After a long wait I got a google wave account. yay ! Took the wave for a spin over the last few days and there were some interesting things that I observed. I wrote my first java wave robot and it was pretty cool. But an explanation of how the robot works should be left to another post all together. I will share my general observations in this post.
Deleted welcome messages:
The first thing that was weird was that welcome messages are often deleted by wave users or by bots. This is nuts. The wave welcome messages also have a lot of noise amidst them with quotes like ‘Please do not delete this !’ in bold red with a big font size. Wave still does not have a feature to disable edits. It is coming soon but it is not yet active.
Lonely waves:
Let me begin this post by saying that I am not writing this so that you can read this and become a haCkEr. I am writing this post so you can learn to identify a vulnerability and try to avoid an embarrassment.
Google is an amazing search engine. The problem is that it is too good at what it does sometimes 
Here are some ways that google can reveal vulnerabilities on your website by mistake.
You allowed google to index a critical file:
This happens more often than you think. Wordpress for example houses important files under the wp-* folders and it is no one’s business except yours to look at these files. Other files like .htaccess htpasswd are critical to your site’s security (if you are using apache and ‘allow overrides’). Do not allow google to index them. You can prevent that by placing a robots.txt file on the root path of your website. More on that here.
I have seen a few estimation nightmares in my time and have been unfortunate enough to be in some of them. Let me narrate a few anecdotes first
Anecdote 1:
I used to work with a re-insurer. This company had a legacy application that was written in fortran. Yes fortran. It did some very important things. It was capable of making estimations for a given market and it crunched a lot of numbers into meaningful data. Because this application was written in fortran, finding the right engineers to maintaining it was difficult. So they decided to shift the application to a better supported platform / language.
The work came to IT and a manager said ‘Lets convert it to VB’. This person, did not know fortran and was not a master of VB either. No developers or architects were asked for advice. It was simply decided that the application should be converted to VB from fortran.
I joke with a friend about this all the time. ‘We are surrounded by Google programmers‘ he said, and I couldn’t agree more.
There is a difference between a ‘Google programmer’ and a ‘programmer that works at Google’. Google programmers simply search Google for a piece of boiler plate code and stick it into their app. It wreaks havoc later and causes trouble for a lot of people.
I chanced upon this blog post a while back that was complaining about lazy developers at stackoverflow. The complaint being that some developers ask silly questions, the answer to which a Google search will easily reveal. It seems some people are so lazy to use google that whole websites are dedicated to Google something for you
I have taken many java interviews over the last few years. As time passed by, I learned from mistakes I have made. One of them being to ask candidates trick questions or questions that do not necessarily have an obvious answer.
I read a blog post recently that detailed such a question. I will highlight the question here along with the answer
1
2
3
4
5
6
7
8
9
10
| public class JavaPuzzler{
public static void main(String[] args) {
HashSet<Short> s = new HashSet<Short>();//1
for(short i = 0; i<100;i++){//2
s.add(i);//3
s.remove(i-1);//4
}
System.out.println(s.size());//5
}
} |
Can you guess the answer to this question ? Simply drag and select the text near the spoiler to see the answer.
Spoiler: The answer to the question is 100. The gotcha is that the statement s.remove(i-1); at //4 will autobox to an Integer and not a Short. Equals comparison between an Integer and Short fails.