Skip to main content


Showing posts from March, 2006

SSL Protocol

This is a simple informational posting. Since I am reading Java security, I thought I'd share some information about SSL with readers of this blog. SSL or Secure Sockets Layer is a layer above regular TCP/IP sockets which is used to encrypt and decrypt all data exchanged between the sockets. SSL is used for several reasons; - To ensure that the client and server know exactly who they are talking with. - To ensure the integrity of data that is exchanged. - To ensure that an eavesdropper cannot access the data while it is transmitted. Before the data exchange can actually begin, the client and server must establish an SSL connection using the following steps. 1. The client send the server it's SSL version number, and cipher settings. 2. The server send the client it's SSL version number, cipher settings, and it's public key certificate. 3. The client authenticates the server using the certificate. After successful authentication the client generates a premaster

Maybe We Do Need An MVC Framework

A few days ago I wrote on the disadvantages of using an MVC framework in a web based project. The main points of contention were that it takes time to learn a framework and sometimes we have to learn different different frameworks for different clients, each adding to the learning curve. At times we have to understand the entire framework just to use a part of it. However upon further deliberation I think that we cannot obviate the need for a framework. Even if we choose not to use an available framework, we will still have to write code to provide the functionality. Over time that code will evolve into our own home grown framework. The time we will have to invest in creating and maintaining the code will be way more than the time it will take to learn something like Struts. I think frameworks are here to stay. But there might be a shift to light weight frameworks that allow us to extend them by adding components. More about that later!

Why Java Does Not Support Uninitialized Local Variables

In Java a local variable has to be initialized before it can be used. I always thought the reason for imposing this rule was to ensure that variables are never used with junk values if a programmer forgets to initialize them. This would result in runtime bugs. However while reading "Java Security - Scott Oaks" I realized that there is a also a security concern in allowing usage of initialized variables. A rogue programmer could create a very large uninitialized variable and then inspect the contents of it's memory location. Such an operation could compromise the security of the machine on which the program (applet) is being run.

Java Web Frameworks

Java source dot net lists 38 Java web frameworks. Check it yourself at their website . I do not know if all of them are of production quality, but still 38 is way too many web frameworks. Many of these frameworks have been created by people who got frustrated with the current set of frameworks. I think I am begining to get frustrated with the sheer volume of what is available. Maybe having too many choices is'nt always a good thing.


Most web based J2EE application use an MVC framework like Struts, Velocity, Spring, etc. All these frameworks provide a Controller which intercepts requests from the client and determines the model element to invoke. Will this change once AJAX becomes more widely adopted? When we use AJAX, all requests first go to the AJAX engine which in turn makes an HTTP request to the server. The response is monitored by a callback function which acts upon the response when it is recieved. A reason why an alternative architecture may emerge, is because of the shortcomings of using an MVC framework. Despite of the advantages that are promised by some of these frameworks, they do have many strings attached. Once you use a framework, you have to do things *their* way. They very often influence the application's architecture also. Making the architecture flexible enough to replace the framework has to be done by creating a layer of abstraction between the application and the framework. This adds to

Performance Anti Patterns

Some time back Frank Sommers wrote a blog on in which he highlighted some software performance Anti Patterns. A few developers also added to the list from their experience. Below are some of the points mentioned in the Blog. - Not thinking of performance (at all) during development - Measuring and comparing the wrong things - Algorithmic antipathy - Reusing (old) software - Iterating too much - Focusing on what you can see, rather than what the real problem is - Layering too much software on each other - Too many threads (improperly used threads) - Premature optimization - Overuse of IO operations or ignoring those that are being used - Not having an execution flow model, only a component view - Incorrect use of Exceptions - XML overuse (or improper use) - Improper understanding of sw/hw configuration parameters - Bad string handling - Imbalanced use of database processing and high level language processing You can read the blog on Artima's website.

Installed Ubuntu Linux

Yesterday I installed Ubuntu Linux on an old Samsung V25 laptop. The installation process was pretty smooth, except for the blinking screen. The screen resolution selector did not show the resolution of my machine (1024x768), so I selected the closest match of 1200x800. Rest was smooth, Ubuntu installed properly with a few post installation hiccups. - The GUI started with a screen resolution of 640x480. The screen resolution preferences box from the admin menu did not have any other option. That was a let down. However after some Googling I found out that I could get the original resolution of my monitor by tweaking the refresh rates in /etc/X11/xorg.conf. I added two lines in the 'monitor' section - HorizSync 31,5-48,5 VertRefresh 40-70 This did the trick. The resolution was perfect. -This version 5.10 had proper ACPI support, which the previous version 5.04 lacked. However when I unplugged the power cable the icon in the tool bar took about 5-10 seconds to change to battery p