Alaa Nassef's Java Blog

The tenth reason

noreply@blogger.com (Alaa Nassef) — Wed, 20 Apr 2016 12:02:00 +0000

WOW! It's been about eight years since my last post, which was about the nine reasons people leave their jobs. I wrote that post while I was preparing to leave the company I was working for back then. It was a sort of thinking out loud post, where I was evaluating my decision to leave. Now, it's time again to move on, but it is for a reason not mentioned in my 2008 post.

Recently, I have been thinking about leaving the company I'm currently working for for some of the reasons mentioned previously (financial, different types of experience, etc.), but found myself adding another reason to the mix that I wasn't aware of back in 2008. It's independence!

I want to be on my own. I have some side projects that I wanted to work on since forever, but never had the time to attend to due to my full time job. Whether you want to have your own business, become an entrepreneur, be your own boss, whatever you call it, you just want independence.

One solution to become independent is to have your own project, whether it's a services providing company (e.g. social marketing, SEO enhancement, car cleaning, etc.), a product (e.g. mobile app/game, a book, hand made soap, etc.) or opening a shop/office (e.g. co-working space, coffee shop, etc.). Another solution is freelancing! Yes, when you're freelancing, you are actually an independent service provider.

The great thing about freelancing, if you're really good at what you do, is that you get to choose what to work on and when to work on it. Of course when you agree with a client on performing a task in a specified time frame, you have to do it the way (s)he wants in the time frame you agreed on, but you get to choose the project and agree on the time frame before you start, which is totally different from when your boss tells you that you have to do a boring task in an illogical time frame, causing you to work extra hours and weekends on something that you don't like. Maybe I'm exaggerating a little bit, but you get the point. I have met cases quiet similar to what I have described here, and believe me, they suck.

There are of course several problems with freelancing, one of which is marketing yourself. If you decide to be a freelancing developer, web designer, whatever, you have to search for prospective clients (checking ads in newspapers, craigslist, etc.), show them your portfolio and previous projects, and convince them that you're the one they need. The problem here is that doing this search is hard, and a lot of clients are non technical and would cause more hassle for you that your current boss.

The solution to this is to go for one of those freelancing websites, like upwork (formerly oDesk), elance (an upwork company), freelancer, guru, fiverr, etc. However, another problem shows up here. The problem with those sites is the barrier to entry. You might be the best one in your field, but you would still find it hard to land your first job. Bidders do not want to take the risk of hiring someone with no previous work reference on the platform they're using. This will cause you to lower your price to really (funny) low rates to convince people to hire you. This will also make you go to any brain dead job just to get a positive feedback. My first job on oDesk was to solve some high-schooler's programming assignments, but to keep the quality of the code low so that not to raise the teacher's suspicion (I'm not proud of that, but I needed to get in the system back in 2007)! Well, oDesk (now upwork) have a good system where you take a lot of tests to prove the skill you have, but the problems are still there. One more problem is that the clients of those platforms are mostly small companies (or individuals), which limits the cash you might get.

This is where Toptal comes in. What Toptal does is to screen all applying candidates (language, personality, skills, problem solving, etc.) to make sure they only get the top 3% of the freelance talent. By guaranteeing the talents that work with them, they have a great roaster of clients, and they set (really) good hourly rates for you. I believe that this is the best thing you can get (if you're one of the top 3% of course). I'm trying out in the next couple of weeks to join Toptal in the software development group, which is going to be great for me. I believe that I'm one of the tom 3% in my field, so I hope this is going to go fine. However, if you read this, I hope that you pray for me to do well, since I think that this might be the best option for me.

A company similar to Toptal is crossover, but the drawback they have is that they require that you work with them full time (but you get paid hourly based on the actual work). By them making you work exclusively for them, with no guarantee of the number of hours you will actually make, and now way to set your availability to be a part-timer, Toptal wins by far (IMHO).

So, this is the tenth reason why you might want to leave your job. You want independence, which is what Toptal provides.

The nine reasons why people quit their jobs

noreply@blogger.com (Alaa Nassef) — Wed, 27 Aug 2008 12:25:00 +0000

Did you ever quit your job for another one? Do you know someone who did that? Are you thinking of quitting your current job? I'm sure that "YES" is the answer of at least one of the previous three questions. The next question is "WHY". Why did you quit your job? Why did the person you know quit his/her job? Why are you considering quitting your job? Now the answer to those questions would differ from one person to the other, and I've heard a lot of different answers. One of the things I hate is when the person you ask begins his answer to why (s)he's quitting with "a lot of reasons". I believe that there can't be a lot of reasons, because IMHO, there can only be the maximum of nine reasons.

This article is not a top ten reasons (or a top nine reasons in our case) of why people quit their jobs. This article is about what I believe to be the nine, and the only nine, reasons of why people quit their jobs to go work in another company in the same field.

Before we start stating the nine reasons, let me state the intended audience of this article, and why those are the ones I'm targeting:

HR people: I'm targeting those people since they can conduct a list of questions for exit and entry interviews, so that they can know exactly why people leave their jobs, categorize the answers into the nine reasons, calculate the percentages and weights of each reason and see where are the weaknesses and strengths of their company, so that they can try to do something to improve the company.
People considering leaving their jobs: You have to categorize the reasons that make you leave your job, prioritize the nine reasons/aspects according to your needs, give them weights and do the math. Some people leave because they got sick of something, and go to place far worse than where they've been just because they got a little bit too emotional, or because they were more subjective than objective. Remember to do the math, and leave for the right reasons.
Normal employees who are not considering to quit: Are you sure that you don't want to leave? Remember the grass is always greener on the other side of the fence (your neighbor's backyard :-P). Just kidding, but seriously, even if you are satisfied with where you're working, you have to do the math, at least to know what makes you so happy. Prioritize the nine reasons according to your current needs, give them weights, give scores to your company for each of the nine reasons, and see if the score is good or not. Some people are satisfied with jobs that really suck, just because they either don't know what's on the other side of the fence, or because they're afraid that their neighbor has a dog in his backyard (that's a metaphor for being afraid of taking the risk, if you haven't already got that).

I will not be talking about career change, since HR cannot convince an accountant who wants to leave to be a professional ballerina to stay. If I go into this, this will just be some useless blabbing. I'll just give it an honorable mention at the end of this post. Now let's start with the reasons:

Financials: Let's face it, we all work for the money. Yeah most people try to work in a field they enjoy, but we work to pay the bills and feed ourselves and our children. When I say financials, I do not just mean the salary. Other things add up on the salary, like bonuses and the possibility of traveling a lot with a good travel allowance. A lot of people might leave a perfectly good job for another one that pays more. Those people might either have a lot of bills to pay, or maybe they're just leaving because they feel that they're being underpaid in relation to the market, even if they're not in need for the money. This situation might be really stressful to a lot of people, because they feel that they are not given what they deserve.
Position: Titles are really important. First of all, your title decides your salary range. Secondly, it gives you prestige. Each of us wants to be something, and the title gives you a part of that. In the first company I worked in, there was no career path, and there were no defined titles, so both the youngest and the eldest people in the department (except for department managers and project managers) were both developers. Being a senior or a junior was highly subjective. Finally, after a lot of complaints, the company created a team (which I was proudly a part of), to create a defined career path. Well, let having a career path aside, even if there is a defined career path, some people leave their jobs to go to a job at a higher position, even if it's in a smaller company and, believe it or not, a smaller pay. They regard this as an opportunity to get the higher title, which will be their key pass to a yet better job with this higher title at a bigger company. One final point, some people might leave their job for the same position at another company where there is a higher potential for the promotion.
Technical Experience: When Ed Burns asked Rod Johnson and Chris Wilson (in the interviews in Secrets of the Rockstar Programmers) about when its time to change jobs they both had similar answers. It's time to change jobs when you are not learning anything new. Similar answers were given by others in different ways. What I mean by technical experience is the experience with the tools, frameworks, syntax, etc.
Professional Experience: What I mean by professional experience is soft skills, managerial skills and other professional skills like software engineering practices. Some people might leave their jobs for another one where they would increase their experience in those professional areas. Professional experience might be more important than technical experience for some people. Gaining managerial and leadership skills would surely help you get promoted and direct you into the managerial path (project manager, department manager, CEO), while technical experience will get you promoted and direct you into the technical path (architect, senior architect, CTO).
Business Experience: This is an important one. Knowing the business of the telecommunication field, banking, brokerage, etc. is really helpful. You might turn into an independent consultant for such companies. Gaining experience in a certain field is the most important thing in a job at a certain time, which might get someone to leave his job to go to another one where he would gain that experience. For most people it is not that extreme, but a lot of people would like to get some business experience along with the other two types of experience.
Workload: This differs a lot from one person to the other. some people hate the high workload, while other are real workaholics. Generally speaking, most people hate being overloaded, and in the same time, they hate being idle. I have seen five people from the same department quit their jobs at the same time when their project was over, and the planning for the next phase was taking a really long time. Those people felt that they were idle, and hated that. On the other hand, a lot of people quit when they find themselves working an average of fifteen hours a day for really long periods. People really need their work-life balance to be maintained.
Stability: When a company is not stable, you tend to find a lot of people leaving it for their sense of insecurity, but this is not the only meaning of instability. I have seen a company that didn't have a real financial crisis, but the pay date was always a surprise. The problem was that the financial department was in KSA, while the development team was in Egypt, and salaries were sent on monthly basis. Since sometimes the financial team would like to depend on an amount of money that should be collected from a client, salaries would be delayed, sometimes for more than 15 day. Sometimes, people received their salaries before the pay day. This inconsistency/instability was really bad, and it was the main reason I left that company. The sense of insecurity that the company may fail, or that you might not be able to get your next paycheck to pay your bills might be the strongest reason why you might leave a specific company.
Environment: A lot of things go under this category, from the quality of tea and coffee in the company kitchen/buffet, to the way your manager treats you. The team spirit, flexible hours, company facilities and management appreciation are all parts of the environment, and believe it or not, it's one of the biggest reasons people leave their jobs (especially regarding management appreciation and how the boss treats his employees).
Benefits: The benefits system of the company is also one very important aspect that may change your mind about the place you want to go. Health insurance, discounts at selected shops/service providers, pension plans, numbers of vacation days per year, etc. are core parts of the package. I worked in a company that arranged one or two trips annually for employees at really great rates, and employees paid the expenses of the trip in six months, which is a great benefit for those who love to travel.

Those were the nine reasons that are, IMHO, the only ones that may make someone quit his job for another one. Any other reason would be either a special case of one of those nine reasons, or a combination of a subset of them. For example, you might see someone who wants to leave the company, because he needs to be in a place where he can innovate. I believe that innovation has environment, benefits and workload aspects. Some environments encourage innovation, while others don't. When a company allows you to spend some of your time that you get paid for in innovation, this guarantees that your workload will not be increased if you need to innovate, while in the same time, it is clearly a part of the benefits system in the company, since you can do something that you love in the company's time.

Another example is that when some people tell you that they're leaving their job because they live away from where they work, and they need to work somewhere which is near their homes. This has both workload and financial aspects. The time you spend going to work and coming back home is added to the number of hours that are not a part of your personal life, hence, in an indirect method affects your work load. As for the financial part, the money you spend on gas, or transportation is a part deducted from your paycheck. If a company provides buses, this would certainly affect the financial part. Additionally, if the company is flexible enough to allow you to do a part of your job while in the bus, this would surely reduce your workload.

The examples are endless, but I think that this was enough for now. The last two points I would like to tackle are career change, and a tenth very special reason for quitting a job. People change their careers for several reasons, where most of the nine reasons are included (moving to a field that pays more, or has a higher potential, etc). A reason for a career change that's not in the nine reasons is that the person might not feel comfortable in the field he/she is working in. This is something that cannot be discussed in a rational manner. You cannot convince someone to love accounting more than dentistry. This is just a matter of a personal taste, and the only way to deal with such cases is to stress on the strong aspects (from the nine reasons) of the field this person is working in compared to the weak ones to the field he/she wants to leave for, and to try to explain the risk of starting a new career from the very beginning of the career path of that field, compared to continuing in his/her current path.

Finally, the tenth very special reason that I didn't include is when a woman quits her job to give more time for her children. I believe that this is a special case of a career change, where the woman changes her career from being a professional engineer for example to being a professional mother. It also has the workload aspect, since she needs more time for her personal life, i.e. less workload. Some companies partially solved this problem by opening in-house nurseries for employees' children. This reason is similar to the cases where someone quits because he/she needs to relocate to be near his sick mother for example. Some companies can solve such cases partially by being flexible enough to accept a large portion of the work to be done from home.

I hope I covered the subject well enough. If you have any reason that you think that it isn't a special case of the nine reasons, and not a combination of a subset, please tell me so that I can enhance this article further. I know that it has bean a really long read, and I hope that it was worth your precious time.

Rights issue

noreply@blogger.com (Alaa Nassef) — Tue, 26 Aug 2008 10:39:00 +0000

Yesterday, I did a small search on Google to see how my blog is doing. I was searching for my ACEGI article, and I found that it made the second result on Google, and that was great. I looked at the first result, and to my surprise, it was my article, but on another blog. No, this was not a link to my article, it was THE ARTICLE. I did not put it there, and no one asked me if they would have used it. At least the article was signed by "By Nassef", but that's just my last name. If you google that, I will not show up in the top results at all. They didn't ask my permission to use the article, they didn't put a link to my blog and they didn't even put my full name. I wrote a comment stating that I was mad at the action, even though that I was flattered that the article was good enough to be referenced and used by other people. They did not have the decency of showing up my comment. All they did was to make my last name "Nassef" signing the article as hyperlink to my blog, which shows that they are not really bad people, but what about my comment? Why didn't it show up? Why didn't I receive an apology, by mail at least? Isn't this the decent thing to do? Anyway, I'm both glad that the article was good enough to be used as reference, but I'm really disappointed due to the fact that I had to discover that my article was on another blog for about a year now without a clear reference to me.

A facelift for my blog

noreply@blogger.com (Alaa Nassef) — Sat, 23 Aug 2008 20:15:00 +0000

Yeah, it really needed the redesign. I really got sick by the dark theme, and I really wanted a three column design. Anyway, I'm happier with this new design, and I'm planning to be writing some really interesting articles in the really near future, so be prepared ;).

Problem with Apache's Axis2 1.4 Download

noreply@blogger.com (Alaa Nassef) — Wed, 07 May 2008 10:28:00 +0000

Version 1.4 of Axis2 was released five days ago. I was trying to download it, but I'm getting an internal server error when I try to get to the download page of version 1.4. I sent an email to the webmaster, but until they get that fixed, you can download it from any mirror. Well, I'm currently downloading it from http://apache.hoxt.com/ws/axis2/1_4/. Thought you'd like to know, in case you want to download it and face the same problem.

EDIT 8 May 2008:
Download link in apache website now working

Bubble Wrap, Hani Suleiman and Logging Abstraction

noreply@blogger.com (Alaa Nassef) — Tue, 06 May 2008 16:16:00 +0000

Let's imagine that you are in an antique shop and a beautiful vase or a statue caught your eye and you thought of buying it, either for yourself or as a gift for a friend. You look at the price tag, and you find that it has a reasonable price. You compare it with the other antiques in the shop, and you decide that this is the one that you want.

You then call for the sales person to take the antique (let's just say that it's a vase) that you chose to the cashier, where you go to pay for it, and to, more importantly, choose the box! Why a box? And why is it that important?

Well, imagine going home with this vase un-boxed. The risk of it shattering, or at least getting a part chipped off is quiet high, and you wouldn't like this to happen, would you? Boxing is very important for reducing the risk of your vase getting broken or chipped off. But there's one more thing. The vase you chose is an antique hand made vase. It did not come out of a production line that produces thousands of replicas. It is one of a kind, handcrafted by a craftsman somewhere in the world, so it does not have a box specifically made for it with an image of the vase printed on it. You'll have to choose a box that will suit your needs. You can choose a fancy looking box if this is going to be wrapped as a gift, or you can choose a cheap box if you just want to take the vase home, and don't care about the box. The box can be made out of paper, cardboard or wood. You have the freedom of choice, and you have a really large variety to choose from, because this antique shop has got everything.

So, you choose a box that suites your needs, and now everything is OK, right? No, it's not OK. If the vase does not fit the box exactly, then you'll be facing some trouble, because the vase might break inside the box after banging to the walls of it a several times. Even if it's a perfect fit, you still have a problem. What if you decide to buy a cheap ugly looking wooden box, that is a perfect fit, but after going home, you remember that your best friends birthday is next week, you didn't get him/her a gift, and this vase matches his/her taste exactly. You'll certainly need to get a new fancy box for the occasion instead of the cheap ugly one. What will you be doing then?

Cushioning is the answer. Foam peanuts, styrofoam and bubble wrap are all great ways to cushion your valuable vase in the box that suites your needs. If you'd ever need to change boxes, there will be no problem, since you can wrap your vase in bubble wrap, and you're done. After all, this is what bubble wrap is good for (even though some people think that it's good for annoying other people by popping them in public).

What does all of the above have to do with anything? Well, let the vase be a software product, the box be the logging framework and the bubble wrap be the logging abstraction framework. That simple! You buy the software solution because this is what you want, but you need logging to trace transactions and exceptions that occur in the system, so you can tell the vase manufactures, sorry, the software vendor to give you patches that fix those problems. Using a logging abstraction framework helps you changing the logging framework very easily, without the need to change anything your software. Imagine having to change the vase, simply because the fancy box you got to put it into for your friend doesn't fit. It would be insane, wouldn't it.

OK, so what about Hani Suleiman? He's the CTO of a consulting company, and the owner of the controversial BileBlog. He's also a member of the executive committee of the JCP, and on the expert group of several specification requests. In his last post before his disappearance from the blogsphere (which was 9 months ago), he was ranting about Tapestry's creator, Howard Lewis Ship, moving from ACL (that's Apache Commons Logging, not Anterior Cruciate Ligament :P), more commonly known as clogging or JCL, to SLF4J. He was referring to Howard's blog entry, which didn't give much technical details (actually no technical details) on SLF4J in my humble opinion.

Well, I have to disagree with Hani here. Even though Log4J is one of the most widely used logging framework, it's not the best. You've got Logback for example, which was created by the founder of Log4J, and has several performance enhancements. You also have a lot of other logging frameworks, and it's totally wrong to force your consumer to use one of your choice.

When you are developing a framework (like the case of tapestry), you should never tie the users with a specific logging framework. I, for instance, like to use logback instead of the de-facto log4j. Being tied to a single implementation is really frustrating. You should be able to change the box if you want. I know that what you actually want is the vase, but if you have no choice but taking it an ugly cheap looking box, and no bubble wrap, you might think of purchasing another vase from another shop, just because you can't possibly give your friend a gift in this ugly box.

He casualy flaps his michelin man arms about about how easy it’ll be for everyone to migrate, and how its no big deal to CHANGE EVERY SINGLE F****** SOURCE FILE YOU HAVE.

This is what Hani says in his blog, and again I wonder how would a man of his position imagine something like that? SLF4J is intended to be a drop-in replacement to clogging. You just have to read the manual (which is quiet small by the way). You can just drop in slf4j.jar and slf4j-jcl.jar in your class path in place commons-logging.jar, and you're done. Now you can use bubble wrap instead of foam peanuts!

Even if you're developing a product or a system, it's a bad practice to tie yourself with the concrete implementation of, well, anything. It's the ABC of design. You have to decouple yourself from everything. You have to "DESIGN TO INTERFACES", and this is why abstraction is so important.

Dear Hani, I have to totally disagree with you on that subject. Even if you are annoyed by people constantly popping up the bubbles in the bubble wrap, this doesn't mean that bubble wrap is a bad thing. Eliminating the use of the bubble wrap would make buying the vase a great risk, since it may break, or get chipped off. Not cushioning your antiques is a bad practice. Even if you get a box where the vase fits in perfectly, without the bubble wrap, you'll not be able to change the box (logging framework) without totally redesigning the vase :D.

The only exception to the above is with log4j and slf4j. Slf4j took the liberty of creating a drop-in jar that is intended to redirect the calls made to log4j to slf4j. This is done so that if you are using a library that calls log4j directly, and you want to use some other logging framework via slf4j. Anyway, I again repeat and insist that using a logging framework directly without an abstraction layer is totally wrong. It's like putting your valuable vase in a large wooden case in the back of your car while driving on a bumpy road, without any bubble wrap!

One last thing. Some people speculated that one of Hani's subjects waited for him in a dark alley and killed him, since it's been 8 months now since his last post. Actually, Hani is still alive, but he seems pretty busy to be blogging about anything these days. He is on the industry reviewers list of two tracks of this years JavaOne. He also had a couple of comments on a blog post, and was interviewed in February by InfoQ. Good to hear that he's still alive.

At the end, if you are a fan of popping up bubble wrap, you'll like this. Another thing, the bubble wrapped statue image was taken by Japh in the British Museum back in 2004. I contacted him to ask for his permission to use it. He gave me his permission to use it.

NetBeans 6.1

noreply@blogger.com (Alaa Nassef) — Mon, 28 Apr 2008 12:19:00 +0000

NetBeans 6.1 was released several minutes ago, and it does have some cool new features. Well, some aren't entirely new, like the JSF CRUD generation feature and java beans support that were missing from 6.0 have returned. It also has some major performance enhancements (up and above the really great performing 6.0) including an up to 40% faster startup time, lower memory consumption and increased responsiveness while working with large projects.

A lot of other features are present. Two of the best for me are the rich javascript editing features and spring framework support (including spring web framework). MySQL is supported in this release (no wonder, since it's now owned by Sun :D), and you can add a server to the DB explorer, view, create and delete databases easily with lots of other operations.

Code completion for JavaDoc is now present in this release, which is really convenient. For the Ruby/JRuby, the support has been enhanced a lot with editor quick fixes, a Ruby platform manager, fast debug for JRuby, and other enhancements.

Better shareablity of projects is also a great feature, where you can create projects that share definitions of libraries. Axis 2 support for web services have been added as well as SOAP UI integration for web service testing and monitoring. I also love the new semi-transparent windows, which may add (a little) to the productivity (you won't have to minimize and restore a lot to see what's going on in other windows), in addition of it being a real eye candy.

Another feature that I really like is that now the inspect members and hierarchy actions now work with classes that the source code is not present for (like 3rd party libraries that do not have an attached source). This is really great.

This was a summary of the new features of 6.1. For the full list of features, you can see this link. Bugs reported between December 2007 and March 2008 were fixed too. Of course I expect the release of 6.1.1 about a month or so later this year to fix any bugs that come up after this release. The next major release (6.5) is planned for October the 2nd. Keep the good work going.

I got the best job offer ever

noreply@blogger.com (Alaa Nassef) — Mon, 28 Apr 2008 08:14:00 +0000

Yes I did! No, I wasn't offerred to be the CEO of Microsoft or anything, I was offered to be a senior software engineer (which is my current position by the way), but the offer itself was unbelievable. Well, let me start from the beginning.

Like most people, I have profiles on recruitment sites, like monster and others, where I look at the current openings in the market. There is no harm of knowing where the market is going, and what's your current price in the market. It would also help to find great offers, like the one I got (well, maybe not as great as the one I got).

Since I have a public profile on some recruitment sites (which is not a really very nice thing to do), recruiters and companies can view my profile and cv to contact me directly instead of me having to look for job postings and submitting to them (I'm kind of lazy). Anyway, on February the 21st, I got an email from Renfield Recruitment Agency in London, telling me that Duramex Petrolium PLC (also in London) is looking for all sorts of engineers (petroleum, mechanical, computer, electrical, aerospace, etc.) for an extremely large project. Accepted candidates with more than two years of experience will be given a full time position, while candidates with less than two years of experience will be given a one year contract, which is renewable on satisfactory basis.

Well, all I had to do was to send a copy of my CV to Engineer Peter Wilson on career.renfield@gmail.com, and so I did. I also forwarded the mail to two of my friends whom I thought might be interested of relocating to London. Anyway, on the 26th of February I received another email from Renfield recruitment containing two attachments. The first being the appointment offer and the second being the terms of agreement!

Yup, I was accepted as an employee in Duramex petroleum WITHOUT AN INTERVIEW. The appointment offer said, and I quote "...your placement was based on with out any form of oral interview, from; the RENFIELD RECRUITMENT SERVICES. You should also note that your placement was based on certified information found in your CV/Resume...". I know that my LinkedIn profile is quiet good, but to get me a job offer without an interview? WOW!

OK, here's a summary of the package:

Monthly salary of 9945.00 British Pounds (YES, thats Nine Thousand Nine Hundred Fourty Five GBP) TAKE HOME (After Tax). I can ask of taking them in US dollars or in Euros by the way.
Full medical insurance for me and my family
Family accommodation in company community
Local transportation will be fully provided for me and my family
A land line and a mobile phone will be provided
Security in both work place and housing community
Life insurance
Complete meals for me and family
And the list goes on...

Well, who would be stupid enough to turn down an offer like this one? We are speaking of an income exceeding 237 thousand dollars a year, after tax deductions, plus full housing, medical insurance, life insurance, meals, and even a travel allowance on your vacation complete with airline tickets, plus of course the other benefits. This is like an income of half a million dollars per year (if not more). All I had to do was to contact "International Global Visa Rite Services" before the 10th of March, either by email (employment_visa_rite@mail2consultant.com) or by phone (+447045766361), to apply for the immigration visa. I should have paid the fees, and would have been fully reimbursed after my arrival.

Seems like a good deal, right? Actually, it seems too good to be true, doesn't it? Well, yes, it isn't true. I wasn't lying when I said that I got such an offer, but what I mean is that this was a fraud. There is no Renfield Recruitment, no International Global Visa Rites, and above all, the is no Duramex Petroleum! This was a scam from the very beginning, but it was a well played one.

If you google Duramex Petroleum now, you'll find tons of results on the scam, but this wasn't the case back when I got the email in February. I had to search for the company records in the official UK government register of UK companies, and do a lot of googling to find out that everything was a fake (and to shatter my dreams of wealth too :P).

Well, why didn't I blog about this earlier? Stupidity is a good answer. I thought that by contacting the authorities I would be doing a greater good, so that they can catch the villains when they're not taking care, since no one was blogging on them. I was an idiot. I could have been the number one result in Google for Duramex Petroleum by now, but NO, I didn't do that so that not to grab attention to the scam, so that the authorities could do their job. I got absolutely no response from the Interpol. The Scotland Yard website suggested to either go to the local police station (I'm in Dubai, UAE, not in UK), or to report it to the American Internet Crime Complaint Center, which sent me an automatic respond, and no one contacted me after that.

Anyway, this wasn't the end of it. One of the two friends whom I forwarded the first mail to got the same offer (well, same package, but as an IT manager) on the 15th of April. He got it directly from Duramex Petroleum this time, and not through Renfield Recruitment :D. The scammer had launched a fake website using Microsoft Office Live. I contacted Microsoft, and they replied in less than an hour to tell me that the fraudulent website had been closed. They also told me that they have taken appropriate action, and asked me about any information that would aid their investigation. I sent them the info, but don't actually know if a real action was taken against those people or not.

I really want to kick myself for not blogging about this earlier.Here are the links for the Appointment Offer and the Terms Of Agreement I received on the 26th of February. Also here is a text file with all the contact details that I collected from my communications with Renfield Recruitment and from the mail sent to my friend. This file is a part of the mail I sent to Microsoft.

Now just some few tips for you, whether you want to be able to find out scams, or to run your own scams professionally :D

People contacting you claiming to be a company or a recruitment agent should regularly have a corporate mail and domain, and not emails on Google and Hotmail. Some recruiters do use free mail servers so to reduce the number of spam on their corporate mail system. If you receive a mail from a free mail service, you should at least be a little bit careful.
A large company or corporation should have a website, and it's usually a dot com website not a dot org. The latter is cheaper, and is mostly used with non profit organizations (or people who want cheap domains). Another thing, a corporate website will not be hosted on Microsoft Office Live, Google sites or any other similar service.
If you suspect a website, do a whois lookup to see who's the registrant, and try to make sure that the information is true.
ALWAYS research the company that wants to interview/hire you before taking some serious action
If relocating to another country, ask friends who know this country about rules, standard of living, cost of living, and salary ranges for people of your experience

Finally, I would like to thank Emad Bakir a lot for helping me with information on UK, and UK companies, and for being the one to tell me that this is probably a scam.

EDIT (4th of May 2008)

Just wanted to add some links to other sources

A post on Yahoo Answers
Another post on Yahoo Answers
Fraud Watchers (that was the only thread available at the time I got the offer)
My post on java ranch
Available on a warning page on job scams on Oil Offshore Marine's website

Weird Tattoo!

noreply@blogger.com (Alaa Nassef) — Thu, 17 Apr 2008 19:45:00 +0000

Today I was in Deira City Center mall with my wife, and I believe that I have seen the weirdest tattoo. I don't know if this was true, or my mind was playing games on me, but I think that I saw a girl with a big (I mean really big) tattoo of McDonald's logo on her back. Most probably I was hallucinating after the the large Subway sandwich I ate. It was weird

JDC 2

noreply@blogger.com (Alaa Nassef) — Sun, 16 Mar 2008 11:33:00 +0000

Yesterday I attended the annual Java Developers Conference, held in Cairo, Egypt. This event was the main reason I extended my vacation, so that I can attend it before coming back to Dubai. This is the second year EGJUG (Egyptian Java User Group) has such a conference (apart from their monthly meetings and seminars of course). This years event was WAY better than last year's. Well, let me summarize the event for you.

First of all, Ahmed Hashim, EGJUG's leader gave the keynote of the conference, then he was followed by words from the two golden sponsors, Etisalat Egypt and Microsoft Egypt. Yes, you read it right. Microsoft was a golden sponsor for the Egyptian java developer's conference!

I believe that Microsoft found this as a chance to give a better image to the developers, and show them how good they are. I don't believe that they were supporting java, since I've heard from my sources in a Microsoft parter company, that Microsoft did some pressure on them to stop them from sponsoring the event (both last year and this year). I believe that Microsoft thought that improving their image, and promoting port25 and codeplex is worth sponsoring JDC, but since thew would have gained nothing from their partner companies sponsoring the event, Microsoft pressured them to not do it. Anyway, this post is about the event not about company politics, so let's go on.

After the keynote and the sponsor messages, Ed Burns gave a great session on Demystifying JSF. His presentation slides were divided into two parts, but he gave part one only, due to the time constraints. Ed was followed by Hossam Karim (Software Architect at ITWorx) who is one of the eldest members of EGJUG, and a great contributer to the java community. Hossam's session was on "Enterprise Integration: A Service Oriented Architecture perspective", where he spoke about the methods of integrating different enterprise applications from different vendors together, with the pros and cons of each method. He spoke about the types of integration(information portals, data replication, shared business function, SOA, distributed business process and business to business integration), the styles used (file transfer, shared database, remote procedure invocation and messaging) an then he spoke a lot about messaging with its problems, solutions, concepts and implementation. I believe that it was a really great session, but he needed some more time, because the material was quiet large.

We took a coffee and a prayers break, then we went back for the next couple of sessions. The third session was given by Gisele Consoline from IBM Brazil, and it was titled "Discovering Business Driven Development for SOA". This session was one of the worst sessions I have ever attended in my whole life. First of all, I believe that the title should have been "How to use Eclipse for absolute beginners". The "Business Driven" part in the presentation was a sentence she said in the middle of the session that can be summarized as "before you begin coding, take the requirements from the customers, so that you don't code something different from what the customer wants"! As for the "SOA" part, she was not using just any Eclipse, she was using IBM's WebSphere that supports SOA development! Overall the session was a terrible experience for me, especially I was sitting in the front row, so it would have been embarrassing if I had gone to sleep :D.

The fourth session was given by Pooya Darugar, from Microsoft. I don't know if having a Microsoft speaker was part of the sponsorship agreement or not, but the session was nice. The session was titled ".NET and Java Interoperability" (Notice that .Net comes before java in the title :P). The session was really nice. Pooya had great presentation skills and was able to catch everyone's attention. Afterwards, when I was evaluating the session, I found out that the session can be summarized as this: "Microsoft, along with other companies, standardized web services so that .NET and Java web services can communicate with each other, without the need of customization from the web services developers". As you can see, nothing new was gained from the session, but Pooya used his skills brilliantly to make the people feel that it's a valuable session. At the end of the session, he had a couple of slides promoting Microsoft products/sites/technologies, like WPF, silverlight, codeflex, popfly, etc. Overall, it was a good session, but the gain from it as a technical person was just this: "Web services now can work together without any problems, regardless if they are written in java or in .net", which is why web services were created in the first place.

A lunch and a prayer break, then the final two sessions. The next session was given by Ed Burns (again). I thought that he would give part 2 of the first session, but instead he gave a session titled "Enterprise Grade Ajax and JSF", which was really great as well. The last, but certainly one of the best sessions (if not the best) was given by Alef Arendsen, and was titled "Spring Dependency Injection & Java 5". The session was mainly on the new method of configuring spring beans using annotations.

After that, there was the giveaways raffle, where I won my third free book in quiet a short period. The book I won was given by O'Reilly, and it's titled "Enterprise Java Beans 3.0, Fifth Edition".

The overall experience of the event was great. It's not just the sessions, but also meeting people that I haven't seen in a very long time, like Amal Kheirallah from ITWorx Alexandria, and like Mohammed Hamed, Ahmed Rizk and Mostafa Askar who were with me in college, and who I haven't seen in a really long time.

The main thing that I think could have been improved is the crowd. This year, the size of the event was increased to accept about 600 people, which is great, but accommodating all those people in one place made it impossible to have desks for the people to easily take notes, and the crowd on the buffet during lunch was a disaster. I believe that dividing this event into separate tracks will allow more people to attend the event, and there will be less people in each session, causing a less crowd. The area where the buffet is held should have been larger to reduce the number of people in the queues. Other than that, it was a really great day.

The Missing Perfect Processor

noreply@blogger.com (Alaa Nassef) — Sun, 17 Feb 2008 08:37:00 +0000

On the 23rd of January, I sent an email to the editor of PC Magazine Middle & Near East. Well, I like the content of this letter, so I decided that I would post it as a blog entry here, so here you go.

I read your February issue article on the "CPU Road Map 2008", and I started thinking about how far we are from the perfect processor. I'm not talking about future processors that are going to have gazillion cores and do everything from simple arithmetics to 3D graphics processing. I'm speaking about the processors that we could have this day with today's technology.

Intel is better in developing transistors; they keep producing smaller transistors each day, giving the possibility of putting more cores on the same chip and reducing power consumption and heat (especially after they created the High-k metal transistor). Another thing is that Intel supports DDR3 with it's greater speed (even though the FSB is still slower than the fastest DDR3) and lower power, while AMD moved to DDR2 recently.

AMD is, and was always, better in their processor architecture. They created the 64 bit PC processor more than a year before Intel adopting it to make it's own EM64T, AMD is not using an FSB to access memory, which is a great advantage and finally, AMD's Phenom processor is going to be a real Quad-Core processor, and not two dual cores glued together.

With the technology available from both manufacturers, we (the consumers) could have had better processors than we have today, especially that each of the two companies is excelling in something totally different from the other. Unfortunately, since they are competitors, and it's impossible to convince any of the companies of sharing their secrets with the other company, then we are never going to have the perfect processor, because there will always be great differences, that if combined would have produced a far more greater processor.

Well, this was the end of my letter to the editor, and I hope that you like it.

Finally, I won something!!!

noreply@blogger.com (Alaa Nassef) — Sun, 03 Feb 2008 07:29:00 +0000

Did you know that java ranch is one of the best java communities with one of the best forums around? I'm not saying this because I won a book from them, but because it's one of the largest java communities on the web, where you would find nearly the answer of any java question you want an answer for.

OK, did you know that they have a book promotion that runs nearly every week, where the author of the book goes online to answer users' questions (and of course promote his book)? This promotion runs from Tuesday to Friday, and people who post eligible posts (real questions, answers to questions, discussing the book, etc.) are eligible for winning a copy of that book. Every promotion, there are four winners, and this weeks promotion was on Struts 2 Design and Programming: A Tutorial.

Guess who's one of the winners? IT'S ME!!! Finally I won something, and I'm really glad, to the extent that I'm blogging about it, at the time where the project I'm working in is on crisis, and with more than 8 (yes eight) draft blog posts that I want to still write. Any how, I'm happy, and I thought of letting you know :D.

Welcome Mr. Bush

noreply@blogger.com (Alaa Nassef) — Sun, 13 Jan 2008 20:06:00 +0000

Bush is visiting Dubai today; HOORAY!! Well, lot's of presidents and VIPs visit Dubai, like they visit any other city in any other country, but this time it's different. This time, Dubai is officially closed for the day! YUP, you read it right. They ARE closing the city.

Well, the story is, for security reasons, they are closing the main express ways that lead into and out off Dubai, including Sheikh Zayed Road (E11), which is the backbone of the city, and since you have to pass by E11 to go to nearly all of the industrial and business areas (Jebel Ali Freezone, Dubai Media City, Dubai Internet City, etc.), the government announced that today is going to be a day off.

Even though I never mind a day off, but I hate when it's for the wrong reasons. I do not accept that a whole city is shut down for the visit of someone, no mater who that person is. I do not accept being a prisoner in my own house because all the roads around my house are blocked because of GWB's visit.

And how much money is going to be lost in that day? All businesses are going to be closed. How many millions of man hours are going to be lost? And how many business deals are going to be delayed this day? How many people in need for hospitals and medical care are going to have to take alternate routes through traffic jams that no one thought possible, because the main express ways are closed, and no one will know how to reach their destinations? How many people are going to get delayed for their flights?

I really hate what's happening, but anyway, I'll try to enjoy my day in the morning by relaxing at home.

Something is wrong between me and the design patterns book

noreply@blogger.com (Alaa Nassef) — Wed, 12 Dec 2007 18:12:00 +0000

About a year ago, I bought Head First Design Patterns, which is a really great book. I started reading it right away, and I was reading Head First Servlets and JSP together with it while I was on an assignment in Alexandria. Suddenly, something weird happened. I reached the chapter on the command design pattern, and then got back to Cairo to get stuck in crisis mode for two months, which didn't leave much reading time for me. I lent the book to a friend of mine, and kept the servlets & jsp book to read in my free time.

After the crisis mode I had a knee operation to regenerate my torn ACL, had a month sick leave, and went to visit my family in Abu Dhabi, but without the book. Went back to Cairo after that month to get an assignment in Dubai, and I got the book this time, only to leave it on the shelf until I study for the SCWCD certificate from the servlets & jsp book.

When I had time to read it, I ignored it for a while to read The Jesus Papers, which I loved by the way. Finally, I had a chance to start reading the design patterns book again. I revised what I had already read a very long time ago, and again reached the command pattern chapter, and guess what?! I had to travel between Dubai and Abu Dhabi twice a week, since my wife and kid were in Abu Dhabi with my parents, and I was in Dubai for work. Of course this didn't leave me any reading time. I went back to Cairo a couple of weeks ago for ten days, where I didn't even have time to sleep. I'm back in Dubai, and I have the book with me, and I hope that I would be able to start reading it again. Wish me luck.

Netbeans 6 is finally here

noreply@blogger.com (Alaa Nassef) — Mon, 03 Dec 2007 14:01:00 +0000

Finally, NetBeans 6 is released. It has some really great features like profiling and support for ruby. Also their Swing GUI builder (formerly known as Matisse) is really great, and it now supports Beans Binding and Swing Application Framework. The only thing I don't like about the use of the GUI builder is that it doesn't allow you to edit the code it generates yourself, which is really annoying for hardcore developers. Overall, NetBeans is really great, and it really excels in some great areas. For the full feature list, please check this link.

Spring 2.5 is out

noreply@blogger.com (Alaa Nassef) — Tue, 20 Nov 2007 09:55:00 +0000

Spring 2.5 is out, and it introduces several new exciting features. One of the most exciting features in the new version is the java configuration, and automatic discovery of spring beans. Well, since the beginning of the Spring framework, wiring components to each other and configuring which class will be injected where was done only using XML. Yes, the people behind spring always said that any format can be used to do the configuration, but you have to write your own classes to implement the format you are going to use. Hence, there was nothing but XML until today.

As of now, you can use the auto-wiring features provided by the new version of spring to put the wiring configurations as annotations in your java code. You will still be using XML, but the amount of XML you need to write will be reduced significantly. Mark Fisher wrote a great article on InfoQ titled What's New in Spring 2.5: Part 1. Looking forward for part 2.

Politics in Software Development

noreply@blogger.com (Alaa Nassef) — Sat, 17 Nov 2007 19:06:00 +0000

Politics is present in every aspect of our life, whether we realize it or not. It's present in the way you treat your family, your in-laws, and your coworker. It's even present in software development.

Ever wonder why Microsoft made Windows Mail in Vista not able to have Hotmail (now Windows Live Hotmail) accounts (unlike Outlook Express), and then months later they release Windows Live Mail which has this feature? Haven't you ever thought why when you want to download the new version of MSN Messenger (now Windows Live Messenger), you have to download an installer which has the options of downloading several other new Windows Live products that you never heard of (Mail, Writer, Photo Sharing, etc)?

Why does Microsoft's Windows Live Family Safety require that each and every member of your household should have a windows live ID so that he/she can access the internet? You say marketing? I say marketing falls under the umbrella of politics.

If the above examples don't strongly show clearly how company politics affect software development, the following ones will certainly do so.

Sun's business is mainly hardware, servers to be specific. Sun is also the company that maintains java. Now java is supposed to be platform independent, and we (java developers) claim that it runs on each and every availabal platform, right? WRONG! Sun creates JDKs and JREs for Windows, Linux and Solaris only, meaning that if you have an HP or an IBM server, you will not be able to get Sun's JVM. HP and IBM develop their own JVMs, but of course the available Java version on those machines is always behind that of Sun. Currently, HP and IBM have JVMs that run java 5, which is more than three years old.

Sun simply won't release versions of java for AIX or HP-UX since it will be releasing it for competitors in the hardware business. If it did, enterprises that have java applications and need to use the latest features may go to Sun's competitors. Sun releases versions for Windows to stop Microsoft from dominating the software development market, and if this is done, the market share of dot net will increase while that of java will decrease, and since dot net doesn't work on anything other than Windows, Sun will be losing a large part of the hardware market for windows based servers.

Sun also open sourced it's star office suite to create openoffice.org, and they open sourced Solaris, and made it compatible with desktop and laptop hardware. Why? To go another step in stopping Microsoft Windows from dominating the desktop market, so that it would slow down the growth of the dot net community, so that software in the market would be runnable on UNIX and not just Windows, so that it would increase it's the possibility of people going for Sun servers.

I believe that Sun's war with Microsoft could simply be over (or at least won't be as strong) if Microsoft made dot net platform independent, but Microsoft will never go for such a move. Microsoft wants to dominate the desktop environment with Windows, and it's very strong competition from Apple and Linux. Microsoft is using the dot net technology, with their fabulous IDE to market Windows. If suddenly dot net applications ran on Linux, for example, Microsoft may lose a huge market share.

I think that projects like WINE must make Microsoft live in fear. Maybe that's why Microsoft made a lot of changes to Vista that made a lot of programs not compatible with it. What had happened is that the software vendors made their software compatible with Vista, and everything went back to normal, except that projects like WINE and REACTOS went one step behind.

I believe that a lot of changes that were introduced to Vista were just to make it incompatible with such projects (such as changing "Documents and Settings" to "Users" and a lot of folders under the user folder like "Local Settings" for example to "AppData\Local" or something like that, and a countless more changes). I believe that such changes have no meaning other that what I assumed earlier.

Now let's go back to Sun again. Sun is THE supporter for Netbeans, which is a great IDE by the way. On the other side of the table, we have the more popular Eclipse, and guess what, IBM led the Eclipse Consortium (and it's the one that created Eclipse). Now someone would say that both are open source projects, and it doesn't make a difference to the companies what IDE developers use, right?. I again say WRONG!

IBM is in the software business, and being familiar with Eclipse makes you somewhat familiar with Websphere and Rational Tools, that are built over Eclipse. Being familiar with those IBM products may lead to you using the Websphere application server, and if you do, which operating system and hardware are the best for such a server? IBM hardware and AIX is the answer. What was Sun's response? Open source Sun application server and create project glassfish, hence you have a high end application server from Sun for free, and of course it supports the latest java technologies months (or even years) before other application servers (like servlets 2.5, JSP 2.1 and other JEE 5 features for example).

Back to Netbeans and Eclipse. Both IDEs allow developers to create custom plugins, but Eclipse recently (not very recently, actually about a year and a half ago) changed their framework to use Equinox, which is Eclipse's implementation of OSGi. OSGi is maintained by a large group of corporations, that include both IBM and Sun Microsystems, and both were founders of the OSGi Alliance. Having IBM and Sun working together is not something to be surprised from, because, as I mentioned before, it's all about politics.

Now Eclipse implemented OSGi by creating Equinox, what will Netbeans do? Well, as an active member of the Netbeans team told me once, they are waiting. They already have their pluggable framework. If they go to OSGi, they have to choose an implementation, and for sure they won't use Equinox. Even if they go for any other implementation (Apache Felix or Knopflerfish for example) or even create their own, they would still be switching to OSGi after eclipse did, hence Netbeans would be following Eclipse's steps (or as someone else would be seeing it, Sun would be following IBM's steps).

So, what's next? Well, there is a JSR (JSR 277) which was created to create Java Module System, which is very similar to OSGi, and guess what, IBM is not in the expert group. As I mentioned seconds ago, the Netbeans team is waiting to see which one will win, Java Modules or OSGi, but I reckon that they will either go for Java Modules once the JSR is finalized, or they will stay as they are. I'm quiet confident that they will never go for OSGi.

I believe that this post became much longer, than I wanted it to be, but I can still go on with the subject for much longer. I wanted to get to a point, and that is, politics between large companies have a great effect on software development. Even with open source projects, when a project becomes very popular, large companies tend to create standards similar it. Examples in java include log4j & JDK 1.4 logging, Hibernate & JPA and of course OSGi & java modules (OSGI and java modules have some differences of course). It's then up to the original creator of the open source project to implement the standard (like hibernate implementing JPA).

I'm not at all against Sun (actually I'm a huge fan), but I took it as an example. I'm also not against standardization. I just wanted to speak about the subject of why large corporations do what they do.

Edit on 12/12/2007
HP released java 6 in November and IBM release java 6 just this month, which is still two years after the release by Sun.

Logback web configurer for Spring

noreply@blogger.com (Alaa Nassef) — Sat, 10 Nov 2007 10:11:00 +0000

On thing that should be mentioned about logback is that spring doesn't have a ConfigListener for it like the one it has for log4j (the org.springframework.web.util.Log4jConfigListener class). Well, you can write your own code based on the spring source. Thankfully to Davide Baroncelli, he already did that for us. He had already sent the code to the logback user mailing list. The the thread is available online on Nabble, so that if you would like to view it. He also has an updated version that supports auto reloading for logback configurations. Thanks Davide

Windows Vista Screen Flicker

noreply@blogger.com (Alaa Nassef) — Sat, 20 Oct 2007 10:54:00 +0000

Well, this post has nothing to do with java, but I though it would be important, since this issue caused me a lot of frustration. I recently bought a laptop with Windows Vista Home Premium, and I was frustrated at what seemed to me that it was a hardware problem. Well, it wasn't. It was a windows "feature" ;-)

The "feature" that annoyed me was that the screen blinked a couple of times when I was logging in, in a matter that seemed as if the screen is faulty. The same thing happened when I wanted to do something that windows think that I shouldn't do, like moving a read only file, or run an executable program (yet another windows "feature"). When I tried to do any of those actions that would cause a security problem, I got a prompt to ask me if I allow this action, with the desktop disabled, and with an occasional screen blink (totally random).

Well, after some googling, I found the causes of those two really annoying "features". The first "feature" was the Transient Multimon Manager (TMM). This TMM is "a Microsoft Windows Vista operating system feature" responsible for detecting your monitors as you connect/disconnect them to/from your mobile PC. You may regard TMM as a good feature in case you use multiple displays (external monitor, projector, etc.) especially that "TMM persists the user's settings on a per-display basis when possible".

When you seldom use multiple displays (like me), TMM is of no value. So, how do we turn it off? Simple. Go to task scheduler (present under "Accessories/System Tools"), then go to "Task Scheduler Library/Microsoft/Windows/MobilePC", and you'll find a TMM task. Disable it, and you're done (of course you'll have to restart your system for the change to take effect, because the task will already be running). You can also disable the trigger of the task. I do not recommend deleting the task altogether, since you might need it in the future.

Now for the second "feature". Windows vista has what's called "secure desktop". Well, it is a good feature to be frank. When you try to do an action that Vista thinks that it might be the result of a malicious action, it will prompt you whether you allow this action or not. This is not "secure desktop" by the way. Secure desktop is responsible for locking all the processes running in the background so that if the action was really performed by a piece of malicious software, it wouldn't give this piece of software the ability to mimic the user allowing the action to be performed.

So, if you think that you will never have malicious software, and you don't want secure desktop, all you have to do is to run your registry editor (just type "regedit" in the "run" screen), and go to "HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/
CurrentVersion/Policies/System", and change the value of the "PromptOnSecureDesktop" to "0" (that's a zero not an O) instead of "1". This will remove secure desktop (hence the occasional blinking) but will not remove the prompting. I recommend that you keep secure desktop for the security reasons, but that's just me.

Edit on 6/1/2008:
I would like to thank Matt for supplying this link in his comment. I think that the screen shot woul give you a little help. Thanks Matt

Commons Logging may be harmful to your health

noreply@blogger.com (Alaa Nassef) — Sat, 13 Oct 2007 12:48:00 +0000

All of us know that decoupling your code from the frameworks you use is a really great thing. This is why bridge libraries like commons logging are really wonderful. Just imagine how much code you will be changing if you are using log4j APIs in all of you application classes, and then a decision was made to start using the java APIs instead. Think of how much code would be changed. But with commons logging, the code changes would be minimal. Another thing, look at how many open source projects that are using commons logging. This must mean that commons logging is a good thing, right? WRONG!

First, let us define the meanings of "good" and "bad" concerning libraries such as commons logging. I think, that a "good" library would be able to bridge your logging requests to the logging framework of your preference with minimum interference and a very small overhead. I don't have to mention here that it should be stable and bug free of course. Another thing, which I personally think that it's very important, is that it should be as simple as possible.

If we take a look at JCL (Jakarta Commons Logging), we'll find that a lot of those aspects are not met. JCL works in a quiet complex way. It has a discovery mechanism to see which logging library you have in your application, and then uses class loading to load the logger that will be used. Even though this does the job, this class loading solution has its drawbacks. First of all, this may cause a lot of problems if your application is in a strict class loading environment (like OSGI for example). Another thing, JCL has a bad history with it's class loading solution.

Version 1.04 of JCL that was released on the 16th of June 2004 had some serious problems with its class loading mechanism. Ceki Gülcü (the original author of log4j) wrote a marvelous article on the subject. He also wrote a great piece on JCL, but might be a little outdated. Even though version 1.1 of JCL, released about 2 years after 1.04, claims that the bug is fixed, it's still a risk to use it, especially for the complexity of this library.

Another thing that needs to be mentioned here is that Rod Waldhoff, the author of commons logging, wrote a blog entry in 2003, titled "Commons Logging was my fault", where, in the last part of it, he says where to use and, more importantly, not to use JCL. To conclude it, JCL should be used in small and tiny components that are intended to be used by other developers in their projects. Even with that, Erik van Oosten created a project called "Version 99 Does Not Exist", which is an empty JAR with a pom file and maven meta data, so that you would put it in your maven repository, so that libraries that depend on JCL would not download it from the net, since the empty JAR is version 99.

So what else should we use? Well, I think that SLF4J is a great project. It's a simple facade for various logging APIs. The beauty of it is that instead of the class loading solution, it is just a simple facade, where you just plug in the desired implementation at deployment time. It's a very simple solution, "perhaps even laughably so" as stated in their FAQ.

SLF4J is wonderful, simple, stable and can be used in strict class loading environments like OSGI. It can be used with log4j, jdk1.4 logging, SimpleLogger, logback and x4juli (the latter 2 provide native implementation of SLF4J APIs). It's very simple to migrate to SLF4J from JCL. Simply download "jcl104-over-slf4j.jar", and it will delegate JCL calls to SLF4J.

SLF4J also has a couple of great features, parameterized logging and MDC support. Parameterized logging can cause a significant increase in the performance. One last thing that I have noticed, which is quiet funny really, several apache projects use SLF4J instead of commons logging. This sure shows that SLF4J is on the right track.

Complete Java 2 Certification Study Guide (Sybex)

noreply@blogger.com (Alaa Nassef) — Sat, 15 Sep 2007 11:18:00 +0000

This is my second review, and again, it's a java certification book. This was the book I studied from for my certification exam, and thanks to God, I did pretty well.

The book is well constructed, with a lot of info, and a lot of great exercises at the end of each chapter, plus a mock exam, and four sample exams on the accompanying CD. Unfortunately, the book is full of typos, and there are several mistakes with the exam and the review questions, which is quiet a shame. Those mistakes turn this book from a great book, to a "just quiet satisfactory" book. Some of the mistakes are clearly due to lack of revision of the changes done to this edition, so conflicts show up in a couple of places.

An example to what I mean is that starting from Java 5.0, the return type of the overriding method could be a child of the return type of the overridden method, and it's stated clearly in the middle of the chapter, but in the summary at the of the chapter, it's mentioned that the return type of the overriding method must be exactly the same as the overridden method, and can't even be a subclass of it (which is true for pre-5.0). This is clearly something that was in previous editions of the book, and wasn't changed where it was supposed to be. Several mistakes like this occur in the book.

The book is worth it's price, but only if you are going to be careful while studying from it, and check other sources, whether they are other books, or freely available resources on the internet. If you are going to study from one book, and one book only, and will not rely on any other resources, then this is not the book for you. The book is not a bad choice, but there are several other better study guides in the market, like Katherine's Sierra's and Bert Bate's SCJP Sun Certified Programmer for Java 5 Study Guide from Osbourne. I checked it out, and it looks great.

Buy Complete Java 2 Certification Study Guide from amazon
Buy SCJP Sun Certified Programmer for Java 5 Study Guide from amazon

Dynamic roles management in acegi security: Part 2

noreply@blogger.com (Alaa Nassef) — Sat, 11 Aug 2007 08:41:00 +0000

Last time we stopped at a problem, and that was the fact that the bean holding the secure URL patterns is loaded only once at application startup. Now, when we need to alter the access rights of roles, we will need to restart the application, and this is really not very flexible.

There are a couple of solutions to this problem. The first is to reload the filter invocation interceptor, and set the object definition source in it with an instance that holds the new values, like the following example:

UrlPatternRolesDefinitionSource myRoles = (UrlPatternRolesDefinitionSource) applicationContext.getBean ("objectDefinitionSource"); FilterSecurityInterceptor filterSecurityInterceptor = (FilterSecurityInterceptor) applicationContext.getBean ("filterInvocationInterceptor"); filterSecurityInterceptor.setObjectDefinitionSource (myRoles);

Only here we have a trick that should be done. The bean objectDefinitionSource should be declared as non-singleton in the XML configuration, either by specifying its scope="prototype" or by specifying singleton="false". This solution has a problem, and it is that the whole list of roles and secure URL patterns will be reloaded from the database (or whatever your datasource is).

The other solution is to create your own ConfigAttributeDefinition that extends the one supplied by acegi. The main reason for doing this is that the one supplied by acegi doesn't have a removeAttribute method.I suggest overriding this implementation to add a removeAttribute method. I also prefer if you would use an ArrayList or a Map instead of the Vector used by the acegi implementation to represent the configAttributes

This ConfigAttributeDefinition should be the one you use in the UrlPatternDefinitionSource that we created in part one of this article.

In the class(es) that will be manipulating the the roles, you should inject the UrlPatternDefinitionSource instance that acegi creates (using spring's configuration files). You then get the ConfigAttributeDefinition for your role using the lookupAttribute method in the UrlPatternDefinitionSource class. A code snippet is shown below.

UrlPatternRolesDefinitionSource uprds = definitionSource; ConfigAttribute config = new SecurityConfig(role.getName()); Set patternsSet = role.getUrlPatterns(); List list = urlPatternDao.listUrlPatternsOfRole(role); List oldUrlPatternsOfRole = new ArrayList(); //get list of old url patterns of role for (UrlPattern urlWithRole : list) { oldUrlPatternsOfRole.add(urlWithRole); } //update role in database roleDao.updateRole(role); //do not allow the role to access old url patterns for (UrlPattern pattern : oldUrlPatternsOfRole) { MyConfigAttributeDefinition configDefinition = (MyConfigAttributeDefinition) uprds.lookupAttributes(pattern.getUrlPattern()); configDefinition.removeConfigAttribute(config); } //allow the role to access the new set of url patterns for (UrlPattern pattern : patternsSet) { //get the pattern itself from DB, since all we have is the id of the pattern only pattern = urlPatternDao.retrieveUrlPattern(pattern.getId()); MyConfigAttributeDefinition configDefinition = (MyConfigAttributeDefinition) uprds.lookupAttributes(pattern.getUrlPattern()); configDefinition.addConfigAttribute(config); }

The previous code may need some optimization, but it was just to give you a general idea about how to implement dynamic role management.

I hope that this article was useful, and I apologize once more for the delay.

Apology

noreply@blogger.com (Alaa Nassef) — Tue, 07 Aug 2007 09:08:00 +0000

I just want to apologize for being late with the second part of the ACEGI security article, but I had some work pressure, and a lot of traveling between Cairo, Dubai and Abu Dhabi lately, which made it quiet hard to complete the article, but I promise that I'll try my best to finish the article before the beginning of next week, in spite of the fact that I'm still traveling between Dubai and Abu Dhabi every weekend. I apologize again.

Dynamic roles management in acegi security: Part 1

noreply@blogger.com (Alaa Nassef) — Wed, 11 Jul 2007 12:38:00 +0000

Acegi security is a great powerful and flexible security solution. What I don't like about it is the lack of documentation and samples provided, and this is why I thought of writing about this subject today.

The example that comes with acegi security, and the one that comes with appfuse define secure URL patterns, and the roles that can access them in the XML configuration file, which is not a very flexible solution. It is a good approach if you have predefined roles and access rights , that are never going to change (or the changes are very rare). In case you have a security module, where you define which role can access which URL patterns, this method is the worst thing you could do.

The solution to this problem is to define your own data source, which loads the secure URL patterns and the corresponding roles that can access it from somewhere (database for example). A simple way to do that is by extending PathBasedFilterInvocationDefinitionMap and loading the secure URL patterns and the roles that can access them in an initialization method or in the constructor. Here's an example:

public class UrlPatternRolesDefinitionSource extends PathBasedFilterInvocationDefinitionMap { public void init(){ Session session = sessionFactory.openSession(); try{ List urlPatternsList = urlPatternDao.listUrlPatterns(session); for (UrlPattern pattern : urlPatternsList) { ConfigAttributeDefinition configDefinition = new ConfigAttributeDefinition(); for(Role role: pattern.getRoles()){ ConfigAttribute config = new SecurityConfig(role.getAuthority()); configDefinition.addConfigAttribute(config); } addSecureUrl(pattern.getUrlPattern(), configDefinition); } } catch (FindException e) { // Handle exception } finally { session.close(); } } }

In this example I used a Hibernate DAO I created (urlPatternDao) to retrieve the secure URL patterns which is defined and initialized with the sessionFactory somewhere else in the code (using spring's dependency injection). You can implement it anyway you like (JDBC, with any other ORM framework, or any other method you like).

In this example, each URL pattern can has a set roles that can access it, so I loop over this set to create the ConfigAttributeDefinition. I prefer if you have your own implementation of the ConfigAttributeDefinition, but this is going to be discussed in part 2 of this article. Of course the Role class used in this code implements the GrantedAuthority interface.

As for the XML configuration of this entry, it's shown below:

<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web. FilterSecurityInterceptor"> <property name="authenticationManager" ref="authenticationManager"/> <property name="accessDecisionManager" ref="accessDecisionManager"/> <property name="objectDefinitionSource" ref="objectDefinitionSource"/> </bean> <bean id="objectDefinitionSource" class= "net.jnassef.security.UrlPatternRolesDefinitionSource" init-method="init"> <property name="convertUrlToLowercaseBeforeComparison"> <value type="boolean">false</value> </property> <property name="urlPatternDao" ref="urlPatternDao"/> <property name="sessionFactory" ref="sessionFactory"/> </bean>

As for the first bean in the previous snippet, this definition is the default that comes with the sample acegi application and with appfuse, except to the reference to the objectDefinitionSource bean which was added by us, to allow dynamic role management. The second bean maps to the class we created, and defines the initialization method, that will load the secured URL patterns, and the roles associated with them. This definition also sets the DAO and the hibernate session factory used by the class. Of course you don't need those if you want to have any other implementation.

The previous implementation seems good as a solution for dynamic role management, but if we look more closely, it's not a very good solution (or to be more accurate, it's not a complete solution). The problem that is going to face us here is that secure URL patterns are loaded only ONCE at the application start up, and any change done to the role access rights will not effective until the application is started, and this is not dynamic at all. In fact, there is no difference between this solution, and having the access rights in the XML configuration file, except that you will not need to redeploy your application, but you will need to restart it. There are several solutions to this problem, and this will be the main focus of the next part of this article.

Head First Servlets & JSP

noreply@blogger.com (Alaa Nassef) — Tue, 12 Jun 2007 07:39:00 +0000

Studying is never fun for a lot of people, and reading technical books is always taken as a boring task by a lot of people. This will never be the case with any of the head first series of books.

The head first approach depends on a lot of images, since an image says more than a thousand words. It also depends on repeating the information in different styles, and dialogue like text.

Even though this might seem as if it's a very simple approach, but the result is amazing. The book is fun to read, full of information, and yet very simple. Never thought I would love to study that much again.

Now enough about the head first approach, and into the book itself. The book is very informative, and covers nearly everything in the exam. Very few subjects were not covered, but most of them are covered in the questions at the end of each chapter, with a reference to the place of the information in the specs.

Few mistakes are there (like any book in the market), but most of them are spelling mistakes. The O’Reilly website has a great errata page covering every single mistake in the book (even spelling and grammar mistakes).

A lot of topics covered in the book do not even appear in other books, and a lot of those come in the exam. I studied from that book, and got 94% in the exam. Great book, and really fun to read.

Buy the book from amazon.com