The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,230 other followers

Archive for the ‘Java Platform’ Category

« Previous Entries

Android passwords: store as transient as possible using arrays in stead of strings

Posted by jpluimers on 2020/08/06

Sometimes you cannot avoid handling passwords in your application. When you do,

  • keep them around as short as possible
  • store them in data types that are not garbage collected
  • wipe the storage as soon as you are done

In practice, this usually comes down to storing them as arrays (character or byte arrays), not strings.

This holds for many other platforms outside Java as well: strings are usually managed in one way or the other, so they cannot be wiped

References:

For actual storage of passwords, you always have the risk of retrieval: when a “bad guy” gets physical access to a device, it is basically hosed.

A KeyStore can only do so much against it: if your APK can be downloaded, it can be reverse-engineered revealing the exact steps how the store is accessed, reproducing the steps needed to hack into the underlying protected data/functionality.

The keystore can be forgetful…

You’ve just moved in to a new house and have been given the master key for the front door. You only have one of these so you know you need to keep it safe. Your really paranoid so you hire an armed guard, whose sole job is to protect this key, in fact, this is all he has been trained to do and has a catchy slogan of “need to protect a key, its what I was born to do!”. You install an extra lock on your front door as you feel the bodyguard isn’t enough, this is a rough area anyway and who’s going to make sure no-ones about to break in and steal all your crap. You return to your key guard only to be informed he has thrown the key away. You shout and scream at him but he just blankly says “I don’t have it anymore, I didn’t think it was important”. You can’t contain your anger “What the hell, your a jerk! You had one thing to do and you failed, this causes me a lot of problems, why didn’t you tell me you might do this?! What do I do now?!”

[WayBack] Android Security: The Forgetful Keystore – SystemDotRun – Dorian Cussen’s Super Blog

–jeroen

Posted in Android, Development, Java, Java Platform, Mobile Development, Power User, Security, Software Development | Leave a Comment »

Men’s Java is not JavaScript Annoyed Programmer/Developer T-Shirt

Posted by jpluimers on 2020/05/13

Though the shirt is not available on Amazon [WayBack] any more, still – after 25 years – so many recruiters still get it wrong.

Not just recruiters, so: [WayBack] Why is JavaScript called JavaScript, since it has nothing to do with Java? – Stack Overflow, thanks to CMS [WayBack]:

From an interview made to its creator Brendan Eich:

InfoWorld: As I understand it, JavaScript started out as Mocha, then became LiveScript and then became JavaScript when Netscape and Sun got together. But it actually has nothing to do with Java or not much to do with it, correct?

Eich: That’s right. It was all within six months from May till December (1995) that it was Mocha and then LiveScript. And then in early December, Netscape and Sun did a license agreement and it became JavaScript. And the idea was to make it a complementary scripting language to go with Java, with the compiled language.

he continues on the relation of ECMAScript based languages:

JavaScript, was originally named Mocha, later it was renamed to LiveScript, and then to JavaScript.

The LiveScript to JavaScript name change came because Netscape and Sun did a license agreement.

The language was then submitted for standarization to the ECMA International Organization. By that time, Netscape didn’t allow the use of the “JavaScript” name, so the standarized language is named ECMAScript.

JavaScript isn’t actually an open name. Now it’s a trademark of Sun (now Oracle).

There still a lot of confusion, some people still think that JavaScript, JScript, and ECMAScript are three different languages.

ECMAScript is the “standards” name for the language.

JavaScript is technically a “dialect” of ECMAScript, the Mozilla Foundation can use “JavaScript” as the name of their implementations (currently present on the Rhino and SpiderMonkey engines).

In the early days, Microsoft decided also to do what Netscape was doing on their own browser, and they developed JScript, which is also an ECMAScript dialect, but was named in this way to avoid trademark issues.

–jeroen

via: [WayBack] Does it bug you when people say Java when they actually mean JavaScript? https://www.amazon.com/dp/B06Y3XK69B – Jeroen Wiert Pluimers – Google+

 

Posted in Development, History, Java, Java Platform, JavaScript/ECMAScript, Scripting, Software Development | Leave a Comment »

Not all XSD mappings to programming language constructs are possible

Posted by jpluimers on 2020/02/26

This post is a reminder to myself that not all mappings from XSD to programming languages are possible.

There are many impossible cases, so this is just a general reminder.

A Delphi specific case for instance is the mapping of enumerations: one reason is that XSD enumerations are case sensitive, but the Delphi language is not: [WayBackUsing XML Enumerations with Delphi XML Data Binding Wizard – Stack Overflow.

More generic examples from my answer to the above question:

  • In XSD you can derive from an existing type in two ways: extending it and limiting it. Object Oriented languages only allow you extend when deriving.
  • Delphi is not alone in these kinds of limitations. Generating wrappers from XSD schema’s is the field of specialized tools, even in the Java or .NET world.

I’ve seen horrible things with wildcards that are sort of mappable to Java, but not to C#. This could likely go on for much longer…

–jeroen

Posted in C#, Delphi, Development, Java, Java Platform, Software Development, XML, XML/XSD, XSD | 2 Comments »

More on new .NET path handling – Jeremy Kuhne’s Blog

Posted by jpluimers on 2019/08/07

When it was at the age natural people are allowed to drive in the USA, the .NET framework behaved far less brain dead handling various (especially long or strange) paths: [WayBackMore on new .NET path handling – Jeremy Kuhne’s Blog.

Path handling has frustrated me in many development environments, so I wonder if ones that are beyond the (USA) legal age of drinking follow.

–jeroen

via: [WayBack] Some time ago, the .net developers finally saw sense and removed path normalization and long path limit code in System.IO… Does anybody know if Embarcadero have come to their senses… – David Heffernan – Google+

Posted in .NET, Delphi, Development, Java, Java Platform, Software Development | Leave a Comment »

Design Patterns & Refactoring

Posted by jpluimers on 2019/07/16

Design Patterns and Refactoring articles and guides. Design Patterns video tutorials for newbies. Simple descriptions and full source code examples in Java, C++, C#, PHP and Delphi.

Source: [WayBackDesign Patterns & Refactoring.

And indeed a lot of examples in Delphi too; few sites have that: Delphi site:sourcemaking.com.

–jeroen

Via: [WayBack] I stumbled upon this yesterday, very informative, accessible and also with Delphi examples – among other languages. – Steffen Nyeland – Google+

Posted in .NET, C, C#, C++, Delphi, Design Patterns, Development, Java, Java Platform, PHP, Scripting, Software Development | Leave a Comment »

« Previous Entries
 
%d bloggers like this: