[GHOP] please review the new wicket-examples design

[Gerolf Seitz <ge...@gmail.com>]

hi all,

Ash sent in the proposal for a new/enhanced design for wicket-examples [0].
take a look at the preview images [1] [2] and let us know, what you think
about it.

as always, feedback is much appreciated.

Cheers,
  Gerolf

P.S.: i like the new design a lot ;)


[0]
http://code.google.com/p/google-highly-open-participation-asf/issues/detail?id=12
[1]
http://code.google.com/p/google-highly-open-participation-asf/issues/attachment?aid=1126549382673268096&name=home-main-axamples.png
[2]
http://code.google.com/p/google-highly-open-participation-asf/issues/attachment?aid=6148678809405620109&name=Example-page.png

Re: [GHOP] please review the new wicket-examples design

["Jack L." <ja...@gmail.com>]

Where'd he find that logo.... Baffles me. I prefer it.
(I'll make a vector version real quick if its raster)

On Dec 5, 2007 6:54 PM, Gerolf Seitz <ge...@gmail.com> wrote:

> hi all,
>
> Ash sent in the proposal for a new/enhanced design for wicket-examples
> [0].
> take a look at the preview images [1] [2] and let us know, what you think
> about it.
>
> as always, feedback is much appreciated.
>
> Cheers,
>  Gerolf
>
> P.S.: i like the new design a lot ;)
>
>
> [0]
>
> http://code.google.com/p/google-highly-open-participation-asf/issues/detail?id=12
> [1]
>
> http://code.google.com/p/google-highly-open-participation-asf/issues/attachment?aid=1126549382673268096&name=home-main-axamples.png
> [2]
>
> http://code.google.com/p/google-highly-open-participation-asf/issues/attachment?aid=6148678809405620109&name=Example-page.png
>

Re: [GHOP] please review the new wicket-examples design

[Igor Vaynberg <ig...@gmail.com>]

oh, i didnt mean for this to be part of the task. just looked at the
list and figured i would say something here so i dont forget.

-igor

On Dec 5, 2007 5:54 PM, Gerolf Seitz <ge...@gmail.com> wrote:
> On Dec 6, 2007 2:03 AM, Igor Vaynberg <ig...@gmail.com> wrote:
>
> > the design is much improved indeed. however, the list is a bit
> > daunting. can we divide up all the examples into some logical groups?
> >
>
> Ash, as this is not part of the original task description, i will leave it
> up to you,
> whether you are willing to do this in the course of this task.
>
> one more thing: the transparent png files do not work with IE6 (it's
> officially
> supported by wicket).
> you should be able to find instructions on how to fix this on the web. if
> not,
> let me know...
>
> anybody else?
>
>   Gerolf
>
>
>
>
> >
> > -igor
> >
> >
> > On Dec 5, 2007 4:54 PM, Gerolf Seitz <ge...@gmail.com> wrote:
> > > hi all,
> > >
> > > Ash sent in the proposal for a new/enhanced design for wicket-examples
> > [0].
> > > take a look at the preview images [1] [2] and let us know, what you
> > think
> > > about it.
> > >
> > > as always, feedback is much appreciated.
> > >
> > > Cheers,
> > >   Gerolf
> > >
> > > P.S.: i like the new design a lot ;)
> > >
> > >
> > > [0]
> > >
> > http://code.google.com/p/google-highly-open-participation-asf/issues/detail?id=12
> > > [1]
> > >
> > http://code.google.com/p/google-highly-open-participation-asf/issues/attachment?aid=1126549382673268096&name=home-main-axamples.png
> > > [2]
> > >
> > http://code.google.com/p/google-highly-open-participation-asf/issues/attachment?aid=6148678809405620109&name=Example-page.png
> > >
> >
>

Re: 14,870 items found on inspection

[Johan Compagner <jc...@gmail.com>]

There are also a lot of things that are just perfectly fine..

Suspicious system array call (we know that it is an array.. Does it
want an extra cast??)

Or the one from FormComponent.getInputname() equals between string an
prepending.. Thats also not a problem because prepending is really
content equal (so the same 'string' as a string or a prepending is
just true)

On 12/23/07, C. Bergström <cb...@netsyncro.com> wrote:
> I ran inspection against the wicket trunk (Revision: 606531) and maybe
> interesting to someone else as well..  It covers a lot... including
> superfluous things such as the html, css, javascript, naming
> conventions.. This is with default settings, but if anyone wants I can
> rerun and include/exclude more items.. (unchecking the html, but
> including potential memory issues..)
>
> Of course there are false positives..
> ------
> archtypes/quickstart...
> package ${packageName};
> ------
>
> It's temporarily available at
> http://www.netsyncro.com/downloads/wicket-inspection.tar.bz2
> (Warning 1.7M download, but extracts out to 144M)
>
> Alternatively, you can browse it.
> http://www.netsyncro.com/downloads/inspection/index.html
>
> I don't mind making up a patch, but I can't commit.
>
> If you want to reproduce this..
> Download IDEA
> http://www.jetbrains.net/confluence/display/IDEADEV/Selena+EAP
>
> 1) Checkout a new project from svn
> 2) Create a new project from that using maven (should be self
> explanatory)
> 3) Analyze > inspect code
>
> For some/most of the items you'll have the option to refactor a fix.
>
> Seasonal greetings!
>
> ./C
>
>

Re: 14,870 items found on inspection

[Johan Compagner <jc...@gmail.com>]

Hee, cool that website dump auto adjust to mobile phone!

On 12/23/07, C. Bergström <cb...@netsyncro.com> wrote:
> I ran inspection against the wicket trunk (Revision: 606531) and maybe
> interesting to someone else as well..  It covers a lot... including
> superfluous things such as the html, css, javascript, naming
> conventions.. This is with default settings, but if anyone wants I can
> rerun and include/exclude more items.. (unchecking the html, but
> including potential memory issues..)
>
> Of course there are false positives..
> ------
> archtypes/quickstart...
> package ${packageName};
> ------
>
> It's temporarily available at
> http://www.netsyncro.com/downloads/wicket-inspection.tar.bz2
> (Warning 1.7M download, but extracts out to 144M)
>
> Alternatively, you can browse it.
> http://www.netsyncro.com/downloads/inspection/index.html
>
> I don't mind making up a patch, but I can't commit.
>
> If you want to reproduce this..
> Download IDEA
> http://www.jetbrains.net/confluence/display/IDEADEV/Selena+EAP
>
> 1) Checkout a new project from svn
> 2) Create a new project from that using maven (should be self
> explanatory)
> 3) Analyze > inspect code
>
> For some/most of the items you'll have the option to refactor a fix.
>
> Seasonal greetings!
>
> ./C
>
>

Re: 14,870 items found on inspection

[Johan Compagner <jc...@gmail.com>]

The things i like to see are 2 thing: 1 performance  things, 2 what
really can cause bugs..

On 12/23/07, C. Bergström <cb...@netsyncro.com> wrote:
>
> On Sun, 2007-12-23 at 14:03 +0100, Johan Compagner wrote:
> > Is this something like findbugs and how is that other one called...
> >
> > There is already an open jira issue for that, last week i already
> > applied a few.
> > Its assigned to me.
> >
> > Not all are aplicable by the way, but we should look what we can do..
>
> Yeah. I can and will narrow this down for my interests.. I included the
> steps to reproduce as there's a single click option to 'fix' a lot of
> these..  If I get a chance I'll make a condensed list of more relevant
> items to save core devs some time.
>
> (Here's the PR as the link seems to be down?)
> http://www.fortifysoftware.com/news-events/releases/2007/2007-03-05.jsp
> http://opensource.fortifysoftware.com/
>
>
> http://findbugs.sourceforge.net/
>
> (Doesn't somebody already run rats?)
> Rats? http://www.fortifysoftware.com/security-resources/rats.jsp
>
>
> Someone with eclipse want to give any feedback on this, but not sure if
> it's designed to work at the framework level.
>
> (LAPSE stands for a Lightweight Analysis for Program Security in
> Eclipse. LAPSE is designed to help with the task of auditing Java J2EE
> applications for common types of security vulnerabilities found in Web
> applications.)
>
> http://suif.stanford.edu/~livshits/work/lapse/index.html
>
> I've considered taking the time to do a bottom to top audit against a
> hello world example, but haven't had the time and not sure the real
> effectiveness of the findings (if any).
>
> Is there a general area of interest anyone particularly cares about?  I
> know that there's some possible interest from a few foreign financial
> services companies looking at using wicket, but I can't possibly do a
> full PCI audit on the codebase.
>
> Thanks for having a look.
>
>
> ./C
>
>

Re: 14,870 items found on inspection

["C. Bergström" <cb...@netsyncro.com>]

On Sun, 2007-12-23 at 14:03 +0100, Johan Compagner wrote:
> Is this something like findbugs and how is that other one called...
> 
> There is already an open jira issue for that, last week i already
> applied a few.
> Its assigned to me.
> 
> Not all are aplicable by the way, but we should look what we can do..

Yeah. I can and will narrow this down for my interests.. I included the
steps to reproduce as there's a single click option to 'fix' a lot of
these..  If I get a chance I'll make a condensed list of more relevant
items to save core devs some time.

(Here's the PR as the link seems to be down?)
http://www.fortifysoftware.com/news-events/releases/2007/2007-03-05.jsp
http://opensource.fortifysoftware.com/


http://findbugs.sourceforge.net/

(Doesn't somebody already run rats?)
Rats? http://www.fortifysoftware.com/security-resources/rats.jsp


Someone with eclipse want to give any feedback on this, but not sure if
it's designed to work at the framework level.

(LAPSE stands for a Lightweight Analysis for Program Security in
Eclipse. LAPSE is designed to help with the task of auditing Java J2EE
applications for common types of security vulnerabilities found in Web
applications.)

http://suif.stanford.edu/~livshits/work/lapse/index.html

I've considered taking the time to do a bottom to top audit against a
hello world example, but haven't had the time and not sure the real
effectiveness of the findings (if any). 

Is there a general area of interest anyone particularly cares about?  I
know that there's some possible interest from a few foreign financial
services companies looking at using wicket, but I can't possibly do a
full PCI audit on the codebase.

Thanks for having a look.


./C

Re: 14,870 items found on inspection

[Johan Compagner <jc...@gmail.com>]

Is this something like findbugs and how is that other one called...

There is already an open jira issue for that, last week i already applied a few.
Its assigned to me.

Not all are aplicable by the way, but we should look what we can do..


On 12/23/07, C. Bergström <cb...@netsyncro.com> wrote:
> I ran inspection against the wicket trunk (Revision: 606531) and maybe
> interesting to someone else as well..  It covers a lot... including
> superfluous things such as the html, css, javascript, naming
> conventions.. This is with default settings, but if anyone wants I can
> rerun and include/exclude more items.. (unchecking the html, but
> including potential memory issues..)
>
> Of course there are false positives..
> ------
> archtypes/quickstart...
> package ${packageName};
> ------
>
> It's temporarily available at
> http://www.netsyncro.com/downloads/wicket-inspection.tar.bz2
> (Warning 1.7M download, but extracts out to 144M)
>
> Alternatively, you can browse it.
> http://www.netsyncro.com/downloads/inspection/index.html
>
> I don't mind making up a patch, but I can't commit.
>
> If you want to reproduce this..
> Download IDEA
> http://www.jetbrains.net/confluence/display/IDEADEV/Selena+EAP
>
> 1) Checkout a new project from svn
> 2) Create a new project from that using maven (should be self
> explanatory)
> 3) Analyze > inspect code
>
> For some/most of the items you'll have the option to refactor a fix.
>
> Seasonal greetings!
>
> ./C
>
>

Re: 14,870 items found on inspection

[Eelco Hillenius <ee...@gmail.com>]

On Dec 23, 2007 3:49 AM, C. Bergström <cb...@netsyncro.com> wrote:
> I ran inspection against the wicket trunk (Revision: 606531) and maybe
> interesting to someone else as well..  It covers a lot... including
> superfluous things such as the html, css, javascript, naming
> conventions.. This is with default settings, but if anyone wants I can
> rerun and include/exclude more items.. (unchecking the html, but
> including potential memory issues..)

Interesting... I fixed
http://www.netsyncro.com/downloads/inspection/FieldCanBeLocal-index.html
but didn't look further than that. We'll have to be careful applying
such things, as we can have dependencies using introspection that the
compiler won't catch and stuff (erm... doesn't that sound contrary to
what we advertise... :-) ), but it is worth a look.

Thanks,

Eelco

14,870 items found on inspection

["C. Bergström" <cb...@netsyncro.com>]

I ran inspection against the wicket trunk (Revision: 606531) and maybe
interesting to someone else as well..  It covers a lot... including
superfluous things such as the html, css, javascript, naming
conventions.. This is with default settings, but if anyone wants I can
rerun and include/exclude more items.. (unchecking the html, but
including potential memory issues..)

Of course there are false positives..
------
archtypes/quickstart...
package ${packageName};
------

It's temporarily available at
http://www.netsyncro.com/downloads/wicket-inspection.tar.bz2
(Warning 1.7M download, but extracts out to 144M)

Alternatively, you can browse it.
http://www.netsyncro.com/downloads/inspection/index.html

I don't mind making up a patch, but I can't commit.

If you want to reproduce this..
Download IDEA
http://www.jetbrains.net/confluence/display/IDEADEV/Selena+EAP

1) Checkout a new project from svn
2) Create a new project from that using maven (should be self
explanatory)
3) Analyze > inspect code

For some/most of the items you'll have the option to refactor a fix.

Seasonal greetings!

./C

Re: [GHOP] please review the new wicket-examples design

[Gerolf Seitz <ge...@gmail.com>]

On Dec 6, 2007 2:03 AM, Igor Vaynberg <ig...@gmail.com> wrote:

> the design is much improved indeed. however, the list is a bit
> daunting. can we divide up all the examples into some logical groups?
>

Ash, as this is not part of the original task description, i will leave it
up to you,
whether you are willing to do this in the course of this task.

one more thing: the transparent png files do not work with IE6 (it's
officially
supported by wicket).
you should be able to find instructions on how to fix this on the web. if
not,
let me know...

anybody else?

  Gerolf



>
> -igor
>
>
> On Dec 5, 2007 4:54 PM, Gerolf Seitz <ge...@gmail.com> wrote:
> > hi all,
> >
> > Ash sent in the proposal for a new/enhanced design for wicket-examples
> [0].
> > take a look at the preview images [1] [2] and let us know, what you
> think
> > about it.
> >
> > as always, feedback is much appreciated.
> >
> > Cheers,
> >   Gerolf
> >
> > P.S.: i like the new design a lot ;)
> >
> >
> > [0]
> >
> http://code.google.com/p/google-highly-open-participation-asf/issues/detail?id=12
> > [1]
> >
> http://code.google.com/p/google-highly-open-participation-asf/issues/attachment?aid=1126549382673268096&name=home-main-axamples.png
> > [2]
> >
> http://code.google.com/p/google-highly-open-participation-asf/issues/attachment?aid=6148678809405620109&name=Example-page.png
> >
>

Re: [GHOP] please review the new wicket-examples design

[Igor Vaynberg <ig...@gmail.com>]

the design is much improved indeed. however, the list is a bit
daunting. can we divide up all the examples into some logical groups?

-igor


On Dec 5, 2007 4:54 PM, Gerolf Seitz <ge...@gmail.com> wrote:
> hi all,
>
> Ash sent in the proposal for a new/enhanced design for wicket-examples [0].
> take a look at the preview images [1] [2] and let us know, what you think
> about it.
>
> as always, feedback is much appreciated.
>
> Cheers,
>   Gerolf
>
> P.S.: i like the new design a lot ;)
>
>
> [0]
> http://code.google.com/p/google-highly-open-participation-asf/issues/detail?id=12
> [1]
> http://code.google.com/p/google-highly-open-participation-asf/issues/attachment?aid=1126549382673268096&name=home-main-axamples.png
> [2]
> http://code.google.com/p/google-highly-open-participation-asf/issues/attachment?aid=6148678809405620109&name=Example-page.png
>