Java (Indonesian: Jawa; Javanese: ꦗꦮ) is an island of Indonesia. With a population of 143 million, Java is the world's most populous island, and one of the most densely populated places in the world. [read more at]

  • A lot of Mambo/Joomla site has been hacked last week, since I've already help someone hardening an installation (mambo, I've decide to write a tutorial for the benefit of the open source community...

     Some steps are common sense while others are not.


    • Do not think that doing all steps below will protect You! nothing is secure in the computer world! or not very long...
    • Do not think that after doing all steps below, Joomla will be as user friendly for You as before! we are restricting rights, changing some behaviours of the webserver, it will be more difficult to publish content, on the other side, articles and content will be safer.
    • Security come always with a pain!.

    Consider this page as a work in progress, feedback is as usual welcomed. Click read more for the article

    Choose a (better) FTP password for accessing your Homepage which is not trivial! using rules in annexe A

    Requirements: having a valid login and password to your plesk account


    Go to main page, If your hosting company allow you to create many subdomains, click on the right one, here on

    On Plesk main page, click on domain, herewaltercedric.comon the next page, on Setup 
    Then enter New FTP password, and save  
    Choose a DIFFERENT Joomla/Mambo administration password using rules in annexe A

    Requirements: having a valid login and password to your Joomla administrator account


    Go to Your administrator panel
    For ex http://yourhost/administrator/
    click on your login name, here onadmin
    Enter a new password 
    Choose aDIFFERENT Plesk password for the administration of Your site using rules in annexe A

    Requirements: having a valid login and password to your Plesk administrator panel

    Go to: which is the default URL for Plesk, attention it may vary depending on your hosting company

    On the main page, click on editAnd enter new password
    Choose aDIFFERENT mySQL password for the Joomla/Mambo tableusing the rules in annexe A

    Use the plesk administration panel

    On Plesk main page, click on domain, herewaltercedric.comon the next page, click on Databases
    Then on your Joomla database (here for memos)then click on the right user: heremosuser, Note that I have
    a special user for backup purpose with only select rights! and change password
    Open the file /configuration.php and change the key mosConfig_password 
    Adapt user rights of the mySQL Joomla user

    a mySQL user may have following privileges:

    This user, for example joomlaUser should ONLY have insert (new comment, guestbook) and deleteand updaterights on Joomla/Mambo database

    SHOW GRANTS FOR 'mosdev'@'%';

    Do not allow drop or create table, normal operation of Joomla do not require it! Of course as soon as You want to install a new component, You will have to temporarly allow joomlaUserto create new table (if the component require it)

    Adapt files right on your server

    Heritage of UNIX, file rights are organized in 3 groups, user, group, all. Each group may be able to read (r) write (w) or execute (x) file individually. the combinaison rwx is read in octal rwx = 7 for each group, so 777 is the worse settings: anybody may be able to delete or change your file on server...

    This is how look my file structure

    RecommendedSet toCHMOD equivalent
    files rights:r_ _r_ _r_ _444
    directory rightsr _ x r _ x r _ x555
    Exception for /cache directoryrwxrwxrwx777

    Howuse an FTP tool like CuteFTP, on selected resources, use right click menu , and check the bit:

    Example incuteFTP, note the command is not recursive!

    Side effects

    • You wont be able to use the upload function of HTMLArea: impossible to upload images or file using the administrator articles editor.
    • Each time You wan to publish a new articles with pictures inside, You'll have to copy them with FTP before editing in order to be able to insert them into the text.
    • In order to write a file into the directoy C in the path A/B/C, You will have to set temporary directory A and B and C to rwxr-xr-x rights (CHMOD 755)!
    Protect some part of Joomla using additionnal password like .htaccess

    Requirements: Your provider must support .HTACCESS per directory


    Read my tutorial HERE

    Side effects

    • Some component or code trying to read file form the admin area (if protected by a htaccess file), may bring a popup login windows to your users, but it is possible to find these problems and solve them quickly. My plugin securityimages in its first version was also having this error (coding)
    Run a part or your site in HTTPS mode

    For added security, you can force users to access your pages using an SSL (Secure Socket Layer) connection. This means transmitted data is encrypted, so passwords and webpages cannot be read in cleartext over the internet.

    Ideally only the administration part (all URL beginning with http://yousite/administrator/), or your whole site.

    Why:if your site run in http mode, all password and fields submitted to the server are send in cleartext (can be read). an attacker may be able to intercept or fake user by rerouting the http request. In https mode, data are travelling encrypted on the network and a session key avoid replaying attacks. Moreover it is not realistic to have a commercial business on internet without running https

    Requirements: Your provider/hosting company should allow it


    Run FULL site in httpsRun PART of site in https
    • In plesk, just copy your Joomla/Mambo file structure from /httpdocs to the directory /httpsdocs with a FTP tool
    • Eventually put a file index.html in /httpdocs which redirect users to the protected https area to show to users that your site still exist (it will not bring an error 404: page nt found)
    This is certaimly not as easy as running Your full site with https,

    Side effects

    • If You install a new site, no problem
    • If You have an existing homepage and are heaviliy indexed by Google and Co and/or many users have Bookmark You, Users will be disturbed to say the least, and Google may think You are using some spammer techniques (moving and creating/dissimulating new content)
    Review OpenSEF/SEF 404 logs

    if a SEO/SEF component is installed, You may be able to look at unusual or incorrect url. This typically can reveal some SQL or parameter injection in existing code.

    SEO will in fact reject some URL and redirect user to your home root index.php, instead of displaying an error message or revealing informations about file structure, which is a positive side-effect


    .../banner.php?id=120&client="select 1 from dual" someone is trying to test SQL injection in the component Banner

    Review access logs

    Search in log file about unusual behaviour, is someone accessing too often (in a small interval) to /index2.php (admin part of your site) -> this may be a brute force attack!

    Requirements: have a plesk access


    On Plesk main page, click on domain, herewaltercedric.comon the next page, on Log Manager
    • The server access log records all requests processed by the server. Access log for http:// and access ssl log for https://
    • The server error log, whose name and location is set by the error log directive, is the most important log file. This is the place where Apache httpd will send diagnostic information and record any errors that it encounters in processing requests. It is the first place to look when a problem occurs with starting the server or with the operation of the server, since it will often contain details of what went wrong and how to fix it.
    • The xferlog file contains logging information from the FTP server daemon, ftpd
    Make Backup!

    Joke: "Real men don't do backup but they often cry"

    mySQL :
    4 ways to automate MAMBO database backup..

    use any FTP tool to sync or Plesk backup function

    Keep Your Joomla/mambo installation up to date.

    Always use the latest version of Joomla: Or the latest version of Mambo:

    As soon as a new version of Joomla/mambo is available, install it in the same day!

    • Hacker will look at the patch and search for unpatched server! It has never been so easy to search for running version of a certain CMS version, thanks to search engine. For giving You an example, a hacker may search in Google (but any search engine will work) all site running Joomla/Mambo with allinurl: administrator/index2.php so install patches very fast!
    • Make a backup (just in case), and install the new patch, you can also install the patch on your local running instance of Joomla
     For paranoid or How to push security even higher

    All actions below require some knowledge or time...

    Change regurly ALL password above!

    just in case, someone get Your password or part of it. Ideally You must change your password before a brute force can find it. Or as soon as logs reveal a possible attack just in case the hacker has not start doing something bad with Your account..

    With decreasing frequency:

    • Joomla Admin password
    • mySQL user password
    • Plesk admin password
    • FTP user password
    Attack surface reduction (ASR)

    M$ has a good article here (idea is not coming from them, but they are trying to evangelize a lot of developers with good articles)

    So bugs/security issues can not exist in a code if the code do not exist on the server.... :-)

    Quite easy to understand but really difficult to achieve, here is a way to do it....

    1. Define Your requirement, list all components/modules/mambots that you need to run.
    2. Unpublish all components/modules/mambots
    3. Test Your site,
    4. If everything run correctly, remove one components/modules/mambots at a time, and test Your site
    5. Take care when installing next CMS patch, that you do not copy uneeded files on your server. It may be surprising, but even if the component is not published but it's code is physically present on server dissk, it may cause a security vulnerabilities.

    You know have a customized version of Joomla/Mambo with a lot less code running and possibly a lot less unknow vulnerabilities! It will be a pain to maintain.

    Log are always telling the truth! (sometimes)

    You may want to install of write a tool which parse automatically Apache, Tomcat, PHP, mySQL logs to monitor

    Just for FUN....

    Just to give you an overview of some crazy things that can be done....

    • I've read some times ago, a person which have customized a linux version. In order to be sure that if someone ever get an access to the disk, it won't be able to execute any command, he rename all files and commands on disk...This is also possible for Joomla. Write a JAVA/C#/other parser which rename all files/directories and changes all include, include_once, require, require_once with UUID. It is possible but surely (a pain to) maintain.
    • If you have a full webserver for You, You can create a special user which will start PHP and Apache and not be able to write or erase file.
    • The last crazy thing I can imagine (but with time I can be more creative ;-) ) would be to create release of  my homepage, burn it on a DVD (Read only) and publish it on the webserver.
    Of course this latest example do not allow You to use the CMS normally, You have a bloody Read only site, but nobody will be able to tamper data...



    Normally Your provider is already doing a lot under the scene, and may have done some stuff for You. It can be useful to contact him for asking what it is already monitoring or doing from preventing Your site from being hacked.

    Congratulations, You have now a lot more secure Joomla/Mambo secure homepage!

    Comments are as usual welcomed, use the contact section of this site!


    A. Choosing a good password
    • NEVER use any words that can be found in a dictionnary! common brute force program can try million of passwords in seconds
    • Do not use your name, birthday, or part of your domain name
    • A good password is at least 10 or more character long! (brute forcing entropy get too high after 7 characters)
    • Use all character of keyboard! @_! and use different case and number

    Ex: dR2_z57zzU!sP is not a bad password

    B How to store all passwordsCreate a Text file, and crypt it with or (pgpdisk)
    C Class of attacksI've write a small article, listing all web vulnerabilities (HTML partiel) and (PDF complete)
    D Some tools
    • Beyond Compare from To deal with the huge amount of PHP files contained in Joomla/Mambo, and install more easily patches or synchronize folders, I strongly recommend You to try or buy a Beyond Compare Licence. This tool is able to compare directories, preview changes, and even compare a locale directory with a remote FTP server.


    E https rewriting for admin panelcreate a file .htaccess and copy it in /administrator, if a file already exist (it should!), add lines which ae missing in it

    # Do not allow any user to access this file - to copy in all .htaccess
    <Files .htaccess>
    order allow,deny
    deny from all

    RewriteEngine on
    RewriteRule ^/$ /administrator/index.php
    RewriteCond %{SERVER_PORT} !443$
    RewriteRule ^(.*)$1 [R=301,L]

  • Here is 3 different way to control the lifetime a local Tomcat 7 container using Apache Maven. A typical scenario would be to start a servlet container prior to running integration tests (Selenium, SAHI or using any other framework you can think of )

    With the following examples, you will be able to start an instance of Tomcat 7 running your web application in the pre-integration-test phase and stop the instance in the post-integration-test phase. You can also decide to use an embedded container like Jetty instead.

  • section-java-testing.gifMost programmers do not write tests. We all know that we should write them, but for whatever reason, most of us don't. This is unfortunate, because testing is the most powerful tool we know of to improve software quality. Tests reduce bugs, provide accurate documentation, and improve design.

    Read the Top 12 Reasons why You must also try to convince your colleagues 

  • Create a class that approximates an equivalent Pascal enumeration or C enum. A specific enumeration will be represented by a class with specific instances corresponding to each element of the enumerations and public static final fields to access the instances.
    • Existing in Java Tiger 1.5

    • Elements are ordered and comparable
    • Enumeration elements are serializable
    • Enumeration element Name lookup is supported
    • Methods sequencing is included

    Source Code

     * Type Safe Enumeration: Colors elements: Red, Blue, Green, Yellow, White
    public final class Colors implements Comparable, Serializable {
    	 * The map of enumeration elements to names.
    	private static HashMap nameLookup = new HashMap(5);
    	 * The array of enumeration elements.
    	private static Colors[] ordinalLookup = new Colors[5];
    	 * The "Red" enumeration element
    	public static final Colors Red = new Colors("Red", 0);
    	 * The "Blue" enumeration element
    	public static final Colors Blue = new Colors("Blue", 1);
    	 * The "Green" enumeration element
    	public static final Colors Green = new Colors("Green", 2);
    	 * The "Yellow" enumeration element
    	public static final Colors Yellow = new Colors("Yellow", 3);
    	 * The "White" enumeration element
    	public static final Colors White = new Colors("White", 4);
    	 * The string representation of the enumeration.
    	private final String printName;
    	 * The ordinal value of the enumeration used for comparison purposes.
    	private final int ordinal;
    	 * Create an enumeration element. Prevent instances of this class from being
    	 * created externally.
    	 * @param name
    	 *            the name of the enumeration element
    	 * @param position
    	 *            the ordinal position of the enumeration element
    	private Colors(String name, int position) {
    		this.ordinal = position;
    		this.printName = name;
    		ordinalLookup[position] = this;
    		nameLookup.put(name, this);
    	 * Compare two enumeration elements
    	 * @param arg
    	 *            the object to compare this to
    	 * @return the difference between the ordinal values
    	 * @see java.lang.ComparablecompareTo(Object)
    	public int compareTo(Object arg) {
    		return this.ordinal - ((Colors) arg).ordinal;
    	 * Return the string representation of the enumeration.
    	 * @return the name of the enumeration element
    	public String toString() {
    		return printName;
    	 * Resolve the enumeration element.
    	 * @return the resolved enumeration element
    	 * @throws ObjectStreamException
    	 *             if the enumeration element could not be resolved.
    	private Object readResolve() throws ObjectStreamException {
    		return ordinalLookup[ordinal];
    	 * Return the first enumeration element
    	 * @return the first enumeration element
    	public static Colors first() {
    		return ordinalLookup[0];
    	 * Return the last enumeration element
    	 * @return the last enumeration element
    	public static Colors last() {
    		return ordinalLookup[ordinalLookup.length - 1];
    	 * Return the enumeration element preceding this element
    	 * @return the enumeration element preceding this element
    	public Colors predecessor() {
    		return (this == first()) ? null : ordinalLookup[ordinal - 1];
    	 * Return the enumeration element following this element
    	 * @return the enumeration element following this element
    	public Colors successor() {
    		return (this == last()) ? null : ordinalLookup[ordinal + 1];
    	 * Return the enumeration element with the given name
    	 * @param name
    	 *            the name of the enumeration element to find
    	 * @return the named enumeration element
    	public static Colors valueOf(String name) {
    		return (Colors) nameLookup.get(name);
  • Official version of nginx for Ubuntu Precise is 1.1.19 but the latest available stable version is 1.2.2 (Changes), In this post I will present you how to update to the latest available version.

    vi /etc/apt/sources.list

    and add depending on your Ubuntu version either

    For Ubuntu 10.04 Lucid:

    deb lucid nginx
    deb-src lucid nginx

    For Ubuntu 12.04 Precise:

    deb precise nginx
    deb-src precise nginx

    Now you can run

    apt-get update

    When using the public nginx repository for Ubuntu, you’ll get this error

    W: GPG error: lucid Release: The following signatures 
    couldn't be verified because the public key is not available: NO_PUBKEY ABF5BD827BD9BF62

    First of all this is only warning and you can ignore it, if you know what are you doing and in case you prefer to add public key, used for signing packages and repository, just run:

    gpg -a --export 7BD9BF62 |  sudo apt-key add -


    cat nginx_signing.key | sudo apt-key add -

    apt-get update should now run fine, however after running an

    apt-get install nginx

    you may still get this kind of error:

    dpkg: error processing /var/cache/apt/archives/nginx_1.2.2-1~precise_amd64.deb (--unpack):
     trying to overwrite '/etc/logrotate.d/nginx', which is also in package nginx-common 1.1.19-1
    dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)
    Errors were encountered while processing:

    just remove nginx-common and retry

    apt-get remove nginx-common

    More at

  • Beaucoup de personne me connaissant et qui m'écrivent me demande comment je developpe mes programmes java car je trouve toujours le moyen d'en faire des frameworks...ce qui est par définition plus dur.

    Eh bien j'applique plusieurs petite règles simples...

    1. Un bon tool: je ne travaille qu'avec eclipse ( car c'est un IDE de qualité et malgré la quantité de perspectives (j'en ai 16), views (j'en ai 64) et plugins (>20), je m'y sens à   l'aise. Je privilégie la vue hiérarchique "java browsing view" avec une vue supplementaire "hiérarchie" (F4) car cela facilite la navigation et le découpage sémantique losque je dévelope (projets<-> packages<->objets<->hiérarchie<->méthodes<->code)
    2. Un environnement de travail propice: Je travaille avec 2 écrans (un 21'' et un 15'4 LCD) car rien n'est plus ennuyeux de perdre son temps à   bouger/réduire/changer de tâches sans cesse. Cela me permet aussi de travailler en parallèle. C'est déroutant au début mais rien n'est plus malléable que le cerveau humain et vous vous surprendrez au bout de quelques semaines en passant d'un écran à   l'autre sans cesse. C'est simple si demain je trouve une méthode fiables et peu couteuse en temps CPU (pas avec une carte video USB svp) pour avoir un troisième écran, je saute sur l'occasion immédiatement.

    Ces 2 règles ne participent qu'a hauteur de 15% à   un travail de qualité...mais elle réduisent le stress au poste de travail. Le reste est plus standard...

    Quelques techniques de développement modernes, ont bouleversés ma vie (relativement courte) de developpeur:

    1. Les "design patterns" pour appliquer des élements d'architectures éprouvés à   des classes de problèmes.
      Il faut bien sur les comprendre (quand les appliquer et leurs bénéfices/inconvénients) sans pour autant savoir les implémenter. J'en place un maximum sans effort grà ¢ce à   un générateur de pattern (plugin eclipse).
      Je me débrouille pour avoir des hièrarchies la ou c'est évident (mais en général, elles apparaissent toute seule cf. Refactoring), j'ai rarement des super classes non abstraites et sans interface, je crée toujours des interfaces pour augmenter le niveau d'abstraction dans mon code à   chaque niveau (layer) et laisser à   l'utilisateur le droit d'insérer son code dans le mien.
      Rappeler vous: sans interfaces, vous n'avez pas de polymorphisme en java et un typage trop fort (pourquoi encore passer des types concrets à   vos objets alors que l'on peut jouer à   des niveaux plus abstraits avec les interfaces?)
      Les design patterns apportent, à   mon code, la flexibilité (pattern de créations), le dynamisme (pattern de comportements) ou améliore le design (pattern de structures)
      Je n'hésite pas non plus à   créer des objets en quantités et à   leur donner les droits et fonctions minimums qui leurs incombent, car peu m'inporte les pertes de performances: je privilégie le design quitte à   devoir profiler plus tard.
    2. Les "antipatterns" ( leur contraire, en général lorsque je récupère du code dans un mauvais état. Cela m'aide à   trouver quelle "design patterns" peut arranger la situation (en vue de la correction d'un bug, pour améliorer la maintenance etc...) 
    3. Je programme de plus en plus "par intentions" (lien-> informit), une idée centrale de l'extreme programming (XP voir ). Comment le client voudrait avoir à   utiliser mon code, en fait à   quoi doit ressembler idéalement le code (le nom des types, des méthodes, des mediateurs). Je les écrits (comme un squelette) et bien sur ils n'existent pas encore, (donc compile error). Je force donc eclipse à   les créer (Quick fix ou CTRL-1)  et remplis les blancs, à   savoir l'implémentation, ce qui est forcément une tache moins intéressante.

    4. l'UML (Unified Modelling Language) oui de plus en plus, mais uniquement pour observer l'évolution des dépendances entre les objects (les motifs et les relations) sur mon 2ème écran. Et toujours en reverse engineering: je modifie le code java et observe d'un oeil le diagramme UML. En fait cela rejoint la programmation par intention dans un sens sauf que normalement on part de l'UML par intention pour créer le squellete du code java et non l'inverse. Le sens que j'utilise permet cependant de compléter mon javadoc ou ma documentation efficacement.
    5. Les "metrics" (plugin eclipse metrics) ne me servent que rarement mais surtout pour auditter du code ne m'appartenant pas. J'utilise neanmoins le plugin Code analysys plugin(CAP) ou celui de IBM alphawork: Structural Analysis for Java (SA4j) néanmoins de temps en temps...

    Mais la véritable APOCALYPSE est survenue chez moi il y a trois ans:

    1. Avec le "Refactoring" ' ) il m'est impossible de tout prévoir et c'est la que trés rapidement, le refactoring tool de eclipse m'aide car j'itère des changes atomiques (dans le sens: élémentaire et rapide) très rapidement à   travers tout mon code et cela en permanence. Des méthodes bougent ou disparaissent, je renomme en permanence tout: variables, objects, packages (pour éviter des commentaires à   travers mon code). j'introduit aussi des design patterns.
      Je les utilisent tellement que j'ai définit des racourcis clavier dans le workspace de eclipse.
      Le code devient de plus en plus petit (donc moins de bugs/lignes) et fait de plus en plus de chose (par design). Il se bonnifie avec un risque minimum d'instabilité car
    2. J'utilise des "test unitaires" (Junit qui m'assure aprés chaque gros refactoring que je n'ai pas perdu de fonctionnalitées, cela me sert aussi à   tester mes interfaces: comment mon code va ètre utilisé?, est ce que les signatures sont bien choisies? y a t'il assez de constructors et d'accessors, et sont t'il pertinents? La plupart du temps cela me force repasser par une étape de refactoring dans mon code.

    Est ce la bonne facon de developper? cela dépend des situations, du domaine ou vous travaillez et de vous bien sur.

    Est t'on forcément plus lent? oui et non, cette méthode est déroutante de prime abord mais elle respecte la théorie de l'évolution biologique, génération après génération (refactoring - design - refactoring - unit test) le code devient meilleur.

    Attention: on est pas forcément plus lent, mais cette méthode n'est pas très adaptée au problèmes pointues: on peut se prendre des murs sans cesse (et donc réimplémenter-refactorer) si on ne réflechit pas assez au préalable.

    D'un autre coté, ce qui est certain, c'est que écrire des frameworks est forcément plus long et plus dur que, en caricaturant, faire un main() de 150 lignes (mon dieu, cela se voit encore trop souvent). L'interèt de l'existence d'un framework est dans la réutilisation par d'autres personnes de votre code, et le fait que vous avez deja réalisés pour eux les taches les plus difficiles, mais tout en leur laissant la liberté de spécialiser votre code au besoin.

    Dans les composants java du coté serveur que je réalise pour l'ecommerce d'assurance vie, cela a toujours fonctionné. En tout cas pour moi....

  • penguin&160; A small script developed to upgrade TeamCity with no or less effort! a very simple script, easily extensible.

    TeamCity is a continuous integration and build management system. With TeamCity, you can set up a build server within minutes and enjoy out of the box continuous unit testing, code quality analysis, and early reporting on build problems — even without leaving your favorite IDE. TeamCity offers a gentle learning curve, so you can quickly improve your release management practices by gradually adopting its advanced features and capabilities.”




    This script only work if

    • You run TeamCity using the standalone package provided at linux" target="_blank"> under Linux
    • You use MYSQL as an external DB
    • You must run it as root (because getting the latest software with wget may not otherwise be possible)
    • This script is not endorsed by JetBrains nor official.
    • GNU/GPL version 3, use at your own risk, provided as IS

    It must be safe to use, as

    • It backup first your database
    • it archive your existing TeamCity installation with a timestamp
    • it also copy any customizations (server.xml, agent you have made to the new installation
    • It download automatically and extract teamcity


    # ./ newVersionNumber installPathHome


    /home/teamcity > ./ 4.5.4 /home/teamcity

    Output of the script

    stopping current TeamCity at /home/teamcity/TeamCity
    Read database settings from
    Moving current TeamCity /home/teamcity/TeamCity to /home/teamcity/TeamCity.20093830
    Saving database to file system at
    getting the latest version at
    Unpacking new version
    Copying previous customizations
    Copying required 3rd party librairies
    Copying local agent to new TeamCity
    Starting new TeamCity

    Don’t expect more at the moment, it has been created to make the update of TeamCity faster for ME now. Feedback is appreciated, and improvement/ideas are always welcomed.

    GET THE SCRIPT updateTeamCity HERE

  • Here is a solution to the following problems

    • Deriving Maven artifact version from GIT branch,
    • Update pom version on GIT checkout automatically,
    • Add the ability to use Pull request with Apache Maven.

    You have a workflow requirement that require you to have the artifact version of a module externally defined from the current branch in GIT.

    For example

    You want to start working on a new feature branch “feature-memory-improvement”, so you branch from master a new branch named feature/feature-memory-improvement

    Having unique snapshot is a something you need to share your code using a Maven repository, so you may want to have into the branch all pom.xml version changed to


    changing all your pom.xml and doing a technical commit&160; will create merge conflicts when using pull request!

    One solution, while not perfect is to do the following:&160; You can add a separate execution to run a goal which will change the version of the POM automatically in the Maven reactor. This small script will do it¨

  • tatice-linux-tux-10409

    For day to day hacker, they may be more elegant ways to do it (PERL, AWK), but they have work well for me.

    • Upper case file name or variable,
    • Search and replace in all files content recursively,
    • Renaming all files recursively,
    • Renaming all directory recursively,
    • Copying a set of files from one directory to the other and preserving hierarchy.

    Upper case file name or variable

    function toUpper {
    echo "$1" | sed 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'&160;&160;
    # or
    # echo "$1" | tr -s&160; '[:lower:]'&160; '[:upper:]'


    • in a script toUpper “cedric”
    • assign to a variable in a script result=$(toUpper $variable) or result=$(toUpper “cedric”)

    Search and replace in all files content recursively

    This can go through all directories

    • $3 as base directory
    • Search for $1
    • Replace with $2

    function searchAndReplaceRecursively {
    echo "replace '$1' with '$2' in dir '$3'";
    for file in `find $3 -type f`;
    echo -ne ".";
    sed -e 's/'$1'/'$2'/g' $file > /tmp/tempfile.tmp
    mv /tmp/tempfile.tmp $file
    echo "";


    • in a script searchAndReplaceRecursively “cedric” “unix” .

    Renaming all files recursively

    This can go through all directories, renaming all files based on parameters:

    • $3 as base directory,
    • Search for $1 in filename,
    • Replace with $2 in filename.

    function renameFilenameRecursively {
    for file in `find $3 -type f`;
    newFilename=`basename $file | sed -e 's/'$1'/'$2'/g'`;
    dirs=`dirname $file`;
    mv $file $dirs/$newFilename;


    • in a script renameFilenameRecursively “cedric” “unix” .

    Renaming all directory recursively

    This can go through all directories, renaming all directories based on parameters:

    • $3 as base directory
    • Search for $1 in directory name
    • Replace with $2 in directory name
    • in bold, you can put either
      • *$1 the pattern has to be at end of directory name,
      • $1* the pattern has to be at beginning of directory name,
      • *$1* the pattern has to be in the middle of directory name,
      • remove the case all together, the grep $1 filter already the result of the command find.

    function renameDirectoriesRecursively {
    for adir in `find $3 -type d | grep $1`;
    case $adir in
    *$1* )
    newdirname=$( echo "$adir" | sed -e 's/'$1'/'$2'/g' );
    echo Found $adir will be renamed to $newdirname;
    mv $adir $newDirName;


    • in a script renameDirectoriesRecursively “cedric” “unix” .

    Copying a set of files from one directory to the other and preserving hierarchy

    # find . -name $1 -exec cp -r --parents {} $destination \;

  • coding.guidelines

    Code checker scans Java source code in your favorite IDE (I assume Eclipse :-))

    There are basically of 2 types:

    • On the fly code checker, as soon as you type a word or save a new document, it run and give a real time feedback
    • Offline checker or so called static code analyzer that can be run during the build of your java components

    Why using a code guidelines checker?

    These tools are highly recommended across a team of different developers for the following reasons:

    • These tools are highly configurable and can be made to support almost any coding standard.
    • Ideal for projects that want to enforce a coding standard (ideally where not all developer code the same way)
    • Ease your debugging and maintenance costs by making the code more readable: developers do not have to worry about
      deciphering individual coding styles when working on a piece of code they did not write.
    • They can detect possible bugs or dangerous coding behavior - empty try/catch/finally/switch statements
    • Detect dead code - unused local variables, parameters and private methods
    • Sub optimal code - wasteful String/String Buffer usage
    • Overcomplicated expressions - unnecessary if statements, for loops that could be while loops
    • Duplicate code - copied/pasted code means copied/pasted bugs
    • Find class design problems, bug patterns like double checked locking.

    They give an immediate "objective" feedback and help developers recognize where they have been excellent or lazy;

    It gives team leader, an opportunity to study the code, design and team from a different perspective; and by slicing off
    whole classes of faults, You can concentrate more on design shortcomings.


    All code checker share more or less the same features

    • Violations severity can be defined at rules level (error, warning, ignore, other).
    • Rules can be triggered by threshold/values.
    • Rules are stored in XML files.
    • Java editor highlight offending lines/rules in violation
    • Rules can be extended (require some strong tree parsing and language knowledge)
    • Integration in major IDE (eclipse, IDEA,...)
    • Integration in ANT, Maven,...


    The major issues wont be to install these tools...

    Most developers are convinced that their code is the best, and bad habits are difficult to get rid of. The
    biggest pain will be to force all developers to agree on a set of common rules that you want to enforce.
    A good starting point is to use some well known rules or good practices from the industry. Sun is for example
    publishing some code writing rules.

    I will look at the major open source and free code checker on the market in this series of articles:

    • PMD
    • Findbugs
    • Checkstyle
    • Code coverage


    pmd_logo_small PMD

    PMD is a static ruleset based Java source code analyzer that identifies potential problems like:

    • Possible bugs - Empty try/catch/finally/switch blocks.
    • Dead code - Unused local variables, parameters and private methods
    • Empty if/while statements
    • Overcomplicated expressions - Unnecessary if statements, for loops that could be while loops
    • Sub optimal code - wasteful String/String Buffer usage
    • Classes with high Cyclomatic Complexity measurements.
    • Duplicate code - Copied/pasted code can mean copied/pasted bugs, and decreases maintainability.

    While PMD doesn't officially stand for anything, it has several unofficial names, the most appropriate probably
    being Programming Mistake Detector. Typically, PMD errors are not true errors, but rather inefficient code,
    i.e. the application could still function properly even if they were not corrected
    . from WikiPedia

    • PMD Can be integrated with Eclipse (see below), Maven (maven-pmd-plugins), Ant (Ant task).
    • PMD is an engine, rulesets parse code and issue a message and level if rules are violated.
    • PMD is notable because you can write your own rules using XPath expressions over an XML version of the parse tree
    • PMD has a duplicate code detector CPD which is quite fast and accurate to locate dangerous CUT and Paste code sections.

    List of rule sets

    Basic JSF rules:

    Basic JSP rules

    Basic Rules

    Braces Rules

    Clone Implementation Rules

    Code Size Rules

    Controversial Rules

    Coupling Rules

    Design Rules

    Finalizer Rules

    Import Statement Rules

    J2EE Rules

    JavaBean Rules

    JUnit Rules

    Jakarta Commons Logging Rules

    Java Logging Rules

    Migration Rules



    Naming Rules

    Optimization Rules

    Strict Exception Rules

    String and StringBuffer Rules

    Security Code Guidelines

    Type Resolution Rules

    Unused Code Rules


    Example of integrations: Ant, Maven and Eclipse

    <target name="pmd">
    <taskdef name="pmd" classname="net.sourceforge.pmd.ant.PMDTask"/>
    <pmd shortFilenames="true">
    <formatter type="html" toFile="pmd_report.html&8220;  linkPrefix=""/>
    <fileset dir="/tmp/productcatalog/">
      <include name=&8220;com/**/*.java"/>
              <!-- 100 tokens corresponds to approximately 5-10 lines of code. -->

    see below


    Installing PMD in Eclipse

    1. Start Eclipse.
    2. Start the installation procedure : select the Help>Software Updates>Find and Install... menu item.
    3. Select "Search for new features to install" option and click Next.
    4. Click New Remote Site...
    5. Give a name (ie PMD Eclipse Site), enter the URL&160;
    6. Select this new site in the Sites to include in search list and click Next.
    7. Select PMD for Eclipse 3 and Apache Xerces in the "Select the features to install" list and click Next.
    8. Accept the terms of the license agreements and click Next.
    9. Verify that the install location is your Eclipse installation directory, otherwise select the correct one, click Finish.
    10. A warning appear telling the feature is not signed. Ignore and click Install to continue.
    11. Accept to restart the workbench to load PMD into the workbench.

    Eclipse is restarted and a PMD welcome page is displayed : the plugin is correctly installed.

    Using PMD in Eclipse

    Trying to start PMD on a full workspace on too many modules/projects is very dangerous as the number of
    violations can be very high (many thousands) and can make eclipse run out of memory

    In order to test PMD. I did choose an open source project, the connector of MySQL 5 in the version 5.1.6.
    I do not want to judge the quality of MySQL connector, this is simply a project code that was available on my desktop.

    First Review all rules, you will find some of them disturbing (remember nobody like to be told that his coding habit
    are bad), You can switch off some rules or import a set of predefined rules in the preferences windows


    If you are in a distributed team, or wan to share your settings using either CVS or Subversion (SVN) don't
    forget to export the rule sets to a share project.

    The code duplicator detector will report any code that seems to be identical according to a certain value of
    number of line (25 lines of duplicated code)


    The project is set in eclipse, and compiling


    Lets run PMD on MySQL connector,
    The project is after no more compiling....

    PMD.code.checker2 PMD.code.checker4png

    PMD create additional Eclipse views, this help you better judge how many violations there is and their
    level. As You see there is some violations


    The duplicate detector ask for the number of lines that it should consider duplicated.


    PMD.code.checker5 &160;
    PMD.code.checker6 By Clicking in the view, you can jump to the code


    PMD final words...

    • Is customizable via XSL rules, java
    • Will disturb You at the beginning, but will improve your code in no time.
    • Has a broad scope of rule sets, basic JSF rules are now existing.
    • Some reported violations are not bugs, so take everything with a bit of salt, try to reach a
      realistic goal: (1 failure per 100 lines of code per example is my goal)

  • Cloudflare, Inc. is an American web infrastructure and website security company, providing content delivery network services, DDoS mitigation, Internet security, and distributed domain name server services. 

    It will cost you 0$ (DDOS, CDN) to 20$ or more and offer you the following advantages

    DDoS is short for Distributed Denial of Service. DDoSis a type of DOS attack where multiple compromised systems, which are often infected with a Trojan, are used to target a single system causing a Denial of Service (DoS) attack.

  • For users that know what they are searching for and want to have more from our friend Google... advanced operators, are query words that have special meaning to are some of them

     allinanchor:  allintext:  allintitle:  allinurl:  author:  cache:  define:  filetype:  info:  insubject:  intext:  intitle:  inurl:  link:  location:  movie:  msgid:  site:

    Read more at Google Guide, Making searching even easier

  • Since I did not find any clear how to on the internet how to run test cases for 3rd party extensions that use Joomla CMS, here is my version of it.


    Having PHPUnit properly install, if you use XAMPP you may want to read this post.


    How to use PHPUnit in Joomla

    At the root of your Joomla installation directory, make a checkout of

    You’ll need at least the following file

    • ${joomla_root}\tests\unit\bootstrap.php
    • ${joomla_root}\tests\unit\config.php
    • ${joomla_root}\tests\unit\JoomlaDatabaseTestCase.php
    • ${joomla_root}\tests\unit\JoomlaTestCase.php
    • ${joomla_root}\tests\unit\phpunit.xml
    • ${joomla_root}\tests\unit\readme.txt

    config.php is a custom or a copy of your configuration.php

    For your convenience, I provide a zip file (, unpack in your Joomla root and you’re done.

    Note when using PHPUnit 3.6 , Joomla should not need to include/require anything PHPUnit related since (at least) PHPUnit 3.6. This create errors otherwise.

    In PHPStorm

    Set Up PHPUnit

    Go to Settings, using CTRL+ALT+S, under PHPUnit, select the option “Use Bootstrap file” and use as value ${joomla_root}\tests\unit\bootstrap.php

    Set Up PHPUnit Skeleton Generator

    Go to Settings, using CTRL+ALT+S, under “Skeleton Generator”

    • Enter for “Path to phpunit-skelgen” the value is  ${xampp_root}\php, for example C:\xampp\php
    • Enter for “use bootstrap file” the value ${joomla_root}\tests\unit\phpunit.xml

    Your first Joomla test case

    Create a test case from any of your Joomla classes, by hitting CTRL+SHIFT+T, this will let you select the method you want to test and generate a runnable albeit incomplete test classes.

    It is only the beginning of testing your Joomla extensions, there is a lot now to learn

    • Mocking objects in Joomla, Stubbing of Joomla classes
    • Invoking protected method using TestReflection::invoke
    • How to create integration tests using the database
    • How to test the user interface using PHPSelenium
    • and more…

    These links may interest you


  • sony_playstation_eye

    The PlayStation Eye is a webcam device by Sony Computer Entertainment for the PlayStation 3 video game console. It is the successor to the EyeToy for the PlayStation 2. In case you have one floating around that you do not use for gaming, why not trying to use it as a webcam? You can find them cheap everywhere on ebay,,

    It is not anymore difficult to make this webcam work under Windows (Sony sell this camera since 2007), as there is good and stable drivers now available. I did test the webcam under Windows 7 64 bits and Skype. It work great as long as there is enough lights in the room.Note that the multi-directional microphone is quite exceptional of quality (The PS3 use it for voice location tracking, echo cancellation, and background noise suppression.)




    windows_logo Windows XP, Windows Vista, Windows 7

    The CL-Eye Platform Driver recommended for general users provides audio/video functionality with a single CL/PS3-Eye camera supported in a wide range of native and web applications that use Microsoft Windows DirectShow Framework (Skype, YouTube, Adobe Flash, AIM, MSN Messenger).

    macos_logo MacOS

    A working driver for MacOS can be downloaded from

    tux Linux

    Starting with Linux kernel 2.6.29, just plug your PlayStation Eye in a free USB port and enjoy. Tested under OpenSuse 10.2

  • Essential for any advanced Linux users or Linux sys-admin Smile

    The color coded Legend / Keys helps provide guidance for your experience level.

    •   Green = Essential
    •   Yellow = Basic
    •   Orange / Blue = Advanced
    •   Red = Expert



    All credits to

  • joomla_cms

    Digital watermarking is the process of possibly irreversibly embedding information into a digital signal. The signal may be audio, pictures or video, for example. If the signal is copied, then the information is also carried in the copy. In visible watermarking, the information is visible in the picture or video. Typically, the information is text or a logo which identifies the owner of the media.[Wikipedia]


    I decide to go with an offline watermarking first, but you can let any Joomla!® extension watermark picture on the fly using php and .htaccess (at the cost of additional CPU server resources).


    Why Watermarking pictures?

    There is a lot of reasons, among others:

    • To limit images stealing, advanced users will still be able to crop/blur your watermark through!
    • To drive more new users/returning visitors to your site, anybody using your images in a forums may want to visit your site if the watermark can be read (don’t use complex logo, except if you have a well known brand)
    • To advertise your online work,


    The first thing to do is to make a backup of your images! applying a watermarking is a non reversible process, usually this mean for Joomla!® to save your /images/stories directory

    You’ll have to decide what size you want your photos to be displayed at and how much space the text or logo will take up. Keep it small enough so as not to ruin the photo.

    Create a watermark using GIMP

    Download the excellent GIMP if not already done.

    Create a new picture with transparent background 

    Using the text tool, create a black or white title, you can also import/create an original logo.

    Save the file using a .png or .gif extension, don’t use .jpg as it don’t handle transparency



    Prepare your Linux server

    My script require you to install ImageMagick

    ImageMagick®  is a software suite to create, edit, and compose bitmap images. It can read, convert and write images in a variety of formats (over 100) including DPX, EXR, GIF, JPEG, JPEG-2000, PDF, PhotoCD, PNG, Postscript, SVG, and TIFF. Use ImageMagick to translate, flip, mirror, rotate, scale, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.

    ImageMagick install in OpenSuse

    As root run

    # zipper in ImageMagick

    ImageMagick install in Debian

    As root run

    # apt-get install ImageMagick


    Support dir name and filename space

    Support space in path and filename, not so easy as you think. Bash force me to use “” around variables to support space in path and use a while loop instead of a for loop to support space in filename.

    Scan you directories

    Scan your directories recursively for all pictures starting starting from the current directory (.).

    Do not watermark all pictures

    I don’t want to apply a watermark to all my pictures, I have decided to check against the size of the images and apply only if a threshold is reach (here all images bigger in width than 1024 pixels). The command identify allow you to retrieve the characteristics of any pictures

    geometry=$(identify $each)

    return for example

    ./desktop.jpg JPEG 1024x819 1024x819+0+0 DirectClass 8-bit 94.8613kb

    Add a bit of Bash REGEX magic (since 2004 with bash 4.0) to correctly identify picture size


    and voila! I can now use $height and $width in my function.


    Do not run the script twice or more

    Do not run the script twice or more on same directory/sub directories, or the watermark will get darker and darker. The code do not check if any watermark already exist, and apply the same watermark over and over pictures that reach the threshold.


    The script must be runnable

    # chmod u+x


    open the file

    # vi

    and change all variables value at the top

    Position of the Text Watermark

    You can position the text using the following Gravity, possible values are: NorthWest, North, NorthEast, West, Center, East, SouthWest, South, SouthEast.

    NorthWest North NorthEast
    SouthWest South SouthEast

    If the -gravity option is present with NorthEast, East, or SouthEast gravity, it gives the distance leftward from the right edge of the image to the right edge of the cropping region. Similarly, if the -gravity option is present with SouthWest, South, or SouthEast gravity, the distance is measured upward between the bottom edges.

    See more details HERE  

    The bash script

    Source Code



    echo "*******************************************"
    echo "* Image Watermarking Script               *"
    echo "* By Cedric Walter - *"
    echo "* Licence GNU/GPL v3 or later              *"
    echo "*******************************************"
    echo " "
    Below this width no watermark will be apllied
    # NorthEast, East, or SouthEast gravity, it gives the distance leftward from the
    # right edge of the image to the right edge of the cropping region. # Similarly, if the -gravity option is present with SouthWest, South, or SouthEast
    # gravity, the distance is measured upward between the bottom edges. WATERMARK_POSITION=northeast Transparency percentage TRANSPARENCY_PERCENTAGE=15 normal user dont change below #this use bash regular expression capabilities regex="([0-9]*)x([0-9]*)" function applyWatermarkForExtension { find $BASEDIR -type f -name "$1" | while read each do geometry=$(identify "$each") echo $geometry if [[ ${geometry} =~ ${regex} ]]; then echo "$geometry matches" i=1 n=${BASH_REMATCH[*]} width=${BASH_REMATCH[$i]} let i++ height=${BASH_REMATCH[$i]} echo width=$width height=$height if [ $width -gt $MIN_PIC_WIDTH ];then echo "Working on $each..." composite -gravity $WATERMARK_POSITION -dissolve $TRANSPARENCY_PERCENTAGE $WATERMARK "$each" "$each" 2> /dev/null echo "... Done!" fi fi done } add new pictures extensions here applyWatermarkForExtension "*.jpg" applyWatermarkForExtension "*.gif" applyWatermarkForExtension "*.png" applyWatermarkForExtension "*.jpeg" exit 0


    Download from my download section.



    Webpages as Graphs

    With this funny applet, you can judge of the complexity of a web page by just generating it’s graph! my homepage is way too complex compare to google for example :-)

    What do the colors mean?
    blue: for links (the A tag)
    red: for tables (TABLE, TR and TD tags)
    green: for the DIV tag
    violet: for images (the IMG tag)
    yellow: for forms (FORM, INPUT, TEXTAREA, SELECT and OPTION tags)
    orange: for linebreaks and blockquotes (BR, P, and BLOCKQUOTE tags)
    black: the HTML tag, the root node
    gray: all other tags

    Nothing new some of you will cry, as this java applet is available since 2007.. Yes but..

    The main difference, is that I provide you the last bit of code to make it work on your own server, or locally in any php environment. The magic part that is difficult to get is the function that retrieve the html content of any page and pass it to the applet.

    For this task and since on some web host, the php function furlopen() may be forbidden (I recommend you to disable it to reduce backdoor inclusion), i will present you a solution with CURL

    PHP supports libcurl, a library created by Daniel Stenberg, that allows you to connect and communicate to many different types of servers with many different types of protocols. libcurl currently supports the http, https, ftp, gopher, telnet, dict, file, and ldap protocols. libcurl also supports HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading (this can also be done with PHP's ftp extension), HTTP form based upload, proxies, cookies, and user+password authentication. [PHP Manual]&160;

    So I’ve create a small script call display.php that return the content of a webpage

    Get Data From URL With Curl

    $input = $_GET;
    $name = 'url';
    $url = (isset($input[$name]) && 
    $input[$name] !== null) ? $input[$name] :
    ""; $timeout = 10; $show_errors = true; if (function_exists('curl_init')) { return getDataFromUrlWithCurl($url, $timeout, $show_errors); } else { return getDataFromUrlWithFopen($url, $timeout); } /** * CURL function to retrieve data from a URL. */ function getDataFromUrlWithCurl($url, $timeout = 10, $show_errors = false) { $ch = curl_init(); $agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"; curl_setopt($ch, CURLOPT_USERAGENT, $agent); curl_setopt ($ch, CURLOPT_HEADER, 0); curl_setopt($ch,CURLOPT_URL,$url); curl_setopt($ch,CURLOPT_HTTPGET,1); curl_setopt($ch,CURLOPT_CRLF,1); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); // so it will return data into a
                                                  //variable instead of printing out
       curl_setopt($ch,CURLOPT_TIMEOUT,$timeout); // give it a time in seconds to reply
       //curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false); //dont validate SSL cert
       $result = curl_exec($ch);
       if ($show_errors && curl_error($ch)) {
          printf("Curl error %s: %s", curl_errno($ch), curl_error($ch));
          print(' <a href="' . $url . '" target="_blank">This is the url</a><br>');


    You can look at all CURL options there:

    Get the source code to make your own site

    Download now

    All credits to original author

    About the author (Sala) of this applet


    Make a screenshot of your sitegraph below, put it on flickr and tag it websitesasgraphs.

  • The Eclipse Foundation is targeting release of Eclipse 3.1 for late June 2005. There have been seven milestone releases of version 3.1 dating back to August 2004. The Eclipse Requirement Council identified six major themes that the technical community will deliver on:

    • Scaling Up
    • Enterprise Ready
    • Design for Extensibility
    • Rich Client Platform
    • Simple to Use 
    • Appealing to the Broader Community

    As with previous releases, the Eclipse development team is committed to preserving backward compatibility with previous version of Eclipse. Eclipse 3.1 will be compatible with Eclipse 3.0 for API (contract), Binary (plug in), Source and Workspace. Most of the Eclipse SDK is "pure" Java code and has no direct dependence on the underlying operating system. The 3.1 release of the Eclipse Project is written and compiled against version 1.4 of the Java 2 Platform APIs, and targeted to run on version 1.4 of the Java 2 Runtime Environment, Standard Edition.
    Eclipse SDK 3.1 is tested and validated on the following platforms:

    • Microsoft Window XP (Win 32) on Intel x86
    • Red Hat Enterprise Linux WS 3 (GTK) on Intel x86
    • SUSE Linux Enterprise Server 9 (GTK) on Intel x86
    • Sun Solaris 8 (Motif) on SPARC
    • HP-UX 11i (Motif) on hp9000 PA-RISC
    • IBM AIX 5L v5.2 (Motif) on PowerPC
    • Apple Mac OS X 10.3 (Carbon) on PowerPC

    More information about Eclipse 3.1can be found Here

  • apache_maven


    I was getting mad because jetty was refusing to redeploy my static files (xhtml, css) in Eclipse until I find the reason

    The Jetty Web Server provides a HTTP server and Servlet container capable of serving static and dynamic contend either from a standalone or embedded instantiations.

    Jetty buffers static content for webapps such as html files, css files, images etc and uses memory mapped files to do this if the NIO connectors are being used. The problem is that on Windows, memory mapping a file causes the file to be locked, so that the file cannot be updated or replaced. This means that effectively you have to stop Jetty in order to update a file.

    To fix this, add a line with to your maven-jetty-plugin configuration:


    The default webdefault.xml file is found in the lib/jetty.jar at org/mortbay/jetty/webapp/webdefault.xml. Extract it to a convenient disk location and edit it to change useFileMappedBuffer to false:


    Copy the changed file into src/main/resources/ of your project.

    The problem is explained more in Jetty's documentation.

  • Bug Tracking Tool
    Work in progress

    or Why it is not possible to manage any software development without a bug tracking tool

    A bug tracking system is basically a database linked to  a frontend:
    • The frontend can be a FAT client, understand a windows or application running on your pc and that need to be install by each developer/client, or may be
    • Adhering to a light client server model: HTML frontend which submit queries to a server.



    When was the bug open, and closed, what is its status now. Who has reported it (login is required and all system support profile (user, tester, manager, developer, administrator) and/or isolation of project). Did It already existed in a previous version (regression in code), etc...


     Easily dispatch responsability or find quickly who was reponsible for solving it, how  much time was needed to close this bug, some system may send email automatically to developer to inform them... etc...


    How difficult will it be to solve this issues, (can be a bugnote add by other developer). Most of the time, technical leader decide of the value of this field together with developers.


    How many bugs are still open at a date "t", how do I determine the order in which I will solve them...etc

    Standardisation of records

    By forcing tester/customer to enter some mandatory fields in a graphical forms. It may avoid You to hear some ridiculous statement like: "the application is not printing, working". It force the user talking a language You have decide together, having agreed on a "bug category" list is a very good and common example.


    All modern bug tracking tool let You define and customize some part of the system according to your need.

    Addition of information

    A screenshot is better than thousand word, a file create by the application, a memory dump, anything that will help developer to reproduce the bug.


    A lot of very powerful queries can be executed. It is always interesting to know, how many improvement were done in the next/past releases, or if a team has use more power to develop new functionnalities (also changes request which interest the customer the most) or loose time tracking some low level bug priority.
    In case of reporting, Bugzilla support the following:
    • Tabular reports - tables of bug counts in 1, 2 or 3 dimensions, as HTML or CSV.
    • Graphical reports - line graphs, bar and pie charts.

    Al of the above will have a positive result on:
    • communication among the team of developers and customers,
    • It will improve the product quality by several magnitude,
    • Developer will be more productive as the will know what to concentrate on or what is worth to do.
    AND Your customers will be happier!!

    Golden rules

    1. A bug that can be reproduce can be analysed/corrected.
    2. Correcting a bug is not always trivial, a correction may introduce new bugs.
    3. The intrinseque quality of a software is always improved with a tracking tool over time

    Some open source software:

    Bugzilla ( is the more famous, use in a lot of open source application (Mozilla, Apache, and even eclipse) version 2.19.2 (MySQL+PHP, Solaris, Linux, Win32, MacOS X, BSD) 370 companies are currently using it. (Nasa, IBM, Mozilla and others)- Wikipedia has a very brief article on it, Features are listed here

    Mantis. ( A very simple bug tracking tool with limited search functionnality compared to bugzilla, a strong community but not so much stable release as expected.

    Buggit ( no new release since 2000 and bounded to MS access, aka running only unde windows. Listed Here because I use to play with it in 2001.

  • iphone3gs Just because of some software you will NEVER find anytime soon in the official iTunes store.

    • AdBlock: block advertisements,
    • FREE: PrivaCy for avoiding developer to track your usage habits (similar to analytics)
    • FREE: How to remove all advertisement in free applications and Safari
    • FREE:How to blacklist Malware server in Safari using Spybot immunize hosts entries

    All these tips only work on Jail broken devices, the last 2 tips require a bit more knowledge than just installing an applications with Cydia, use at your own risk!



    • Block silently all ads
    • speed up internet browsing and speed up Safari loading time
    • Subscribe to public (and free) filter lists and stay up to date automatically.


    adblock.safari.iphone.01&160;&160; adblock.safari.iphone.02

    But it cost 2.4euro after some time and will create annoying popup when it found an advertisement.

    If you still want to remove all advertisements for FREE you can also follow a more radical path:

    Remove all advertisements in SAFARI and free iPhone applications

    Download the replacement host file from this link and replace your hosts file at the root of your iPhone using iPhone Browser or any SCP client (winscp for example)


    • If you want to use the Categories App, then please remove the line from the downloaded replacement host file, otherwise&160; it will not work. I
    • if you don't want to disable Apple's kill-switch mechanism then remove this line as well from the replacement host file.


    Avoid spyware/malware to install in you safari browser

    Using the same idea as before, i simply add a list of hosts known for containing malware and spyware into the&160; /etc/hosts file. You can get an an actual list for free by installing spybot (I cant provide a link to a ready to use hosts file as it seems to be copyrighted by Spybot)

    Spybot - Search & Destroy detects and removes spyware, a relatively new kind of threat not yet covered by common anti-virus applications. Spyware silently tracks your surfing behaviour to create a marketing profile for you that is transmitted without your knowledge to the compilers and sold to advertising companies. If you see new toolbars in your Internet Explorer that you haven't intentionally installed, if your browser crashes inexplicably, or if your home page has been "hijacked" (or changed without your knowledge), your computer is most probably infected with spyware. Even if you don't see the symptoms, your computer may be infected, because more and more spyware is emerging. Spybot-S&D is free, so there's no harm giving it a try to see if something has invaded your computer.

    Install this software (by the was it is excellent), start it and Immunize your PC

    Go to

    C:\WINDOWS\system32\drivers\etc&160;&160; (Windows XP)

    and open the hosts file from there, you now have a huge list of all malware known server (Spybot use a blacklisting technique to mitigate risks) you can also use for your iPhone. Contrary to Spybot, you’ll have to manually sync the host file.


    It has recently come to the attention of angry Cydia users that they are being watched by many of the applications they have installed from the App Store.

    Sites like I-phone-home have been discussing this in detail, leading to a post on the Dev-Team Blog about one provider in particular: Pinch Media.

    Pinch Media, however, is not the only tracking provider: on the iPhone alone there are three other companies:
    Flurry, Medialets, and Mobclix.

    Developers integrate these systems for much the same reason people use Google Analytics: to better understand how their customers use their products. Unfortunately, due to the restrictions Apple places on their App Store, these providers are unable to directly interface with the users they affect.&160; Instead, they rely on developers of every single application to document what information is being logged, and allow users to "opt-out" if they desire. Thanks to applications like redsn0w and Cydia, however, these restrictions are no longer important: a system-wide global "opt-out" setting is now possible. Pinch Media realized this fact, and took the lead in contacting me regarding getting this feature out there to all the users of jail broken devices: they care. With BigBoss, we then contacted all of the other providers, getting not only their blessing, but also their technical expertise in disabling their systems.

    The result is PrivaCy: a new Settings panel that allows you to selectively opt-out of sending anonymous usage statistics to each of these providers. This extension was a team effort, and was able to be executed as quickly as it was thanks to the help and interest of the companies involved.


  • These instructions were written using Knoppix version 3.7. It can be downloaded from This document is available online at is very detailed. I hope You will never have to use it ;-) , but just in case, write down this internet page :-(

  • There's a new version of Xdebug released which fixes a major bug where inspecting static properties caused Xdebug to crash in XAMPP 1.8.0.

    Unfortunately, you’ll need to update manually the version of Xdebug shipped with XAMPP to Xdebug 2.2.1 rather than 2.2.0:

    Simply download the correct Xdebug binary (VC9 threadsafe PHP 5.4 VC9 TS (64 bit) (MD5: 81cacc87168c99c7f65ba202dc12c4b2)) and copy it in your XAMPP installation at xampp\php\ext\php_xdebug.dll

    restart Apache and you can continue debugging!

  • I’ve been&160; granted a free professional license of XDepend, thanks to Mat Huston, XDepend lead developer.

    XDepend is a static analysis tool for JAVA developers that provides 82 code metrics, several real-time code visualization panels, code base snapshots comparison, architectural and quality rules (edition and real-time validation). The tool is a frontend to support the Code Query Language (CQL) to query a code base the same way you would query a relational database. You can using CQL, write and design your own rules and conventions for your code base.


    • Analyses your java byte code, your test reports and your source files to extract structural information and 82 base metrics via static analysis.
    • Provides complementary and interactive views on the same information. A Tree-Map view helps you easily identify the big one from the small one. The dependency matrix, the graph view and the detailed view help you gain insight in your code base.
    • Has a Code Query Language (CQL) is a specific XDepend language, very similar to SQL, that helps you dynamically find what you are looking for.

    What is also interesting me a lot is the possibility to make XDepend part of the Maven lifecycle, but that will be part of a new post. For now I am trying to understand the added value on our company software solution Innoveo Skye®

    Watch the screen cast

    Spring analyzed by XDepend

    More to come later

    Note: .Net is also having a similar tools NDepend, build on the same engine developed by Patrick Smacchia.