Interactive Venue Map for CodeMash

I was frustrated with not having a searchable venue map for the CodeMash conference, so I decided to create one myself.  Initially, I was going to build it from scratch while learning some cool new JavaScript framework, but upon googling the problem I came to realize that there are various tools out there that make creating such a map fairly easy.  The software that best fit my needs was MapWize.  I ended up creating the following map, which can be accessed via codemash.sjonsson.com or by clicking on the image below.

The map allows you to search for a room by name and to get directions between two rooms, in addition to supporting pinch-zoom and general website responsiveness.

Here are the high-level steps that went into creating the map:

• I emailed the CodeMash team and got a reasonably high res PDF of last year's conference map.  
• I cropped the image and removed much of the background.
• I imported the image into MapWize Studio and overlayed it onto their street map, which already had the exterior of the Kalahari Convention Center.

• I then added a new place on the map for each conference room and drew the boundaries of each room.  I gave the room a name and configured a few properties, such as room type and marked it as searchable and clickable.  This was the most tedious part of the process as it took some time to draw each room onto the map.

• Next, I drew direction lines along all the hallways and marked the exits/entrances of the building.  This is what the software uses when calculating directions between two places on the map.

• And that is pretty much it.  I then published the map and generated a MapWize URL for it.  To make it a bit easier to share and to remember, I created the alias codemash.sjonsson.com. 

One feature I didn't take advantage of was indoor navigation based on beacons or location of Wifi routers.  If those are enabled, the software can show your indoor location on the map.  That way you only have to type in the destination when getting directions to your next session and you'll see yourself on the map as you are walking.  Pretty much how you'd expect outdoor navigation to work.  You can achieve the same by giving the map permission to see your GPS location, but GPS reception is spotty when indoors.

Anyways, I used the map heavily during CodeMash and shared it with other conference guests. Feel free to use it and further share with others.  If you found it helpful I'd love to hear from you :)

Fitness gadgets that make exercising less boring

Today I gave a talk at work on various fitness gadgets, equipment, and software that I have used to try to mix up my exercise routine and make working out a little more fun.  I covered the Zwift and iFit virtual training platforms, the Zombies Run mobile app, fitness trackers, and Strava - the social network for athletes.  The talk was well received and we had some great discussions afterward about various other gadgets that my coworkers have experimented with.  I encouraged people to try at least one of those to see if it will make exercising a little more enjoyable 🙂
Below are my slides from the talk.


(If the embedded slides don't work in your browser, try accessing them on Slideshare)

Get the most out of attending conferences

Last week I gave a talk at work on getting the most out of attending software development conferences.   I've been attending conferences for quite a while now and figured I had enough tips in the bag to share with others.  Things such as the importance of getting out of your comfort zone, how to learn from other attendees, various note taking tips, and why it is important to review what you learned.  The slides from my talk can be seen below:

Get the most out of attending conferences from Steinn (Stan) Jónsson

 

CodeMash 2018

I spent the past couple of days at the CodeMash developer conference in Sandusky, Ohio.  I learned some new technologies, caught up with old friends, and as usual had a great time.  Some of the technology trends spotted this year: AI, machine learning, blockchain, digital voice assistants, people getting serious about security, and cheap (often cloud-connected) hardware controllers with tons of neat sensors.  Here is some of what I saw at the conference.

BB-8 riding the hallways

An attendee 3D printed this dragon

Unusually warm temperatures at the Kalahari resort. It got into the 60s (F) on Thursday, but then turned into a blizzard Friday afternoon!  That's Ohio weather for you.

Firefly board game

I built this heart rate monitor using Arduino and a pulse sensor

KidzMashers doing laser tag

Sphero robot programmed into a game of Hot Potato

A presentation about giving a presentation
(or recursion as we developers would call it)

Bunch of 3D printed stuff

A mainframe programmer spotted leaving the conference ;)

CodeMash definitely peaked my interest in exploring some technologies I haven't used before.  Let's get to work on that!
I believe this was my 9th time attending this unique event.  I can't wait for CodeMash 2019.

Learn by listening to audiobooks

Last week I gave a talk at work about the many benefits of listening to audiobooks.  I've been a heavy audiobook listener ever since discovering this book format back in 2001 as a great way to get me through long commutes.  I talked about where I get books from and suggested how mundane activities can be made more fun by doing them while listening to audiobooks.  I listed some of my favorite authors and provided various book recommendations both for self-improvement and general entertainment.  The slides from my talk can be seen below:

Learn and have fun by listening to audiobooks from Steinn 'Stan' Jónsson

 

Teach your kids to code

Last week I gave a talk at Alliance Data on teaching your kids to code.  I basically walked through various applications, websites and robots that I have tried together with my kids (age 12, 9 and 6) and shared what we have enjoyed and what not.  Using these tools we have created together multiple stories and games, to our mutual enjoyment.  If you are a software developer who has a kid, I definitely recommend trying some of these tools out.  Here are the slides from my talk:

Teach your kids to code from Steinn 'Stan' Jónsson

 

Interview for QA or the Highway

I will be taking my Web Services Testing talk to the QA or the Highway conference next month.  I am excited to speak at this QA focused conference for the first time.  I have heard a lot of good things about the conference.  Alliance Data, my new employer will be sending their entire testing team to the conference, so hopefully I'll have some friendly faces in the audience during my session :)  To promote the event and generate buzz, the Testing Curator is interviewing some of the speakers in what they call the Speaker Series.  I was recently interviewed.  Below is a link to the results.

QA or the Highway 2016 – Speaker Series – Featuring Stan Jónsson Our sixth featured speaker who will be at QA or the Highway is Stan Jónsson. 1. What attracted you to speaking at QA or the Highway this year? I saw a... blog.testingcurator.com

CodeMash 2016 - Program some health into your life

Another awesome CodeMash is coming to an end, with a lot of great sessions and a bunch of fun activities throughout the conference.  I attended the full 4 days and was joined by my family for the last 2.  For the first time my kids attended KidzMash, where they had a great time learning game development, how robots work, building an Altoid-flashlight and learning how to count to F! In the CodeMash spirit I attended mostly sessions outside my immediate comfort zone; including pre-compiler on 7 languages, front-end talks, UX-talks, softskill-talks and a few pertaining to what I am currently working on; microservices and modularity.

 I was honored to be presenting at CodeMash for the third time.  This time on a non-technical subject dear to my heart.  My talk was titled Program some health into your life; where I walked developers through what it takes to stay healthy at a desk job, the basics of nutrition and exercising, and offered various tips on loosing weight and getting the most out of your effort.  It went very well and I was not even booed when I suggested bacon was not the cornerstone of a healthy meal plan! :)  Apparently there was a free candy buffet going on at the same time I gave my talk, so I was pleased to see a room full of programmers giving up sweets for health advice :)  Below are the slides from my talk. 

As in years past, hats off to the CodeMash organizers for putting on a great conference.  I am already looking forward to CodeMash 2017!  Now off to the water park with the family!

Program some health into your life from Steinn 'Stan' Jónsson

Biking to work

Last week, during a monthly lunch and learn, I gave a talk on bicycling to work.  I have been riding to work once a week for a few months now and this was my attempt to get some of my coworkers to join in on the fun.  Aside from multiple health benefits, I have found that when I ride I arrive at work much happier and better prepared to tackle the day, than on days when I commute via car.  During the talk I shared various tips on bike commuting and on how to go about mapping a bike-friendly route from one's home to work.  Using Strava.com and Google's Bicycling and Street View data I have been able to map out a relatively safe route from my home in Hilliard to my current work in Easton, Ohio.  The route is rather long (around 29 miles) so I have only been doing it once a week.  Below are the slides from the talk.  If you have any good bike commuting tips to share, I would love to hear from you!

StirTrek Talk Available on YouTube

Last month I had the pleasure of presenting at StirTrek 2015, Ultron Edition.  This one day software development conference has grown into one of the premier technology events in town, so I felt honored to get a chance to present.  The conference was held at the Rave Theaters in Columbus, and as in previous years the 1500 attendee tickets were sold out in minutes.

I gave a talk on Testing Web Services, similar to ones previously presented at CodeMash and Columbus Code Camp.  According to the proctor manning my theater, 217 people attended the session.  The presentation went very well and I had a lot of people come up to me afterwards and thank me for the talk, which made me feel good.  The talk was recorded and can now be viewed on YouTube.  Only the audio and video feeds to the projector were captured, so you wont be able to see my face.  Well, maybe just as well.  If you want to learn more about SoapUI, JMeter and REST-assured, then give the video a shot.  It is about an hour long.  

The slides from the talk (with screenshots of most of what I walked through), along with all code/scripts are available in the StirTrek Github repo (downloadable zip file).

As always the conference ended with a private movie screening.  This time the movie was The Avengers: Age of Ultron.  My wife joined me and the rest of the Quick Solutions gang for the viewing, which was a great ending to a fun conference. 

JMS testing with HermesJMS

HermesJMS is a handy tool that can be used to visually interact with JMS destinations (JMS Queues or JMS Topics).  I find it convenient for ad hoc testing of JMS applications.  I use it to monitor the status of JMS Queues, browse their contents, and to drop messages onto queues for testing purposes.  

When viewing a message in a JMS Queue, HermesJMS shows you the JMS headers and the value of the message payload, even if the payload is a serialization of a custom Java object.   For example, in my current consulting engagement, we had a situation where we had a bad message stuck at the front of one of our JMS Queues (and due to invalid configuration our app kept processing that same message over and over, rather than proceeding onto the next message in the queue).  Through the WebLogic Console we were able to see that there was a message in the queue that wasn't getting processed, but we couldn't see the actual content of the message that was causing it to get stuck.  By connecting HermesJMS to the queue we could view the message payload and as a result identify and fix the issue.

Browse Queue Contents

The screenshot below shows an example of what browsing messages in a JMS Queue looks like:

The table lists the JMS messages currently in the queue and the JMS headers for each message.  Below the table is then a text rendering of the actual payload (typically a serialized Java object).  In this example the payload is a Java class called HermesDemo with two properties, foo and bar (which I creatively concocted for this blog post :)


Drag Messages Between Queues

Another handy feature of HermesJMS is that you can easily copy messages between queues.  For example, if I click on the top message in the demo/Queue on my local machine I can drag it over to a queue in my testing environment (UAT):

HermesJMS asks me to confirm the action and then copies the message over.  HermesJMS will automatically handle any necessary mapping if the JMS Destination names differ between the source and the target queues.  I find this drag and drop feature quite handy for ad hoc testing JMS applications in multiple environments.  I produce a message on one of my local queues and then drag it as needed onto a corresponding queue in the environment I want to test.  

Build Message Stores

HermesJMS also has a feature where you can build so called stores; that work off of a database rather than an actual JMS destination.  Using this feature you can build a database of various JMS messages and have them ready for dragging over to a remote destination anytime you need to test a specific condition in one of your JMS applications.

XML Export/Import

Alternatively HermesJMS allows you to export messages to XML files, for later import into queues/topics. To do this, you simply click on a message in the queue and select Save as XML... from the Messages menu, then give it a file name and hit save.  To import the message to a queue you click on the JMS Queue and select Send XML Encoded Messages from the Messages menu and then select the XML file to import from on your hard drive:

Note: if the JMS Destination name does not match between the source and target queues you will need to edit the XML and update the value to match that of the target queue.  

In our example the exported DemoClass.xml file looks like this:

where the value of the object tag is an object serialization + Base64 encoding of the following Java class:

When you export a message from a Queue to XML, HermesJMS handles the serialization magic for you and writes it out to the XML file.   If you want to create a new XML message from scratch (e.g. when adding the first message for a queue), you can build the serialization string using the SerializeHermesDemoClass in my Github repo (just modify the main method to use whatever class you want to serialize).

Setup Instructions

Below are basic instructions for getting HermesJMS set up.  In my case I am using WebLogic as the application server.  Setup for other app servers is similar; you just need to use the ContextFactory and jar files specific to that app server.  If you go to hermesjms.com you will find setup instructions for many app servers under the Providers menu.

1. Download and install HermesJMS, either directly from Sourceforge or as part of SoapUI install.
2. Start HermesJMS by running hermes.bat/hermes.sh.
3. Create a ClasspathGroup for your app server jar files 
1. Select Option and Preferences
2. Click on the Providers tab
3. Right-click on Classpath Groups and select Add Group and give it a name (e.g. JarDependencies)
4. Click the + sign and right-click on Library and select Add Jars and find the jar files you want to import.  In our case that is weblogic.jar, wlclient.jar, and HermesDemo.jar, which has the custom Java class used in our demo.  If you want HermesJMS to show the contents of a custom Java object in your JMS Queue, it needs to have the corresponding class file on its classpath.  You can either add the jar here, or alternatively edit hermes.bat/hermes.sh and add it where the CLASSPATH variable gets set.
   
4. Next we need to create a Session for JNDI browsing the JMS server 
1. On the Preferences screen, click the Sessions tab.
2. Give the session a name, corresponding to the JMS server you are pointing it to.
3. Select the Plug In matching your app server.  In our case it is BEA WebLogic.
4. Under Loader, select your JarDependencies and under Class select hermes.JNDIConnectionFactory.
5. Populate the binding, initialContextFactory, providerUrl, and security properties as appropriate for your app server.  For WebLogic the properties are:
   
6. If the destination names don't get auto-populated, right-click under Destinations and add the names of JMS Queues/Topics you want to connect to on the JMS Server.

Note: If you are using WebLogic you can alternatively download this pre-populated hermes-config.xml file and put it in your .hermes directory (replacing the default one that HermesJMS puts there during install).  Before you run HermesJMS make sure you edit the file and change the following:

• Update the providerUrl value to match the server and port of your JMS Server.
• Set the securityCredentials and securityPrincipal values to mach your username and password.
• Edit the library paths for JarDepdencies and make sure they point to wherever you have these jar files on your machine.

In Conclusion

I hope this overview and these setup instructions help you get going with HermesJMS.  Once you have it working, interacting with your JMS destinations is a breeze, and testing a given JMS app can be as simple as a drag and drop.

If you need to run a suite of JMS tests, e.g. for sanity testing or load testing, you can use SoapUI, which knows how to interact with HermesJMS.  I may write a future blog post demonstrating this integration.  For SoapUI basics, see this blog post.

All the examples used for this blog post can be seen in this Github repo.

Happy JMSing!

How do you explain Java technologies to non-technical audience?

Today I had the interesting challenge of trying to explain various Java buzzwords to people with very little technical knowledge.  Basically, we wanted our talent managers (recruiters) at Quick Solutions to gain a high level understanding of some of the Java technologies they recruit people for.

In prepping for this presentation I put on my "simplification hat" and tried to think of the essence of some of the more popular Java technologies.  I wanted to leave the talent managers with a simple visual picture in their minds, that represented the benefits of each technology.  Then I followed each of those visuals up with a basic architecture diagram that explained how the technology fits into a typical application.  I also gave them sample questions and answers for each technology, all focused on the high-level benefits of each technology (which problems the technology is meant to solve).

At the beginning I also went over some of the reasons I love being a consultant, and how to use those to attract talent.  I basically walked through the bullet-points in this blog post.

The general feedback I got was that they were able to follow along and they found the information very helpful.  I suspect though I may have lost a few of them near the end, when I got onto design patterns :)

Below are some of the more visual slides from my presentation.  The full slide deck is available on Slideshare.

What do you think?  Did I pick the right visuals?  Could I have made it even simpler?

CodeMash 2014

CodeMash 2014 is winding down and as usual the conference was a blast! Lots of greats talks, lots of fun activities, and last but not least good time to be had in the waterpark! Outside of the talks they had activities such as lock picking, jam sessions, early morning 5K run, astronomy, 3D printing, game rooms, open spaces, lightning talks, kids fun at KidsMash, a StarTrek simulator, various parties, bacon bar, and on and on. This was my 4th year attending the conference and it is without a doubt my favorite developer conference. Hats off to the organizers!

This year I was fortunate enough to not only deliver one, but two talks at the conference. On Thursday I gave a talk on Web Service testing and Friday I did one on Kanban. The first talk went sort of ok.  I was very nervous, felt I stuttered too much through the material and didn't feel very sharp in my thoughts, so I didn't feel super good afterwards. I had a talk with Leon Gersing in the evening and he gave me some great pointers on delivering presentations and dealing with nerves. I went ahead and rehearsed my second talk several times in the evening and then delivered it the following morning and felt way more relaxed, sharp in my thoughts and quite enjoyed giving the talk. So thanks, Leon, for the tips! Now I am waiting for my family to join me at Kalahari, so we can hit the waterpark tonight and tomorrow.

The slide decks from my talks are available on Slideshare:

and

The slides have also been uploaded to the conference GitHub.

Agile Open Space

I enjoyed facilitating an Open Space meeting for agileLUNCHBOX today.  This was the first such meeting for that organization.  We had around 20 participants and did 2 rounds of discussions, in 3 circles.  We had a variety of topics posted and some great discussions.  I took a few photos of the event, which you can see below; including one that shows the topics that we discussed.  Click on an image to see a larger version.

Before kicking off the discussions I gave a brief overview of Open Space Technology.  Here is the short slide deck I went through.

At the end we had a brief retrospective and it was the general consensus that we should do another Open Space meeting at agileLUNCHBOX in the near future.  We are also going to look into having an Open Space evening at COHAA, where we have more time to work with.

Web Service Testing Talk

Today I gave a talk on Testing Web Services at the monthly QSI Tech Lunch.  I basically went through various products and frameworks that I have used when testing Web Services, talked about what kind of testing each one is suited for, and provided some general tips on Web Service testing.  I have uploaded the slides from the presentation to Slideshare and the code and test-scripts are available on GitHub.  I will be repeating this talk (likely with slight modifications) at the 2013 Columbus Code Camp, next month.

7 Reasons to Become a Software Development Consultant

I have been a software development consultant for a few years now.  I sometimes get asked by friends and colleagues why I prefer being a consultant rather than becoming a full-time employee (FTE) at one of the many companies I have done contract work for.  Here are some of the reasons why I think consulting is the way to go.

1. It forces you to stay on top of your game and as a result you end up becoming a very well rounded developer  
• You can't get away with just learning the technology stack of a single company and eventually becoming stagnant.  You need to stay marketable, follow trends and learn the latest and greatest.
• When working for a consulting company you are encouraged to attend conferences, do public speaking, etc. to enhance your career.     
2. You get exposed to many different technologies and have an opportunity to learn a lot
• I have never been hired onto a client assignment knowing every single technology listed on the job posting.  There are always some things I don't know beforehand, and as a result of the assignment will get to learn those.
3. You end up doing a lot more new development (green-field projects) than you would ever do as an FTE
• Consultants are rarely brought in for maintenance work, carrying the on-call phone, or doing production support; things that most developers are not too found of.
4. You get to shop around and see how multiple companies do their software development
• Eventually you become really good at picking up good habits from your clients, stuff you see that works, and assisting other clients in doing the same.  That makes you really valuable and your work rewarding (what you do matters).
5. You typically don't do a lot of overtime, but when you do, it is paid
• Clients are much more likely to ask their FTEs to do overtime than a consultant that they have to pay extra for.  Contracts are typically written with a 40 hour workweek in mind.  Any change in that requires paperwork and additional expense to the client (throwing off their budget), so most clients tend to avoid that.
6. You get to work with and learn from really great people  
• Consulting companies thrive on having the best and brightest minds and they ensure their employees do a lot of knowledge sharing.  QSI, the company I consult for is excellent at doing this.
• Most clients you end up working for have some really good people as well (architects, tech leads, etc.), that you get to learn from.
7. You are not stuck in the same old job
• After few years in the same place many developers get bored and start wondering if the grass is greener somewhere else.  Being a consultant means you will have a frequent change of scenery, so you rarely have time to get bored.  If you like your client and do a good job, you can likely get renewed with them as long as you care to (for years).  If you are ready for something else, then complete your assignment and work with your consulting company to get a placement somewhere else.  It may take some time to get it worked out (you want to make sure you end things on a good note with the client), but it is a lot easier than having to quit your job and find a new company to work for.

Lastly, it is just a lot of fun!

Visually Import SSL Certificates to Java Keystores

Working with SSL certs in Java, in particular those self-signed ones frequently found in dev & QA environments, usually means dealing with the command line keytool that comes with Java.  Either to add a certificate to a keystore (JKS file) or to add a new certificate authority to your truststore (cacerts file).  If you are tired of reading the keytool help or googling what the exact import command looks like (and have forgotten it in the year or so since you last had to deal with it), I recommend the GUI tool Portecle.  It makes it very easy to view the contents of a keystore/truststore file and to import new certificates, and it allows you to download public certificates right from within the tool.

To add a public key certificate to a keystore, open up the JKS file in Portecle, select Examine SSL/TLS Connection and type in the hostname and port number of the https site you would like add certificate from.  Then hit the PEM encoding button and save the certificate to a file.   Next click the Import Trusted Certificate button and select the file you exported and hit save.  That's it!

To add a trust for a new certificate authority in your truststore you open up your cacerts file (password most likely 'changeit') and add the CA certificate file via the Import Trusted Certificate button.  You will need to locate the CA certificate file on your app server and convert it to PEM format if it is not already in that format.  For example in WebLogic the CA file is located in the [WebLogic Home]/server/lib directory (CertGenCA.der by default).  In IIS you can export the CA file to PEM format through the IIS Management Console.  After importing the CA file to your cacerts file your JVM should trust certificates issued by that CA.

Presentation - Kanban Case Study

Here are slides on a Kanban Case Study that I presented at agileLUNCHBOX today.  I basically recapped my experience using Kanban at Hugsmiðjan (maker of Eplica CMS), and showed how our Kanban board evolved over time.  I went over basic Kanban theory and covered a few advanced topics like associated metrics.  I also talked about how we integrated Kanban and Scrum.  The talk was well received and afterwards we had some good agile discussions.  

Web Service Development - Best Practices

As a software developer I have had to deal with a fair amount of Web Services, both as the consumer and provider of services.  Below is a list of best practice guidelines that I have gradually assembled and try to follow when developing Web Services.  I also usually send this list to people that are writing Web Services that I am to consume.  I have found that it saves me considerable headache when it comes time to integrate with the service.  Most of my guidelines are written with XML over SOAP in mind, but some are common sense tips that should apply to other types of Web Services, like JSON over REST.

The Guidelines

1. A Web Service should be defined with a WSDL (or WADL in case of REST) and all responses returned by the Web Service should comply with the advertised WSDL.
1. This can for example be tested with tools like SoapUI (see my blog entry Web Service Testing with soapUI) or XMLSpy, which validate SOAP responses against a WSDL.
2. Use XML Schema to define the input and output of your Web Service operations.
1. Make sure to define return types for all returned data, preferably as XSD ComplexTypes.
2. Do not use the AnyType tag, as it makes it impossible (or non-beneficial) to use XML binding libraries to auto-generate code to construct request/response objects.
3. For ComplexTypes, make sure the occurrence indicators (minOccurs and maxOccurs) are correctly defined, so that it is clear to the consumer which fields are required and which are optional and the frequency of each field.
4. Make sure your namespaces are well defined (not some default like "org.tempuri")
3. Do not use a proprietary authentication protocol for your Web Service.  Rather use common standards like HttpAuth or Kerberos.  Or define username/password as part of your XML payload and expose your Web Service via SSL.
4. Keep it simple  
1. Write a Web Service with many simple methods rather than one large method (with numerous arguments) that tries to be everything to everyone.
2. Adhere to the OO principles of maximizing cohesion and minimizing coupling when designing your Web Services.
5. Make sure your Web Service returns error messages that are useful for debugging/tracking problems.  For example, include an error code and a human readable error description.
6. Make sure to offer a development environment for your service, which preferably runs the same Web Service version as production, but off of a test database rather than production data.
7. Thoroughly test your Web Service, in a technology-agnostic manner, before having others integrate with it.

Consequences of Breaking These Guidelines

Why all these rules?  Because I have found it to significantly increase development time for the consumer when they are broken.  Here are some of the offenders I frequently come across, and the resulting consequences:

• Web Services that don't define a WSDL and are poorly documented.
• This usually leaves the consumer shooting in the dark as to how to communicate with the service and what to expect as a response.  This results in a lot of trial-and-error and having to manually write code to marshall & unmarshall the XML data.
• Web Services that define a WSDL but don't conform to it.
• This can be extremely frustrating for the Web Service consumer who usually ends up getting some sort of a cryptic error message from his generated XML bindings code.  That leads to a lot of head scratching and eventually writing the XML marshalling code from scratch.  I would say this is a worse offense than not defining a WSDL at all. 
• Web Services that are hidden behind some proprietary authentication protocol.  
• A good example that comes to mind is the NTLM v2 protocol that IIS supports and is a proprietary Microsoft protocol.  Integrating with this protocol from other technologies than .Net is usually not straight forward.  Last time I had to do it from Java we ended up having to purchase a proprietary library to be able to authenticate against the service, as no reliable open source implementation existed (which took us way to long to discover).
• Web Services that define poor or no error messages.
• These are the type of services that blow up with some XML parsing error, showing a stack trace that is specific to the Web Service implementation technology.  They basically provide no useful feedback to the consumer about what may have gone wrong and whether the issue is on the client or server side.  Furthermore, it leaves no way for the consumer to gracefully handle the error by choosing actions based on error type.
• Web Services that don't work unless consumed in the authoring technology.
• I have often I had to consume Web Services that were incorrectly autogenerated by some tool/framework (Siebel and .Net come to mind), and really don't conform to Web Service standards.  I therefore urge developers to test their own service with soapUI, JMeter or other standalone Web Service clients, before they publish it to others. That way you also get to chew your own dog food, so to speak, meaning you see what the XML for your service looks like.

That's my two cents on the issue.  If you have more guidelines to share, or don't agree with mine, I'd love to hear from you.

Run Jenkins on Tomcat with SSL

At work I recently got the task of getting Jenkins up and running on Tomcat and set it up in such a way that requests were exclusively served via SSL. Since it took a bit of googling to get this done I decided to document the instructions should anyone need to do the same. Here they are:

• Download and install the latest version of Tomcat.  
• Download the latest Jenkins WAR file and extract it to [Tomcat home]/webapps/ROOT.
• Note: this is assuming the only web application you will be running on Tomcat is Jenkins.  If you are planning to use Tomcat to run multiple web applications you will need to create server.xml host configurations for each one.
• If you haven't already, download and install the latest version of Java. 
• If you are not planning to run SSL, all you should have to do at this point is start Tomcat (via [Tomcat home]/bin/Tomcat7w.exe or the service menu on Windows, or [Tomcat home]/bin/startup.sh on Linux/Unix)
• To get SSL working you will need an SSL certificate.  You can get an official certificate through Verisign or Thawty.  In this example we will be using a free self-signed certificate, generated with the keytool that comes with Java.
• Run: [Java home]/bin/keytool genkey -alias tomcat -keyalg RSA -keystore [tomcat home]/.keystore -validity [desired number days the certificate should be valid for]
  E.g.: "C:\Program Files\Java\jdk1.7.0_05\bin\keytool" -genkey -alias tomcat -keyalg RSA -keystore C:\Tomcat\.keystore -validity 365
• Provide a password for the keystore and answer questions about your organization.  When asked for key password just hit enter.  This should create one certificate in the keystore located at  C:\Tomcat\.keystore.
• Edit [Tomcat home]/conf/server.xml and html-uncomment the following text:
<!--     <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />
-->

• Furthermore add to it the following two attributes:  keystoreFile="C:\Tomcat\.keystore" keystorePass="YourPassword"  (inputing values that match your setup) and change the port value to 443.
• To redirect all http traffic to https change the line:
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" />
over to:
<Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443" />

• That's it.  You should now be able to start Tomcat (seet bullet #4) and view Jenkins on http://localhost (which should autoredirect you to https://localhost) or use your actual hostname.