Thursday, December 24, 2009

Step Back Debugging for Java in Eclipse?

In debugging, there are "step into", "step over" etc., but what about a "step back" feature? There are chances that when you hit a "step over" twice by mistake, or when you find out it might be just the previous line which is causing trouble, you just want a "roll back" feature.

Debugging is like traversal on a tree or on a graph. Every breakpoint is a state or a node. In theory, if we save these states, we can step back and forth among any of them. Snapshot, versioning or savepoint can be useful in helping save the debugging states.

There are already such support in C/C++ debuggers like gdb. However, it seems that no Java debugger supports "step back" or "roll back". It would be even nicer if such feature could be included in Eclipse IDE.

Wednesday, December 16, 2009

Apache: Full Long File Names in Index

There are cases that the default index file in Apache server trimmed your long file name. Instead you'd like to show them in full length. To do this, you can edit the configuration file of your Apache server (httpd.conf). Add "NameWidth=*" to IndexOptions, so that it looks like:

IndexOptions FancyIndexing NameWidth=*


Saturday, December 12, 2009

SQL: a Cross-Tabular Report with Case, Rollup and Grouping Functions

A Cross-Tabular Report is widely used in computer software. If you keep a journal of expenses, for instance, and by the end of year, you would like to review how much you have spent on each type of goods in a month-by-month view. Or a website administrator would like to know, for each page or URL of website, how many visitors visited using different browsers. These are cases when you need a cross-tabular report. (Definitions of Cross Tabulation or Contingency table.)

So how to generate a cross tab report in just one line of SQL? The idea is to split columns with "CASE" and group rows with "GROUP BY ROLLUP(name)" and decorate the result with "DECODE(GROUPING(name), 1, 'Total', name)".

Here's an Example:

We have a log table:

SQL> select page "Page", brws_type "Browser" from visit_table;

Page            Browser
--------------- ----------
index.htm       FF
index.htm       IE
index.htm       IE
page1.htm       FF
page2.htm       FF
page3.htm       FF
about.htm       FF
about.htm       SF
index.htm       SF
index.htm       SF
index.htm       FF

Page            Browser
--------------- ----------
page2.htm       IE
page2.htm       IE
contact.htm     IE
contact.htm     SF
page3.htm       SF

And now comes the query for cross-tabular report.

SQL> SELECT DECODE(GROUPING(page), 1, 'All pages', page) "Pages",
            COUNT(CASE WHEN brws_type='FF' THEN 1 ELSE null END) "Firefox",
            COUNT(CASE WHEN brws_type='IE' THEN 1 ELSE null END) "Internet Explorer",
            COUNT(CASE WHEN brws_type='SF' THEN 1 ELSE null END) "Safari",
            COUNT(*) count
      FROM visit_table
      WHERE 1=1
      GROUP BY ROLLUP(page)
      ORDER BY count desc;
Pages              Firefox Internet Explorer     Safari      COUNT
--------------- ---------- ----------------- ---------- ----------
All pages                6                 5          5         16
index.htm                2                 2          2          6
page2.htm                1                 2          0          3
about.htm                1                 0          1          2
contact.htm              0                 1          1          2
page3.htm                1                 0          1          2
page1.htm                1                 0          0          1

SQL is a powerful language.

Wednesday, November 25, 2009

Recent Risks on Internet

1. URL shorten service.
Hidden of advertisements or even worse, malicious websites.
Lost of service if the URL shorten service provider is down or hacked.

2. Websites, especially SNS, request user to provide email login and password in order to add friends.
Do they really need your password to just get a list of your friends?
Even the websites requesting your credentials are trustworthy, you are still at risk. For example, some website can add your friends on MSN or Gtak by requesting your logins and passwords, but your credentials are transferred in plain HTML to them. This means sniffers can get your passwords with ease.
There is no reason to request your password while other methods like oauth are available.

Saturday, October 17, 2009

Connection Interrupted (TCP RST) has nothing to do with HTTPS aka HTTP over TLS

A network has layers.

In the TCP/IP model, there are four layers. TCP, UDP belong to the transport layer, while HTTP, SSL/TLS belong to application layer. RST (Reset the connection) is a flag in TCP header as in RFC793. RST vulnerability as well as off-path attacks are disscussed in RFC4953. Basically, if a connection is interrupted, it simply means that there is an accepted TCP package with RST flag set. It could be the server who reset the connection, or it could be an attacker. HTTP over TLS aka HTTPS, RFC 2818, is an application layer protocol. SSL/TLS protocol is used between HTTP and the transport layer. From a transport layer's view, the upper layer applications are served in the same way.

To summarize, TCP RST vulnerability is applicable to HTTP or HTTPS or any other application protocols as long as they rely on TCP connection, but it has nothing to do with application layer protocols.

A link to RFC.

Wednesday, October 14, 2009

Migrate from Goolge Pages to Appengine

Migration without losing any data.

When it comes to Google Pages, will you opt-out or do nothing and wait for your pages to be migrated to sites smoothly? We can wait, but at a cost. Google Sites do not provide equal or more features than Pages do. No custom Javascript; no uploaded HTML; limited layouts, themes. It dose not seem possible to migrate without losing any data. Even the appearance will change. So, where else can we migrate to?

Our choice is Appengine.

  • Powerful.
  • From the same vendor.

  • Technical skills required

Step by step migration:
  1. Download your pages as a zip from Google Pages
  2. Create a new appspot handle
  3. Download appengine SDK from
  4. Create a new project
  5. Configure the project
  6. Unzip pages into static content directory
  7. Test on localhost
  8. Deploy to appspot
  9. Test with http://<your-handle>
  10. (Optional) Bind your domain

The long waited automatical migration from Pages to Sites is still not done! Is Google waiting for everyone to opt-out? The magic is a rumor.
Option 1 - Do nothing, and your pages will automatically be moved to Google Sites

  • We'll set up the new site and move your pages for you.
  • Visits to your URL will redirect to your new site.
  • Note that Google Sites does not support custom JavaScript or CSS in its pages.
Option 2 - Opt out of the move, and take your pages to a new location

  • Download your site.
  • Once you've moved your site to its new location, opt out of migration by setting up a redirect below.
Let's wait and see.

A History of man-made Lunar Impact

Hit the Moon

An incomplete list of lunar impact by human being.

2009.10.9 7:31 EDT

2009.03.01 16:13 CST
嫦娥一号 ChangE1

The Moon Impact Probe

2006.9.3 05:42 UT

Tuesday, September 29, 2009

Distinguish the two words in reCAPTCHA

reCAPTCHA is a great idea, but people can `easily` distinguish the known word from the unknown one.

Saturday, September 26, 2009

Moebius Gears

Here's a picture of Moebius Gears.

Look cool? If you are on a Linux box, you might already have a lively demo installed. For Ubuntu users, it is located at /usr/lib/xscreensaver/moebiusgears.

Press Alt+F2 and type /usr/lib/xscreensaver/moebiusgears and run!

The xscreensaver source code could be downloaded from here.

Wednesday, September 23, 2009

The Risk of OpenID

OpenID seems a promising standard for user authentication. If service providers support OpenID, users can login without creating another pair of account and password. Ideally, a user need only remember one pair of account and password. However, such convenience comes at a cost. The only pair of account and password or the OpenID provider becomes a Single Point Of Failure. If you ever forgot your password or the Identity Provider withdrew your account because you didn't login in the past three months, you will have no way to login to any of the services. Here, we assume that the service providers only accept authentication from OpenID providers. This also applies to other forms of third party authentications.

For users, care should be taken on choosing OpenID providers. Users should keep their OpenID account active and secure the password. For service providers, they should allow other ways of authentication besides OpenID. Users should not lose the service if they lose their OpenID.

OpenID is not that open, not even as open as telephone numbers which could be transfered among telephone service providers.

Saturday, March 21, 2009

Inventions: Fancy Disk Copier and Fancier Copy Dragger

Here are our two new inventions: the Fancy Disk Copier and the Fancier Copy Dragger.

The Fancy Disk Copier is a CD/DVD copy machine. It works like a photo copier. You put in a source CD/DVD, and press "COPY"; the copy CD/DVD will come out instantly. Unlike a photo copier, the Fancy Disk Copier will copy with absolutely no loss of quality. The differences between copies and the original CD/DVD is not distinguishable by anyone except the Fancy Disk Copiers. This will, hopefully, prevent copyright abuse.

Our second invention, the Fancier Copy Dragger, is a dragging controller of copy speed. The Fancier Copy Dragger not only supports dragging forward at any pace, but also enables user to drag back in case a user would enjoy the copy process again. What's more, the Fancier Copy Dragger allows users to undo all copies by dragging to the very beginning. Those undo-ed CD/DVDs can be used as if they are new ones. Unlike photo copiers, hundreds of pieces of paper got wasted once any error occurred. The Fancier Copy Dragger will help protecting our environment.

Thanks for your interest in our new inventions. We will send out our "beta" products to selected users starting from next week. Get involved.

Thursday, January 1, 2009

Happy New Year 2009

Today is January 1st, 2009. The sun raises as usual, but there's a leap second added after GMT 23:59:59 Dec. 31, 2008. At that time spot, you might notice something like XX:59:60. XX depends on your timezone. If you are using Beijing time, it should be 07:59:60, and if you locate in central America, it should be 17:59:60.