Archive for the ‘Java Platform’ Category
Posted by jpluimers on 2024/03/30
[Wayback/Archive] FemFM – 〝50% vrouw in je oor, of we zappen door!〞 werd in 2024 gelanceerd vlak voor de Women’s History Month en Internationale Vrouwendag door Felienne Hermans.
Felienne is bekend van bijvoorbeeld haar promotieonderzoek naar de impact van Excel op de samenleving, maar vooral van haar drive te onderzoeken hoe zo veel mogelijk mensen – ongeacht hun achtergrond – kunnen leren programmeren), Joy of Coding, de Hedy programmeertaal (met veel support voor andere alfabetten dan wat we in de westerse wereld gebruiken) en haar boek The Programmer’s Brain: What every programmer needs to know about cognition.
Ze is enorm goed in haar werk, en komt daarmee regelmatig in aanraking met vooringenomenheid over vrouwen. Daar verbaast ze zich terecht over, en ook dat het lastig om content (op allerlei soorten gebieden) te consumeren gemaakt door vrouwen. Dat overkwam haar bijvoorbeeld bij het luisteren naar muziek op de Nederlandse radio: daar kwamen veel meer mannelijke artiesten aan bod dan vrouwelijke.
Vandaar FemFM, en Felienne zou Felienne niet zijn als de source code niet openbaar was, dus hier wat linkjes:
Read the rest of this entry »
Posted in Audio, Awareness, Development, IceCast, Inclusion / inclusive society, Java, Java Platform, Media, Power User, Python, Scripting, Software Development, Web Development | Leave a Comment »
Posted by jpluimers on 2024/01/24
I wasn’t aware that Java has some some catch-up and now supports user definable inline types: [Wayback/Archive] Inline Thinking | Patricia Aas – Programmer
Computers changed. They changed in many ways, but for the purpose of this text they changed in one significant way: The relative cost of reading from RAM became extremely high.
…
These “cache friendly” behaviors are already present in Java when using so called “primitive types”, like ints and chars. “Primitive types” are “inline types” and come with all of their advantages. So even though inline types may seem foreign in the beginning, you have worked with them before, you just might not have thought of them as objects. So when “inline classes” seem confusing, you could try to think: “What would an int do?”
Read the rest of this entry »
Posted in Development, Java, Java Platform, Software Development | Leave a Comment »
Posted by jpluimers on 2023/02/15
Forgot to schedule this in 2014, so here it finally is, as the content is still relevant:
A long time ago (almost 10 years) I did some stuff with State Machines in .NET.
Since then the world has changed, and a lot more libraries have become available.
As I mainly use .NET and Delphi and there is a reasonable chance I need to do some more state machine work, here are some links about State Machines in both environments.
Read the rest of this entry »
Posted in .NET, C#, Conference Topics, Conferences, Delphi, Development, Diagram, Event, Java, Java Platform, Software Development, UML | Leave a Comment »
Posted by jpluimers on 2023/01/19
After publishing Free Linux cloud shell for Gmail users – shell in the browser that works in all locations I’ve been so far, the Google Cloud Shell got extended quite a bit.
There is now [Wayback/Archive] Safe Mode (which skips initialisation scripts):
If there’s a problem in your .bashrc or .tmux.conf files, Cloud Shell immediately close after connection. To resolve this, open Cloud Shell in safe mode by appending cloudshellsafemode=true to the URL. This restarts your Cloud Shell instance and logs you in as root, allowing you to fix any issues in the files.
To permanently delete all files in your home directory and restore your Cloud Shell home directory to a clean state, you can reset your Cloud Shell VM.
And there is support for way more [Wayback/Archive] tools and languages:
Read the rest of this entry »
Posted in .NET, C#, Cloud, Development, Go (golang), Google, GoogleCloudShell, Infrastructure, Java, Java Platform, JavaScript/ECMAScript, Node.js, Perl, PHP, Power User, Python, Ruby, Scripting, Software Development | Leave a Comment »
Posted by jpluimers on 2022/10/06
An interesting thread by Kristian Köhntopp last year:
[Archive.is] Kristian Köhntopp on Twitter: “Python: >>> print(1+2+” = “+2+1) Traceback (most recent call last): File “”, line 1, in TypeError: unsupported operand type(s) for +: ‘int’ and ‘str’ Java: System.out.println(1+2+” = “+1+2); 3=12”
The examples from him and others in the thread:
Python:
>>> print(1+2+" = "+2+1)
Traceback (most recent call last):
File "", line 1, in
TypeError: unsupported operand type(s) for +: 'int' and 'str'
Java:
System.out.println(1+2+" = "+1+2);
3=12
php8.1 -r 'print 1+2+" = "+2+1;'
PHP Fatal error: Uncaught TypeError: Unsupported operand types: int + string in Command line code:1
Stack trace:
#0 {main}
thrown in Command line code on line 1
php7.3 -r 'print 1+2+" = "+2+1;'
PHP Warning: A non-numeric value encountered in Command line code on line 1
Node?
Chrome & FF dev console:
window.alert(1+2+" = "+1+2)
3 = 12
Sind ja immerhin verschiedene Sprachen.
SELECT Wert1
FROM table1
WHERE Wert1 < AVG(Wert1);
DB2 vs. Oracle vs. MSSQL vs. ....
The joke is that Python actually does better than Java.
But in practice, this is a problem on many platforms, so it deserves constant attention, that’s why Kristian pointed to [Archive] Anna “Legacy Archaeologist” Filina on Twitter: “My annotated slides “Fantastic Bugs and How to Avoid Them” from @LonghornPHP: #LonghornPHP”
[Wayback/Archive] Fantastic Bugs and How to Avoid Them – Speaker Deck
I’ve expanded the examples from the thread below. The results are interesting and consistent over versions of the various languages.
–jeroen
Read the rest of this entry »
Posted in Development, Java, Java Platform, JavaScript/ECMAScript, Node.js, PHP, Python, Scripting, Software Development | Leave a Comment »
Posted by jpluimers on 2022/08/02
Last year in OWASP top rated security “feature” A01:2021 – Broken Access Control, I promised to write more about how learn about OWASP documented and rated security vulnerabilities.
Today is the day you should start learning from [Wayback/Archive.is] Github: OWASP WebGoat:
Deliberately insecure JavaEE application to teach application security
It is a Java backend with a JavaScript/HTML frontend, but the vulnerabilities just as easily apply to other back-end stacks.
Repositories:
- [Wayback/Archive.is] WebGoat/WebGoat: WebGoat is a deliberately insecure application
WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons.
This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.
WARNING 1: While running this program your machine will be extremely vulnerable to attack. You should disconnect from the Internet while using this program. WebGoat’s default configuration binds to localhost to minimize the exposure.
WARNING 2: This program is for educational purposes only. If you attempt these techniques without authorization, you are very likely to get caught. If you are caught engaging in unauthorized hacking, most companies will fire you. Claiming that you were doing security research will not work as that is the first thing that all hackers claim.
- [Wayback/Archive.is] WebGoat/WebGoat-Lessons: 7.x – The WebGoat STABLE lessons supplied by the WebGoat team.
This repository contains all the lessons for the WebGoat container. Every lesson is packaged as a separate jar file which can be placed into a running WebGoat server.
- [Wayback/Archive.is] WebGoat/WebWolf (Can’t have a goat without a wolf, but I wonder where the cabbage is)
- [Wayback/Archive.is] WebGoat/WebGoat-Legacy: Legacy WebGoat 6.0 – Deliberately insecure JavaEE application
This is the WebGoat Legacy version which is essentially the WebGoat 5 with a new UI.
This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application penetration testing techniques.
- [Wayback/Archive.is] WebGoat/WebGoat-Archived-Releases: WebGoat 5.4 releases and older
WebGoat 5.4 releases and older
- [Wayback/Archive.is] WebGoat/groovygoat: POC for dynamic groovy/thymeleaf based lesson system
POC to demonstrate dynamic lessons with groovy controller/thymeleaf templates
They are by OWASP:
The Open Web Application Security Project (OWASP) is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.[4][5]The Open Web Application Security Project (OWASP) provides free and open resources. It is led by a non-profit called The OWASP Foundation. The OWASP Top 10 – 2021 is the published result of recent research based on comprehensive data compiled from over 40 partner organizations.
Very important is the [Wayback/Archive.is] OWASP Top Ten Web Application Security Risks | OWASP:
The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.
Globally recognized by developers as the first step towards more secure coding.
Companies should adopt this document and start the process of ensuring that their web applications minimize these risks. Using the OWASP Top 10 is perhaps the most effective first step towards changing the software development culture within your organization into one that produces more secure code.
Changes in the OWASP Top 10 between 2017 and 2021:
More OWASP repositories (including the [Wayback/Archive.is] OWASP/Top10: Official OWASP Top 10 Document Repository and [Wayback/Archive.is] OWASP/www-project-top-ten: OWASP Foundation Web Respository which seem to be at a 4-year update interval got updated in 2021) are at [Wayback/Archive.is] Github: OWASP.
Related: [Archive.is] Jeroen Wiert Pluimers on Twitter: “This so much sounds like German government IT-projects: …”
Via:
–jeroen
Posted in Authentication, CSS, Development, Encryption, HTML, Java Platform, JavaScript/ECMAScript, Pen Testing, Scripting, Security, Software Development, Web Development | Leave a Comment »
Posted by jpluimers on 2021/09/22
For my link archive: [WayBack] GitHub – metasfresh/metasfresh: We do Open Source ERP – Fast, Flexible & Free Software to scale your Business.
It’s mainly written in JavaScript and Java with a PostgreSQL database and elasticsearch search.
There is plenty of [WayBack] metasfresh documentation (for users, administrators and developers), all with markdown source.
The developer documentation starts with a nice diagram of the [WayBack] metasfresh Architecture:
Markdown source of the architecture page: [WayBack] metasfresh-documentation/metasfresh_architecture.md at gh-pages · metasfresh/metasfresh-documentation · GitHub: Docs and Manuals for Devs, Users, Admins.
Via:
–jeroen
Posted in Development, Java, Java Platform, JavaScript/ECMAScript, Scripting, Software Development | Leave a Comment »
Posted by jpluimers on 2021/03/23
Lovely. Having a bug reported to you in 2015, and acknowledged, that makes software crash and not fixing it.
For NetBeans (still one of the major IDEs) and related stuff like GlassFish, this is too true (a workaround is in the Solution steps) below: [WayBack] Bug 251538 – Your Installer is Creating Invalid Data for the NoModify DWORD Key which crashes enumeration of the Uninstall Key in at least PowerShell, and copied to [WayBack] [NETBEANS-2523] Netbeans 64-bit creates invalid nomodify value in windows registry for years – ASF JIRA.
This one appears for instance when running choco install --yes jre8 (but is certainly not limited to it) as it inspects uninstall registry values which have been corrupted and resulted into [WayBack] “Specified cast is not valid” on jre8 upgrade · Issue #18 · proudcanadianeh/ChocoPackages · GitHub.
Anyway: back to the NoModify issue:
I encountered it in 2019, when switching my JRE installations to become chocolatey based.
Solution steps
- Run the script mentioned in [WayBack] powershell – How to resolve “ERROR: Specified cast is not valid.” error during installation? – Super User:
Run the below:
Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | % { write-host "Key Name:" $_.PSChildName }
This should return some results, then, will return the Specified cast error. The error will occur on the key harboring the invalid subkey.
- Then inspect the keys after that in regedit, and watch for any value of type
REG_DWORD with a value (invalid DWORD (32-bit) value) (usually named NoModify
- Note those keys, and find them in
appwiz.cpl
- Uninstall the accompanying software
On my systems
Delete the below pieces of crap.
Then run choco install --yes jre8 again.
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\nbi-glassfish-mod-3.1.43.0.0
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\nbi-nb-base-7.0.0.0.0
Luckily, the NetBeans uninstaller can uninstall GlassFish at the same time:
Do not re-install, as they re-insert the corrupt data.
–jeroen
Posted in Development, Java, Java Platform, Software Development | Leave a Comment »
Posted by jpluimers on 2020/08/06
Sometimes you cannot avoid handling passwords in your application. When you do,
- keep them around as short as possible
- store them in data types that are not garbage collected
- wipe the storage as soon as you are done
In practice, this usually comes down to storing them as arrays (character or byte arrays), not strings.
This holds for many other platforms outside Java as well: strings are usually managed in one way or the other, so they cannot be wiped
References:
For actual storage of passwords, you always have the risk of retrieval: when a “bad guy” gets physical access to a device, it is basically hosed.
A KeyStore can only do so much against it: if your APK can be downloaded, it can be reverse-engineered revealing the exact steps how the store is accessed, reproducing the steps needed to hack into the underlying protected data/functionality.
The keystore can be forgetful…
You’ve just moved in to a new house and have been given the master key for the front door. You only have one of these so you know you need to keep it safe. Your really paranoid so you hire an armed guard, whose sole job is to protect this key, in fact, this is all he has been trained to do and has a catchy slogan of “need to protect a key, its what I was born to do!”. You install an extra lock on your front door as you feel the bodyguard isn’t enough, this is a rough area anyway and who’s going to make sure no-ones about to break in and steal all your crap. You return to your key guard only to be informed he has thrown the key away. You shout and scream at him but he just blankly says “I don’t have it anymore, I didn’t think it was important”. You can’t contain your anger “What the hell, your a jerk! You had one thing to do and you failed, this causes me a lot of problems, why didn’t you tell me you might do this?! What do I do now?!”
[WayBack] Android Security: The Forgetful Keystore – SystemDotRun – Dorian Cussen’s Super Blog
–jeroen
Posted in Android, Development, Java, Java Platform, Mobile Development, Power User, Security, Software Development | Leave a Comment »
The Wiert Corner - irregular stream of stuff 
Yep, I can see this problem as well. I believe the problem (bug) has indeed always existed. What happens is that someone (in this case NetBeans Installer) has put an 8-byte value into a Registry field that should only contain a 4-byte value. DWORDs are 4-byte. If you use Registry Editor you can clearly see the problem if you look at something NBI has installed. You must look under either HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall (64-bit installers) or HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall (32-bit installers). For some reason I don't see the problem for those NBI applications installed with a 32-bit installer, meaning the stuff in HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall. This can probably be explained when you read the next bit. NBI actually sets a number of Registry key values but all of them are strings, with the exception of NoModify value. As far as I know this value already defaults to true (=1) if not present so the fact that Windows cannot interpret what NBI has put into the Registry does not have much effect .... until all other kinds of tools will start to explain as you've encountered. So, what's the problem? As far as I can see this is really just a very simple bug. In the NBI project (NetBeans Platform source) you have a file called jni_WindowsRegistry.c which defines various JNI methods that can then be used from within Java. One of these is called 'set32BitValue0(....)'. It looks like this: JNIEXPORT void JNICALL Java_org_netbeans_installer_utils_system_windows_WindowsRegistry_set32BitValue0(JNIEnv *jEnv, jobject jObject, jint jMode, jint jSection, jstring jKey, jstring jName, jint jValue) { unsigned short* key = getWideChars(jEnv, jKey); unsigned short* name = getWideChars(jEnv, jName); DWORD dword = (DWORD) jValue; LPBYTE byteValue = (LPBYTE) &dword; if (!setValue(getMode(jMode),getHKEY(jSection), key, name, REG_DWORD, byteValue, sizeof(name), 0)) { throwException(jEnv, "Cannot set value"); } FREE(key); FREE(name); } One of the parameters passed to the setValue() function is the size (bytes) of the value. Unfortunately whoever made this has made a blunder by using 'sizeof(name)' for that parameter. It should have been the size of the value, not the size of the name, meaning sizeof(dword) or just a hard-coded value of 4. Just imagine what sizeof(name) will give you if name happens to be 'NoModify'. Yep, that's right: It will be 8. As I said, I believe this blunder has been in the code from the very beginning. It just hasn't had much effect until now.