Friday, November 23, 2007

Wifi at Changi Airport

I just checked out the free internet terminals in Changi Airport. Few of them run secured version of Internet Explorer. I was also able to use "Wireless@SG", the free island wide wireless at Changi. The speed was amazing. I had to download JavaDoc for JDK 1.5. It completed in 12 minutes. If you are not aware, JavaDoc for JDK 1.5 is 150MB.

IT Security Awareness Day 2007 at Singapore Poly

I gave a talk on WebSecurity at Singapore Poly at the IT Security Awareness Day Event. Around 300 students attended the event, and most of them were school kids. I mostly spoke about Johnny's Google Hacking Database, and little bit about XSS. Justin Lister from InterSect Singapore also spoke at the event. He organized a simple game to explain Phishing. Thanks to Samson, and Cecil for organizing the event.

Sunday, November 18, 2007

Lunch with David Axmark, Co-founder of MySQL

David Axmark, the Co-founder of MySQL was in Singapore today. The local MySQL interest group meet along with David at GeekTerminal for lunch. David patiently answered variety of questions relating to BitKeeper, GIT, SpikeSource's testing framework , Enterprise version of MySQL, SQLite, India, SQL Injection, etc. Thanks to Wong for organizing the event.

Saturday, November 17, 2007


Social networking has grown a big way. FaceBook has taken social networking to a different level. UandMe is a mobile social networking application build by Locatrix. UandMe goes one step further, by integrating with GPS. With UandMe, you can know where your friend is, find a near by restaurant to meet with your friend, create alerts for various events, etc. Location based advertisement is also possible when you integrate with GPS. I guess UandMe will change the way people meet, dine, work etc. I was privileged to meet with Mark White, the founder of Locatrix. He was also kind enough to demonstrate UandMe.

Security Related Groups in Singapore

1) LinkedIn Group for OWASP
2) OWASP-Singapore mailing list
3) Security Meetup - Singapore == Next meeting on 13th Dec 2007.

Thursday, November 15, 2007

OWASP Meeting at GeekTerminal Singapore

Two days back, I attended the second OWASP-Singapore (Open Web Application Security Project) meeting at Geek Terminal. Six people turned out and we had three different presentations. Michael Boman spoke about "Overcoming USB (In) Security". He also demonstrated Lock Picking. Wong from Resolve spoke about ILDP Strategies. Later we discussed about MMORPG hacking. We discussed about SecondLife hacking, gaming client hacking, gaming logic exploitation, etc . We also discussed about developing a framework to test and prevent Game Hacking. Later we discussed about websecurity. The whole meeting went for around 3 hours. I wish more people join.

Tuesday, November 13, 2007

Singleton Vs Static

Singleton, MVC and Factory patterns are the design patterns I use very often. I also use static classes, more often than Singleton, but static classes are not design patterns. For every implementation of Singleton, one can come out with an alternate implementation with static classes. Lot of critics argue that Singleton is not the right way to program, and it is an anti-pattern. Singleton patterns can be considered as substitutions for global variables, and they are most useful when you want to use the same instance all over your program. Using one object ( say of type Class A) to manage instances of a different class (say Class B) , and providing all functionalities using the objects of Class B is obviously a better coding practice. This is a better replacement of Singleton pattern, compared with static classes. Here is an interesting discussing I'd with Cybereal at Cybereal explains why Singleton is a bad wrt to dependency injection.

(12:03:11 AM) codeshepherd: cybereal .. Aren't Singleton the best suitable implementations for Database connection pooling ?
(12:03:43 AM) codeshepherd: In a more general way... Singletons are best suitable to manager global variables..
(12:03:53 AM) cybereal: singletons *ARE* global variables, basically
(12:03:56 AM) cybereal: and that's why they are bad
(12:04:24 AM) cybereal: codeshepherd: you shouldn't need to use a singleton to use the same resource across a program
(12:04:50 AM) cybereal: but because people are lazy about typing and passing on dependency information to instantiated objects, you find they will lean towards singletons to do little more than save some keystrokes
(12:05:01 AM) cybereal: It's really hard to justify it for any other reason
(12:05:41 AM) cybereal: codeshepherd: despite being an anti-pattern, it does get used frequently so you'll still need to know how to deal with it, and sometimes to work around them
(12:06:02 AM) cybereal: at least in java if you really need to you can bury a singleton in a separate classloader instance
(12:06:13 AM) codeshepherd: So how will you implement a Database connection pool? Just a static class ?
(12:06:30 AM) cybereal: no, a regular class that you pass around to all the new instances of other classes that need to know about it
(12:06:44 AM) cybereal: like handing out invitations to a party
(12:06:58 AM) cybereal: you don't hand out houses with those invitations, and people aren't expected to figure out the address themselves
(12:07:06 AM) codeshepherd: then.. some dumb guy who comes tomorrow will start creating instances of the regular class..
(12:07:13 AM) cybereal: it won't matter
(12:07:24 AM) cybereal: but even so, if he's dumb he's gonna do dumb things :)
(12:07:34 AM) cybereal: you shouldn't write bad code just to try and protect from dumb coders
(12:07:54 AM) cybereal: but the point is you should be able to have more than one in the same vm, and not have them hurt each other
(12:07:56 AM) codeshepherd: It is really a debatable issue..
(12:08:54 AM) cybereal: codeshepherd: you probably won't really see it this way until it eventually comes back to bite you in the ass as it has me :)
(12:09:08 AM) codeshepherd: I still agree with the fact that.. you let one class (A) provide all functions.. and another class manage instances of Class A.. .. that looks more clean..
(12:09:33 AM) cybereal: you're making a mistake of thinking a class should ever be in charge of anything
(12:09:37 AM) cybereal: INSTANCES of classes should
(12:09:43 AM) cybereal: classes are blue prints
(12:09:54 AM) codeshepherd: hmm.. ok....
cybereal cybereal
(12:10:19 AM) codeshepherd: interesting argument.. thanks a lot cybereal
(12:10:28 AM) cybereal: nothing stops you, as I already described, from sharing a single instance of a class across your whole app
(12:10:50 AM) cybereal: you get what you want from a singleton without the limiting factors, and all it takes is a little longer parameter list in constructors :)
(12:11:18 AM) codeshepherd: ok.. I guess I will realize it better when it bites me back..
(12:11:24 AM) cybereal: hehe ok

Monday, November 12, 2007

GMail's POP and SMTP service.

GMail's POP and SMTP service have been giving lot of troubles lately. Very often, I'm not able to send out mails via SMTP, and downloading new mails occurs at snails pace. Many others have reported the same problem, and I hope Google fixes it very soon. Email is an essential service, and use web interface for checking emails can be tedious if you have dozens of email accounts with a variety of service providers.

Tuesday, November 06, 2007

Red Black Tree

TreeSet is an implementation of Red-Black Tree in Java. It implements the Set and Collection interface. Here is a short yet excellent video on adding new nodes to TreeSet.

Friday, November 02, 2007

Barcamp - Brisbane, Australia.

I'm planning to fly a bit early for OSDC, so that I can also attend Brisbane Barcamp. It is on Saturday, 24/11/2007. I'm planning to talk there on websecurity. I'm also looking forward to meet David Novakovic, a Computational Linguistics researcher and geek from Gold Coast. He will also speak about his new technology incubator. Click here for complete list of talk at Brisbane Barcamp. Let me know if anyone else is also planning to attend.

Design Patterns by Codingkriggs

Codingkriggs has excellent set of videos on Design Patterns. I wish he continues making videos :)