Posted on

Herding Code 117: Llewellyn Falco on Approval Tests

This episode of Herding Code the guys talk to Llewellyn Falco about Acceptance Tests, an interesting testing framework for .NET, Java, Ruby, and PHP.

  • Jon talks about how much he enjoyed Llewellyn’s talk on refactoring legacy code at So Cal Code Camp, and was especially intrigued by Approval Tests.
  • Llewellyn explains how Approval Tests got started at a weekly coding for gun group.
  • Llewellyn explains at a high level the problem that Approval Tests solves.
  • Jon talks about what he noticed when he tried using approval tests – it’s not really so much about writing tests as in verifying output. Llewellyn how testing at the output verification level avoids many of the pitfalls of traditional unit testing.
  • Jon asks about the use of diff tools in Approval Tests.
  • Jon talks about the general flow of development using Approval Tests.
  • Llewellyn mentions that Approval Tests has native implementations for .NET, Java, Ruby, and PHP.
  • Jon asks about how the approved filetypes are set, and Llewellyn explains the overrides in Approvals.Approve().
  • Llewellyn talks about how Approvals makes it easy to test complex objects.
  • Llewellyn talks about how Approval Tests often only requires one test. Jon and K Scott ask about how that meshes with general testing practices which push towards very granular tests, and Llewellyn explains that he gets that granularity in the test coverage and results, but has the benefit of context in the test output as well.
  • Jon asks about how output verification works with ASP.NET and ASP.NET MVC.
  • Llewellyn explains how the use of Approval Tests combinations rules can make it really test output based on multiple input combinations.
  • Llewellyn talks about how he especially likes using Approval Tests with legacy code , since it’s relatively easy to get good, working test coverage based on output rather than having to gain a deep understanding the internals of the legacy code . Jon and Llewellyn swap war stories about legacy code .
  • Jon asks if he should be obsessing about a bunch of extra files with the approved results hanging around. Because he is.
  • Jon asks about controlling file output; Llewellyn describes how namers, reporters, and writers provide flexibility.
  • Llewellyn mentions the Rx Koans he worked on and says that Approval Tests Koans are on the way soon.
  • Jon says that TDD has trained him to write tests that verify response to failure conditions.
  • Jon asks if Approval Tests will be available for JavaScript.
  • Jon asks what’s in the works for Approval Tests. Llewellyn talks about RDLC support and enhancements to the Visual Studio plugin.
  • Jon asks what code coverage information Approval Tests can provide.
  • Jon asks Llewellyn about how he get involved in Teaching Kids Programming.
  • There’s a discussion about why it’s important to introduce computer programming to high school aged girls with a great analogy from Malcolm Gladwell’s Outliers book on the impact of birth month on competitive hockey players.
  • Llewellyn explains how the program works, and Jon mentions the prior show with Sara J Chipps ( Herding Code 90) about Girl Develop It.
  • Jon asks Llewellyn about upcoming speaking engagements

Show Links:

Download / Listen:

Herding Code 117: Llewellyn Falcon on Approval Tests

[audio://herdingcode.com/wp-content/uploads/HerdingCode-0117-Llewellyn-Falco-on-Approval-Tests.mp3]
Posted on

Herding Code 116: Eric Lawrence on Fiddler, IE Internals, and HTTP

This episode of Herding Code the guys talk to Eric Lawrence, the author of the popular Fiddler web debugging proxy. Eric’s also a member of the Internet Explorer team and developer of several popular freeware tools.

  • Eric explains how he’s been working on – and now runs – the team that works on the networking components for Internet Explorer.
  • Kevin asks Eric to clarify what portions of IE he works on. Eric explains that he’s on fundamentals, which includes things like networking and security, not rendering or the DOM.
  • Jon asks Eric about his development focus. Eric says that his main focus is on C#.
  • Jon references an interesting bit of Eric’s MIX talk about Fiddler – Fiddler is an HTTP proxy, so it works with all browsers and devices.
  • Scott mentions that he’s used Fiddler for low-level network debugging. Eric talks about the broad range of Fiddler users.
  • Eric mentions that Fiddler’s used for security testing, and there’s a discussion of fuzz testing. Eric describes "dumb fuzzing" and "smart fuzzing".
  • Jon asks how Fiddler is used with mobile devices.
  • Jon asks Eric if he’s taking advantage of any "internal" info or API’s as a member of the IE team.
  • Jon talks about how the plugin system has really paid off for Fiddler over the years. Eric talks about how he’s supported both a Javascript and a reflection based .NET plugin system.
  • Eric mentions how he’s tested a "pure .NET 4" version of Fiddler, and talks about the Fiddler itself runs on Fiddler Core, which is really close to running on the .NET client profile.
  • Jon asks Eric about some of the interesting things he’s heard built on top of Fiddler Core. Eric mentions some testing extensions, ELMAH use, and FiddlerCap.
  • Jon asks what IE9 features Eric is taking advantage of. Eric talks about IE9’s support for the X-Download-Initiator header, which allows tracing why a resource was requested.
  • Eric talks about Fiddler now proxies Cassini traffic for ASP.NET developers, and Jon mentions how he saw from internal bug reports that Eric was driving ASP.NET debugging issues with pre-release versions of IE9.
  • Eric mentions that the issue with IE9 betas and Cassini was due to IPv6, and since the podcast was recorded on IPv6 day, the conversation shifts over to a discussion of IPv6.
  • Jon asks Eric about IPv6 use in the real world, and Scott K asks about issues with SSL over IPv6.
  • Jon asks about IE’s and Fiddler’s support for HTTP verbs beyond GET and POST. Eric talks about how he had to drop some strict enforcement of protocols for non-standard verbs since actual usage often didn’t follow the specs.
  • Jon asks Eric about the 100 Continue response. Eric explains why it’s there, and how he handles it in Fiddler, and how IE handles it.
  • Jon asks about the Accept header, asking Eric’s opinions on its use and how IE9 handles it. Eric explains how he doesn’t think Accept really works, because proxies and servers don’t correctly handle them.
  • Scott K asks about the advantages of being able to analyze aggregate HTTP traffic for a large organization like Microsoft. Eric explains that there’s not really a lot of opportunity for IE, but he does get advanced notice on Fiddler issues from internal Microsoft use against pre-released software.
  • Kevin asks about the "Fiddler has detected a protocol violation" error. Eric explains that it’s helpful in debugging issues which browsers will attempt to hide due to being very liberal and forgiving with respect to protocol violations.
  • Eric explains that there was an HTTP 0.9 version which didn’t have HTTP headers, and talks about how his awareness of protocol violations on major websites came in handy. He mentions that he’s thought about an HTTP-Lint module, which would be a lot more strict with respect to protocol violations.
  • Question from Twitter – James Schmidt – "Will we see Fiddler features move over to IE Dev tools?
  • Jon asks about the common import / export format that IE F12 dev tools and Fiddler share… kind of.
  • Question from Twitter – Luke Foust – Hear about developing a side project inside Microsoft.
  • Jon asks Eric about some of his other freeware applications, including SlickRun and a popup blocker (big in Brazil!).
  • One of Eric’s freeware applications was a utility to tweak the number of simultaneous downloads IE would use, which prompts Jon to ask about how simultaneous browser connections have evolved over the years.
  • Question Jarrod Dixon – "Possible to open source SlickRun? I use it a lot and would like to add some features?"
  • Kevin asks if Eric would consider open sourcing Fiddler at some point.
  • Eric wraps up with a description of what’s in the works for Fiddler. Kevin asks for auto-update.

Show Links:

Download / Listen:

Herding Code 116: Eric Lawrence on Fiddler, IE Internals, and HTTP

[audio://herdingcode.com/wp-content/uploads/HerdingCode-0116-Eric-Lawrence-on-Fiddler-IE-Internals-and-HTTP.mp3]
Posted on

Herding Code 115: RESTravaganza with Darrel Miller, Glenn Block, and John Sheehan

This episode of Herding Code the guys talk REST with Glenn Block (who’s driving the WCF Web APIs), Darrel Miller (a REST expert with a lot of real world production experience), and John Sheehan (author of RestSharp) about what REST really is and what practical value it really offers in real world, production applications.

  • Jon asks Glenn for a quick overview of how WCF Web API fits in with REST.
  • Darrel talks about how he got into REST in support of desktop systems.
  • John asks Darrel about how HttpListener is working for him.
  • K. Scott asks Darrel why he’s doing all the work to plumb RESTful services rather than just going with something like SOAP.
  • Glenn asks Darrel how his RESTful services are more "evolvable" than previous technologies he’s used.
  • Jon asks Darrel what REST means to him. Darrel says it means that there are just two things that the client and server couple on: media types and link relations.
  • John says that very few people he interviews describe REST as how Darrel just did. Glenn talks about how his understanding of REST evolved when he more closely studied Roy Fielding’s original dissertation.
  • Question from Twitter (@stevenproctor – Steven Proctor): "Do nice http paths really make an architecture RESTful? Wasn’t there something about next available commands too?" Glenn and Darrel talk about how this is the fundamental concept of hypermedia.
  • Jon ignites a firestorm by asking why people who care about REST dislike how OData is implemented. Chaos ensues.
  • Darrel explains how OData’s format doesn’t match with some important RESTful principles like link relations and metadata discoverability.
  • Glenn points out that OData is an API that takes a constrained view of of HTTP, which offers a tradeoff which many developers find beneficial.
  • Scott K asks the guests how many non-demo OData feeds are actually available.
  • Scott K asks why not just use JSON instead of OData, and Glenn explains how the important difference is around metadata – JSON is just untyped data.
  • Darrel talks about the concept of serendipitous reuse, and how common media types offer better reuse than untyped JSON data.
  • John asks if anyone is actually putting the client re-use case into practice in the real world, and Darrel plugs the REST Fest. Glenn points out that just having multiple versions of a client working against a spec is a significant advantage, talking about HTTP 1.0 and HTTP 1.1 as an example.
  • Jon asks  if a microformat approach could work, and eventually an RDF discussion breaks out.
  • Glenn talks about how many people view REST by mapping HTTP verbs to CRUD (create, read, update, delete) operations, and they’re missing the importance of linking and hypermedia.
  • Kevin asks where people "lose the path" with REST, and what are the most important concepts to stick with. Darrel comes back to the hypermedia constraint as the most important concept that’s commonly missed.
  • Glenn points out that your architecture is up to you, and you don’t have to follow RESTful principles, but there’s a problem if you don’t and claim your API is RESTful when it isn’t.
  • John points out that there are few examples of RESTful systems really paying off in practice. Glenn and Darrel point to Jon Moore’s Oredev talk about real business value to Comcast, and Jon mentions Glenn Block’s MIX presentation about device support based on content negotiation.
  • Glenn explains that opportunities are emerging as we’re moving beyond the browser, and he sees a lot of opportunity for WCF Web API’s to shine here.
  • Darrel describes another example of how a RESTful API could guide a common user experience across platforms, using Twitter as an example.
  • Kevin asks for public examples of good RESTful API’s. Darrel mentions Sun’s cloud API and SteamCannon; Glenn says that ATOM PUB is the best public example.
  • K. Scott asks about building RESTful clients.
  • Kevin asks about the practicalities of clients navigating hypermedia.
  • Question from Twitter (@kellabyte – Kelly Sommers): "I’m curious how REST might fit with an application that is wanting to store events and event sourcing. Is REST common for this?"
  • Question from Twitter (@gsogol – Jeff Sogolov): "How about Rest in the enterprise? Securing Rest services with Saml or oAuth? Also impersonation."
  • Jon mentions how WS-* defined methods for securing portions of message for different access and asks if REST handles that kind of scenario. Scott K, Glenn, and Darrel discuss.
  • The show wraps up with a discussion selecting architectural styles based on concrete benefits.
  • Darrel pimps REST Fest 2011, August 18 – 20.
  • John mentions his upcoming talk at DevLink on August 17, and Monospace July 23-25.
  • Glenn mentions the Portland Code Camp and //build/.

Show Links:

Download / Listen:

Herding Code 115: RESTravaganza with Darrel Miller, Glenn Block, and John Sheehan

[audio://herdingcode.com/wp-content/uploads/HerdingCode-0115-RESTravaganza-with-Darrel-Miller–Glenn-Block–John-Sheehan.mp3]
Posted on

Herding Code 114: Trevor Burnham on CoffeeScript

This episode of Herding Code the guys talk to Trevor Burnham about Coffeescript, “a little language that compiles into JavaScript.”

  • Kevin asks Trevor to explain what CoffeeScript is. Trevor explains how CoffeeScript helps you to write the same code you would have in JavaScript, but more quickly and with less effort.
  • Kevin ask if people like CoffeeScript because they hate Javascript. Trevor talks about the strong reactions people had to the addition of CoffeeScript support for Rails, and how CoffeeScript is not a dumbed down Javascript, it’s really just a cleaner syntax for exposing the functional power in the that underlies Javascript.
  • Scott K talks about the time and political pressures that shaped Javascript, in some ways hiding a powerful language behind a mandated Java-like syntax.
  • Kevin asks about the language inspirations behind CoffeeScript. Trevor talks about how it’s drawn inspiration from Ruby, Python, Haskell, and Erlang.
  • Jon asks about how CoffeeScript support is technically added to Rails – where is the compilation happening? Trevor explains  how the coffee-script and execjs gems select the Javascript runtime.
  • Jon asks a question from Twitter by @darrencauthon about using CoffeeScript on Windows and .NET.
  • Scott K asks about other languages that compile down to Javascript, and what will happen when Javascript as a language. Trevor talks about Objective-J and Traceur.
  • Kevin asks about how you can debug CoffeeScript code.
  • Jon talks about the Try CoffeeScript interactive compiler on the CoffeeScript.org site and asks resources for learning more about CoffeeScript.
  • Scott K asks if CoffeeScript leverages more advanced Javascript features if they’re available, and if there are language facilities for extending the language. Trevor talks about how CoffeeScript is just Javascript, so you can leverage the extensibility features that are already available in Javascript.
  • Kevin drops back to asking some basics: why is CoffeeScript so special? What’s with the new function syntax?
  • Jon talks about how nice it is to just delete parentheses, braces, and semicolons. Trevor talks about how in general CoffeeScript code is 2/3 as verbose as the equivalent Javascript code.
  • K Scott asks about how CoffeeScript simplifies scope issues, and Trevor talks about how CoffeeScript is very opinionated about scoping.
  • Scott K asks about type coercion. Trevor mentions the wtfjs.com site, talking about how Javascript’s type coercion can be surprising at times.
  • Scott K asks about how DOM manipulation is handled. Trever explains that CoffeeScript works great with jQuery, and any other Javascript library available.
  • Jon asks if it’s possible to do CoffeeScript compilation in the browser, and asks if that’s possible / practical for standard applications.
  • Jon mentions the SassAndCoffee project for .NET.
  • Jon asks if there are any Javascript to CoffeeScript converters. Trevor says he doubts there will ever be a good one, but after the show sent Jon a link to js2coffee (link below).
  • Scott K asks about JSLint support. Trevor talks about how CoffeeScript works with JavaScript Lint.
  • Kevin asks if CoffeeScript has been used as a DSL, and Trevor mentions CoffeeKup.
  • Jon asks what happens if CoffeeScript hits a compiler error.
  • Kevin asks about split between front-end vs. back-end use for CoffeeScript.
  • Jon some a question from Christopher Deutsch (@cdeutsch) about how to sell CoffeeScript to a team – is this today’s flavor, tomorrow’s legacy headache?
  • Kevin talks about how he likes the => function, and Jon mentions how he likes the @ operator as well.
  • Kevin asks about the object orientation features in CoffeeScript, and Trevor mentions how the class keyword is used.
  • Jon says the he sees a lot of similarity between CoffeeScript and SASS. Trevor talks about how both reduce repetitions.
  • Jon asks if jQuery could take advantage of CoffeeScript.
  • Trevor mentions how you can buy his book and mentions a recent article he published in PragPub.
  • Trevor’s upcoming talks: O’Reilly Web 2.0 Expo in NYC in October and Oredev in Sweden in November.

Show Links:

Download / Listen:

Herding Code 114: Trevor Burnham on CoffeeScript

[audio://herdingcode.com/wp-content/uploads/HerdingCode-0114-Trevor-Burnham-on-CoffeeScript.mp3]
Posted on

Herding Code 113: Mark Russinovich on Zero Day and Computer Security

This episode of Herding Code the guys talk to Mark Russinovich about his new book (Zero Day), modern malware like Stuxnet, his experiences discovering the Sony rootkit, Sysinternals tools, and computer security in general.

  • K Scott asks Mark about how he decided to write Zero Day. Mark talks about how early, unsophisticated viruses still caused a lot of damage, and it got him thinking about what a virus attack motivated by a terrorist agenda could achieve.
  • K Scott talks about the shift to financial motivation in malware, and Mark mentions the book Zero Day Threat which discusses financially motivated malware.
  • Kevin asks Mark about his motivation for writing fiction in general, and how big a shift it was from technical writing.
  • K Scott talks about how he read the book while travelling, and how it did a pretty good job of terrifying him.
  • Mark mentions how the Stuxnet virus validated some of the scenarios he’d been using in the book, how sophisticated Stuxnet is, and how that level of sophistication in malware authoring is available for hire, cheaply.
  • Scott K asks about the threat that malware like Stuxnet could come back on the entity that released it, and Mark mentions that collateral damage is definitely a factor, but that the Stuxnet authors were apparently unconcerned by it.
  • We take a question from listener @mattd78: "what does mark think of Linux and has he ever analyzed the source code to compare it to windows"
  • Scott K asks how the malware targets have changed with the explosion of mobile devices.
  • K Scott asks Mark about how he uses Sysinternals tools when studying malware.
  • Jon asks about how live.sysinternals.com works to allow running the tools without an explicit download / install step.
  • Jon asks Mark whether he does all his testing in virtual machines or uses physical test machines.
  • K Scott asks Mark about Rootkit Revealer – how it got started, and how Mark discovered the Sony rootkit. Mark tells an interesting story about a cat and mouse game he was engaged with against a rootkit writer who went by the name of Holy Father, who kept coming up with ways to hide from Rootkit Revealer.
  • Mark talks about the interview he did on NPR about the Sony rootkit fiasco.
  • Kevin thanks Mark, on the behalf of Windows developers everywhere, for the Sysinternals tools. When Kevin tells Mark that they’ve saved his butt over and over, Mark says he’s heard that feedback so many times that they used "save your butt" on advertising over the years.
  • Kevin asks Mark if working at Microsoft has made things easier. Mark says not so much – it’s often quicker for him to disassemble and use dynamic analysis than to look at the source code.
  • Jon asks if Mark has any security feedback for .NET developers. Mark says that if you’re purely in managed code, you need to focus on logic problems like SQL injection.
  • K Scott asks if Mark has anything he’d like to promote, and Mark talks about the upcoming book Windows Sysinternals Administrator’s Reference.
  • Jon asks Mark what’s the point of running antivirus software if it’s not going to be 100% effective.
  • Kevin asks Mark if he’s working on a sequel to Zero Day. He is!

Show Links:

Download / Listen:

Herding Code 113: Mark Russinovich on Zero Day and Computer Security

[audio://herdingcode.com/wp-content/uploads/HerdingCode-0113-Mark-Russinovich-on-Zero-Day-and-Computer-Security.mp3]