REST APIs that serve their content via HTTP have limited options for authentication. One of these is request signing. With a little bit of custom specification the standard approach HMAC can be utilized for efficient and secure authentication. In my last blog entry I explained an approach for using API Keys in a REST API. This approach has a significant drawback, which comes from the necessity...
Read MoreThe designer of a new REST APIs soon comes across the problem of authentication. He has a number of standardized or custom methods to choose from. In this blog entry I want to outline design and implementation criteria for API Key authentication. Why API Keys? Authentication methods for HTTP requests include but are not limited to standardized methods Basic HTTP Authentication OAuth Authentication Digest Authentication and non-standard methods: ...
Read MoreEstimations play a central role in every commercial software project. Whenever a feature is discussed, planned or scheduled the need for an estimation is not far. In this blog entry, I want to investigate one bias in particular and its effect on estimations in software development: The Anchoring effect. Unknown biases distort our relation to reality [1], and lead to misconception and failure. While we can not...
Read MoreUnit tests should be small in scope and fast in execution. Shooting for tests like these during development, I am getting reliable and ready-to-use code units fairly quickly. Once I have such a unit of code I integrate it into my system, and when my code unit meets the real world for the first time, it often fails. And I get a ton of new test cases. Code unit, meet integration test. These days my code is often...
Read MoreThis week I updated my IDE to Eclipse 4.3.2 which comes with Egit 3.2. After that my "Push to Gerrit" action was gone from the usual place. If the same thing happens to you, here is how to get it back: In the context menu, select Team > Remote > Configure Push to Upstream. In the upcoming dialog, select Add Configure HEAD to point to refs/for/master After applying, you...
Read MoreAs I started in the programming industry almost a decade ago, writing tests at all was still a fairly new thing for many developers. Having been one of the early TDD advocates in my social environment, I had to recommend many best practices and books to students and colleagues. Kent Beck, Robert Martin and many other more or less public figures provided invaluable advice and...
Read MoreOne strength of Eclipse is the possibility to use the same code on desktop clients as well as in web clients. The same application can run as an installed desktop application and in the web browser, with only few adjustments for both platforms. In our experience, about 80% to 90% of the code can run in both environments, if some guidelines are followed (i.e. no...
Read MoreSituation 1: "Dad, where is my yellow road roller?" - "Let me see, son.." Looks around. "I have no idea. Are you sure you didn't leave it at grandmas?" Situation 2: "Dad, where is my green bulldozer?" - "Let me see, son.." Looks around. "Here it is, son … wait, where did it go? I was sure it just sat there in this box." *Confusion* Class loading...
Read MoreEclipse/OSGi has a strict versioning scheme consisting of 4 parts, separated by dots. This is well-known to Eclipse developers, and thus in the Eclipse/OSGi world the versioning problems are solved. In the past few months references to the Semantic Versioning scheme became more and more frequent. It seems similar to the Eclipse versioning, but is not quite the same. Thus a small overview is in order....
Read MoreUnit tests often stop being useful where concurrency is involved. A special case is thread safety which can be tested relatively easily with the use of a simple JUnit rule. Suppose middle earth wants to keep track of the dragons that were slain over the centuries. The dragons are tracked in one list, and reports come in from different dwarfs, humans or elves. Sometimes, a dragon...
Read More