When Code Coverage Betrayed Me

I’m a fan of code coverage as a way to ensure that there are covering tests. One area that I tend to rely heavily on Code Coverage for is to catch any tests that are no longer working correctly due to changes in the production code. That often works out well, but today I got betrayed by the code coverage engine.

The code that I worked on contained an if statement with a multi-step && expression.

void IsAllWrong(int importantValue, bool b)
  bool a = importantValue == GetAnswer();
  bool c = false;
  bool d = false;
  if (!a && !b && !c && !d)
    return true;
  return false;

Of course I had tests that made the evaluation fail both because of importantValue and b. So what happend later was that GetAnswer() was updated, without the test for when importantValue being updated. Of course (my bad) that test had set b to true, causing the evaluation to fail on b, causing true to be returned. So the test passed, but not due to the thing I wanted to test. In a complex application, this is bound to happen every now and then. But usually, the code coverage scores will reveal that there is an execution path not covered. But not this time! The trustworthy code coverage analysis betrayed me!

Kentor.AuthServices v0.20.0 Released

Half a years worth of pull requests with great features have finally been baked into an official release of Kentor.AuthServices which is now available on Nuget. The most important fixes are improved active/passive handling for the Owin middleware and full support for SHA256/384/512 as it is time to leave SHA1.

First of all I would like thank all contributors and users that have had to wait for this while I’ve been on parental leave. A special thanks to Explunit who has made a lot of valuable contributions as well as reviewing pull requests and taken part in design discussions.

Breaking Changes

The public API of AuthServices is getting more and more stable, but nevertheless there are some breaking changes.

  • The Owin Middleware is now once again Passive by default
  • The Owin Middleware will act as Active during Logout, even if it is configured as passive. This can be disabled with the StrictOwinAuthenticationMode compatibility setting.
  • On .NET 4.6.2 and later AuthServices now by default generates SHA256-based signatures and only accepts SHA256 or stronger signatures.
  • The “clever” ReturnUrl expansion has been removed as it proved to create more problems than it solved.
  • ReturnUrl open redirect issue fixed.

Back in Business

I live in Sweden and one of the great things with that is that as a dad you can get months off for being with your kids while they are small. My youngest turned one in the end of May and a few days later I did my last day at the office for 2016. Since then I’ve been spending my days at home, seeing him learning new things every day. But now that period of my life is over and I’m back to work and he’s started at daycare.

As a dad, saying good bye to him and leaving him is of course hard. He on the other hand couldn’t care less. He’s at a new exciting place with a lot of new interesting things to explore.

I have interesting things to explore too. The world of software development moves fast and 6 months absence from active work means things have changed. .NET Core has been released and the tooling is quickly maturing. It’s time to look deeper into it and create an ASP.NET Core version Kentor.AuthServices to bring SAML2 to ASP.NET Core. But first there’s the SweTugg conference where I’ll do two talks. The first is a new one about real life TDD experiences with live coding real features in real projects. The second is an overview of security in ASP.NET Core.

Then there’s a ton of e-mails that I’ve not answered to in a timely manner. I’ll go through them but answering all of them will take time. There’s also a queue of Pull Requests in AuthServices that need to be handled. First in line are of course those from paying customers with valid support agreements. The rest will be reviewed when I have time.

Last, but not least this also means I’m available for consulting again, so if you need some services within my areas of expertise, please get in touch.

Posted in Other on 2017-01-18

My Home Network

I’m not only a computer geek, I also spend considerable time renovating our home. Doing things yourself means there’s plenty of opportunities to make geek-friendly adaptions, such as preparing for a good home network.

Renovating a house is a major strain for the family economy, so keeping an eye on the cost has been a priority. I’m also a bit reluctant to invest too much in today’s state of the art technology, only to find out I need something else in just a few years. Considering that we’ve had the house for nearly 10 years things have indeed changed. Back then wired networking for computers was the main concern – now it is proper wifi coverage for all the phones and tablets that didn’t even exist back then.

My take on a future proof investment is to install a lot of empty cable hose. Then I’ve pulled CAT-5e cables to those places where I actually need it. Everything converges in the cupboard under the stairs (no, it’s not used as someone’s bedroom) where I have a small 19″ rack. In the rack, I have my home server (more about it below) and the central switch. The white box on the wall above the patch panel is the incoming fiber.

Posted in Other on 2017-01-04

The LGPL License

TL;DR A component licensed under LGPL can be used by closed source, proprietary software, both internally used and distributed, for free, with no effects on the software using the component. LGPL is not “contagious” in the same way as GPL, so it only affects the component under LGPL. As long as you’re only using official distributions of the component, it is free to use and free to redistribute. The only requirement is that you include a notice in your “about” page or similar that the component is used.

I often get questions about the LGPL license used for Kentor.AuthServices. I also often find it confused with GPL, which is something you should never, ever even consider to use in any closed source software that you intend to distribute. So this post is an effort to explain and answer common questions about the LGPL. Unfortunately I have to add the disclaimer: I’m not a lawyer and the content of this post is only meant as an overview and introduction to the license. I might have got things wrong, so please read the real license yourself and involve appropriate legal counsel to be sure.

Software Development is a Job – Coding is a Passion

I'm Anders Abel, a systems architect and developer working for Kentor in Stockholm, Sweden.

profile for Anders Abel at Stack Overflow, Q&A for professional and enthusiast programmers

Code for most posts is available on my GitHub account.

Popular Posts



Powered by WordPress with the Passion for Coding theme.