A few days ago the EU had approved the takeover of Sun microsystems by Oracle. This brings to an end the long awaited acquisition. There have been several blog entries about the fate of the open source projects that Sun currently supports. I have read some of the arguments put forward about why developers should move away from / use certain projects.
However I also find myself in a dilemma. I installed GlassFish and deployed a few apps on it recently. I found it interesting and was impressed with it within a few minutes of using it. MySql is also a great open source project. There are many tools built around the database and it competes well with PostGresql. Netbeans is also a great IDE and supports glassfish.
I have been a tad busy fixing some weird little bugs lately. They helped me appreciate the multitude of things that can go wrong in a live environment and served as a gentle reminder that you should always be on your heels.
Here they are
1. LDAP and the user
A web application product was configured to use an LDAP directory structure. The directory was segregated into roles / groups / OUs, the usual. One of the users had trouble logging into the product. This was weird because this person was a valid user and Outlook seemed to recognize him. Outlook uses the same LDAP tree. So I dug into it. The easiest way to check what is going on is to use a LDAP directory browser. I use the one provided by Novell for free. The LDAPs support is not great but it will do for basic lookups.
I chanced upon a post a while back about how a switch statement should be replaced with the strategy pattern. If you have not had a chance to go through it, please do. The post is not very long. I found myself disagreeing very strongly with the author of the post and I was surprised to find that people thought this was a good idea.
The gist of the post was that using the Strategy pattern was better than using switch statements to determine which logic to execute. Here is why I think the idea used there was bad
- The introduction of the Strategy pattern, in the example, introduces three new classes. So for every case in a switch statement, we should go about replacing the corresponding code with a new class ? This could easily lead to an explosion in the number of classes.
After a long wait I got a google wave account. yay ! Took the wave for a spin over the last few days and there were some interesting things that I observed. I wrote my first java wave robot and it was pretty cool. But an explanation of how the robot works should be left to another post all together. I will share my general observations in this post.
Deleted welcome messages:
The first thing that was weird was that welcome messages are often deleted by wave users or by bots. This is nuts. The wave welcome messages also have a lot of noise amidst them with quotes like ‘Please do not delete this !’ in bold red with a big font size. Wave still does not have a feature to disable edits. It is coming soon but it is not yet active.
Lonely waves:
Let me begin this post by saying that I am not writing this so that you can read this and become a haCkEr. I am writing this post so you can learn to identify a vulnerability and try to avoid an embarrassment.
Google is an amazing search engine. The problem is that it is too good at what it does sometimes 
Here are some ways that google can reveal vulnerabilities on your website by mistake.
You allowed google to index a critical file:
This happens more often than you think. WordPress for example houses important files under the wp-* folders and it is no one’s business except yours to look at these files. Other files like .htaccess htpasswd are critical to your site’s security (if you are using apache and ‘allow overrides’). Do not allow google to index them. You can prevent that by placing a robots.txt file on the root path of your website. More on that here.