20 Jul

codahale.com – A Lesson In Timing Attacks (or, Don’t use MessageDigest.isEquals)

I’ll be blunt here: any Java application which compares client-provided data to a secret value using MessageDigest.isEqual is vulnerable to timing attacks. This includes HMACs, decryption results, etc.

via codahale.com – A Lesson In Timing Attacks (or, Don’t use MessageDigest.isEquals). Nice intro to timing attacks along the way.

16 Jan

Alex Payne – Shortchanging Your Business with User-Hostile Platforms

Humans are gifted with extremely sensitive bullshit detectors. The average computer user may not internalize the difference between an AIR app and a native app, but he knows when something doesn’t feel right or work correctly. Your tech-stunted uncle may not ever request a “native app” by name, but he’ll sure complain about his computer acting funny. People aren’t dumb.

You better believe that this isn’t just about AIR. As mobile apps become a mandatory part of doing business, more and more cross-platform mobile frameworks are cropping up. As with every cross-platform framework to date, only one in a pile of the resulting applications might even begin to pass for native. These apps just ain’t right, and people can tell.

via Alex Payne – Shortchanging Your Business with User-Hostile Platforms. Cross platform means it does nothing great and everything sub-par at best. Native applications make wind up costing more and take more time, but the advantage is customers that actually enjoy using your app.

13 Dec

SitePoint – Google Closure: How not to write JavaScript

Having delivered a talk on how to write your own JavaScript library (detailed notes) at the conference, Dmitry shared his thoughts on the new library over breakfast the next morning. “Just what the world needs—another sucky JavaScript library,” he said. When I asked him what made it ‘sucky’, he elaborated. “It’s a JavaScript library written by Java developers who clearly don’t get JavaScript.”

For the rest of the day, to anyone who would listen, Dmitry cited example after example of the terrible code he had found when he went digging through Closure. His biggest fear, he told me, was that people would switch from truly excellent JavaScript libraries like jQuery to Closure on the strength of the Google name.

via SitePoint – Google Closure: How not to write JavaScript. It’s pretty harsh but going through the examples deserving. Having written Java and now JavaScript I grok the examples 100% as being a Java developer writing JavaScript.

02 Sep

ongoing – A Story of O

“You don’t get it. The central relationship between Oracle and its customers is a business relationship, between an Oracle business expert and a customer business leader. The issues that come up in their conversations are business issues.

“The concerns of developers are just not material at the level of that conversation; in fact, they’re apt to be dangerous distractions. ‘Developer mindshare’… what’s that, and why would Oracle care?”

via ongoing – A Story of O. Who needs to influence the developers implementing your solutions instead just use get the managers in charge to force a decision. Why make the people on the front lines of your product happy? Because it wins may more accolades and a greater push from the developer community for that solution and that changes the industry as a whole over time. Think of Google, Apple and Mozilla, even Microsoft on occasion. Overall Google and Mozilla win my by miles at winning the “hearts and minds” of developers and they are richly rewarded in-return.

12 Aug

MarketWatch – Oracle sues Google over intellectual property

Oracle Corp. filed a lawsuit against Google Inc. on Thursday, alleging that the Internet search giant has infringed on intellectual property related to the Java software that Oracle acquired when it purchased Sun Microsystems Inc.

via MarketWatch – Oracle sues Google over intellectual property. I don’t which to think that Oracle is just insane or stupid.

02 Jan

Why Java Is Not As Fast As C

Thanks to Hacker News for the link to a mailing list on Java Git vs. pure C Git:

So. Yes, its practical to build Git in a higher level language, but you just can’t get the same performance, or tight memory utilization, that C Git gets. That’s what that higher level language abstraction costs you. But, JGit performs reasonably well; well enough that we use internally at Google as a git server.

I’ll add that while I understand and realize that PHP is a slower language than others the time to build an application for me is more important most often than the computation time of the program. In the same sense that even Google recognizes that JGit is slower then C Git, it’s not enough of a difference to matter, most often the speed difference doesn’t really matter when it’s so easy and cheap to throw hardware at the problem.

01 Mar

Object Oriented Programming Is Not an Excuse for Forgetting to Design Your System

This post is dedicated to a lecturer that I am taking a class with this semester at Texas Tech University. This person doesn’t like object-orientated programming (OOP), which I do love (I <3 Java big time). His main argument against Java and other object-orientated based programming languages is that it pushes people away from developing a mathematical model of both the problem and solution. Instead the desire is to create an object for everything in the system and develop some sort of algorithm that solves the problem, disregarding that you could possibly model the system and use a general algorithm to solve the problem.

I have a problem with the argument that OOP is the culprit for this much larger problem of programmers not modeling the system and instead going straight to code before thinking about the problem. This isn’t just a problem that occurs in OOP but rather I see all the time. It’s a problem that challenges all types of programmers disregarding their tool set or language. The real problem is a problem with both the education system and the dumbing down of the programming industry.

All right so two pretty hefty arguments, let’s tackle the first; that the current education system of training computer scientists is to blame.  This is based on what I have observed in terms of my own schooling and what I read from around the web from such readers as Joel Spolsky on the current education system. The current education of CS students tends to rather than provide life like problems that need to be solved and working the students through the process of solving these. It instead is designed to introduce the students to as many topics regarding technology and computers as is possible. This is a good thing, don’t get me wrong but invariably something has to suffer, and what does is the problems. The problems are introduced at a level that is so close to the computer solution it is ridiculous. Give a student a classic CS problem and most will have no idea where to start much less create a viable solution. This is a real problem of the students graduating from college now a days.

This goes into the second argument which is that the degree as a whole is being dumbed down. The CS degree is under a lot of attack from a lot of fronts. You have “technical schools” that will let you graduate in two years with all the experience you need to be a web programmer and make millions tomorrow. These graduates of these “schools” that compete for the same jobs that CS graduates from real colleges are competing for. This is a different problem from the earlier one of colleges not providing real life problems. However this is a problem that the majority of the career fields have solved by having a sort of professional test to determine if someone is say a professional engineer, or passing the bar exam to be qualified to practice law in a state. Computer Science has nothing like that in any fashion. I’m not entirely sure that would be the best answer to solving this problem, but it is definitely a problem that is going to need to be worked on

Blaming OOP for a problem that isn’t the tool’s fault is an even greater problem. This popped up on the blogosphere a while back that Java shouldn’t be taught anymore to students. I think this argument misses the real problem which is the general dumbing down of the industry in terms of non-qualified applicants being introduced and the education system losing it’s focus.

24 Dec

Newest Project

I thought with the lack of news going on this week, I would provide some info onto what I am currently working on. I have decided to create a library organization software, both to fulfill a need in my life and to experiment with some new technologies for myself. The eventual goal is to create a piece of software that allows you to add items such as books and dvds to a database that stores all the information associated with the item and even where it is located. I would like to make the collection easily searched so I can find exactly what I am looking for and if I own the item. I’m currently above 500 books with more being added every month and it has started becoming a hassle knowing if I own an item or not. This problem has been growing and pushed off to the side for several years now. I am finally getting the time to address it and I’ll address it the way that I know the best, with software.

I’ve been planning and writing some of the preliminary code for this library software for several weeks now and have a pretty good idea of where I want this to go and what I hope to learn along the way.

I’m initially going to write this as a desktop app in Java. I would like to eventually port/rewrite it into a web app along with an Open Social and Facebook integrated widget. I am also doing this because I want to release something that is FOSS, and hopefully solve this problem that was on Slashdot awhile back but without the cost associated with the solutions given.

I’ll hopefully be working on this and blogging about it every week or so to keep everybody updated. I will be releasing it to the public and the community when I hit a version that is runnable as well as fully understand the licensing and other work that I may have to do to keep it an open source project. Also I don’t currently have a name for this project and would appreciate any and all suggestions.