Cyntech’s Tech Blog

Here’s a neat little trick I just learned.  If you’re in Terminal and need a Finder window of the folder you’re in, just type the following:

$> open .

Very handy if you need to use some Finder functions and you’re deep in a folder tree (like a java package).

A colleague told me today that her son was suspended from school for ‘hacking’ the school computers.  It turns out that he had managed to bypass the Department of Education’s firewall by guessing the password to the local system and was browsing game websites that were blocked by said firewall.

I understand that he did something that was wrong, but I believe the suspension was a complete knee jerk and not appropriate for what had been committed.  Firstly, the network administrator at the school had a password which was a name, a cat’s name to be specific.  This breaks probably the simplest, if not the most important rule on passwords; Do NOT use names/single word for passwords!  Secondly, he was only browsing websites.  It’s not like he had broken into a database or was performing some malicious action against the school or another organisation.  Punishment was necessary/required for breaking the rules, but suspension? Come on, he only highlighted the fact that the brain-dead administrator was stupid enough not to secure his network/systems properly.

It also tells me that not much has changed since I was at high school, when the staff tasked with the school’s network administration or even teaching of computer studies courses knew little about IT or computers in general.  I don’t know if this is a funding issue or the fact that there just isn’t anyone with the required skillsets interested in working for schools, but something needs to change there.

Update: It turns out the passwords are a little more secure than I first understood.  It turns out that another student discovered the staff member’s username then through a process of asking said staff member questions in general discussion worked out the answers to the three security questions required to access a ‘forgotten password’.  This student then logged in as the staff member for my colleague’s son to use (an accessory after the fact as it were). This is a little more sinister, but still doesn’t change the fact that it was possible for a student to obtain the staff member’s password.  More stringent precautions need to be in place for retrieving passwords (email confirmation etc).

The fact that the son in question was suspended when they weren’t the one who obtained the information is even more so a glaring insight into how much the school has got it wrong.

Writing a Java web application?  Keep getting a servlet exception? Can’t work out what the bloody hell is causing it?  Well, I have news for you!

Use this little snippet of code to get to the root cause of the exception.

try {

    // Your code

} catch (ServletException e) {

    Throwable t = e.getRootCause();
    System.err.println("Root Cause of Servlet Exception: " +
         t.getMessage());
    t.printStackTrace();

}

This does require to be placed in the area that actually uses Servlet code, like Request filters or HTTP processing (obviously to be able to catch it, you have to be where it is thrown).

I needed a way to compare large blocks of text efficiently for a project I am on at the moment.  I did not want to compare these strings when they could be in excess of 4000 characters or more.  Comparing such strings can be inefficient and system intensive.  So, a simple way of comparing large streams of any type of data is creating an MD5 hash of the data and then comparing the hashes.  It is very unlikely any two sources, unless identical, would have the same hash.  It is also extremely unlikely that even the slightest change (one character) would preserve it’s hash.

If you’re new to MD5, generating an MD5 hash from a string will return a 32-byte hexadecimal representation of that string.

I found this example on how to do it.

import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

public class AeSimpleMD5 {

    private static String convertToHex(byte[] data) {
        StringBuffer buf = new StringBuffer();
        for (int i = 0; i < data.length; i++) {
            int halfbyte = (data[i] >>> 4) & 0x0F;
            int two_halfs = 0;
            do {
                if ((0 <= halfbyte) && (halfbyte <= 9))
                    buf.append((char) ('0' + halfbyte));
                else
                    buf.append((char) ('a' + (halfbyte - 10)));
                halfbyte = data[i] & 0x0F;
            } while(two_halfs++ < 1);
        }
        return buf.toString();
    }

    public static String MD5(String text)
    throws NoSuchAlgorithmException, UnsupportedEncodingException  {
        MessageDigest md;
        md = MessageDigest.getInstance("MD5");
        byte[] md5hash = new byte[32];
        md.update(text.getBytes("iso-8859-1"), 0, text.length());
        md5hash = md.digest();
        return convertToHex(md5hash);
    }
}

This example uses the security package within Java’s core, specifically the MessageDigest class.  Once set to use the MD5 algorithm, you can create a ‘digest’ of the source string which is then passed to a method that coverts the digest to a Hexidecimal string.

To use this example you simply call the class directly:

String MD5_ad1 = AeSimpleMD5.MD5("Mary had a little lamb");
String MD5_ad2 = AeSimpleMD5.MD5("Jack and Jill went up the hill");

This example also pointed out that there may be difficulties while processing string data in encodings other than iso-8859-1, but otherwise you should be right with it.

So I wrote my first WoW addon last night and named it WhisperDKP (with the help of a good friend of mine).  It’s an extremely simple addon for my first attempt, intended for guilds that use eqDKP to monitor points for end game content raiding.  A user sends a ‘whisper’ with the text ‘dkp’ to the player with the addon installed, a whisper would be then returned with the point value of the players current DKP (dragon kill points).

There is still room for improvement, as the only way to provide the DKP information to the addon is to manually extract the values from the eqDKP website.  I’ll probably have to write a simple Java application to automate this.  After speaking with my friends in the guild, they want to be able to keep track of on-the-fly changes mid-raid as well as display a list of users in order of DKP so they can use it to choose the winner of an item.

For my current knowledge level, I can probably do this easily in a text based format, going into graphical windows is a new step and might take me a bit longer, maybe I’ll do it textual first then step into a graphical window.

While trying to create CLOBs for an Oracle database table, I was getting an Invalid Argument(s) error when trying to call CLOB.createTemporary().  I beat my head against a wall trying to figure out why I was getting null when you request the underlying connection from a Pooling Data Source but then I found some information that solved it for me.

For it to work, you need to enable access to the underlying connection to be able to get an instance of it.

There are two ways of doing this;

In your Tomcat configuration (or other Application Server), by enabling access to it in the <Context> of your web application:

<Context path="/ariweb" docBase="ariweb.war">
    <Resource name="jdbc/ari" auth="Container" type="javax.sql.DataSource"/>
    <ResourceParams name="jdbc/ari">
    <parameter>
        <name>driverClassName</name>
        <value>oracle.jdbc.driver.OracleDriver</value>
    </parameter>
    <parameter>
        <!-- NOTE: This is necessary to enable access to the Oracle connection object -->
        <name>accessToUnderlyingConnectionAllowed</name>
        <value>true</value>
    </parameter>
    <!-- Other configuration parameters -->
    ...
    </ResourceParams>
</Context>

If you’re using Spring, you can also set it there in the parameters for your data source:

<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
        <property name="driverClassName"><value>oracle.jdbc.driver.OracleDriver</value></property>
        <property name="url"><value>jdbc:oracle:thin:@dbhost:1521:DBSID</value></property>
        <property name="username"><value>user</value></property>
        <property name="password"><value>pass</value></property>
        <property name="accessToUnderlyingConnectionAllowed"><value>true</value></property>
</bean>

This means that when you use the getDelegate() or getInnermostDelegate() methods, you will get the underlying connection type rather than a null.

I’ve spent the whole of today trying to find information on how to properly configure commons logging in my java classes, specifically with Jdk14Logger.  It’s been a labourous task as a) there’s not much out there and b) Apache’s documentation isn’t brilliant.  I finally found one page on Tigris.org explaining commons logging (from the view point of a change in their software), which helped me greatly.

Due to the lack of decent documentation out there, I’m writing this article to try and help others.

Read the rest of this entry »

I recently had a problem with retrieveing timestamps from an Oracle table (you might remember my previous post on Dates and Timestamps), where I would get an error such as this: Read the rest of this entry »

A colleague passed this link onto me today which made me chuckle.  It seems to cut close to the bone around here:

Client wants to code their own blog/wiki software because “we want total control”.

Client insists that only the management be allowed to have internal blogs.

The PR department wants to write the CEO’s internal blog posts.

IT won’t allow anyone to install an RSS reader until it’s been through a code review. Which could take upwards of a year. And that’s not including reviewing updates…

Client insists on using Lotus Notes as their blogging platform.

When you ask how much experience staff have of social media, IT replies, “Oh, we block all those sites.”

The client wants Facebook.

“Why don’t we just throw some mud at the walls and see what sticks?”

IT disables all RSS feeds because of “a potential exploit we read about on Slashdot”.

Client insists on using Sharepoint as their wiki.

User surveys show some staff have more than 50,000 unread messages in their inbox, yet management insist, “We really don’t have a problem with email here.”

Management refuse to learn new terminology, resulting in statements like “I just posted a new blog to our wiki.”

Apparently, IM is “just for kids.”

Client decides that only “management-approved labels” can be used as tags in the social bookmarking app.

Client’s wiki is called CompanyPedia, is already out of date and is never used for actual collaboration.

IT eschew open source software because “Who would provide support?”

There are regular discussions as to which is the best Web 2.0 application: Lotus Notes or Sharepoint?

“Why don’t we just install some forums?”

Client thinks that “adoption” means everyone is going to end up looking after a small orphaned child.

The CIO still has his secretary print out all his emails.

Not all points apply, but some are very close to what goes on around here…

I’ve been getting back into some php web coding this week, looking at updating an application that a friend wrote a couple of years ago.  It’s a CHPP (Certified Hattrick Product Provider) program which is an interface to Hattrick that ‘predicts’ what a match’s result could have been given the ratings.  The guru’s over at HT changed the login system, so it needs updating for it to work.  I’m getting some practice in before writing an application later on for the Oceanian national team, which should be fun.