Posts

Long time, no blog

Recently, I was asked to write a blog about a side project I did. That question reminded me of the blog I used to have… long time ago. I stopped blogging due to changes in my personal situation, which led to a priority shift. Being a father to two beautiful daughters sure takes a lot of time! But I missed the possibility to share some notes, thoughts, ideas and the like.

Automatic scan for known vulnerabilities in dependencies

When using third-party components (be it open source or not), we all know it’s a good practice to keep your frameworks and libraries up to date. This is also one of the spearhead in the OWASP Top 10 (2013 edition): A9 - Using Components with Known Vulnerabilities. To help you assess your projects status with regard to this, OWASP.org developed the tool Dependency Check. This tool is primarily intended code bases in Java, .NET, Ruby, Node.js, and Python. Integration with various build tools is also provided for.

Tweaking nginx for serving static content

For a recent project, we decided to use the nginx webserver as our primary web server. It is easy, relatively light-weight, and it seemed to suit our needs quite well. The project had a lot of static content - HTML, JavaScript, CSS and image files. Of course, we wanted to achieve a high performance with as many concurrent requests being served as possible. This is what we did. Setup First of all, it is worth to mention the setup.

Quickly count your code base

Often, the size of a code base is measured in terms of “source lines of code” (SLoC). If you’re interested in the size of your code base - or your client is - this metric provides a way to express that size. Of course, comments and the like are not considered to be code, so how to determine this metric? Using grep is tempting, but it quickly results in a very complex and hard-to-understand approach.

Easily upgrade Java dependencies

To start with a cliche: the Java ecosystem continues to develop at a high pace. Various open source frameworks releasing versions, sometimes even multiple versions at the same time. This may quickly turn into a risk But how to deal with it? Basically, you have two options. We’ll take a typical Maven-project as an example, which uses Commons Lang 3. See the end of this post if you prefer Gradle over Maven.

Combining Docker and Maven

When you’re building Java or JVM-based software, chances are these days you’ll be deploying it inside Docker. Chances also are you’re building it with Maven. Now how do you combine the two? Of course, you could plumb together some scripts for the platform of your choice, but there’s a few disadvantages to that. First of all, it makes you platform-dependant: your build may not work - or behave differently - depending on the platform where you’re building.

Timing in Protractor tests

Ever noticed that annoying error while running your Protractor tests: > Error while waiting for Protractor to sync with the page: {}. Especially the two brackets are annoying, because they suggest more information might be available but it is just hidden for you. The good news is, the fix is rather easy. It turns out that Protractor expects your application to have an data-ng-app attribute on the HTML body element.

Mobile emulation in Google Chrome

Building a web site or web application that should also be useable on other devices than ‘regular’ desktops or laptops? You don’t always have your mobile device at hand, or might not even own one. Yet, you want to see how your new gem looks on such devices. Worry no more! Google Chrome to the rescue. We all know the ‘Developer Tools’, accessible using F12. If you press ESC while inside the ‘Developer Tools’, the ‘DevTools console drawer’ appears.

This method is likely to yield significantly better performance

This week, I came across an interesting difference between the Java API documentation and its current implementation. A difference? Or is it just a matter of thorough reading? If you look at the Javadoc for Double.valueOf(), you’ll find that it is likely to outperform the use of new Double(). Sounds good! And don’t we all ove it when we get a free performance boost? However, examining the source code to see what causes this “significantly better space and time performance”, we find….

Checking logfiles with logcheck

If you own a private server, like me, you’ll probably know the feeling you need to check your logfiles every now and then. It’s not a lot of work, it’s not difficult, but it needs to be done, and it needs to be done regularly. As for me, the solution is simple. I installed the logcheck tool. This nice little tool will send you a daily email with all logging information on your system.