Stories about Software


Basic Protections on Your Mobile Devices: A Stitch in Time

Today’s post is going to be one where I’ll regale you with a rather ridiculous tale of woe, relief, and redemption. And, it’s my hope that you can learn from my buffoonery just as I did, but without the part where you’re a buffoon.

It’s a story that starts out simply enough. I have a phone and a tablet, both of which are Android devices. With the last Android phone I had, I set up a pattern verification for login, but about a year ago, I got a new phone and never bothered. I also got a new tablet and never bothered with it, either. So, two devices, no security to prevent access to anyone who happens to find them, and no plan of action in case I lose them. My security is just me not losing them or having them stolen, which has actually historically gone pretty well. So, it always will, right? But wait, the plot dumbens.

Today, I went to the gym, which is what I do most days. I’m fortunate enough to have a gym in the same building as my office, and, due to the fact that the gym locker room is one of the weirdest and most annoying places on Earth, I typically have a process flow where I change in my office and go to the gym. So, I did that, leaving my office with my keys, wallet, and tablet in tow. I use the tablet to watch Pluralsight videos while I jog on the machines. After working out, I left the gym, changed in my office, got a bite to eat, and went home.

When I was ready to start thinking about bed earlier tonight, I noticed that I didn’t have my tablet in my gym bag or my laptop bag that I’d brought home. Checked the car, and nope. Guess I left it at the office. Or the gym. Ruh roh. Nah, couldn’t be. I must have left it at the office. Just to make myself feel better, I called the gym, and they told me that they hadn’t seen it. Good, must be in my office. Or… crap. I realize that I’m not going to be able to sleep without solving this mystery, since my tablet has no security and is synced up with all kinds of stuff that I don’t want people accessing. Why, oh why, didn’t I secure the tablet? Oh well, I’ll just drive the half hour to my office, see it on my desk, and feel better. Grumble, grumble.

I get to my office, half an hour later, and have trouble with my keycard for some reason. Luckily, the night custodian knows me and was there to let me in (the fact that the night custodian knows me means that I should probably think about scaling back my hours). I go upstairs, unlock the door to my office and there on my desk is… no tablet. It’s also not in any of my chairs, bookshelves or other places in there that I might have tossed it. It’s almost midnight, I’m back at work, and someone has taken my tablet. I start googling, and fast. I found this site, called Android Device Manager, which is pretty awesome. It lets you see where any of your devices are and, if you’ve set it up, it lets you lock or wipe them remotely. Too bad I hadn’t set it up. The only option I have is to send a loud, five minute “ring” to the tablet, but this app can’t locate the thing anyway, so nevermind.

I also found this “Android Lost” site along with a companion “Jump Start” app that you can use in tandem to remote install something that allows you to wipe the device. Whoah, seems ripe for abuse, but whatever, I’m desperate. No go, however, because it can’t seem to locate the tablet on wifi anywhere and I had already in a panic changed my google password and disabled twitter. Not much, but it was a start. But, it also seemed like it would now prevent me from engaging this option since my google store credentials were different. Oh well, I’d change my google password back. But, I discovered I couldn’t, unless this dude on the internet was to be believed and google caches exactly 110 old passwords before it lets you roll them back over. I can picture him laughing once every evening at each sucker that stumbles on that link and spends 45 minutes changing google passwords 110 times.

I was screwed. I sent one last “ring” signal to my lost tablet, locked my office, and wandered down toward the gym, which had closed at 11, to see if I could hear the thing or something, notwithstanding the apparent lack of wifi connection. When I got there, I couldn’t hear any joyous tablet noises, but the door was open for some reason, so I just went in. I was alone except the usual bad gym music that’s always blaring — something about a drum that, mercilessly and cruelly to the ears of anyone not in love with autotune, “won’t stop beating.” Given my despondence and general distaste for gym-garbage-pop, I so desperately wanted it to stop beating for just a second. Nonetheless, I wandered over to the elliptical that I had used and there, lo and behold, was the tablet, exactly where I’d forgotten to collect it when I was hurrying out of the gym.

Wow am I lucky. I almost didn’t go back to work. I almost didn’t make it into the building because of a key malfunction. I have no idea why I was able to wander into the gym, unsupervised, over an hour after closing and just help myself to whatever was in there, but I was. And now I have it back, and all it cost me was having to change my Google password and my Outlook password.

But I’ve learned my lesson. Phone and tablet now require a pattern swipe to sign in. And both devices are completely configured for remote wipe via the Android Device Manager. If you’re on Android, set both of these things up right now, I beg you. It will take you literally 20 seconds if you have your phone and a browser with you. If you have iThings or Microsoft stuff, I’m sure there’s some equivalent that you can find. It’s oh-so worth it, and you won’t realize it until you’re hit with that sinking feeling. Do yourself a favor, and avoid the late night drives and scrambles to change passwords and whatnot. If you go this route, you’ll just be kicking yourself for losing a few hundred bucks and not wondering what horrible things “you” will have broadcast over email, text message, and every social media platform on Earth by the time the dust settles.


Speeding Up DaedTech

As I get back into doing web development more and more these days, I’ve started to pay attention to some of the finer points, such as not having a sluggish site that turns off visitors. To that end, my Trello Board for this site had a card/story sitting in the “To Do” bucket for speeding up DaedTech’s load performance.

The first thing that I did was visit GTMetrix and run a baseline to see if subsequent things that I did would improve performance. From there, I installed W3 Total Cache which is a WordPress plugin that provides a whole bunch of functionality for speeding your site, mostly revolving around setting cache settings. After a bit of poking around and research, I figured out what was going on, and I enabled settings that helped with some low hanging fruit.

This included “minification” of CSS and javascript, a process whereby the whitespace is compressed out of these things as they’re sent from the server, thereby reducing the total amount of data sent (and thus time to process that data on the client side before displaying it). It also included optimizing the caching settings that the site suggests to returning visitors so that pages, styles, media, etc are stored locally on your machine as much as possible, which prevents reloads. This also setup the further use of GZip for further compression.

For improvement in the future, I installed a plugin called WP-Smush.it that will use the Yahoo utility for image compression to any file I add through the media library. This seems convenient enough that I should probably start adding files through the media library in general rather than simply putting them on the server and linking to them at their full local URL to get this functionality.

While I’m at making resolutions to improve speed going forward, here are some other tips that I’ve picked up today:

  1. Serve scaled content. Meaning don’t put up some huge image that the browser downloads only to use CSS or HTML in to tell the client to shrink it down. Send over the smallest possible image.
  2. Favor using my own images instead of embedding them from other sites. This lets me control the cache expiration suggested to the browser and the size as well. With hyperlinked images, I don’t have this control.
  3. Specify the image dimensions rather than simply accepting the default.
  4. Consider using image “spriting” to combine images such as the gaggle of social buttons into a single “image” to reduce the amount of stuff getting sent over the wire.
  5. Consider using a content delivery network to store your resources in places closer to site readers.
  6. Try to limit the number of things that make HTTP requests (like social media buttons)
  7. Use a utility to defer javascript execution so that it doesn’t block page load

I’m no web performance guru by any stretch. This is just what I pieced together in a morning after saying “I want my site to load faster”. I’m hoping that people in a similar situation to me will see this and realize that there is some pretty low hanging fruit to be picked here and that it isn’t terribly complicated to do so.


Connecting to TFS Server with Different Credentials

Hello, all. My apologies for the unannounced posting hiatus. I’ve recently started a new employment venture and I was also on vacation last week, touring the Virgina/Pennsylvania/DC area. Going forward, I’m going to be doing more web-related stuff and probably be a little more of a jack of all trades, so stay tuned for posts along those lines.

Today, I’m going to post under “lessons learned” for getting rid of an annoyance. Every once in awhile I have occasion to connect to a TFS Server using different credentials from those with which I have logged in. Whenever I do this, I am prompted for credentials when connecting to source control, which can be fairly annoying. Well, thanks to Mark Smith for a recent tip for how to avoid this.

In Windows 7/Server, go to the Control Panel and choose the “Credential Manager”. In a strange quirk, “Credential Manager” isn’t actually visible in the default control panel view, and so you have to click “View By” and select something other than “Category”. Once you’ve done this, you should see the Credential Manager.

In Credential Manager, go to “Add a Windows Credential” and enter the computer name, along with your login credentials for it. You’ll probably want to include the domain, so your username will be YOURDOMAIN\YOURUSERNAME. The domain isn’t strictly necessary if both logins are on the same domain, but I think a common scenario is you’re logged in to the local machine and connecting to a TFS server on a domain somewhere.

Once you’re done, you might need to restart Visual Studio. (Truthfully, I don’t know because I had already closed it when I was doing this).

Richard Banks has posted this same process with screenshots (minus the bit about Credential Manager not showing up by default).

And, that’s it. Spend 30 seconds doing it and save yourself daily or even more frequent annoyance from here forward. Cheers!


JUnit for C# Developers 8 – Obeying Demeter and Going Beyond the Tests

Last time in this series, I pulled an “Empire Strikes Back” and ended on a bit of a down note. This time around, I’d like to explore how I’ve alleviated my Law of Demeter problems, and about how fixing a code smell in my tests pushed me into a better design.

Up until now, I’ve been blogging as I go, but this one is all in the past tense — the work is done as I type this. I set out tonight with only one goal, get rid of my LOD violations, and this is where it took me.

Rethinking my Class

Recall that last time, I was passing in a database object, querying that for a collection, querying that for a cursor, and then querying the cursor for my actual database objects that I parsed and returned from the service. After a bit of trial and error and research, I decided that my service class needed to encapsulate the collection since, as best as I can tell from whatever Eclipse’s version of Intellisense is called, cursors are forward only and then you need to get another one. So, if I don’t pass in the collection at least, my service method will only work once. Fine – not thrilled about the collection.cursor.objects thing, but it’s at least pulling one LOD violation out.

I now have a handful of tests that look like this:

public void returns_room_model_with_roomName_from_database_room_key() {
	String myRoomName = "Rumpus Room.  Yeah, that's right.  I said Rumpus Room.";
	DBObject myMockDatabaseObject = mock(DBObject.class);
	DBCursor myMockCursor = mock(DBCursor.class);
	DBCollection myMockCollection = PowerMockito.mock(DBCollection.class);
	RoomServiceMongoImpl myService = BuildTarget(myMockCollection);
	assertEquals(myRoomName, myService.getAllRooms().toArray(new Room[2])[0].getRoomName());

and my class became:

public class RoomServiceMongoImpl implements RoomService {

	public static final String ROOM_CODE_KEY = "room_code";

	public static final String ROOM_NAME_KEY = "room";
	private DBCollection _collection;
	public RoomServiceMongoImpl(DBCollection collection) {
		_collection = collection;

	public Collection getAllRooms() {
		Collection myRooms = new ArrayList();
		DBCursor myCursor = _collection.find();
		while(myCursor != null && myCursor.hasNext()) {
			RoomModel myModel = buildRoomModel(myCursor.next());
			if(myModel != null)
		return myRooms;
	private RoomModel buildRoomModel(DBObject roomObject) {
		Object myRoomName = roomObject.get(ROOM_NAME_KEY);
		char myRoomCode = getRoomCode(roomObject.get(ROOM_CODE_KEY));
		if(myRoomName != null) {
			return new RoomModel(myRoomName.toString(), null, myRoomCode);
		return null;

	private char getRoomCode(Object myRoomCode) {
		return myRoomCode != null && myRoomCode.toString() != null && myRoomCode.toString().length() > 0 ?
				myRoomCode.toString().charAt(0) : 0;

A lot cleaner and more manageable following some good TDD if I do say so myself (though I may be whiffing on some finer points of the language as I’m still rusty from 2 years of mostly uninterrupted C#). I’m still not thrilled about the heavy test setup overhead, but I’ve made incremental progress.

Now, where things got interesting is in wiring this up through Spring and MongoDB. The class works in test, but I need now to figure out how to use my spring-servlet.xml to get an instance of the collection injected into my class’s constructor. I wanted to do this (1) without defining any additional code and (2) without resotring to static implementations or singletons. For (1) I’d rather leave the DB setup stuff in XML as much as possible and for (2) I try to avoid static at all costs unless there’s some compelling argument that doesn’t lean prominently on a premise of “it’s more convenient”. Static is about as flexible as a diamond.

So, here is what I did:


I discovered that I can use factory-bean and factory-method attributes to invoke instance methods on beans that I’d created, turning their return values into other beans. I also learned that “constructor-arg” is rather unfortunately named in that it actually just translates to “arguments to the method in question”. So, in the case of the mongoDatabase bean, I’m getting it from my mongo object’s getDB() method with a string parameter of “daeadlus”. On the whole, the beans above translate to new Mongo(“”).getDB(“daedalus”).getCollection(“house”) being stored in the “mongoHouseCollection” bean, which I injected into my service. When I wired and fired it, it worked perfectly the first time.

So, this post has been a little thin on actual information about JUnit (really just the denouement to my last post), but there is a nugget in here for spring wireup, and, I think the most important lesson for me is that the design benefits to TDD go beyond just code. By taking my test smell seriously, I wound up with a design where I completely factored the database setup garbage out of my code, which is clearly a good thing. Now, I’ve been around the block enough times that this would have happened regardless, but it was interesting to note that making a testability/clean-code decision and sticking to my guns teased out a macroscopic design improvement.


Configuring Fedora and MongoDB

In my last post, I covered installing MongoDB on Fedora. This is another post as much for my reference as for anything else, and I’ll go over here getting set up so that my application successfully uses the MongoDB server.

When I left off last time, I had successfully configured the server to allow me to create documents using the mongo command line utility. So, I created a collection and a document and was ready to access it from my web application. Following the examples in the MongoDB java tutorial, I created the following implementation of my HouseService interface that I had previously hard coded room values into:
Read More