Ya this is my last post on this blog. Why? have I stopped blogging? no way.
Now I have my very own blog at jigar.org/blog/.
So why buid a blog, where ther are so many available for free? well, here's the answer.
Sunday, February 05, 2006
Thursday, February 02, 2006
Why is the invoker evil?
copy pasted shamelessly from tomcat faq:
Why is the invoker evil?
Why is the invoker evil?
This is opinions of the writer (YMMV)
Quickie about the invoker: The invoker is a dynamic servlet which allows run-time loading of other servlets based on class name. This servlet is the one that allows
Evil because:
For another explanation of the invoker servlet, why it's evil, and what to do about it, see JavaRanch FAQ.
Quickie about the invoker: The invoker is a dynamic servlet which allows run-time loading of other servlets based on class name. This servlet is the one that allows
http://localhost/servlet/com.foo.MyClass?more=cowbell, where com.foo.MyClass is some class which can be loaded as a servlet but was never explicitly declared in a config file. Evil because:
- Security risk ... see links above
- Configuration hiding - There is NO way to determine which servlets are used vs which are not used. In web.xml, every servlet is declared and mapped. In that one file you instantly have a road map to how the webapp works.
- Back doors. Servlets which are mapped can be alternately called via the invoker by class name. Since the URL is different, all security constraints might be ignored since the URL pattern is VERY different.
- Back doors. Bad programmers make it easier to do bad things.
- Back doors. It may be common to use common 3rd party jars in a shared area. If that shared jar has servlets in them and that servlet has a hole in it, bad things happen.
- Configuration hiding - it's important enough to say twice. Explicit declaration while a PITA, will be more helpful in the maintenance scheme of your webapp.
For another explanation of the invoker servlet, why it's evil, and what to do about it, see JavaRanch FAQ.
Six hours of sleep is more than enough, anything more is waste of time
this is what Bhavin told me yesterday. Humm, let me try this for a week.
New words
Arsalan Zaidi's Blog has been a good place for me to learn new words. I am always amazed with his wordplay, let alone his vocabulary.
I would have, probably, never used words such as Redux, fanboyz, osmosis in my writings. This is not to say that his blog is loaded with such words, But almost every post has some new word which reminds me that I need to finish building 52words.
I would have, probably, never used words such as Redux, fanboyz, osmosis in my writings. This is not to say that his blog is loaded with such words, But almost every post has some new word which reminds me that I need to finish building 52words.
How Users Read on the Web
excerpts from page How Users Read on the Web. Something we all can learn from.
"People rarely read Web pages word by word; instead, they scan the page, picking out individual words and sentences"
"Credibility can be increased by high-quality graphics, good writing, and use of outbound hypertext links"
"Users detested "marketese"; the promotional writing style with boastful subjective claims ("hottest ever") that currently is prevalent on the Web"
"Web users are busy: they want to get the straight facts"
"People rarely read Web pages word by word; instead, they scan the page, picking out individual words and sentences"
"Credibility can be increased by high-quality graphics, good writing, and use of outbound hypertext links"
"Users detested "marketese"; the promotional writing style with boastful subjective claims ("hottest ever") that currently is prevalent on the Web"
"Web users are busy: they want to get the straight facts"
Patterns of XUnit Test Automation
"Automated test are more repeatable than manual tests because they execute exactly the same way every time. They don't forget things after long weekends and vacations. They don't leave to work on other projects. They don't get sick or run over by a bus." excerpt
I always loved the promise made by "tests", will try writing them some day. For now, Patterns of XUnit Test Automation is a good place to read and get excited.
"Why is Test Automation Important?
Automated unit tests (A.K.A. "developer tests") and functional tests (A.K.A. "customer tests") are a cornerstone of many agile development methods (such as eXtreme Programming). The availability of automated, self-checking tests allows developers to be much bolder in how they modify existing software. They allow a more evolutionary form of software development that support incremental delivery of functionality to the customer (motto: Deliver early; deliver often!) that speeds up user feedback and improves the quality (both "fitness for purpose" and "software quality") of the software being built. The techniques are also spreading to less agile development methods via the introduction of "Test Driven Development" as a less extreme process alternative." excerpt
I always loved the promise made by "tests", will try writing them some day. For now, Patterns of XUnit Test Automation is a good place to read and get excited.
"Why is Test Automation Important?
Automated unit tests (A.K.A. "developer tests") and functional tests (A.K.A. "customer tests") are a cornerstone of many agile development methods (such as eXtreme Programming). The availability of automated, self-checking tests allows developers to be much bolder in how they modify existing software. They allow a more evolutionary form of software development that support incremental delivery of functionality to the customer (motto: Deliver early; deliver often!) that speeds up user feedback and improves the quality (both "fitness for purpose" and "software quality") of the software being built. The techniques are also spreading to less agile development methods via the introduction of "Test Driven Development" as a less extreme process alternative." excerpt
Wednesday, February 01, 2006
Subscribe to:
Posts (Atom)
