Sina opens App Engine (SAE) service like GAE

Sina opens an App Engine service, named SAE, some while ago, and is now at alpha 2, public for registration in China.

This SAE service is very similar to Google App Engine in that it provides a cloud environment for applications to run on. Unlike GAE, SAE supports the PHP + MySQL combination. This means, potential, more web applications could be migrated to sina app platform. Actually, the famous blogging application, Wordpress, is already migrated. Although flexible, the use of MySQL as a database storage might mean the scalability will not be so good.

Sina App Engine and My SAE App

Trick or Treat, LayoutFocusTraversalPolicy

Have you ever met such focus traversal issue in Java UI applications? By default, LayoutFocusTraversalPolicy is used to determine the sequence of focus traversal. As stated in Java documents, it sorts components based on their size, position, orientation etc.. However, when two identical components are laid at the same position, there will be a focus traversal issue.

A demo is better than a thousand words. Copy the code to a file FocusTraversal.java and compile and run it.

package tsul.example;

import java.awt.BorderLayout;
import java.awt.Container;
import java.awt.Dimension;
import java.lang.reflect.Field;
import java.util.ArrayList;

import javax.swing.JFrame;
import javax.swing.JPanel;
import javax.swing.JScrollPane;
import javax.swing.JButton;
import javax.swing.JTextArea;
import javax.swing.SwingUtilities;

public class FocusTraversal extends JPanel {

    JButton b1 = new JButton("Columns");
    JButton b2 = new JButton("Rows");
    JTextArea content = new JTextArea("Textarea");
    /**
     * This is the main pane
     */
    JScrollPane pane = new JScrollPane();

    public FocusTraversal() {
        super(new BorderLayout());

        pane.setColumnHeaderView(b1);
        // Try to add a duplicate component to pane's header. In such a case,
        // the default
        // LayoutFocusTraversalPolicy won't work properly as expected. The
        // result is we
        // cannot move focus from Columns to Rows by tabling.
        try {
            Field f = Container.class.getDeclaredField("component");
            // bypass default security check
            f.setAccessible(true);
            ArrayList comp = (ArrayList) f.get(pane.getColumnHeader());
            comp.add(b1);
        } catch (Exception e) {
            e.printStackTrace();
        }
        pane.setRowHeaderView(b2);
        pane.setViewportView(content);
        setPreferredSize(new Dimension(600, 400));
        add(pane, BorderLayout.CENTER);
    }

    public static void main(String[] args) {
        SwingUtilities.invokeLater(new Runnable() {

            @Override
            public void run() {
                frame = new JFrame("Focus Traversal Example");
                frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
                FocusTraversal panel = new FocusTraversal();
                frame.getContentPane().add(panel);
                frame.pack();
                frame.setVisible(true);
            }
        });
    }

    static JFrame frame;

}

Step Back Debugging for Java in Eclipse?

In debugging, there are "step into", "step over" etc., but what about a "step back" feature? There are chances that when you hit a "step over" twice by mistake, or when you find out it might be just the previous line which is causing trouble, you just want a "roll back" feature.

Debugging is like traversal on a tree or on a graph. Every breakpoint is a state or a node. In theory, if we save these states, we can step back and forth among any of them. Snapshot, versioning or savepoint can be useful in helping save the debugging states.

There are already such support in C/C++ debuggers like gdb. However, it seems that no Java debugger supports "step back" or "roll back". It would be even nicer if such feature could be included in Eclipse IDE.

Apache: Full Long File Names in Index

There are cases that the default index file in Apache server trimmed your long file name. Instead you'd like to show them in full length. To do this, you can edit the configuration file of your Apache server (httpd.conf). Add "NameWidth=*" to IndexOptions, so that it looks like:

IndexOptions FancyIndexing NameWidth=*

Reference
http://httpd.apache.org/docs/1.3/mod/mod_autoindex.html#indexoptions

SQL: a Cross-Tabular Report with Case, Rollup and Grouping Functions

A Cross-Tabular Report is widely used in computer software. If you keep a journal of expenses, for instance, and by the end of year, you would like to review how much you have spent on each type of goods in a month-by-month view. Or a website administrator would like to know, for each page or URL of website, how many visitors visited using different browsers. These are cases when you need a cross-tabular report. (Definitions of Cross Tabulation or Contingency table.)

So how to generate a cross tab report in just one line of SQL? The idea is to split columns with "CASE" and group rows with "GROUP BY ROLLUP(name)" and decorate the result with "DECODE(GROUPING(name), 1, 'Total', name)".

Here's an Example:

We have a log table:

SQL> select page "Page", brws_type "Browser" from visit_table;

Page            Browser

--------------- ----------

index.htm       FF

index.htm       IE

index.htm       IE

page1.htm       FF

page2.htm       FF

page3.htm       FF

about.htm       FF

about.htm       SF

index.htm       SF

index.htm       SF

index.htm       FF

Page            Browser

--------------- ----------

page2.htm       IE

page2.htm       IE

contact.htm     IE

contact.htm     SF

page3.htm       SF

And now comes the query for cross-tabular report.

SQL> SELECT DECODE(GROUPING(page), 1, 'All pages', page) "Pages",
            COUNT(CASE WHEN brws_type='FF' THEN 1 ELSE null END) "Firefox",
            COUNT(CASE WHEN brws_type='IE' THEN 1 ELSE null END) "Internet Explorer",
            COUNT(CASE WHEN brws_type='SF' THEN 1 ELSE null END) "Safari",
            COUNT(*) count
      FROM visit_table
      WHERE 1=1
      GROUP BY ROLLUP(page)
      ORDER BY count desc;
Pages              Firefox Internet Explorer     Safari      COUNT
--------------- ---------- ----------------- ---------- ----------
All pages                6                 5          5         16
index.htm                2                 2          2          6
page2.htm                1                 2          0          3
about.htm                1                 0          1          2
contact.htm              0                 1          1          2
page3.htm                1                 0          1          2
page1.htm                1                 0          0          1

SQL is a powerful language.

Recent Risks on Internet

1. URL shorten service.
Hidden of advertisements or even worse, malicious websites.
Lost of service if the URL shorten service provider is down or hacked.

2. Websites, especially SNS, request user to provide email login and password in order to add friends.
Do they really need your password to just get a list of your friends?
Even the websites requesting your credentials are trustworthy, you are still at risk. For example, some website can add your friends on MSN or Gtak by requesting your logins and passwords, but your credentials are transferred in plain HTML to them. This means sniffers can get your passwords with ease.
There is no reason to request your password while other methods like oauth are available.

Connection Interrupted (TCP RST) has nothing to do with HTTPS aka HTTP over TLS

A network has layers.

In the TCP/IP model, there are four layers. TCP, UDP belong to the transport layer, while HTTP, SSL/TLS belong to application layer. RST (Reset the connection) is a flag in TCP header as in RFC793. RST vulnerability as well as off-path attacks are disscussed in RFC4953. Basically, if a connection is interrupted, it simply means that there is an accepted TCP package with RST flag set. It could be the server who reset the connection, or it could be an attacker. HTTP over TLS aka HTTPS, RFC 2818, is an application layer protocol. SSL/TLS protocol is used between HTTP and the transport layer. From a transport layer's view, the upper layer applications are served in the same way.

To summarize, TCP RST vulnerability is applicable to HTTP or HTTPS or any other application protocols as long as they rely on TCP connection, but it has nothing to do with application layer protocols.

A link to RFC.