Tuesday, December 20, 2005

The Problem With Java Client Development

I love Java as a language and as a platform. It is a very clear language to understand and there is a plathora of code available on the web for you to put together a relatively complex application together in no time. It has the support of far too many companies to mention here and it also has the seal of approval from Open Software and Free Software developers.

I recently looked up into decompilers for Java programs and I was horrified to see the results. A Java program can be decompiled back into its original source code with very little work. There are many free and commercial decompilers available. I decompiled one of my older programs that I made for a client (who never paid up) and it was converted back into its original source code within seconds.

This prompted me to look up into how I could make sure that my Java programs would be safer from decompilation. There are 3 techniques to do so:

  1. Obfuscation: This is the process of changing the class / method / variable names so that they are not easy to interpret once decompiled. It does not stop decompilation though, just makes it slightly more irritating for the one who is trying to decompile your code. But keep in mind that it does not change the names of the core Java API packages/methods etc. So your algorithms are pretty much given away to the one hacking your code.

  2. Compilation to Native Code: You can compile your Java code to Windows or Linux native code like for a C/C++ program which can be decompiled but not easy to make sense of the decompiled code. A person like me will not be able to do it. Two programs used by programmers are the commercial Excelsior JET and the open source GCJ. Excelsior JET has licenced the J2SE code from Sun Microsystems so your code will not break at all. GCJ still lacks a lot of J2SE packages and classes (e.g. there still no AWT implementation). So your code will break a lot.

  3. Light-Weight Clients: This is a client / server approach for applications where the actual bulk of the program logic resides on a server and the client is mainly used for display purposes. So if the end user decides to decompile the Java client the most he will get out of it is the code for displaying. He will not be able to alter how the logic of the program actually works. This might be perfect for enterprises that will deploying the application in an intranet environment but it is not sufficient for standalone everyday use applications like editors, mail clients etc.

Come to think of it all those free applets out there can be easily decompiled, code changed, your company logo added and then served on your own webpage without anyone ever finding out.

I think Sun Microsystems should provide a free compile to native code compiler with their SDK for people who want to keep their source code safe from hacking attempts.

Saturday, October 15, 2005

VB6 May Live If...

I have just completed 2 projects recently using VB6. I know that using .NET is the IN thing but the client's required it. A programmer's best friend is Google, to search the net looking for an explanation for why a bug is occuring or trying to find out how to implement a certain feature or maybe find free code lying around on the net to directly embed into their own.

When working on these VB6 projects I realized that a lot of VB6 code is now available for free on the net compared to what was out there just a year back. So many sites are giving away complete VB6 code, its just plain crazy. Work that used to take me months can now be done within days as the code for most of the features that you can think of is available for free downloads.

Maybe I did not notice this because I was lost in the world of Java for a while now. But I believe that there are people out there who are trying to keep VB6 alive. Free code for it being available on so many sites definitely means that there is a demand for it.

I feel that if a company were to invest into creating a VB6 clone, it would definitely sell. Better yet, if it could be made to be cross-platform compatible, it would sell like hotcakes. Cross-platform compatibility would mean that old VB6 programs cannot be compiled for other platforms, but it would mean that VB6 programmers can use their coding skills to develop for other platforms. One Open Source project to note is GAMBAS which is "... a free development environment based on a Basic interpreter with object extensions, like Visual Basic™ (but it is NOT a clone !) ..."

I am not trying to ditch VB.NET. I use it and its a great language. But consider the VB6 programmers all around the world who are being forced to let go of their beloved language to move to a COMPLETELY NEW language. I was able to cope because of my strong background in OOP from Java.

Think about all the programmers who could not update their knowledge to VB.NET and lost their jobs. I can hear the smart remarks of some programmers "that means more money for us". I would simply like to say to them "your time will come as well".

Thursday, May 12, 2005

Make Windows look like MacOS X

I have been using Windows XP on a laptop with 256 MB RAM for a while now and have always thought to myself "Windows XP is killing my RAM, I wish I could have the base OS use less of it". Uptill now I was tweaking XP by minimizing processes running in the system tray and shutting down unwanted services, but the base OS would take upto 170 MB. This was mostly due to Windows Explorer.

Last week I came across LiteStep, an alternative to Explorer that takes far less resources and can do wonders with the way your desktop looks. I have also installed a bunch of other utilities on my laptop and now when my laptop is booting it shows up a Mac OS X logo during the boot up process, the logon screen has been replaced by a nice Firefox logon screen and the desktop looks almost exactly like that of the Mac OS X. When I showed it to a friend, he thought I had installed MacOS X on my laptop. This is the by far one of the geekiest things I have done on Windows.

MacOS on XP 01

MacOSX on Win XP

Best of all I was able to do all this using free and Open-source software, no need to pay for it.

To change your desktop to act like Mac OS X get the following:
1) LiteStep installer (works with both Win 2k and Win XP)
2) MacOS X theme for LiteStep
Browse on ls-universe and WinCustomize.com for other LiteStep themes.

LiteStep changes the desktop but it does not change the window decoration, ie. the window title, minimize, maximize buttons. To set the window decoration to look like Mac OS X get the following:
1) UXTheme Multi-Patcher (Neowin Edition) 2.0.exe
2) Macintosh Theme for Win XP (you can use this without the need for LiteStep)
Browse on belchfire.net for other Win XP Window Styles.

To change the boot screen and logon screen you will need:
1) LogonUI Boot Randomizer
2) Boot file showing Mac OS X
3) Logon screen with Firefox (I have not found a screen to mimic Mac OS X yet)
Browse on belchfire.net for other Boot and Logon screens.

This is not meantto be a tutorial. I am merely providing direct links to the files needed. When you install, most of it will be straighforward. There are some directions also given within the files. Details of installation can be found at belchfire.net and ls-universe.

Wednesday, April 6, 2005

Death of Visual Basic 6

With the arrival of the new Visual Studio, Visual Basic 6, the programming language loved and used by programmers all around the world especially in the Finance Industry, will come to its end. Microsoft will no longer have support for the language in their Software Development IDE Visual Studio. Visual Basic was one of the easiest languages to get used to and allowed its users to build a fairly complex application up and running in no time.

I myself started real programming using ASP which is VB for web development and love dit right away. It was simple to learn and all the tools needed were right there free with my Windows 2000 installation, except for the Visual Studio IDE. Then I moved to application development with VB6 and then also did a whole bunch of VBA work. I have created numerous small utilities using VB6 and MS Office in my time to make repetitive tasks easier for people working on my network.

Microsoft claims that their migration tools can convert old VB6 source code to VB.NET code flawlessly, but if you search the web for what people have to say about that, you will find that its not as simple as Microsoft would like you to think it is. I came accross this article "Microsoft MVPs Say They Want Old VB Back" today and though I would put it up here. Its about a team of companies who are not happy about the death of VB6. They claim that their applications could not be translated to VB.NET using the migration tools that Microsoft has provided and are asking Microsoft to extend their support of VB6.

While I was in London in 2003 I found out from some fellow programmers who were working in the Financial industry that VB6 was very hot. Everyone was using it for financial analysis, reporting, mostly using Excel and VBA. But at that time I also noticed a lot of Java jobs opening up in the Financial sector. There seemed to be a huge move by them towards J2EE solutions.

I guess a lesson to learn from this for me is that when an enterprise decides to develop software for their internal use that they know will become a crucial part of how their business runs, they should make it a point to choose technologies that are universal and ones that will not lock them into a single vendor.

Like in the case of VB6, now that Microsoft has decided to kill it, all enterprises that are dependant on software that has been developed using VB6 are doomed. Their software cannot be updated for future versions of Windows or processors. There are rumours that with the new version of Windows, programs that have been compiled for previous versions of windows might not run at all. This has happened in the past. When Microsoft moved from Windows 3.1 to Windows 95, a lot of software broke down.

Monday, March 7, 2005

What is an Application Server?

A friend recently asked me about the difference between an Application Server and a regular server program that is created using sockets in Java or C/C++. I explained to him that when a developer creates a regular server that locks on to a port listening to client requests, he is in charge of everything that the server program does. This sounds good at first since the developer is free to do whatever he wishes, but when creating an advanced and sophisticated piece of software that has requirements for clustering support, database connection pooling, web services, standards compliance, cross-platform deployment, database abstraction, webpage serving etc., the developer would go crazy trying to implement all of them on his own.

But one could also argue that all these advanced features can also be implemented using bits and pieces from different libraries/packages developed by different vendors and open-source projects. A C/C++ developer could use the Beowulf libraries for clustering, DBStep for database abstraction and so on. A Java developer can use JDBC for database abstraction, use elemenope for scalability and client/server messaging, Apache Axis for web services, Apache Tomcat for serving dynamic webpages etc.

Now using these different libraries does solve the purpose but they create new problems. There is no integration between these various libraries therefore each library has to be managed seperately. If tomorrow Apache Axis decides to make an update to their software and the developer wants to use the updated version as part of his software, the new version might interfere with a part of the elemenope code.

An integrated environment is one where all the sub-parts have been designed specifically to work together and not to interfere with each other's work. An application server gives you just that; an integrated set of libraries that work together to give developers a platform that provides all the functionality they need to create an advanced application.

But what about all the different Application servers out there, for Java, XML, PHP etc. Whats the difference there or why should a developer use one over the other. And why should a company opt for an expensive commercial application server when he can use an open-source alternative. I came across this article on the SYS-CON website which has the highlights of just such a discussion.

Thursday, February 24, 2005

Java Open Source Projects List

I came across a very good article highlightling a lot of mature and major Open Source Java projects that are being used in companies around the globe, and I thought I would share it on my blog. Go to "Opening Up Java Projects to Open Source" and read all about it.

The existence of so many Open Source projects based on Java is also a proof for it being a Mature language that can and should be used to develop applications.

Tuesday, January 25, 2005

Open Source Java App Servers

The world of Java Application servers has been very confusing, so many to choose from. Now more and more open-source versions are popping up. Most of them are based on efforts by the Apache Foundation who have worked hard on creating the base components required by a Java Application and Web server. They started with Tomcat which served as the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. Based on Tomcat a whole plathora of servers were born.

JBoss is probably the most widely used and J2EE compliant Java server around. Its core is based on Tomcat.

A while ago I saw Jetty which is 100% java and is a FAST JSP and Servlet server, 350 kb is size.

Today I found Gluecode JOE, which has an open-source version as well as a FREE Standard version which has clustering support. It also relies heavily on Apache-based open-source software. The Apache Geronimo application server is its core, it uses Jetty as the web/servlet server, uses the Apache Pluto portal framework and Apache Derby as the default database. With the Standard edition you get an Enhanced Management console and optional clustering support.

Apache Geronimo is the J2EE server project of the Apache Software Foundation. Its currently passes Sun's TCK for J2EE 1.4. More on this later.

Monday, January 17, 2005

Snooping on other computers

I just found out about how packet sniffing is done and found some really good packet sniffing software. First of all what it is:

In a shared Ethernet environment, all hosts are connected to the same bus and compete with one another for bandwidth. In such an environment packets meant for one machine are received by all the other machines. Thus when a machine Venus wants to talk to Cupid in such an environment, it sends a packet on the network with the destination MAC address of Cupid along with its own source MAC address. All the computers on the shared ethernet compare frame's destination MAC address with their own. If the two don't match, the frame is quietly discarded. A machine running a sniffer breaks this rule and accepts all frames. Such a macine is said to have been put into promiscous mode and can effectively listen to all the traffic on the network. Sniffing in a Shared Ethernet environment is totally passive and hence extremely difficult to detect.

Taken from Sumit Dhar's Page.

What this means is that anyone on your network has the power to see what you are watching. I wanted to test this so I looked around for programs for Windows and found a good list on Tech FAQ here.

I then downloaded Ethereal and found out that I could read complete images and html files being sent by other users on our network by scanning our Proxy server and our router and even by targeting individual computers. I could see whole html docs. Ethereal also allowed me to save files being downloaded. I tried saving a JPG file and I was able to save it to my desktop and open it.

I always used to think that snooping on other PCs was an art for only very experienced hackers, but now looking at this program it seems like any Tom, Dick and Harry can virtually steal any of my passwords being sent in plain text over the network. This can happen when you sending login info on a webpage not using SSL, or when starting ftp/telnet sessions etc. I did a test run when logging into this blog and Ethereal was able to show me the login and password my browser sent to the Blogsome server as an HTML POST request.

I did notice though that since we are using Smart Switches on our network, and my PC is connected to one of the smaller slave switches on the network, I am not able to recieve all network traffic. But if my PC was connected on one of our Master switches or even better the switch where the ADSL router and proxy server are connected, I could really mess around with other people's data. hmmmm.......

Monday, January 10, 2005

Java Development directly from a CD

I came across the best thing for Java developers while surfing the net last week. A Live CD with Java development tools on it, Pollix. Just boot your computer using this CD and you have J2SDK 1.4.2 + Eclipse + Netbeans + BlueJ + a whole lot of other dev tools with a complete Linux GUI OS.

Plus it already has Java servers like Tomcat and JBoss installed and ready to run as well. No more installation nightmares for newbees who just want to learn.

Who would want to use this. Well if you are a student and:

  • you want to have the best Java dev tools all on one CD

  • you need to show off your Java work in a presentation using someone else's PC

  • your netwrok admin has allowed people to boot PCs from a CD, you can have your whole development environment on a CD and can start working using any PC; you will not care about what is preinstalled on the PC itself.

This is also a great tool for Java teachers to recommend to their students. I have come across a lot of Java newbies who have trouble even setting up environment variables. I think this is a very good resource for teachers and students alike.

I have seen very often that in universities and schools the sysadmin installs Windows on all machines and students do not get a chance to see Linux at all. I think Live CDs is about to change all that. Its all about spreading the word.

Sunday, January 9, 2005

Full Linux OS without Installation

Linux Live CDs have been around for a while now, still I meet so many people who have never heard of them. I just met a friend who has been working on cross-platform C/C++ development for over a year now and is the Linux guru at his office but he had never heard of them.

In short, a Live CD is a bootable CD that brings up a full working operating system without installing anything on the PC’s hard drive. A good list of Live CDs is given here. For me it started with Knoppix which is full Linux OS with the KDE GUI desktop, OpenOffice, plus loads of software all running directly from the CD.

Knoppix is the parent of a lot of other Live CDs, so on a lot of LiveCD websites you will find the words “Knoppix spin-off”. You see what Knoppix achieved over other Live CD distros was its awesome ability to detect hardware automatically without bothering its user. It works great with even laptops. It also has 3GB worth of software compressed into one CD. If you are new to LiveCDs, please start with Knoppix.

So one might ask, why a LiveCD? I have seen different answers to this question on the net. I actually like the idea of carrying around my whole operating system with me on a CD and a USB disk to save my work. I am also a sysadmin. I know how often PCs go down. Norton Ghost has saved my life millions of times, where the same OS image file could be installed on various similar systems without any problems; configure once, install everywhere. With Live CDs I can configure once, run anywhere … without installation.

My intranet PDC server went down last week, filesystem got corrupt. I had my user/group/password, Samba, cups scripts all backed up. I just put in a live STUX Linux CD, booted into the OS, kept the scripts and files in their relative places and viola .. the server was back up again in 10 minutes. A reinstallation would have taken hours.

I plan to post more of my findings in LiveCDs as time goes on. So keep coming back for more …