Software Developer Newsletter Header
        CPTTM software developer newsletter issue #24, Kent Tong, Editor in Chief

Dear Software Developers,

This CPTTM Software Developer newsletter is to bring useful news to you, software developers in Macau, for references without obligations, so that you can do your jobs easier and better! Hope you like it. if you'd like to unsubscribe or recommend your friends to subscribe, just email me at kent@cpttm.org.mo. Old issues are available here.

Topics in this issue:

A practitioner's approach to performance testing

Came across a good overview on performanance test. If you'd like to learn to use the various tools to conduct performance testing, please join our Performance & stress testing web applications course when it opens again in the future.

Writing portlets

A portlet is a server-side gadget on a web page. If you ever went to Yahoo's home page, you have already seen portlets: There is a portlet showing the news items, while another may be showing the weather information. Here is a great tutorial on writing a simple porlet. If you'd like to learn more, please join our new course: Writing Portlets in Java.

Why do logging in your applications?

The purpose of logging is to let the organization running your program to diagnose its mis-behaviors and monitor its health (performance, security, etc.). For example:

  • If the application is not working as expected, the technical support people in the organization may be able to find the problem in the log, or send it to you (the developer) for analysis.
  • The performance manager may be monitoring the log for performance problems (e.g., slow reponses).
  • The information security officer should monitor the log for any peculiar events such as a user on vacation logging in the middle of the night or a low privileged user trying to access a high priviledged function.

For the above people monitoring the log, it is difficult to find useful information in thousands log messages. Therefore, you should highlight those important messages by using a higher severity level. For example:

  • Fatal: Your application cannot run and must abort now (e.g., out of memory).
  • Error: Your application cannot run for this moment but it may work or retry later (e.g., can't connect to the DB for the moment).
  • Warn: Something potentially harmful happended (e.g., conflicting configuration options specified).
  • Info: The information that a support technician may want to check to see if the application is working (e.g., performing a business function or a user login failure).
  • Debug: The information that the developer may want to check why the application is not working (e.g., entering which method and the argument values).

One should note that the above severity levels are designed for technical support and developers for diagnosing mis-behaviors instead of for security. For security, a user login failure should probably receive a much higher severity and the application probably should create a separate security log instead.

High impact: SpringSource's policy regarding maintenance releases

On Sept 18, SpringSource, the creator of the Spring framework, put forth a new policy: Maintenance releases for a major release of Spring will be available to paying users only after three months of the major release. That is, if Spring x.0 was released in Jan 2008, after Apr 2008, releases like Spring x.0.y would only be available to paying users. Even though the source code will be available in the subversion repository, no tags will be provided so ordinary users will be unable to build stable maintenance releases.

A lot of users were very angry about this. Therefore, on Oct 8, SpringSource revised the policy so that maintenance releases for the latest major release will always be provided. So, you will be affected only if you want to stick to an old major release. This change makes the policy a lot more acceptable.

However, this kind of abrupt and premature policy changes shouldn't really come from a company that is in good health. If you're using Spring, you may want to re-assess the risks now. In particular, there doesn't seem to be a developer community around Spring other than employees of SpringSource: In the past year no one outside SpringSource has contributed a single line of code to Spring. This makes it difficult to find support from anyone other than SpringSource.

FYI, the pricing of their enterprise support plan depends on the size of the customer and their use of Spring. From information on the web, it is on the magnitude of US$22,500 per year.

Oracle Enterprise Pack freely available

If you do Java EE development such as JSF, Web Services, Spring and Database Development on Eclipse, you may want to check out the freely available Oracle Enterprise Pack. It provides the Java EE features in JDeveloper to Eclipse. It is particularly useful if you use WebLogic.

Upcoming courses for software developers

Course code Title Start date Duration (hours) Fee (MOP) Remarks
CM351-11-2008-C Writing Portlets in Java 2008/11/07 6 600 New! Learn how to create JSR 286 compliant porlets using Liferay.
CM350-11-2008-C Rich Internet Application(RIA) development with Flex 32008/11/16362000New! Learn to use this excellent RIA framework to create hihgly interactive web applications in ActionScript.
CM353-12-2008-C Introduction to ASP.Net by using C# 2008/12/16361500New! Localized content and most affordable way to learn ASP.NET.
CM349-12-2008-C Introduction to Google Web Toolkit
  2008/12/19 19.5 1200 New! Learn to use this excellent RIA framework to create hihgly interactive web applications in Java.
CM348-12-2008-C Essential PHP penetration testing2008/12/2212800New! Identify common security problems in PHP websites.

Feedbacks

Any questions, ideas or experiences to share? Contact me at 28781313 or kent@cpttm.org.moWe also have two other newsletters: CIO newsletter and Network administrator newsletter, your friends may like to subscribe.

Until next time, 

Kent Tong

CIO Newsletter Footer