My Security Nightmare
Filed Under Programming
As Willie Sutton didn’t say, “I rob banks because that’s where the money is.”
I work for a bank, and so I worry more about security than most programmers. After all, if a hacker were were truly motivated and competent who would they pick to go after? Probably a bank (the other good option is political or corporate espionage). Recently I saw two security-related stories which, when combined, form my ultimate nightmare: an effective attack for which I cannot imagine a possible defense. Read more
Post Links
Permalink | Trackback | Leave a Comment
Threadsafe Java Servlets - a solution
Filed Under Programming
In a previous post I wrote about how nearly all web applications built on Java servlets suffer from potential threading issues. Web browsers can make multiple simultaneous requests, which will result in multiple threads concurrently modifying the (not threadsafe) HTTPSession. Most people just ignore the problems (which strike rarely), some serialize all requests for the same session, but neither of these works as well in a world where AJAX-based user interfaces are becoming more common. I hope to describe the basic outline of a solution; explaining, as I go, the reasoning I used in coming up with it. Read more
Post Links
Permalink | Trackback | Leave a Comment
Threadsafe Java Servlets
Filed Under Programming
Web servers are inherently threaded applications: their primary purpose is to serve up a website or web application to a large number of users. Essentially all of the frameworks for creating web applications, such as Java’s “servlet” specification and all of the structure built on top of it, provide built-in support for handling queries from different users simultaneously, and they make it possible for these threads to operate “safely” (without data corruption) so long as a few basic rules are followed (”Don’t store anything in the servlet instance variables.”, and “Don’t access anything stored in static variables unless it is threadsafe.”).
However, threading issues for web servers are not limited to the fact that there are multiple simultaneous users — it is also possible to be processing multiple HTTP requests a single user at the same time. Read more
Post Links
Permalink | Trackback | 5 Comments
The Secret to Making Chrome
Filed Under Programming
Google has released a new browser, “Google Chrome“. It features quite a few innovations: some user interface innovations include tabs above the menus and URL bar, a single field combining the URL and search fields, search and status bars that disappear when not in use and a home page showing small versions of your 9 most-visited sites. Perhaps most interestingly, it runs each tab and plug-in in a separate process so errors or slow-downs in one cannot affect the rest. It also features a strikingly fast JavaScript engine (for those fancy “Web 2.0″ AJAX pages) and some interesting security innovations like “scoping” pop-ups to remain over the page that generated them. And it supports a porn mode… sorry, “Incognito Mode” where no record is kept of your browsing (is this because Google knows something about our browsing habits?). Read more
Metaphorical Programming
Filed Under Programming
Unlike computers, humans tend to think in metaphors. That is, when we want to reason about something new or unfamiliar we reason by analogy with something familiar. This is a great mental trick and it is part of what allows humans to be flexible and to deal with unanticipated circumstances (exactly the kind of thing that computers cannot do), but there is a danger as well: where the analogy chosen is not a close match, our thinking can be led astray. One place where these analogies are often poor is in thinking about the process of programming. Read more
Post Links
Permalink | Trackback | Leave a Comment
Go Easy on the Maintenance Programmer
Filed Under Programming
“Maintenance Programmer“: This common, and underappreciated species of programmer is often heard muttering and cursing under their breath. Sometimes bald from tearing their hair out in frustration.
From time to time we all have to do it: simple changes and maintenance to code - often other people’s code. And the truth is that most code spends far more time in maintenance mode than it did in design, coding, or initial debugging. Yet maintenance programming is notoriously difficult (even if it does tend to get assigned to the most junior developers on a team). I will identify the main reason I think maintenance is difficult, and suggest one specific programming practices that can make your code easier to maintain. Read more
Post Links
Permalink | Trackback | 12 Comments
A random selection algorithm
Filed Under Math, Programming
Suppose you want to select k things randomly from a list of n items, with no duplicates. Read more
Two more uses for a Secure Hash
Filed Under Programming
In a previous article I talked about using salt with a secure hash, but all of the examples assumed that the secure hash would be used to validate passwords. Secure hashes can be used for many other purposes, and I’ll illustrate that by describing two other possible uses. Read more
Post Links
Permalink | Trackback | Leave a Comment
Why User Stories?
Filed Under Programming
Any software project needs a Business Requirements Document (BRD)—a document which describes what the deliverable is supposed to do once it’s been built. The traditional (waterfall) way is to write it in paragraph form, but several agile development techniques recommend writing it in the form of a collection of “User Stories”. Read more
Post Links
Permalink | Trackback | Leave a Comment
Always use Salt
Filed Under Programming
I’m not a very good cook. One reasons is that I’ve never mastered the art of tasting the food as I go along and seasoning it properly. When cooking, I never seem to add the right amount of salt. As a programmer, though, I always use salt. Read more