Community, Gotchas

Migrating from Spring 3.2.x to Spring 4 and using ‘spring-mock 2.0.8′ gives “java.lang.NoSuchMethodError: org.springframework.core.CollectionFactory.createLinkedMapIfPossible”

So this is a very short post, with a ‘gotcha’. I wasn’t able to find anything about this, thats why I write it down here right now:

If you are migrating from Spring 3 to 4 and you have in your pom.xml the following dependency:

    <properties>
        <spring.version>3.2.4.RELEASE</spring.version>
        <junit.version>4.9</junit.version>
    </properties>
...
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-mock</artifactId>
            <version>2.0.8</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-test</artifactId>
            <version>${spring.version}</version>
            <scope>test</scope>
        </dependency>

Once you migrate to Spring 4 (lets say 4.0.3.RELEASE) and run your tests you might run into a following stacktrace:

java.lang.NoSuchMethodError: org.springframework.core.CollectionFactory.createLinkedMapIfPossible(I)Ljava/util/Map;
	at org.springframework.mock.web.MockHttpServletRequest.<init>(MockHttpServletRequest.java:107)
	at org.springframework.mock.web.MockHttpServletRequest.<init>(MockHttpServletRequest.java:210)
	at org.springframework.test.context.web.ServletTestExecutionListener.setUpRequestContextIfNecessary(ServletTestExecutionListener.java:171)
	at org.springframework.test.context.web.ServletTestExecutionListener.prepareTestInstance(ServletTestExecutionListener.java:100)
	at org.springframework.test.context.TestContextManager.prepareTestInstance(TestContextManager.java:319)
	at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.createTest(SpringJUnit4ClassRunner.java:212)
	at org.springframework.test.context.junit4.SpringJUnit4ClassRunner$1.runReflectiveCall(SpringJUnit4ClassRunner.java:289)
	at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15)
	at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.methodBlock(SpringJUnit4ClassRunner.java:291)
	at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:232)
	at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:89)
	at org.junit.runners.ParentRunner$3.run(ParentRunner.java:231)
	at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:60)
	at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:229)
	at org.junit.runners.ParentRunner.access$000(ParentRunner.java:50)
	at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:222)
	at org.springframework.test.context.junit4.statements.RunBeforeTestClassCallbacks.evaluate(RunBeforeTestClassCallbacks.java:61)
	at org.springframework.test.context.junit4.statements.RunAfterTestClassCallbacks.evaluate(RunAfterTestClassCallbacks.java:71)
	at org.junit.runners.ParentRunner.run(ParentRunner.java:292)
	at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.run(SpringJUnit4ClassRunner.java:175)
	at org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:252)
	at org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:141)
	at org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:112)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:483)
	at org.apache.maven.surefire.util.ReflectionUtils.invokeMethodWithArray(ReflectionUtils.java:189)
	at org.apache.maven.surefire.booter.ProviderFactory$ProviderProxy.invoke(ProviderFactory.java:165)
	at org.apache.maven.surefire.booter.ProviderFactory.invokeProvider(ProviderFactory.java:85)
	at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:115)
	at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:75)

Then all you need to do is make sure that you *DO NOT* have ‘spring-mock’ still in your dependencies configured. As it seems that ‘spring-test’ has assimilated this in its own JAR in Spring 4.

Remove from POM.xml, re-run tests and be happy again. It took me a while to figure this out. I hope it saved you some time!

Standard
Community, Craftmanship

Facilitating the Global Day of Coderetreat 2013 in Amsterdam

On the 14th of December 2013 – the Global Day of Coderetreat was held at ZilverlineI have experience with coderetreats and also organised one at the 7th of january in 2012, and the GDCR12.

This time I both hosted and facilitated this event. This means that besides practical stuff I also did the talking which I will explain further in this post. This was the first time I did this and I’d like to share how it was. If you want to get an impression of the day you can have a look at this slideshow.

A big thanks to Bob Forma and Diana Sabanovic who helped me with the hosting aspects throughout. This enabled me to mostly focus on facilitating.

I was anxious, especially since last years GDCR was very well done. Back then I had a great experience and I was not sure if I could give the participants the same experience. Yet, I wanted to do this: I just love sharing knowledge and give people something to learn or think about.

After attending the GDCR Facilitator Training by Jim Hurne, I had a clear image of how I wanted the participants to experience the Coderetreat: People having fun, learning from each other and the constraints given.

Thats it.

Continue reading

Standard
Security

Paypal, vulnerability through obscurity?

I have been member of Paypal for quite some time, and I use it rarely.

When I use it, I want it to be a quick, seamless experience. I log in, do my business, log out. Thats it.

Reality is different. Although I must admit, it does not help that I forget my password every time. Since I use Paypal every 6 to 12 months I can’t get it in my muscle memory.

I bought 1password a while back to help me remember only one password (you don’t say?) and let it generate strong, secure passwords. I have been changing my passwords on all websites I visit ever since.

And so Paypal and I meet again. And I want to change my password.

The last time I wanted to change my password at Paypal it was a very, very unpleasant experience. I actually was glad I got through the process and wanted to forget about it. This time I decided to write about it because it is a long while back and it really is bad.

In a sense you could say Paypal has been compromised, not technically but through usability.

Before I could change my password I had to answer my security questions which I filled in whaaaay back and I could hardly remember them. Since I did know the answer of the security question but I could not write the down *exactly* I had a hard time getting past the first step. So I get it, you want to protect us from others changing our password when we forgot to log out and such. Why not ask the password *again* (old password) at this very step? (This step did not happen after I wanted to change my password again, so it is as if this is into effect when the user has not logged in for a while.)

Once I got past the ‘security questions’ page I actually get the familiar 3 fields: old password, new password and new password again.

I open 1password, let it generate a strong password and then I got smacked in the face again. You may not copy and paste a password in the ‘new password’ fields. Paypal deliberately blocks any copy/paste actions.

We’re not finished though, because Paypal is also very specific about what your password may or may not be.

- It may not contain your name or email address (which makes sense)

- It must contain a symbol, a number and a capital. Even though it does not even matter for your password strength. (it is not like computers actually *read* your password as humans do)

- It has a maximum length. What!? Got worried passwords take up too much space? I can’t possibly imagine why you would restrict this.

- Your password should be hard to guess for a relative or friend. (which kind of infers the 1st point)

Since I cannot copy/paste the password, I have to copy/paste the password in an editor. Re-arrange my windows so I can fill in my password and see it at the same time. After I filled the first new password field, I actually get a warning that my password is at maximum length. As if it is a bad thing my password is 20 characters long.

I go on, type the password again and (of course) I made a mistake (typo), which results in a red message saying the passwords are not the same.

So here I am, trying to change my password and about to give up because it is as if Paypal does not want me to have a secure account.

I believe we got here a ‘we think too much for the user’ syndrome. I believe Paypal does want their users to have secure accounts (the what part), but how they implemented it is having an opposite effect (at least on me). So how could they have done it better?

- get rid of the security questions first (*)

- don’t restrict maximum password length, keep your minimum. Seriously, there is no reason to do this.

- don’t enforce special symbols, capitals or numbers. Instead hint them how to create easy to remember yet very strong passwords.

- allow copy and pasting. If you are afraid of some users being compromised by that, then they probably are being compromised on several levels.

And perhaps the most important suggestion: Make it an easy, seamless and effortless to change your password.

(*) - Yes, this might indicate that if someone knew my password they could change it, which perhaps the security questions wanted to prevent. However, if someone knew my password then that is a problem on itself. And you’re probably trying to fix the wrong problem.

Standard
Stuff I've learned

Stuff I’ve learned #04

Time has passed…

  • In commit messages, describe intent rather than implementation details. (thanks Remco!)
  • Using github? Then you can refer to issues in your commit messages using #. Ie when there is an issue (#12), and you want to fix it. Just refer to it with a #12 and Github will automatically link your commit to the issue.
  • It always takes more time then you always think to revamp your project(s).
  • Start with why. Easier said then done though. (Reading the book, so I might write a review about that soon)
  • Paypal’s functionality to change your password sucks. Perhaps I’d write a blog about it…
  • Github already rocks by making it so easy to host repo’s, and with Travis’ integration it made me drool. Especially when I wanted to merge a pull request:
    Screen Shot 2013-09-11 at 3.18.31 PM Screen Shot 2013-09-11 at 3.27.44 PM
Standard
Stuff I've learned

Stuff I’ve learned #03

Another week has passed:

  • Unlike in Windows; in Chrome you cannot easily focus on your bookmarks bar with a keyboard short key on Mac OS X.
  • If you want to run rake tasks in your specs in a before block, be sure to set a line
    Rake::Task[name].reenable

    so you can re-execute them every time. Rake seems to remember which task has been executed, so you cannot execute it twice.

  • If you want to stub out STDOUT messages (like with ‘puts’) in your spec, use:
    STDOUT.stubs(:puts)
  • When in doubt, speak up. Always.
  • With Scrum, big stories are big risks. Split them up.
  • Don’t use PID files to remember which proces has been started and when it should be stopped. Especially if you want to reboot a deamon process automatically once it has died. Instead wait for it when the deamon has quit and act upon a not-normal exit code.
  • Sometimes using ‘git fetch -p’ is not enough to prune all your local branches (which do not exist anymore on remote). You can use a rather long command (see below, from stackoverflow question)
    git branch -r | awk '{print $1}' | egrep -v -f /dev/fd/0 <(git branch -vv | grep origin) | awk '{print $1}' | xargs git branch -d
  • With editorconfig (*) you can create code formatting rules, nothing new here, but editorconfig has plugins for a lot of known editors, (I tested it in Vim & Sublime), meaning you can now share these rules cross-editor. Now that is cool!
  • With C++, when your function argument is using const, and you’re calling a non-const function on that argument you will end up with a message like:

    “error: passing ‘const xxx’ as ‘xxx’ argument of ‘function you where trying to call on xxx’ discards qualifiers”.

    You can fix this by telling the function body is const:

     bool myFunction() const { /* code here */ } 

* Thx to Arjen about editorconfig.

Standard
Dune II - The Maker, Stuff I've learned

Stuff I’ve learned #02

Some time has passed, and I’ve learned new stuff again:

  • Updating a single gem is not done with ‘bundle update <gemname>’ but in fact with ‘bundle update –source <gemname>’. See this post for more info on that.
  • Mailbox (iOS) is a really neat mail program. I really love this ‘remind me later’ stuff which keeps my mailbox clean and keeps me from writing these reminders myself in the Calendar app.
  • With CTRL-F2 you can get focus on the menu bar in any mac app. (more keyboard shortcuts here)
  • With JSONLint you can easily verify JSON.
  • In Ruby you can actually create a Hash using brackets with key, value order. Ie like: Hash["myKey", "value", "myOtherKey", "myOtherValue"]. The [] is a class method.
  • I am really happy that we spent time creating a ‘load dump from environment X into my dev environment’ so we can easily test migrations and fix lots of bugs beforehand (instead of having to solve issues while deploying to an environment).
  • When using ZShell and you want to issue a rake task you cannot pass parameters with [] (ie rake myjob[someparam] won’t work). You need to use single quotes around the jobname + its parameters. Ie: rake ‘myjob[someparam]‘ works.
  • You can download free, legal, VM’s to test IE versions on different versions of Windows (here)
  • You can create your own events with SDL using User events., as is done here
  • The Global Day Coderetreat 2013 will be held at the 14th of December and we (at Zilverline) host one!

Thx to Sander for his tips about MailBox and ZShell.

Standard