Thursday, May 8, 2008

JavaOne - Day four

Top 10 Patterns for Scaling Out Java Technology Based Applications - Cameron Purdy

#10 Understand the problem

#9 Define the requirements

#8 Architecture trumps technology

#7 Understand the basics

#6 Visualize the network

#5 Visualize the design

#4a Plan for overload

#4b Partition for scalability

#3a Plan for failure

#3b Replicate for availability

#2 Tier where it makes sense

#1 Simplify

It's still a balancing act. Reliability, durability, scalability, latency...

Advanced Web Application Security - Jeremiah Grossman, Joe Walker

Practical advice: the best we can do is slow down the bad guys from getting into our websites.

CSRF - Cross Site Request Forgery

  • Forcing users to log off and checking referrer headers help.

  • The only complete solution is to include an authentication token in the body of EVERY request.

JavaScript hijacking

  • JavaScript lets you re-define almost anything

  • JSON must be used properly - especially wrap data with {...} and wrap keys in ''

XSS - Cross-site Scripting

  • At risk any time user submitted content that could contain scripts is allowed

  • Filter content both on the way in and on the way out

Web worms

  • Grows faster than email worms

  • If site isn't 100% secure against CSRF & XSS, users can attack their "friends" with scripts

  • Samy hacked MySpace profile to add friends and update profile with worm. 1 million users infected in one day.

Programming with Functional Objects in Scala - Martin Odersky

Scala is the Java programming language of the future. It's interoperable with Java environment, and "is just another Java library".

What is it? It's a scripting language, a composition language, an object-oriented language, a functional language. What amazed me is the ability to implement new control structures. Now that's a "dynamic" language.

Compared to Java:

Patterns for Integrating Java and JavaScript Technology: Tales from the Front Lines - David Caldwell

JSR 223 & Rhino

Patterns from most to least JavaScript code

  • JavaScript with Java as necessary

  • JavaScript with parts in Java

  • Java with parts in JavaScript

  • Java with JavaScript as desired

Seems somewhat useful to me, but messy. If you ever get lost doing HTML/JavaScript/Java in a JSP, well... I don't know what to say. Change career to fashion modeling or something.

Pimp My Build: 10 Ways to Make Your Build Rock - Conor MacNeill, Matt Quail

  1. Use Imports

  2. Use macros and presets

  3. Don't build stuff you don't need

  4. Spice up your build

  5. Don't be afraid to write tasks

  6. Use scripts

  7. Use conditional tasks (using ant-contrib tasks)

  8. Don't do one-off analysis

  9. Document your build

  10. Maven best practice tips

Maven best practice tips

  • Use a remote repository proxy - Archiva

  • Create a local repository for private artifacts - your own and missing 3rd party artifacts

  • Local repository for public artifacts

  • You need to manage your build infrastructure

Spice up your build

  • Add a splash image

  • Add some sound - blame train toot when the build fails

Amazon Code Ninja Puzzles

New puzzle for each day they were at the JavaOne Pavilion. Since I'm bringing these home, here are some hints.

Puzzle #2: "x % y" What happens when y is a negative number?

Puzzle #3: Bits '&' binary.

#2 is not much of a hint. Actually not a hint at all. I just felt like I needed to know it for solving the puzzle; it didn't help.  ;-)

No comments: