Unidev Tech Blog

Web developers and programmers test on the Internet constantly.  Web browsers and software updates all help make browsing faster, easier and more customizable to your needs.  But did you know that many developers use thousands of applications, add-ons and extensions to further the user customization experience in each browser?  Compiled by our development team, take a look at some of these extra features for popular browsers such as Google Chrome, Safari, and this week, Mozilla Firefox.

 

Must Haves:

Web Developer 1.1.9 by chrispederick

With over 21 million downloads you can assume this app does something right.  Web Developer adds a toolbar to Firefox that arms the user with a plethora of tools including coding options for forms, CSS, images, resizing, and full w3c validation all within a couple quick clicks of the mouse.

 

Firebug 1.9.1 by Joe Hewitt

Like the Web Developer app, Firebug has similar features but shines particularly in debugging processes.  Also see FlashFirebug 3.4.2 by O-Minds when working with AS3 and SWF files.  Firefinder for Firebug 1.2.2 by Robert Nyman is another add-on to Firebug, this one helps in finding HTML elements matching the developer’s chosen CSS selector(s) or XPath expression.

 

YSlow 3.1.0 by YSlow

Is your webpage running slowly?  Find out why with this app.  YSlow analyzes and grades your page using either three predefined rulesets, or a user-defined one.  Giving both valid feedback and suggestions, YSlow is a great way to improve your website’s speed.

 

JavaScript Debugger 0.9.89 by James Ross

Also known as “Venkman,” this app provides the developer with a strong JavaScript debugger and profiler.

 

Other Useful Tools

ColorZilla 2.6.4 by Alex Sirota

Like the eyedropper tool in most photo editing software, this tool allows the user to capture any color that you see while browsing through the web. Especially when redesigning a website, this tool can help guarantee that you are using the same colors as the previous site.

Mind the Time 0.4.7 by Paul Morris

This is a handy time management app especially if you fill out timesheets at your place of employment.   This tool will keep track of how long you’re Firefox session lasts as well as time spent on the current website.  Note that it will only calculate the time spent while remaining active as it has an idle status that kicks in after a minute of inactivity.

 

Session Manager 0.7.8.1 by Morac

If you find yourself going back to the same websites day in and day out, this is the add-on for you.  Session Manager can record your sessions opened in Firefox and make them easily accessible for you the next day with just a simple click.

 

ColorfulTabs 11.2 by Binary Turf and Tab Scope 1.1.5 by Gomita

These two add-ons help organization when you tend to have an excessive amount of tabs open at once.  ColorfulTabs highlights each tab with a different color, making them a little more distinctive.  Tab Scope allows a mini preview of the website simply by hovering over the tab preventing a frantic click and search trying to “find that one page you were on.”

As a Systems Engineer at Unidev I work on a wide variety of projects and my most recent project requires web service calls via SSL. The specific project uses Spring Framework. As we know, SSL framework is provided by Java SE Security (JSSE) which is automatically included in the JDK now. But you have to tell JSSE where the keystores is.

JSSE finds keystores one of two ways:

1.  Import your certificate to JDK’s default keystores – cacerts. The problem with this approach is that this certificate is valid for all applications which use this JDK instance. This could be a potential security hole.  And when upgrading the JDK, the default keystores for new JDK has to be modified as well. When upgrading the JDK, its important to upgrade default keystores too. Obviously, this is not an optimal situation.

2. Create a keystores.  You can create a project-specific keystores and explicitly set the javax.net.ssl.trustStore system variable to use it. In this case, the certificate is only used by your project and has no dependency to JDK. This can be done with the following java command line:

java -Djavax.net.ssl.trustStore=truststores.jks com.progress.Client

It is also an option to set the system variable in application-context file in the fashion of Spring too:

<bean id=”trustStore”

class=”org.springframework.beans.factory.config.MethodInvokingFactoryBean”>

<property name=”targetObject” value=”#{@systemProperties}” />

<property name=”targetMethod” value=”putAll” />

<property name=”arguments”>

<props>

<prop key=”javax.net.ssl.trustStore”>trustStores.jks</prop>

</props>

</property>

</bean>

 

If you don’t want to use JSSE, you can use spring-ws and customize HttpClient which is used by org.springframework.ws.transport.http.CommonsHttpMessageSender for org.springframework.ws.client.core.WebServiceTemplate.

Contact Unidev for more information on calling web services over SSL using Spring.

 

While debugging a program that had dumped core on HP-UX, I noticed some oddities in the stack trace the required a bit of further investigation. As the code I was looking at is client code, I cannot share it online. This post shows analysis done under CentOS Linux of a trivial program I constructed with the same issue.

 

For those of you who have not used GDB to analyze a core dump, it’s simple to do. Simply invoke GDB with the following syntax:

    gdb /path/to/executable core.file

 

Once you’re inside of GDB, you can use the commands on the stack frame, just as you would for any other program you were debugging; you can perform a backtrace to get the stack, navigate up and down through the stack frames, and print variables to the screen.

 

It was while looking through the backtrace and stack frames, I noticed something was wrong – the stack frames seemed corrupted after as it went further down:

     gdb> bt

This had me stumped for a little while. The memory location for the stack frames starting with #7 was simply nonsense – it was nowhere near the location for the other stack frames and was well out of the range of memory that I had on the box. After looking through source code (see Code Listing 1) and variables for what seemed like hours, the underlying problem suddenly came to me. In the checkLinesForErrors function,  the program was appending an error message. The input file causing the program to crash had about 10 errors in it. The error message was about 60 bytes long. The error buffer could only hold 400 bytes.

 

The problem was the strcat function was overflowing the error buffer.  Since this had been allocated further up the stack and was being passed down, the overflow went downward, overwriting into the next stack frame. The program had crashed after this overflow occurred – it dumped core because the memory references by one of the C++ strings had been overwritten, which caused a segmentation fault when one of those pointers was being accessed.

 

In fact, after detecting this, I started looking at the stack frame memory addresses and they looked a little peculiar. If you convert them to their ASCII equivalents, they become part of the error message that was being written to the buffer. For example, the stack frame 8’s address is “0×6863206563617073” is “hc ecaps” when converted to ASCII, and  “space ch” when that string is reversed. This is part of the ERROR_MESSAGE string that was appended into errorBuffer.

 

The fix was quite easy – add a length variable and some bounds checking as shown in code listing 2. One gotcha in the fix was subtracting the 1 byte for the null character, since the buffer is a C-Style String. It turned out that this error had around for quite a while, but went undetected because a typical run of this program would only append one or two records to this error message.

 

To sum things up, buffer overflows can be hard to detect. This was especially true in this case when looking through the core file. If you’re looking one that it appears that the data for the stack frames makes absolutely no sense, a buffer overflow like this one could be the cause of the problem.

Code Listing 1 – Original Code:

#define ERROR_MESSAGE “The specified line is not valid: It contains whitespace characters. “

 

bool checkDataFile(vector<string> dataLines)

{

char errorBuffer[400];

errorBuffer[0]=’\0′;

int errorCount;

if (!processDataFileLines(dataLines, errorBuffer))

{

cerr << “Errors occurred in processing” << endl;

cerr << errorBuffer << endl;

return false;

}

return true;

}

 

bool processDataFileLines(vector<string> dataLines, char * errorBuffer)

{

int errorCount = 0;

bool rc = checkLinesForErrors(dataLines, errorBuffer);

return rc;

}

 

bool checkLinesForErrors(vector<string> dataLines, char * errorBuffer)

{

int errorCount = 0;

for (unsigned int i=0; i<dataLines.size(); i++)

{

if (dataLines[i].find_first_of(” \r\n\t”)!=string::npos)

{

strcat(errorBuffer, ERROR_MESSAGE);

errorCount++;

}

}

return (errorCount == 0);

}

 

 

Code Listing 2 – Corrected Code:

bool checkDataFile(vector<string> dataLines)

{

char errorBuffer[400];

errorBuffer[0]=’\0′;

int errorCount;

processDataFileLines(dataLines, errorBuffer, sizeof(errorBuffer)-1);

if (!processDataFileLines(dataLines, errorBuffer, sizeof(errorBuffer)-1))

{

cerr << “Errors occurred in processing” << endl;

cerr << errorBuffer << endl;

return false;

}

return true;

}

 

bool processDataFileLines(vector<string> dataLines, char * errorBuffer, unsigned int errorBufferLength)

{

int errorCount = 0;

bool rc = checkLinesForErrors(dataLines, errorBuffer, errorBufferLength);

return rc;

}

 

bool checkLinesForErrors(vector<string> dataLines, char * errorBuffer, unsigned int errorBufferLength)

{

const char * message_prefix=foo;

int errorCount = 0;

for (unsigned int i=0; i<dataLines.size(); i++)

{

if (dataLines[i].find_first_of(” \r\n\t”)!=string::npos)

{

strncat(errorBuffer, ERROR_MESSAGE, errorBufferLength – strlen(errorBuffer));

errorCount++;

}

}

return (errorCount == 0);

}

It’s easy to say mobile development is continuing to grow every day with no signs of slowing down. Creating ways for users to access all the features a company has to offer are continuously sought after. With Sencha Touch and PhoneGap, it’s become much easier for developers to create powerful and intuitive applications, for users that can be deployed via the web as well as distributed on the iOS App store or Android Marketplace. The purpose of this blog post is to provide a brief, easy to understand explanation about what each technology does, and how they can work together to create a powerhouse of new elements.

Sencha Touch is a web framework that uses a combination of HTML5, CSS3, and JavaScript to create rich and formable web pages. The combination of these elements brings numerous capabilities that a standard web page cannot. Features include the familiar touch events tap, double tap, pinch, swipe and more. Through your choice of AJAX, JSONP, or YQL accessing sources and storing local data has created more possibilities for web apps. If a news site created a mobile app using Sencha Touch, a user could visit the page from their home internet access, have the articles of the day stored locally, and throughout the day could read their favorite articles without the need of a Wi-Fi network or phone provider’ internet service. One of the great things about Sencha Touch for developers is the code is written once and can be accessed on multiple platforms. Whether it’s a smartphone or tablet, Sencha touch is compatible with any device operating on iOS 3+, Android 2.1+, and Blackberry 6+. The entire library is less than 120kb, making it lightweight, and hardware concerns are less of an issue.

PhoneGap follows the same basic ideas as Sencha Touch. It uses technologies developers are already familiar with and makes them easily distributable to multiple platforms. Once your app is built with web-standards, encapsulate your code in PhoneGap. This allows access to a device’s native API. Depending on the device this could include accessing the camera, geo-location, notifications, and accelerometer, just to name a few. At this point the app has been built, wrapped in PhoneGap to use the fancy gadgets included on your device, and now acts as a native application. The next step available is to submit it to the iOS App Store, or the Android Market. This can significantly increase the number of potential users to the product or service provided.

By themselves Sencha Touch and PhoneGap are two powerful frameworks at a developer’s disposal. A great feature is they can be used hand-in-hand with one another. Where one may be lacking, the other makes up for. Sencha Touch is a fantastic tool for creating web apps but it doesn’t give you access to device functions like the camera and notifications. Because this tool runs as a browser and not as an application, it doesn’t allow you to submit what you’ve created to an applications marketplace. This is where PhoneGap comes into the picture. PhoneGap can be used to encapsulate a Sencha Touch Application allowing your Sencha app to gain access to your devices feature as well as allow your creation to be published to your desired app marketplaces.

Sencha Touch and PhoneGap are tools that have the potential to open the doors for new mobile possibilities that will meet and exceed client expectations.

 

Java 7.0 came up with a number of new features including the Diamond operator in Generics, Strings in switch statement, multi catch exception handling, underscores in numeric literals, Fork and Join and also new File system API (NIO 2.0).

Given below are few new features of Java 7.0 with examples.

Numeric Literals with underscore :

Declaring numeric literals with underscores would have caused a compile error in any previous release of the language, but in Java 7, numeric literals with underscore characters are allowed, which would increase the readability of the code.

However, there are 4 rules that you need to pay attention to while declaring numeric literals with underscore

1. Underscores cannot go at the beginning or the end of a number.

2. You cannot use an underscore on either side of a decimal.

3. The underscore cannot go before an identifying suffix such as F, D or L

4. You can’t put an underscore before or after the binary or hexadecimal identifiers b and x.

 

Below are all declarations cause compiler error-

int one = _1;

int two = 1_;

double three = 3_.14;

double four = 3._14;

double five = 3.14_D;

float six = 3.14_F;

long seven = 12333_L;

long eight = 0_x_0FL;

Use of String in switch Statement:

Prior to Java 7, the condition code in a switch statement had to be a Integer type (long types are not allowed) or enum values. Java 7 allows programs to switch on a String.

Switch example for JDK versions older than 7.0

String activity= “”;

int day_code = 1;

String day = “”;

switch (day_code) {

case 1:

activity = “PT”;

day = “Monday”;

break;

case 2:

activity = “Arts”;

day = “Tuesday”;

break;

case 3:

activity = “PT”;

day = “Wednesday”;

break;

case 4:

activity = “Library”;

day = “Thursday”;

break;

case 5:

activity = “Computer”;

day = “Friday”;

break;

case 6:

activity = “Take Rest”;

day = “Saturday”;

break;

case 7:

activity = “Take Rest”;

day = “Sunday”;

break;

default:

activity = “Error – Please pick a valid day”;

day = “Unknown”;

break;

}

System.out.println(“Activities for “+day+ “is ” + activity);

Switch example for JDK 7.0. Java 7.0 allows String values as switch codes.  You can group cases together to allow for an initialization to occur under multiple conditions.

String activity= “”;

String day = ” Wednesday “;

switch (day) {

case “Monday”: case “Wednesday” :

activity = “You have PT time on Monday and Wednesday “;

break;

case “Tuesday”:

activity = “You have Arts time on Tuesday”;

day = “Tuesday”;

break;

case “Thursday”:

activity = “You have Library time on Thursday”;

day = “Thursday”;

break;

case “Friday”:

activity = “You have Computer time on Friday”;

day = “Friday”;

break;

case “Saturday”: case “Sunday”:

activity = “You can Take Rest on Saturday and Sunday”;

break;

}

System.out.println(activity);

Type Inference and Instantiation of Generic Classes:

JDK versions prior to 7.0 required declaring the types on both sides while declaring a variable using Generics.

Map<String, List<Sale>> sales= new TreeMap<String, List<Sale>> ();

In Java 7.0, you can write the above line of code like this,

Map<String, List<Sale>> sales= new TreeMap<> ();

You don’t have to type the whole list of Types in the right side for instantiation, instead you can use <> symbol, which is called diamond operator.

Automatic Resource Management:

JDK versions prior to 7.0 required resources like Result set , Input stream , Output stream, etc. to be closed by writing standard code which developers usually use.

try-finally block and does the clean up of resources in the finally block.

try {

FileOutputStream fos = new FileOutputStream(“Books.txt”);

DataOutputStream dos = new DataOutputStream(fos);

dos.writeUTF(“Java 7 for dummies”);

} catch (IOException e) {

e.printStackTrace();

} finally {

try {

fos.close();

dos.close();

} catch (IOException e) {

e.printStackTrace();

}

}

In Java 7.0 you can write the above code like this by declaring the resources in the try . You can use multiple resources in the try. In this example FileOutputStream and DataOutputStream are declared in the try , one after another separated by a ; . The resources are released when the control exits the try block.

try (FileOutputStream fos = new FileOutputStream(“Books.txt”);

DataOutputStream dos = new DataOutputStream(fos)){

dos.writeUTF(“Java 7 for dummies”);

} catch (IOException e) {

e.printStackTrace();

}

Improved exception handling:

Java 7 introduced multi-catch functionality to catch multiple exception types using a single catch block.

Given below example invokes a method that throws three different exceptions. JDK versions prior to JDK 7.0 require a developer to catch the 3 exceptions separately in 3 different catch blocks.

try {

//Write your code here

} catch (ExceptionOne e) {

// log error

} catch (ExceptionTwo e) {

// log error

} catch (ExceptionThree e) {

// log error

}

Java 7.0 allows all the three exceptions to be caught in the same catch block

try {

//Write your code here

} catch (ExceptionOne | ExceptionTwo | ExceptionThree e) {

// log error

}