Project Automation & Cryptography

Dr. Dobb's Journal November, 2004

By Miles Thibault & Gregory V. Wilson

Miles, a software developer and computer science student at the University of Toronto, can be contacted at miles.thibaultutoronto.ca. Greg is a DDJ contributing editor and can be contacted at gvwilson@ddj.com.

Pragmatic Project Automation: How to Build, Deploy, and Monitor Java Apps
Mike Clark
Pragmatic Programmers, 2004 176 pp., $29.95
ISBN 0974514039

Java Cryptography Extensions: Practical Guide for Programmers
Jason Weiss Elsevier/Morgan Kaufmann, 2004
158 pp., $21.95
ISBN 0127427511

At my first programming job, I asked a coworker if it was a pain to type in all his test data all the time. He showed me a couple of CSV (Comma-Separated Values) files and a Perl script and said, "I only type once." I thought it was a great idea, but used it only sporadically in the years since.

Mike Clark's Pragmatic Project Automation is about taking that idea to its most useful extreme. The book is the third volume in the Pragmatic Starter kit, but is self-contained enough that it can be read on its own. The first chapter starts a story about how build automation makes everyone's life better—especially the developer's. That's really what this book is about—letting the computer do boring, repetitive things so that we can concentrate on what's new and interesting.

The rest of the first chapter answers some frequently asked questions including why and when developers should automate. This FAQ is useful in its own right, but also helps you figure out whether the rest of the book is for you.

The next two chapters show how to automate a Java build with Ant and then schedule that build. At first, I wondered how this would help me because I'm doing web development with Python right now and I don't usually compile Python. Then Clark pointed out that running tests is part of the build process. A day later, my build process consisted of checking out Python files from version control and running all my unit tests on them.

Chapters 4 and 5 describe how to generate and distribute releases of software. One of my favorite ideas from these chapters is writing a checklist script that clients can run on-site to check for "is it plugged in" errors.

The last chapter is about monitoring all this automation. In my mind, this chapter alone is worth the price of the book. We always want this information, but no one enjoys being spammed by their own computers and it's a pain to set up filters so that the right messages reach exactly the right people. Clark's solution? Use RSS notifications so that your build system creates a blog as it goes along. It's a great idea and I've already started implementing it locally.

Pragmatic Project Automation is short, but it's chock-full of ideas and advice that can be put to use immediately. I found Clark's writing style clear, easy to read, and often entertaining. As a bonus, the book's concepts are language independent: Clark uses Java and Java-based tools, but I had no problems applying everything to Python. The book also has excellent support with its own web site (http://www.pragmaticprogrammer.com/starter_kit/au/) and the author's web log (http://www.pragmaticautomation.com/).

—M.T.

Cryptography is necessary, but not sufficient, for computer security: It's necessary because unencrypted data can be read or modified by anyone with villainous intent, but insufficient because villains can compromise systems in many other ways. Knowing how to integrate cryptography into software is, therefore, as important for programmers as knowing how to fork a process, read a file, or parse XML.

Unfortunately, crypto is still a lot harder than any of these things—so hard that most programmers still don't know how to do it properly. Some of this difficulty is intrinsic, but a lot is also due to overly complex APIs and to documentation that assumes more background knowledge than all but a handful of people have.

According to the blurb on its backcover, Jason Weiss's Java Cryptography Extensions discusses cryptography "...at the level that developers need to know to work with the JCE," but "...doesn't overwhelm by packing in details unimportant to the busy professional." After going through it twice, I believe it meets the second objective, but doesn't quite meet the first. It's not for lack of trying—Weiss's examples are well chosen and described in a fair bit of detail. However, he often assumes that readers know more about public-key infrastructure (PKI) and related acronyms than people buying his book are likely to. He (or his editor) should also have proofread the examples more carefully: More than a few contain typos.

I was also a bit frustrated that this book didn't answer any of the specific questions I have about code that I'm currently porting from a proprietary library to Java 1.4's JCE. For that, I have to turn back to Google and to Sun's own documentation. Overall, therefore, I think it's worth having a copy of this book in the company library; however, even given its low price, it isn't a must-buy for most Java programmers.

—G.V.W.

DDJ