Saulo Silva’s Blog

Why? The short answer is that your system is vulnerable to attackers.

The long answer:

• Critical Java zero-day bug is being “massively exploited in the wild”
• Critical Java vulnerabilities confirmed in latest version

Oracle’s Java plugin for browsers is a notoriously insecure product. Over the past 18 months, the company has released 11 updates, six of them containing critical security fixes.Ed Bott, contributor at ZDNet

Now here’s how to disable Java on the major web browsers.

How to disable Java on Google Chrome

1. Go to chrome://plugins/
   On the location bar, type chrome://plugins/ and hit enter.
2. Disable “Java(TM)”  (if you can’t find it, then the plug-in is not installed)
   Click on the “Disable” link.

How to disable Java on Mozilla Firefox

1. Open the Add-ons Manager
   Click on the “Firefox” button on the top-left corner, then select “Add-ons”.
2. Disable “Java(TM) Platform…” (if you can’t find it, then the plug-in is not installed)
   Click on the “Disable” button.

How to disable Java on Internet Explorer

1. Open the Manage Add-ons window
   Press Alt-x and select “Manage Add-ons”.
2. Disable all items starting with “Java(TM) Plug-In”
   Select each item and press “Disable”.

Sometimes my USB wireless network adapter doesn’t work at all after my Windows desktop recovers from sleep mode. I haven’t found the root cause of this problem but disabling & enabling the adapter works well as a workaround. Here is a PowerShell script to do so:

# Get the network adapter object
$adapter = Get-WmiObject -Class Win32_NetworkAdapter |
    Where-Object {$_.Name -eq "TP-LINK Wireless USB Adapter"}

# Disable it
Write-Host -nonew "Disabling $($adapter.Name)... ";
$result = $adapter.Disable()
if ($result.ReturnValue -eq -0) {
    Write-Host "Success.";
} else {
    Write-Host "Failed.";
}

# Wait 2 seconds
Start-Sleep -s 2

# Enable it
Write-Host -nonew "Enabling $($adapter.Name)... ";
$result = $adapter.Enable()
if ($result.ReturnValue -eq -0) {
    Write-Host "Success.";
} else {
    Write-Host "Failed.";
}

Make sure the adapter name on line 3 matches what you have in Control Panel > Network and Internet > Network Connections. Mine is called “TP-LINK Wireless USB Adapter”.

Since you will need to run that as an Administrator, create a shortcut to the PowerShell executable and pass the full path of the script above as an argument. Then, open the shortcut properties, click on “Advanced…” and check “Run as an administrator”.

Update: This method only works on Windows Vista and above.

Update 2: I have not encountered this issue since I’ve updated to Windows 8.

The last release of  Java—version 1.6.0 update 21—was rebranded as being made by “Oracle” instead of “Sun Microsystems, Inc”.

The problem is that Eclipse uses that value to decide on whether or not to pass a specific argument to the Virtual Machine.

This change affects Eclipse versions 3.3 (released in 2007) to 3.6 (released in 2010), causing the IDE to hang consistently, without any error messages.

The guys at Eclipse.org have posted three workarounds for this issue. (Since I’m using Helios, I opted for no. 3.)

Here is the bug  on the Oracle and on the Eclipse side.

A short introduction on how to achieve OOP concepts such as classes and inheritance in JavaScript

Classes in my JavaScript?

JavaScript does not have a built-in language construct for the definition of a class; however, we can achieve the same concept of an “object blueprint” via a function, to which attributes and methods can be attached dynamically. Let’s look at a practical example—let’s implement a simple Animal class:

function Animal(name) {
	// Attributes
	this.name = name;

	// Methods
	this.getName = function() {
		return this.name;
	}

	this.setName = function(name) {
		this.name = name;
		return this;
	}

	this.speak = function() {};
	this.toString = function() {};
}

So this class has a name which is encapsulated by a getter and a setter. It also has two undefined methods. Nothing extraordinary here.

Inheritance

Let’s implement a class Cat that extends Animal. This can be done by assigning an instance of Animal to  Cat.prototype:

Cat.prototype = new Animal(); // A Cat is an Animal
function Cat(name, favouriteFood) {
	// This is how we invoke the constructor of the parent class.
	// Not very nice; we will see a way around this.
	Animal.prototype.constructor.call(this, name);

	// Attributes
	this.favouriteFood = favouriteFood;

	// Methods
	this.speak = function() {
		return 'Meow';
	}

	this.toString = function() {
		return this.getName() + ' is a cat';
	}

	this.getFavouriteFood = function() {
		return this.favouriteFood;
	}
}

Instantiating objects and passing messages is straight forward to those who are familiar with C++/Java:

loup = new Cat("Loup", "tuna");

document.write(
	loup + ' who loves ' + loup.getFavouriteFood() + '.' +
	loup.getName() + ' says "' + loup.speak()+ '".'
);

And the output is:

Loup is a cat who loves tuna. Loup says “Meow”.

Notice the overriding of the methods speak() and toString() in the Cat class.

But wait! There’s more!

We can make the invocation of parent constructors a bit more elegant like this:

Cat.prototype = new Animal(); // A Cat is an Animal
Cat.prototype.parent = Animal.prototype;
function Cat(name, favouriteFood) {
	// This is how we invoke the constructor of the parent class.
	// See how this is much better?
	this.parent.constructor.call(this, name);
	…

But now for every inheritance we would need to copy and paste lines 2 and 3. We can reduce code repetition by creating a method as follows:

Function.prototype.extends = function(parentClass) {
	this.prototype = new parentClass();
	this.prototype.parent = parentClass.prototype;
}

Since our classes are actually JavaScript functions, we can add any method or attribute to Function and it will be available to any of our classes. Lines 2 and 3 above are almost exactly as we had before: “Cat” was replaced by “this” and “Animal” was replaced by the reference “parentClass”.

Here is how we would use it:

Cat.extends(Animal); // A Cat is an Animal
function Cat(name, favouriteFood) {
…

That’s it!

The final version of the code can be tested here.

If you don’t want to reinvent the wheel, there are a couple of powerful and robust frameworks out there that will achieve the same functionality and much more. Prototype JS is one of them.

So there you go, this should get you started with OOP in JavaScript!

If you find any mistakes or if you have any suggestions, feel free leave a comment.

References: Classical Inheritance in JavaScript by Douglas Crockford and OOP in JS, Part 2 : Inheritance by Gavin Kistner.

In one of the courses I took this session I was introduced to aspect-oriented programming. For those who are not familiar with it, an aspect can be used to implement a concern that is crosscutting among different components.

There are a few such concerns that are commonly affected by crosscutting, namely: authentication, persistence, logging and contract checking.

It is argued that with object-oriented programming, even after proper refactoring, it is not always possible to map a requirement to a single component. When a requirement is implemented by more than one component, scattering occurs. AOP allows you to localize the scattered requirement into an aspect.

AspectJ is an extension to the Java language that adds support to AOP. An aspect in AspectJ is composed of pointcuts and advices. A pointcut defines the condition that needs to be met in order for the logic in an advice to be executed. A pointcut could be, for instance, the execution of a method in a particular class.

How AspectJ can be useful

Let’s look at an example. Say we want to log when horses drink water and when cows eat grass. Assume we have a class Logger with a static method log(). Here’s what the implementation could look like:

public class Horse {
	private int consumedWaterInLitres;

	public void drink() {
		consumedWaterInLitres++;
		Logger.log("A horse is drinking water.");
	}
}

public class Cow {
	private int consumedGrassInGrams;

	public void eat() {
		consumedGrassInGrams++;
		Logger.log("A cow is eating grass.");
	}
}

The argument is that the concern of logging is now crosscut among the Horse and Cow components. In addition, it can be said that Horse.drink() and Cow.eat() are responsible for more core logic (eating and drinking) than they should have been. Let’s try to fix this problem with an aspect:

public aspect Logging {
	pointcut logHorseDrinking() : call(public void Horse.drink());
	pointcut logCowEating() : call(public void Cow.eat());

	void after() : logHorseDrinking() {
		Logger.log("A horse is drinking water.");
	}

	void after() : logCowEating() {
		Logger.log("A cow is eating grass.");
	}
}

Here we defined two pointcuts that capture calls to Horse.drink() and to Cow.eat(). We’ve attached these pointcuts to two advices that will run after these methods are executed. With the Logging aspect in place, we can now remove all calls to Logger.log() from Horse and Cow. Isn’t that great?

How AspectJ can be dangerous

Aspects can also add state, behaviour and inheritance to a component. Privileged aspects have access to all features in a system, including private ones. Does that raise a red flag? Let’s look at the class Dog below.

public class Dog {
}

It has no features—no attributes nor methods—and doesn’t extend from any class, right? Wrong:

public aspect DogAspect {
	declare parents: Dog extends Animal;
	private String Dog.ownersName = "Bobert";

	public String Dog.getOwnwersName() {
		return ownersName;
	}
}

The aspect above has completely changed the class Dog. It has made it an Animal, it has added an attribute ownersName and a getter for it. The worst part is that Dog is completely oblivious to the aspect. In fact, unless you as a developer look at all aspects on the system, you will never know about it either.

That is not completely true because some IDEs will provide a visual clue whenever a class is affected by an aspect. The AspectJ Developement Tools add-on for Eclipse (a great IDE by the way) is supposed to show a marker on the editor margin whenever a component is being advised by an aspect. I have the latest version installed (ADJT 1.6.4) but for some reason the marker is not showing up, unfortunately.

There are also other issues one might encounter when using AspectJ. It is not an easy task to document the impact aspects have on a system—UML has no support for aspects at this moment—how are you going to show that on a sequence diagram? Also, the debugging and tracing of execution of a class that is being advised by an aspect can get pretty tricky.

In conclusion

I believe that the application of AOP could indeed improve the quality of a system through the localization of crosscutting concerns. However, its Java implementation—AspectJ—provides a level of control that is too risky to be used in industrial medium- to large-scale projects. Its supporting technologies and documenting tools have not yet reached the desired maturity level.

Since last summer I’ve been working with three other Software Engineering undergraduates on a web enterprise application that will eventually replace a legacy ERP system. We used patterns from Martin Fowler’s Patterns of Enterprise Application Architecture (a great book, by the way), and the well-known three-layered architecture.

One day we had a discussion related to the persistence of Domain Models and whether we should enforce foreign-key constraints at the database level. My first reaction was that the very use of a relational database implied the enforcement of such constraints, but some of my colleagues argued that the database should be seen as nothing but a persistence mechanism and therefore we should avoid placing any business logic in it. We ended up by not using foreign-key constraints.

Would you have done otherwise? I would like to hear what other software engineers/developers have to say about this.