Automatic Invariant Detection in Dynamic Web Applications

Posted on by
Reply

For the last year, I have been working on my master project and two weeks ago I finally graduated. I did my master project at Tam Tam, an internet agency that provides full service internet services. It was nice to work there and if I did not have the opportunity to expand my own company I would have applied for a job at Tam Tam.

The project was about automatically finding invariants in web applications. The first focus was finding invariants in the JavaScript parts, but later on we extended the scope a bit and also included invariants over the DOM. While most of the techniques I developed can be used in a very generic way, my implementation depends on Crawljax. I developed plugins to Crawljax, under the name of InvarScope, that can automatically find these invariants and use them for regression testing.

We submitted a paper based on my work to ICSE'11, so before that was finished I was not allowed to blog or publish any of my work. Well, we made the deadline, so I can now release all of the code, my thesis and the paper itself.

The code I wrote is available in a subdirectory of the Crawljax plugins Google code project. We're currently in the process of fixing all Maven dependencies, cleaning up some code and making it all work with the current Crawljax trunk version, so expect a binary release in a few days.

Don't hesitate to contact me if you have any questions!

Symphony CMS; the Best CMS?

Posted on by
6

I've been looking for a good Content Management System (CMS) the last couple of days after a colleague and I had some discussion about what CMS to use for our clients. Sometimes we have clients with specific needs, which are difficult to fulfill using WordPress. The solution we used to choose was either build some plugins or use our custom developed CMS. However, none of these are a great solution. WordPress can be complicated for novice computer users, has a messy code-base and our own CMS is not really user-friendly either.

My colleague decided to try out ExpressionEngine. He bought the freelancer edition and he's been trying things out. Up until now, it all seems to work quite well, although the back-end can still be too complicated for our clients. Also, I hate the fact that you should pay 300 dollars to use ExpressionEngine for a commercial company. Thats an added fee some customers would rather spend on different things.

So, I started to search for open-source CMSes myself and made a list of requirements.

  • It should not be page based, it should allow you to model your own content. If you use a CMS that supports types/entities/resources/sections/whatever you can create your own page type, but you can also create more advanced things like portfolio items, projects or products (yes, even a simple web shop is possible then).
  • The back-end should be as simple as possible.
  • It should be written in PHP, object-oriented if possible, and use MySQL for storage.
  • There should be a good, flexible templating engine for the views.
  • It should have a good plugin API.

Well, using this list it was a lot easier to search for the most fitting CMS, as quite a lot CMSes are only page or post based. The list of possible candidates shrunk by more than 75%. Eventually I found a CMS I had never heard of, but which seemed to have all the things we were looking for: Symphony CMS.

I've been trying it out in the last few days and I still haven't found any deal-breakers. Symphony CMS has a great website, friendly community (because it's still small I think), great features, simple back-end, small code-base and it can be easily extended by writing extensions.

Some things might give problems for specific clients though: multi file upload is non-existant (there's one extension that doesn't do what it should) and the WYSIWYG editor extensions, with support for placing images etc., don't seem to be integrated well enough with Symphony CMS yet. Well, maybe I'll just fix those two myself and contribute them upstream. That is, if I have some spare time... :)

Dropbox on Your Own Server

Posted on by
1

I've always liked Dropbox, except for one thing: I don't trust them with my data. Also, it seems wrong to pay $ 10,00 for 50 GB of storage when you have your own server with much more storage and available on a fast network.

Well, finally there is a solution. It's called SparkleShare and it's completely open source and uses Git as a backend. Today they released a very early alpha version and I tried it out immediately. After having some trouble with the interface (you need to insert <username>/<reponame> in the folder input box if you use Github), everything worked great. However, I don't advice anybody to use it in production. It's still in development and can contain serious bugs. I can't wait till it gets more mature and ready for production usage!

Crawljax 1.9 Released

Posted on by
Reply

We just released Crawljax 1.9, the project I'm working on for my master thesis. It's mostly a "bug fix and clean up" release, but some important changes were made as well.
Continue reading

Get Wacom Bamboo Pen Working in Ubuntu Karmic

Posted on by
23

In my last post I described how to get the Wacom Bamboo Pen (CTL-460) to work in Ubuntu 10.04 Lucid. In this post I'll explain how to get it working in Ubuntu 9.10 Karmic. Continue reading

Get Wacom Bamboo Pen Working in Ubuntu Lucid

Posted on by
130

The new Wacom Bamboo Pen (CTL-460) doesn't work in Ubuntu Lucid out-of-the-box. You need a newer kernel module than the one that comes with Lucid by default. It's pretty easy to get it working though, you just need to know how. Continue reading

Fix Your Insecure Passwords

Posted on by
Reply

Everybody knows it, but nobody does it: using real secure passwords. One of the most heard reasons is the fact that people can't remember weird passwords with all kinds of punctuation characters and no actual meaning. Well, I've never really had this problem. How do you remember those weird passwords you might ask. I'll explain in this post. Continue reading

Guest Blog Post Published at CDT

Posted on by
Reply

The launch of pleaserobme.com received a lot more media attention than we had expected. We were on a number of international radio stations, national television etc.

Furthermore, Adam Rosenberg of Center for Democracy & Technology (CDT) asked us to write a guest blog post. Of course we were interested in doing so, because it gave us another opportunity to make people aware of the potential problems of sharing your location with the whole world. The post was pusblished today and can be read on the CDT website.

Location spam, annoying and.. risky?

Posted on by
6

Hey, do you have a Twitter account? Have you ever noticed those messages in which people tell you where they are? Pretty annoying, eh. Well, they’re actually also potentially pretty dangerous. I’m about to tell you why.

Don’t get me wrong, I love the whole location-aware thing. The information is very interesting and can be used to create some pretty awesome applications. However, the way in which people are stimulated to participate in sharing this information, is less awesome. Services like Foresquare allow you to fulfill some primeval urge to colonize the planet. A part of that is letting everyone know you own that specific spot. You get to tell where you are and if you’re there first, it’s yours. O, and of course there’s badges..

Foursquare Foursquare

The danger is publicly telling people where you are. This is because it leaves one place you’re definitely not… home. So here we are; on one end we’re leaving lights on when we’re going on a holiday, and on the other  we’re telling everybody on the internet we’re not home. It gets even worse if you have “friends” who want to colonize your house. That means they have to enter your address, to tell everyone where they are. Your address.. on the internet.. Now you know what to do when people reach for their phone as soon as they enter your home. That’s right, slap them across the face.

To raise some awareness on this issue and emphasize how easy it is to retrieve this information let me introduce: http://www.pleaserobme.com. Have fun and please don’t hook up Foursquare to your Twitter account, okay?

Crawljax 1.8 released

Posted on by
Reply

I'm working on a cool project for my master thesis: Crawljax. Crawljax is a website crawler that supports JavaScript. This is done by opening a real browser such as Firefox and controlling it via WebDriver. The core of Crawljax does only that: crawling websites. However, there is a very flexible plugin system available that allows you to do all kinds of cool things such as creating a static mirror of an AJAX website or creating test suites for you AJAX webapplications.

Download Crawljax now and give it a try!

To get a better grasp of what is possible, have a look at the Google Tech Talk a colleague of mine did: