John Topley's Weblog

A picture of some pens

August 2003 Article Archive

Tag It

Thursday, 28 August 2003

My development efforts were halted today by a frustrating but interesting few hours spent trying to track down and fix a bug in the UI for the Java framework we're developing. The contents of an HTML text field were being truncated when saved to the database if the text contained an apostrophe. The text after and including the apostrophe was discarded.

I thought I knew where the cause of the problem lay and homed straight in on that piece of code. I knew that apostrophes have to be escaped with another apostrophe when inserting text into an Oracle database. I was using a JDBC PreparedStatement object and according to everything I could find on the subject using Google Groups, this should automatically take care of such issues, but it wasn't happening. I even tried writing my own method to manually loop through the string and double up any apostrophes but the text was still truncated in the database table. It was only when I added logging statements to the start of the relevant methods that it became clear that the text was going into the database correctly and that the problem actually lay elsewhere.

It turned out to be because of the way we were passing state between our JSPs using HTML hidden fields:

<input type="hidden" value='<%=request.getAttribute("textProperty")%>'>

—What we should have been doing was using the Jakarta Struts hidden field tag:

<html:hidden property="textProperty" />

By the way, the only reason we were not using the Struts' tag in the first place was simply because when the JSPs were originally written during a RAD workshop, neither my colleague nor I could remember what the tag was called (pretty stupid, I know—it's obvious!) or find any reference to it in any of the books we had to hand. And we didn't have an Internet connection available.

Today I learnt that the Struts' tag libraries automagically take care of issues such as escaping characters for you, so it pays to use them where possible. JSP taglibs rock!

top | link | comments ()

New Favourite Quote

Wednesday, 20 August 2003

“There are 10 kinds of people in this world—those who can understand binary and those who can't.”

Jeremy Paxman

top | link | comments ()

Not Having A Blast

Friday, 15 August 2003

The MSBlast virus has been in the news this week as Windows users across the world have been heard cursing Microsoft. So who's to blame?

The obvious and easy target is Microsoft, with their shoddy products and dodgy programming. Well that used to be true, but I don't buy that line of thinking anymore.

No MSBlast virus logo The release of Windows 2000 was a watershed event for Microsoft as they made serious strides in stability that Windows XP and Windows Server 2003 have built upon. A mistake that Microsoft used to make was that they enabled all features by default, which meant that Windows had to be explicitly locked down to make it less susceptible to being attacked—a task well beyond most users. Windows Server 2003 is the first operating system release from Microsoft where this is not the case and where the system administrator has to actively enable the services they want to use, which means that the so-called “attack surface” of the platform is much smaller.

I'm not naive enough to think that all this means that Microsoft's operating systems are now perfect. Nothing with the size and scope of Windows can be. There are numerous flaws in Windows—many of them not yet discovered—which was why Microsoft created Windows Update to enable patches to be downloaded. Microsoft could have enabled automatic updating by default, but they're really between a rock and a hard place on this one because a lot of people are uneasy about the thought of their computer automatically contacting the mothership in Redmond, and because occasionally bad patches make it out of the door that actually do more harm than good. I've turned off automatic updating on my Windows XP box because I like to be in control of what gets installed on my PC.

Users of other operating systems such as Linux or Mac OS X will tell you that their computers are invulnerable to these sorts of attacks, which is nonsense because such claims are untested. People who write viruses and worms want their handiwork to get noticed, which means targeting the most popular operating system. With an estimated 80% of the installed base, that means Windows in its various flavours. Linux, UNIX and OS X are simply not significant enough for these people to target.

Apart from the author(s) of MSBlast, I think that the average consumer of Windows is to blame for not applying patches and for not using a firewall. The excuse is that no one told them that they had to! Computers are marketed and sold as an appliance that you purchase, maybe customise a little and then just use until it breaks or you buy a newer one. They should actually come with the social responsibilities that are attached to cars.

If you drive a car then it is your responsibility to ensure that your vehicle is kept in a roadworthy condition. This involves servicing it on a regular basis. Owning a computer is not a responsibility-free zone. If you own a personal computer that you connect to a network, then it is your responsibility to make sure that you practice safe computing and do not jeopardize other computers on that network. And that includes the Internet: the network of networks.

If you are a Windows user who has been affected by MSBlast or something similiar, then this is what you need to do to prevent such attacks affecting you in future:

Visit Windows Update on a regular basis, or “turn on automatic updates” (search Windows XP help for the phrase in speech marks.)
Download and install a software firewall such as the free version of ZoneAlarm. The firewall that comes with Windows XP doesn't quite cut it because it only blocks nasty incoming traffic.
Buy proper anti-virus software and keep the annual subscription renewed. I use Norton AntiVirus which works very well.
Download and install Ad-Aware to remove any nasty spyware that's lurking on your PC. It's free!

There. Now you have no excuses.

top | link | comments ()

A Lesson Learnt

Wednesday, 13 August 2003

In Get Your Back Up I talked about how I safeguard my data and proudly proclaimed that in seven years of home PC computing I've not lost a single byte of data. And that's still true. On the desktop. Unfortunately I have just lost some data on a server—for the article comments that were on this website are irretrievably lost. My hosting provider has confirmed this. It was only thirty rows spread across two database tables but I'm kicking myself over my complacency.

I'd briefly read in my hosting provider's terms and conditions that they do not back up client data held on their servers, but for some reason the logical follow–up thought didn't form in my mind: “I need to do something about this.” I think I thought it was one of those things that I'd get around to once more pressing matters had been dealt with.

Truth be told, I didn't lose very much data at all. However, it was data that was important to me because they were the very first comments that people had made in response to my fledgling blog. It almost has sentimental value to me.

Anyway, that's enough meta-blogging (blogging about blogging) articles for the time being. This site is firing on all cylinders once more and I've taken steps to ensure that the same thing can't happen again. I now need to connect to a computer that I will never see, in a location unknown to me, to back up some information that has great value to me.

top | link | comments ()

Back In Business

Sunday, 10 August 2003

I've restored the comments and feedback page functionality to this site by creating a new MySQL database. Frankly, I was tired of waiting for my hosting provider to fix the problem, which has been dragging on for over a fortnight now.

Unfortunately it does mean that all the previous comments that were made have been lost, but if they are ever able to get the old database back then I will merge the old comments into the new database. I'm not at all happy about having lost the comments but I'd rather have a fully-functional website. The whole episode has been a complete nightmare and I just want to get back to normal now.

top | link | comments ()

Awesome Ant

Thursday, 07 August 2003

The latest edition to my J2EE armoury is Apache Ant, which I've spent the past few days investigating. For those who don't know, Ant—which stands for Another Neat Tool—is a Java automated build tool. It uses an XML configuration file (or files) and can be used to perform a multitude of tasks. Tasks such as compiling Java source code, creating JAR, WAR or EAR archives, copying or moving files, generating Javadoc pages, deploying files to an application server, even running unit tests. And if Ant's set of built-in tasks isn't enough for you, you can extend it by writing your own Java classes. Ant build files can also call other Ant build files, which means that large projects can be more easily partitioned and managed.

I did encounter one or two problems using Ant but only because I'm a newbie. I give details here in case anyone else gets caught out like I did.

I was using the jar task to create a Java archive and I was puzzled as to why I was ending up with two copies of each class in the JAR file. I had a block of code similar to this:

<jar destfile="${dist.jarfile}"
        basedir="${build.classes.dir}">

  <fileset dir="${build.classes.dir}">
    <include name="**/*.class"/>
    <exclude name="**/*Test*"/>
  </fileset>
</jar>

—I ran Ant using the -debug switch which generated a copious amount of output and made what was happening obvious. Re-reading the documentation confirmed it. The jar task forms an implicit Ant FileSet, so all I needed was:

<jar destfile="${dist.jarfile}"
        basedir="${build.classes.dir}">

  <include name="**/*.class"/>
  <exclude name="**/*Test*"/>
</jar>

The other problem I came across prevented compilation of some source files because the compiler couldn't find some of the classes that the source depended upon. This took me a fair while to solve but it turned out to be because I'd specified an incorrect basedir attribute in my jar task, which meant that all of my .class files within my JAR were a directory deeper than they should have been!

In other words, instead of telling jar to start from the /classes directory, I'd told it to start from the project's root directory, meaning that the path to the compiled classes started with classes instead of gov which is the start of my package hierarchy. Doh!

I'm totally impressed with Ant and shall be using it for all my J2EE projects from now on. Although most Java IDEs now feature Ant integration, what it's crying out for is a decent GUI build file editor, i.e. an antidote to using Notepad!

top | link | comments ()

Mailinator

Tuesday, 05 August 2003

There's been some discussion recently about Mailinator, a web application that provides instant, disposable e-mail addresses. Apart from being struck by what a brilliantly simple and useful idea this is (and wondering why I didn't think of it!), I was also interested to notice that Mailinator is a Jakarta Struts application. The URLs ending in “.do” give it away, although this is a convention; it's not enforced by Struts. You can use any URL pattern that you wish.

Struts applications on the Internet still seem to be relatively rare but I think that reflects the fact that there don't seem to be many J2EE applications in general out on the web. Or maybe it's a sign of their success that I just haven't noticed them.

Still Working On It

Unfortunately the comments system and feedback page on this site are still broken. My hosting provider is having difficulty getting the MySQL databases back to how they were. Once again I apologise for the situation and thank you for your patience.

top | link | comments ()

Return To Sender

Friday, 01 August 2003

I've been having a problem with spam lately that is a direct consequence of the technical decisions taken by two very different companies. One of them is an ISP and the other is an online chat website.

The difficulties started a few months ago when I started to receive e-mails from the enigmatically named Faceparty Mailbot telling me, or rather, someone called Siany that there was a new message waiting for me from another Faceparty member. I immediately knew what the problem was—I occasionally get other people's e-mails because of the way my ISP (Freeserve) handles user names.

When you sign up with Freeserve you have to pick a user name that becomes the part of your e-mail address after the @ symbol. So my user name is “topley.freeserve.co.uk”. E-mail addressed to any address that ends with that user name will come to me. Unfortunately Freeserve seem to allow other people to register using the same name, which means that I get the odd incorrectly addressed message.

Some of it has been quite varied and entertaining. For example, I've had a farmer enquiring about the history of some livestock, someone's camping holiday photographs and even a naughty picture of someone's wife! Funny, that gentleman didn't respond when I e-mailed him to point out that he'd reached the wrong person…

It appeared that this was another case of mistaken identity and that this Siany person had signed up to The Biggest Party on Earth ™ using the wrong e-mail address. Not a problem, I thought, I'll simply contact Faceparty and get them to contact Siany to tell her that she needs to change her contact details. Faceparty have a contact form on their website which lets you select a relevant department and then enter your message, which I duly did. After receiving a standard, auto–responder:

“Hey,
Thank you for writing to Faceparty! This letter acts as confirmation that we have received your email. We aim to respond to all queries within 5 working days, or 48 hours if you have Cool Tools or your enquiry is billing related.”

—I received this message:

“Thank you for your email. Faceparty has a strict no spam policy. We are governed by the EU Directive on Data Protection and the Data Protection Act 1998.

We give you full control to choose if, when and why you receive emails from us. You can choose exactly why we email you & opt out of newsletters or message alerts by logging in to your account and choosing 'Privacy Settings' from the 'My Settings' menu.

More information on this subject can be found in our website's Help section.

This letter is an automated response based upon the department you chose and keywords in your letter. Because your letter could be dealt with automatically, you will not receive a personal reply and your original message has now been deleted. We hope this reply has been of help!”

—Well no, it hasn't been actually! I tried to contact them again, this time choosing a different department and I got the same response. It would appear that all of their e-mails are automatically generated based on keywords and that there is no way to reach a real live human being at Faceparty (hmm…maybe there aren't any?)

By now I was getting sick and tired of the daily flood of e-mails for Siany, so I had no choice but to join the wretched Biggest Party on Earth ™ myself and contact her directly. I signed up (using fake details of course) and got in touch with Siany who kindly agreed to use her own e-mail address as part of her contact details. I subsequently received several bleeding heart e-mails from my old friend the Faceparty Mailbot telling me that I hadn't created my profile or uploaded my photo, and that if I didn't within four weeks then my account would be deleted, but I consigned them to the bit bucket. Because of poor technical decisions made by both Freeserve and Faceparty, a simple invitation to chat had become just another part of the spam problem.

Update: a few days ago this message appeared in my Inbox:

“Hey Jade,
It's great to hear that you've joined us! Welcome to Faceparty - Your life is about to change.”

—Now why do I get the feeling that mine is too?

top | link | comments ()