ExtJS debug version: there it is - but useless

This is a follow-up post to my last week's "ExtJS: desperately need a debug version".
A user comment pointed me to the "-dev" version. Apparently there is such a file now containing some lines of error checking (not too many):

See  http://www.diffnow.com/?report=ahx86 for the diff. I compared http://cdn.sencha.io/ext-4.2.0-gpl/ext-debug.js with http://cdn.sencha.io/ext-4.2.0-gpl/ext-dev.js (My Chrome browser crashed a couple of times with these large files at DiffNow and similar online diff tools.)

A download of the latest version 4.2 contains, among many other files:

ext-all.js 1'402 KB
ext-all-debug.js 3'262 KB
ext-all-debug-w-comments.js 6'052 KB
ext-all-dev.js 6'109 KB

So what Sencha needs to do now is to update this page http://www.sencha.com/learn/debugging-ext-js-applications and recommend to include ext-all-dev.js instead of ext-all-debug.js, while keeping ext-all.js for production.

And, does it help?

A couple days forward and I upgraded my app (still in development) from ExtJS 4.1 to 4.2. All seemed fine. There were not too many backward-incompatible changes this time. Plus, I have the dev version now which would alert me of problems right?

A screen using 4.1:

The same screen with 4.2:
<link rel="stylesheet" href="http://cdn.sencha.io/ext-4.2.0-gpl/resources/css/ext-all-gray.css"/>
<script src="http://cdn.sencha.io/ext-4.2.0-gpl/ext-all-dev.js"></script>

The search field on the toolbar is missing. Just gone. Nothing in the console. The grid search extension is from here but that is irrelevant.

Another week passed by, and another case cost me 15 minutes of searching: I've created a new form panel with just one field, copy-pasted from an official example.

{
    fieldLabel: 'My field',
    name: 'myField',
    allowBlank: false
}

Loading it in the browser, but the panel remains empty (except for the button bar). No error or warning output of course. What's wrong? Something with the panel dimensions? The panel has no width or height? (ExtJS developers will know...) Trying all kinds of combinations. Turns out the problem is very, very basic. I forgot to specify what kind of field it is (xtype: 'textfield'). The example had it configured in the parent object as 'defaultType', and I did not copy that. So ext was supposed to render an element to the screen, but it was not informed about what kind of element it is. What does it do? Apparently nothing... How about at least logging a warning?

Conclusion

Nothing has changed for me. Making mistakes or upgrading ExJS means digging.

ExtJS: desperately need a debug version

Update to this post: there is a debug version.

I missed it when using ExtJS 2, then with ExtJS 3. Now I'm using ExtJS 4 for a new web user interface, and the situation is the same: I desperately need a debug version of ExtJS!

On the plus side: The best web gui toolkit

ExtJS is, in my opinion, the most complete JavaScript library for making desktop-like apps in the browser. It has been there for long time, and is actively developed. It's relatively easy to extend components and develop your own. The community is large, the documentation is OK, and it's possible to create useful, functional, "rich" user interfaces. It's possible to get the job done.

Beware: It's a full time job

The examples look nice, and one could get the idea that it's a quick and easy path to develop your own rich gui. Nah. It's all trial and error F5 style development. It takes a lot of time and effort to get halfway fluent with it. There are many gotchas to learn about.

It sucks the energy out of me

For me, working with ExtJS is no pleasure. It brings a new flow stopper way too often. Why?

1. The nature of JavaScript.
   JavaScript is not a type safe language. There's no safe refactoring. No compile time confidence. That's a fact, nothing to improve here.
2. ExtJS performs no checks.
   No input checking (preconditions, assertions), no checks for common errors.

Let's look at an example: "Uncaught TypeError: Object #<object> has no method 'read'"</object>

Aha, some script execution error occurred. Let's check the detail:

Not that helpful. Something internal in ExtJS on line 39145 failed. ExtJS does not catch this one (or any other) and tell me what the real problem is. Nor does the stack trace go back to my userland code.

In this case the problem was that I did not include some data store model prior to using it. My fault. But it doesn't have to be. There are plenty of reasons for such time consuming debugging, just because problems are never detected, and throw at last moment, deep down:

• Developer error: wrong API use
• ExtJS bug
• ExtJS annoyance
• Old code: upgrading an older app, or copying an older example from the internet

But wait: I'm using "ext-all-debug.js"

Unfortunately, the naming of the ExtJS JavaScript files is, imo, wrong.

JQuery got it right:
The original JS file, with apidoc: http://code.jquery.com/jquery-1.9.1.js
The minified version for production: http://code.jquery.com/jquery-1.9.1.min.js

This has become the standard, and makes perfect sense. The minified file name contains the ".min". And they both contain the version number - this way there's never a web browser having a stale version in the cache.

ExtJS files:
ext-all.js: The minified JS file.
ext-all-debug.js: The original source code, comments stripped. Useless.
ext-all-debug-w-comments.js: The original source code.

What I (and probably every other ExtJS developer) need is a version that contains code with input checking to throw as early as possible, with a meaningful message. You know... common  programming practices... absolutely mandatory for any library code.

Summing it up

As it is now, you have to test every single functionality to be sure it works. Upgrading an app from ExtJS 3 to ExtJS 4 is no fun. Lots of things don't work anymore, but you have to figure out a) which and b) what to change. And the same will be true for version 5, 6 and 7. And any minor upgrade can break things too.

If you have ui tests then at least you will know about some defects early. But you still need to figure out the hard way how to fix them. And writing and maintaining automated ui tests is another full time job.

Please, Sencha, do yourself and every of the 2 million developers a big favor and add error checking to your libraries, and strip it in the "min"-ified production version for equal performance and file size.

Java: Replace Apache Commons DBCP

Until recently I used to use the Apache Commons Database Connection Pool in my JDBC Java applications. Then there was an incident, and I had to replace it with c3p0. Here are my reasons.

I never gave it much thought. A db connection pool just manages the connections... handing them out and taking them back. How hard can that be? It's not something I want to spend time on. There's that project from Apache, and I like their HTTP server. So it's probably a safe bet. I thought.

What's the quality of commons-dbcp?

The hottest question about commons-dbcp on stackoverflow is this one: Someone asking whether to use Apache DBCP or C3P0.

The top answer with many agreements says:

DBCP is out of date and not production grade. Some time back we conducted an in-house analysis of the two, creating a test fixture which generated load and concurrency against the two to assess their suitability under real life conditions.

DBCP consistently generated exceptions into our test application and struggled to reach levels of performance which C3P0 was more than capable of handling without any exceptions.

C3P0 also robustly handled DB disconnects and transparent reconnects on resume whereas DBCP never recovered connections if the link was taken out from beneath it. Worse still DBCP was returning Connection objects to the application for which the underlying transport had broken.

Since then we have used C3P0 in 4 major heavy-load consumer web apps and have never looked back.

The post (from 2009) then goes on and says that recently there was some work on  commons-dbcp. Now, 4  years later, what happened in the meantime?

What's the status of  commons-dbcp?

The website was last updated 2.5 years ago.

The last release 1.4 is 3 years old, 1.4.1 is a snapshot.

The website is broken:

• It has dead links (for example to the official Javadoc). 
• The logo image on the left doesn't load.
• And it has character set issues to display the text (those ? signs). 

Maybe these errors are in place when the website url changed from http://commons.apache.org/dbcp/ to the one it redirects to. Anyway, they don't seem to be important to be fixed.

Commons-dbcp is a subversion repo at svn.apache.org (C3P0 is on GitHub).

My issue

The reason why I had to kick commons-dbcp out was that it broke my application. After a couple hours it stopped handing out connections, and all threads were in WAITING state.

org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:1104)

After some reading I tried c3p0, run long running high concurrency tests where commons-dbcp choked, and it all worked fine. And after some more reading I was convinced that the problem was solved.

But it works for me...

Maybe it does. Maybe you just don't hit it hard enough yet. And maybe you don't get to see all errors. As reported by others there are issues with commons-dbcp, and it looks like a dead project. Also, Hibernate comes with c3p0, not commons-dbcp.

But dbcp is faster ...

I've seen statistics where one or the other product stands out. Any connection pool is fast enough for me... as long as it keeps doing its main job.

Other alternatives

I did not look into other, newer products because I'm happy with one that has been in use for long time.

Now there's the Apache Tomcat JDBC Connection Pool and this blog post talks about feeling uncomfortable with commons-dbcp and replacing it with tomcat-jdbc.

And there's BoneCP which says how much faster it is than the others. It started in 2009, had no release in 2 years, and is at version v0.7.1.

I want to replace commons-dbcp with c3p0!

Here's what you have to do if you're using Maven and Spring, connecting to MySQL:

1. Replace the commons-jdbc dependency with this:

<dependency>
    <groupId>c3p0</groupId>
    <artifactId>c3p0</artifactId>
    <version>0.9.1.2</version>
</dependency>

2. Replace some words in the data source bean:
a) change the class to com.mchange.v2.c3p0.ComboPooledDataSource
b) change the word "driverClassName" to "driverClass"
c) change the word "url" to "jdbcUrl"
d) change the word "username" to "user"

Example:

<bean id="geoDataSource" destroy-method="close" class="com.mchange.v2.c3p0.ComboPooledDataSource">
    <property name="driverClass" value="com.mysql.jdbc.Driver"/>
    <property name="jdbcUrl"     value="jdbc:mysql://localhost/db"/>
    <property name="user"        value="myUser"/>
    <property name="password"    value="myPassword"/>
</bean>

Conclusions

1. You might want to consider replacing commons-dbcp also. Maybe with c3p0, it works for me.
2. Maybe commons-dbcp should be moved to their attic.

Dependency Injection: @Resource, @Inject, @Autowired

Overview

When using Spring there's the choice of 3 annotations for injecting resources with advantages and disadvantages:

1. @Autowired
   The original, "proprietary" annotation from Spring.
   - not standard, Spring proprietary
   + resolves by type
   + for optional dependencies 
2. @Resource
   The JSR-250 annotation
   + standard dependency injection
   - resolves by name, fallback by type
   - not for optional dependencies 
3. @Inject
   The JSR-330 annotation
   + resolves by type
   + standard dependency injection
   + for optional dependencies (- slightly different API) 

Injection by type or by name

When the @Resource annotation was introduced, I switched to it to not have Spring as a hard dependency. I never used dependency resolving by name, and relied on the fallback by type. This bit me a couple of times with code like:

@Resource
private SomeVeryDescriptiveClassName className;

when a class with the name ClassName existed because then that was injected, or attempted to be injected.

Now I'll switch from @Resource to the newer @Inject which does exactly what I want.

Optional dependencies

Unfortunately, both of the standard Java DI annotations lack the attribute that @Autowired provided: @Autowired(required=false)

Every couple of months I find myself in the situation where I really need an optional dependency. Not having exactly one implementation throws (having multiple and using the @Qualifier annotation works too).

An example is an interface provided by a framework, and the userland code may provide an implementation if desired.

Without optional injections one way to solve this is with the "priority" int. I use this concept when multiple implementations of an interface might exist, maybe including a system provided default implementation, and only the most important one should be used:

public interface Foo {
  int getPriority();
  void doSomething();
}

Each implementation returns a number, and the highest one wins in the injection:

@Inject
private void setFoos(List foos) {
  //choose
}

I prefer to keep it short, and thus kept using the proprietary @Autowired annotation in these rare cases. But @Inject has its way for handling this too (thanks to rliesenfeld's comment):

@Inject Instance< Foo> fooSource;
Foo foo = fooSource .get(); //returns null or the instance

Conclusion

@Inject is what I'll use in general from now on, and what probably most situations ask for.


This blog post shows the differences of dependency injection (by type or by name, with @Qualifier) in detail.


Note: To use the @Inject annotation the following dependency is required:

<dependency>
  <groupId>javax.inject</groupId>
  <artifactId>javax.inject</artifactId>
  <version>1</version>
</dependency>

Using Bootstrap is cheating!

Recently I've launched the beta of a new website. The instant response I got from my programmer buddies was (did you click? you're probably a programmer too... does it match your first thought?) a consistent "Bootstrap!" shout.

My first impression was that it means "I know it too, I'm up to date". Maybe that's part of it, but it's certainly not all. The feeling I have now is that using Bootstrap is cheating.

Just like most people think that work must be hard and no fun, otherwise it's not work, do people believe that making a nice, consistent UI must be troublesome and hard? Or is using the standard theme without customization not acceptable?

For other technologies I never got such a reaction in the past. "HTML!" or "ExtJS!" ... never heard.

Bootstrap isn't perfect, but it serves its main purpose well. At a very low cost it brings a consistent, clean and clear user interface. Users want intuitive, standard interfaces, common patterns. Figuring out how each site works with a hand-knitted GUI sucks too much energy.

This is a standard ExtJS 4 form as showcased on their website:

Notice something? Pretty standard, isn't it? User interfaces looked like this for decades. The problem: it's not awesome.

It wastes too many brain cycles to figure out which button to press. I've certainly pressed the wrong one in the past. And for the users who have to fall back to a secondary language because there is no translation for their primary language yet, it's worse:

Now compare this to bootstrap buttons:

I'm not sure I've chosen the correct Google translate offerings... and it doesn't even matter. Color and size suggest the meaning already.

The aforementioned Surfr platform uses the traditional "..." on button labels to indicate that no harm is done pressing this button, another screen with information or options will appear first. For actions that perform data modifications (such as saving a record) an exclamation mark is appended to the action's name: "Save!". And actions that can't be undone are additionally styled with a warning color:

The critical among you will say "you can do this with ExtJS too". Of course you can. You can do everything from scratch. Fact is, the average site using Bootstrap is easier to read and use compared to the average self-made ui site - at almost no development cost.

I like standards. I like simplicity. I hate to deal with css and browser issues. Conclusion: Call me a cheater... but I like Bootstrap.

Where do you register your domains?

My posts are usually rants and complaints. If there's nothing wrong, there's no reason for change, so why bother to write. Not so this one, it's full of praise and worship.

Nah, just kidding. It starts with rant.

There are the classical types for dishonorable businesses. Telco is the worst that comes to mind. Contract lock in, intransparent calling and roaming costs, etc.

Another bad one is domain name registration... or at least used to be. It started for me in the good old days when internic (now Network Solutions) was the only registrar for com/net/org. Their address was at internic.net, and a cunning company from Australia registered internic.com, tricking the visitors into believing it's the real thing. The gangster Peter Zmijewski was later charged with fraud, and apparently some 13k victims got money back. Not me.

Today, there are a ton of official registrars who offer perfectly legal domain registration. The price is usually slightly above what they need to pay to the registry - for .com that is still Network Solutions at $6 per year. Just like Telco it's a tough business with small margins. Some charge a lot and can do it thanks to their market position. For example Network Solutions they ask for $34.99. Crazy. GoDaddy is very popular which allows them to charge $13.17, which means $7 to keep. Others offer low prices in the 1 digit range... and to maximize profit, they try to trick the customer in several ways. Not so namesilo.

Today I've registered the 2nd domain name with namesilo. Reading their website is a pleasure:

• Cheap: $8.99 per year (that means $3 to keep for themselves)
• Renewals cost the same. (That's where other registrars try to cheat. First year cheap, then whoops. Hard to switch.)
• Extra features are included for free. (Whois privacy, preventing unauthorized record changes. That's where others try to sneak in costly services, possibly free the first year, and then charged automatically.)
• No hidden cost. (I'm repeating myself here, but I just have to say it.)

That's the kind of business model I like. Just domains, no hosting and up-selling and crap. Fair, transparent, clear.

So if you see an offering like GoDaddy is currently advertising on Google Adwords "$2.95 COMs at Go Daddy" then you know something is wrong. Either you'll pay in the long run, or you have to buy their hosting, or so.

For the trendy .co domains I use namecheap. Don't like them, they're exactly the kind I described above. But namesilo doesn't do .co.

When to use Gmail's SMTP in your app and when not

This post is about the very legitimate automated emails generated by any application, such as for transactions and signups. Getting these delivered to the inbox (instead of spambox or nirvana) is the goal. 

The short answer: 

Sooner or later you may hit the sending limit. It's not when you deploy, and maybe not while beta testing. So better know the limits, risks and alternatives.

The longer answer:

If your sender address is hosted on Gmail then using their SMTP server is the obvious choice because:

• You already have access to it
• High availability
• Unlikely that Gmail's smtp servers get added to block lists such as this one

How to connect to Gmail SMTP

All you need is the following information, and an SMTP library for your programming language:

• host: smtp.gmail.com
• port: 465
• ssl: yes
• user:
• password:

The email address you use to log in must be a real account, not an alias. If you prefer to send the address from a different address, use the "from" field. Not modifying the "from" and "reply-to" increases your chances of getting delivered to the inbox.

You test it, email delivers, so you deploy your app, done.

Errors to expect

Soon after, your beta testers report to not receive any email. Checking your logs finds errors such as "550 5.4.5 Daily sending quota exceeded." or "535, response: 5.7.1 Please log in with your web browser and then try again.". What happened?

3 types of Gmail accounts

There are three types of Gmail addresses:

1. The common Gmail domains: anything @ gmail
2. Google Apps for free: yourname @ yourdomain
3. Google Apps pro: yourname @ yourdomain

If you go and sign up for a new Gmail address from your desktop, then try sending mail from your (remote) server location, you'll get the 535 error quickly (it's the typical spammer pattern). You need to verify your account by SMS, and mailing goes on. For a short moment. It appears that such accounts can only send to a handful of different email addresses per day. I was not able to find official statements and numbers. The number is probably so low for new accounts, so if you have an established one it may work longer.

If you have your own domain set up for Gmail then the limit is higher. It makes sense since you have a public whois record. Google disabled signups for the free apps service a couple weeks ago. That's probably why I cannot find official information about the limits. The number of recipients per day is quoted as 500 on the internet. If you have such an account already then you can continue using it.

For the paid account the official page says 2000 unique, external recipients per day. 

Other risks

The official page has another fact:

"The value of these limits may change without notice in order to protect Google’s infrastructure"

Also, I've found unofficial/unverified information about Google lowering the daily send limit on high bounce rates. This makes perfect sense; spammers have high bounce rates. This is an open door to malicious users of your app: sign up with a couple invalid addresses, and your email system may be interrupted for a while.

Using your own SMTP

If you decide now that Gmail SMTP is not for you, there are some things to consider with your own.

If you access the SMTP of your provider, then you may face similar limits there. After all your provider has to make sure their customers don't spam, and not the whole server gets blacklisted. But this can and does happen nevertheless: Either because one of the other users spammed, or because one account was hijacked and abused. As a result your email messages may be accepted by the SMTP, but never make it to their destination. Maybe you get bounces, maybe not.

Be sure to create a Sender Policy Framework record.

Conclusions

A combined approach

I still believe that using Gmail's outgoing mailserver has its advantages. They are reliable, and in case of denial they return clear status codes. A solution with Gmail as primary, and your server as fallback, sounds like a good idea to me.

Further reading

Google's Bulk Senders Guidelines has more useful information to get delivered.

Not for marketing

Given the limits and risks, I'd definitely not use Gmail for sending anything that could be marked as spam by the receivers. Marketing, newsletters, even if the user at some point actively asked for it. Only send high priority mail such as transaction confirmations though Gmail SMTP.