET or the WinForms library, I’m not entirely sure which.)

Which, of course, begs the question–now that JDK 1.5 has annotations, could one do something similar in Java? Yet another little research project to go onto the list….

My head hurts

I used to think I know C++ pretty well, but between the various "red books" that Addison-Wesley’s been sending me, I’m rapidly discovering that:

    I don’t know templates NEARLY as well as I thought,
    There’s a tremendous amount of power in template-based languages,
    C++ isn’t nearly as dead as current programming trends might like to imply,
    The "red book" series is an awesome series to open your mind (as in, "blast it with a firehose" open), and
    I’m REALLY liking the feeling, even if it hurts. 🙂

Highly recommended reading: "Modern C++ Design" and "C++ Template Metaprogramming", along with Herb Sutter’s "Exceptional C++" and "More Exceptional C++".

Need a better name for “Messaging”

As DevHawk/Harry Pierson pointed out in comments to my "I’m going to DisneyWorld" post, I need to massage the title of my messaging talk a bit so as not to confuse the masses at TechEd who think "messaging" means "email/Exchange". Any suggestions?

Hani’s biling again….

Hani’s at it again, talking up (in his inimitable style) talking up TheServerSide Symposium next month. He must’ve been running low on the creative juice, because when he gets around to my name , the best he can come up with is:

    Bill Berk will no doubt tell us how great JBoss is (I hear he’s been practising his umms, hmms and errrs). Gregor Hohpe will STILL be trying to sell more copies of his book (possibly giving Jason Hunter a run for his money in the best-dead-horse-flogging-via-a-book category), while Ted Neward will drop names and refer to Microsoft celebrities by their first name (that really must wow the girls) and somehow try to convince us that .net is relevant for java people. Rod Johnson will have completed his transformation from mild mannered intelligent British guy to freaky mad glint in the eye Spring zealot and ejbhater (possibly with a bigger posse in tow that his six pitiful acolytes last year).

Oh, come on, Hani, you can do better than this. How about

    , while Ted Neward will try vainly to convince us that EJB is still somehow relevant and thus try to sell a few more copies of his lame-ass book


    , while Ted Neward will attempt to inject into his talks something that passes for humor in his eyes by insulting the attendeees


    , while Ted Neward will once again try to hog as much camera time as he can and this time, instead of moderating a panel, he’ll just run the entire panel himself, from asking the questions to answering them and getting into a fight onstage with himself

I mean, really, Hani, you are so much better than this! 😉

EEJ’s first 1-star review

… and the author of the review, Don R. Hanson II, it’s a legitimate beef:

    I feel kind of lonely here; everyone else seemed to love this book. Looking at the table of contents, I was very excited when I started reading the book. However, while reading it cover to cover I slowly became more and more dis-illusioned with it.

    The book is divided up into a number of recommendations, called items, in a manor similar to Effective C++ and Practical Java. The problem is that most of the items appear to fall into one of a few general catagories:

        Intro level generalities of good design for the web. e.g.
            pass data in bulk – multiple asynchronous calls out of process are more expensive than one big call
            make deployment as simple as possible – exactly what it says!
            use HttpSession sparingly – this is web application design 101
            always validate user input – my personal favorite; who today is not validating user input received from the web?
        Using a pair of items to represent a classic design best practice. e.g.
            Lazy-load infrequently used data & Eager-load frequently used data
            Consider using optimistic concurrency for better scalability
            Consider using pessimistic concurrency for explicit concurrency control
        Re-statements of some of the principals of secure coding e.g.
            Security is a process, not a product
            Remember that security is not just prevention, aka "fail securely"
            Assume insecurity, aka "grant minimal trust necessary"
            Establish a threat model

    My copy of this book has long been in the trash. Save your money. Here are a couple of free online articles to get you started:

        Secure coding:
        Article on stopping SQL injection:

Well, I can’t really deny his implied criticism that the book is too basic for his taste: much like its predecessors, the book is designed to cater to people who’ve not seen many of these ideas before, ideas which long-time architects and developers are probably already familiar with. As a matter of fact, I even make reference in the prologue to the idea that many of these items will likely elicit a "no duh!" reaction from seasoned veterans. But, in fact, the same was true of Effective C++ and Effective Java (the latter, in fact, elicited some of the same response from me when I first read it, then realized over time that this was because I had already stumbled across a lot of the items in person, and so wasn’t illuminated by it as much as I had been by Effective C++).

In response to some of your comments, such as "who today is not validating user input received from the web?", all I can say is that the OWASP Top Ten security vulnerabilities list pretty much answers that question, in that XSS attacks, command injection attacks, buffer overrun attacks and others all stem from improperly validated input from the user, so apparently the basic answer is, a lot of people.

But to address the basic issue, I formally call to anyone who thinks EEJ is too basic to email me the kind of items they’d like to see for a "More Effective Enterprise Java", in case A-W and I decide to produce said follow-up volume.

You don’t miss something until it’s gone…

If you’ve tried to reach the weblog and failed recently, it’s not your fault; we’ve been having some "issues" with our ISP here at the house, and as a result, the server (which is sitting under my desk) seems offline at times. I promise, the server is still running, it’s just that you can’t reach it. 🙂

This is one of those decisions that I’m not really looking forward to: when we make the Big Move Up North, do I continue hosting this domain on my server in my house, and be somewhat hostage to the support infrastructure of my local ISP provider, or do I co-lo the box (or just let somebody else’s box host the Web and EMail services) with a more reliable ISP that will be a bit more proactive in finding and shooting down the problems? Any suggestions or experiences?

Needing recommendations on good domain providers

I just noticed that was available, so I purchased the domain and will probably start moving the "professional" side of my life over there so as to have both a "personal" presence (here) and a "work" presence (there). This then raises an interesting question: assuming I want to host the domain on an ISP’s machine, does the blogosphere have any good/bad comments about various providers? I’d be looking for:

    Unlimited email accounts, or at least a fairly high (>100) number before additional charges kick in. I want to be able to try and keep spam to a minimum by using "tracker" email accounts when registering for downloads and stuff.
    Either an ASP.NET or Servlet/JSP engine capability, though database backing isn’t necessarily required. Obviously I want to be able to host a weblog on the domain.
    High or unlimited bandwidth. Though I don’t expect people to come flocking to my domain, I don’t want to get nailed with unbelievable surcharges the one time I get SlashDotted.
    Fairly high (>500MB) file capacity allotment. I want to be able to put seminar demos, examples, and other such things, on the server for people to get hold of.

I know there’s some strong opinions out there, so….