I came across an interesting application today. Google has released an application named Jarlsberg that is full of security holes. The intent is to make developers learn how these holes work and put them in a position to combat the security vulnerabilities.
You can visit the app to learn more. Security flaws to be detected are classified under the following categories
- Black box. You dont know the code
- White box. Requires you to see the code to understand how to break it.
- Gray box. Some code will be made visible.
I also came across an instructor’s guide that has problems to be solved in the application, graded by their difficulty level.
What better way to learn an exploit than to perform it on a test system ? Some of the exploits involve
I often see environments where web applications use log4j for logging into files using various appenders. That is all well and good until I see that the logs are getting written into the application server’s logs. In JBOSS for example this is server.log. So why is this a bad idea ?
Why not to write into server.log:
- An application server’s log is supposed to be used by the app server and not by your application.
- This log is supposed to contain app server level information like loading war files / exceptions that were handed over to the container etc.
- Weeding through the logs of about 10 applications to find a particular debug / error line is going to be crazy.
I came across another silly little bug today. Take a look at the code below (assume ‘days’ is a parameter and that this snippet is part of a larger function)
Date now = new Date();
long nowMillis = now.getTime();
Timestamp nowTimestamp = new Timestamp(nowMillis);
long future = 3600 * 24 * days * 1000;
Timestamp expiryTimestamp = new Timestamp(nowMillis + future);
System.out.println(nowTimestamp);
System.out.println(expiryTimestamp);
Can you tell what is wrong with it ? What the code intends to do is to set an expiry timestamp to an element – X days from today. A caller called this code snippet with the value 5. Well there is nothing wrong so far. Here is the output
2010-04-27 10:37:10.497
2010-05-02 10:37:10.497
So then came along an element that needed an expiry of around 40 days. The caller calls with the value 40. Guess what the output is
2010-04-27 10:38:43.372
2010-04-17 17:35:56.076
I moved all development activities to linux recently. Part of the migration process involved getting used to some new apps like Kopete / Pidgin / KDE Snapshot etc. It was a breeze until I started debugging my code in eclipse.
I frequently use the eclipse keyboard shortcuts to cut down the time I spend coding / debugging. One of my favorite is Ctrl + Shift + i , which will open up the inspection box for a particular variable. This shortcut just did not work. For quite a few days I did not understand why. The other shortcuts like fix imports ( ctrl + shift + o ) seemed to be working fine. That’s when I stumbled across a kopete shortcut.
The java neural network Neuroph was making news recently about its integration with Hadoop. Neural networks can solve some interesting problems once they are trained. This article aims to provide the baby steps necessary to writing your first java program that loads a trained neural network.
Before you even begin to read anything that follows, a basic understanding of neural network terminology and the concept behind the same is necessary. The following articles are great starting points to understanding neural networks
Neuroph and neural networks – Part 1
Neuroph and neural networks – Part 2
Neuroph and neural networks – Part 3
Intro to neural networks
Cars and Signals:
We will simulate the scenario where cars wait at a signal and move only when the lights are green. This simple example should help get you started. Our aim is to define a neural network with the easyNeurons swing application; train it; import it into java and use it in an application.