Tuesday, March 25, 2014

List vs ArrayList


List is an interface and ArrayList is an implementation of the List interface. 
The arraylist class has only a few methods in addition to the methods available in the List interface. 
There is not much difference in this. 

The only difference is, you are creating a reference of the parent interface in the first one and a reference of the class which implements the List (i.e) the ArrayList class in the second.
 If u use the first, you will be able to call the methods available in the List interface and you cannot make calls to the new methods available in the ArrayList class. Where as, u are free to use all the methods available in the ArrayList, if u use the second one.

http://www.javabeat.net/difference-between-list-and-arraylist/

List list = new ArrayList or ArrayList list = new ArrayList

  •  List list = new ArrayList  or    ArrayList list = new ArrayList

to decouple your code from a specific implementation of the interface
When you write your code like this:

List list = new ArrayList();
 
the rest of your code only knows that data is of type List, which is preferable because it allows you to switch between different implementations of the List interface with ease.


For instance, say you were writing a fairly large 3rd party library, and say that you decided to implement the core of your library with a LinkedList.
If your library relies heavily on accessing elements in these lists, then eventually you'll find that you've made a poor design decision;
you'll realize that you should have used an ArrayList (which gives O(1) access time) instead of a LinkedList (which gives O(n) access time).
Assuming you have been programming to an interface, making such a change is easy.

You would simply change the instance of List from,

List list = new LinkedList();

to

List list = new ArrayList(); 

you have written your code to follow the contract provided by the List interface.

if you had implemented the core of your library using

LinkedList list = new LinkedList()

making such a change wouldn't be as easy, as there is no guarantee that the rest of your code doesn't make use of methods specific to the LinkedList class.
the choice is simply a matter of design

http://stackoverflow.com/questions/9852831/polymorphism-why-use-list-list-new-arraylist-instead-of-arraylist-list-n

Monday, March 24, 2014

Java ArrayList

  • Java ArrayList

 Java class ArrayList(java.util.ArrayList) is a fast and easy to use class representing one-dimensional array.
 ArrayList is not synchronized i.e. using it in more that one thread may cause problems.

 ArrayList class provides methods for basic array operations:

    add( Object o ) - puts reference to object into ArrayList
    get( int index ) - retrieves object reference from ArrayList index position
    size() - returns ArrayList size
    remove( int index ) - removes the element at the specified position in this list. Shifts any subsequent elements to the left and returns the element that was removed from the list.
    indexOf( Object o) - finds the index in this list of the first occurrence of the specified element
    clear() - removes all of the elements
   
    http://www.anyexample.com/programming/java/java_arraylist_example.xml

Tuesday, March 4, 2014

Spring using JDBCDaoSupport

Example Without JdbcTemplate
you have to create many redundant codes (create connection , close connection , handle exception) in all the DAO database operation methods – insert, update and delete. It just not efficient, ugly, error prone and tedious.

Example With JdbcTemplate
With JdbcTemplate, you save a lot of typing on the redundant codes, becuase JdbcTemplate will handle it automatically.

Example With JdbcDaoSupport
By extended the JdbcDaoSupport, set the datasource and JdbcTemplate in your class is no longer required, you just need to inject the correct datasource into JdbcCustomerDAO. And you can get the JdbcTemplate by using a getJdbcTemplate() method.


http://www.mkyong.com/spring/spring-jdbctemplate-jdbcdaosupport-examples/

HibernateTemplate and HibernateDaoSupport these classes should be considered deprecated since the release of hibernate 3.0.1
JdbcTemplate (and all other *Template classes) intend is to make it easier to work with the underlying technology. Once upon a time this was also needed for Hibernate (< 3.0.1), now it isn't.

JdbcTemplate makes it easier to work with plain JDBC code. You don't have to get a connection, create a (Prepared)Statement, add the parameters, execute the query, iterate over the resultset and convert the ResultSet. With the JdbcTemplate much of this is hidden and most of it can be written in 1 to 3 lines of code, whereas plain JDBC would require a lot more.

The *Support classes make it easier to gain access to a template but aren't a must to use. Creating a JdbcTemplate is quite easy and you don't really need to extend JdbcDaoSupport. But you can if you want

http://stackoverflow.com/questions/20256787/spring-transaction-of-jdbctemplate-hibernatetemplate-and-hibernatedaosupport-jdb


Spring JDBC DaoSupport
Spring provides convenient classes to perform functions on the database. It handles creating a connection to a database, performing clean up and handling exceptions. The user creates a datasource and injects it into a jdbctemplate. The jdbctemplate is then injected into the spring Dao. The user can also inject a datasource directly into the Dao. The Dao is an abstract class and the user extends this class to create his own Dao. The advantage of this class is that the user does not have to inject the JdbcTemplate into all of his DAO classes. The user creates a common Dao class that can be extended by all the DAO classes. Spring provides two DAO classes JdbcDaoSupport and NamedParameterJdbcDaoSupport. There is a third class called SimpleJdbcDaoSupport but this is now deprecated in favor of JdbcDaoSupport and NamedParameterJdbcDaoSupport

http://www.studytrails.com/frameworks/spring/spring-jdbc-dao-support.jsp

Spring Hibernate integration using HibernateDaoSupport


Using HibernateDaoSupport/HibernateTemplate is not recommended since it unnecessarily ties your code to Spring classes.
Using these classes was inevitable with older versions of Hibernate in order to integrate support of Spring-managed transactions.
Since Hibernate 3.0.1 you don't need it any more - you can write a code against a plain Hibernate API while using Spring-managed transactions
All you need is to configure Spring transaction support, inject SessionFactory and call getCurrentSession() on it when you need to work with session.
Another benefit of HibernateTemplate is exception translation.
Without HibernateTemplate the same functionality can be achieved by using @Repository annotation
This will wire in the same exception translation (one of the big benefits of the HibernateTemplate) and allow you to either use your own super class or just simply to avoid extending a third party framework class.


@Repository
public class YourFooDao {

    @Resource
    private SessionFactory sessionFactory;

    private Foo get(long id){
        return (Foo) sessionFactory.getCurrentSession().get(id);
    }

   
    http://stackoverflow.com/questions/5104765/hibernatedaosupport-is-not-recommended-why
   
   
     HibernateTemplate - Spring provides a class called org.springframework.orm.hibernate3.HibernateTemplate that helps in accessing the database via hibernate. One of its main features is mapping of hibernate exceptions to DataAccessExceptions. The main method in HibernateTemplate is the execute method that takes in a hibernate callback. HibernateTemplate also takes care of obtaining or releasing sessions and hence the callback function or invoking function does not have to manage sessions. The SessionFactory is injected into HibernateTemplate using a LocalSessionFactoryBean. Spring manages the creation and shutting down of the factory. HibernateTemplate provides methods such as find, saveOrUpdate, persist, delete etc that performs the corresponding function in hibernate but manages sessions and exceptions.

LocalSessionFactoryBean - This is a spring factory bean that creates hibernate sessionfactory. The main purpose of this class is to set up the Hibernate SessionFactory in a spring context. The hibernate configuration properties can be passed within the XML. The configuration properties include the hibernate mapping resources, hibernate properties and a datasource. The SessionFactory can handle both pure hibernate session management with single database or transactions that span multiple databases using JTA .

AnnotaionSessionFactoryBean - This is a subclass of LocalSessionFactoryBean but supports annotation based mappings.

HibernateDaoSupport - This class is a convenience class for hibernate based database access. This is a wrapper over HibernateTemplate. It can be initialized using a SessionFactory. It creates the HibernateTemplate and subclasses can use the getHibernateTemplate() method to obtain the hibernateTemplate and then perform operations on it. The class can also be initialized using a preconfigured HibernateTemplate. Create your own DAO by extending this class, provide a SessionFactory or HibernateTemplate and start performing operations using the getHibernateTemplate() method.

http://www.studytrails.com/frameworks/spring/spring-hibernate-dao-support.jsp


Spring is a general-purpose framework that plays different roles in many areas of application architecture. One of these areas is persistence. Spring does not provide its own persistence framework. Instead, it provides an abstraction layer over JDBC, and a variety of O/R mapping frameworks, such as iBATIS SQL Maps, Hibernate, JDO, Apache OJB, and Oracle TopLink. This abstraction allows consistent, manageable data-access implementation. 

http://java.dzone.com/articles/spring-hibernate-persistence

Thursday, February 27, 2014

validationQuery


Spring configuration in applicationcontext.cml for mysql

<bean id="myDataSource" class="org.apache.commons.dbcp.BasicDataSource"
    destroy-method="close">
    <property name="driverClassName" value="com.mysql.jdbc.Driver" />
    <property name="url" value="jdbc:mysql://${mySQL.host}/${mySQL.db}" />
    <property name="username" value="${mySQL.user}" />
    <property name="password" value="${mySQL.pass}" />
    <property name="testOnBorrow" value="true"></property>
    <property name="validationQuery" value="SELECT 1"></property>
</bean>

validationQuery - The SQL query that will be used to validate connections from this pool before returning them to the caller. If specified, this query MUST be an SQL SELECT statement that returns at least one row.

http://stackoverflow.com/questions/5636195/dbcp-and-hibernate-on-spring-doesnt-re-open-dead-connections-why

Monday, February 24, 2014

reputation system


  • Sybil attack

The Sybil attack in computer security is an attack wherein a reputation system is subverted by forging identities in peer-to-peer networks
It is named after the subject of the book Sybil, a case study of a woman diagnosed with dissociative identity disorder.

reputation system
A reputation system computes and publishes reputation scores for a set of objects (e.g. service providers, services, goods or entities) within a community or domain based on a collection of opinions that other entities hold about the objects
http://en.wikipedia.org/wiki/Sybil_attack

censorship

  • freenet

Share files, chat on forums, browse and publish, anonymously and without fear of blocking or censorship
freenetproject.org                  


  • Freenet is a peer-to-peer platform for censorship-resistant communication. 

It uses a decentralized distributed data store to store information, and has a suite of free software for working with this data store. Both Freenet and some of its associated tools were originally designed by Ian Clarke,who defines Freenet's goal as providing freedom of speech with strong anonymity protection.
http://en.wikipedia.org/wiki/Freenet



  • The countries where dictatorship rules try to silence freedom of speech and oppress democracy.Internet's nature is to share information which individuals invent,spread and promote.


Download opera browser
http://www.opera.com/computer/windows

Enable off-road mode which is previously known turbo mode.

you can test this mode on blocked websites.

References
http://help.opera.com/opera/Windows/1326/en/viewPages.html#offRoad


  • JonDo is a proxy client and will forward the traffic of your internet applications encrypted to the mix cascades and so it will hide your ip address.
JonDoFox and JonDoBrowser (beta) are recommended for anonymous web surfing
http://anonymous-proxy-servers.net


  • What is I2P?
I2P is an anonymous overlay network - a network within a network. It is intended to protect communication from dragnet surveillance and monitoring by third parties such as ISPs.
I2P is used by many people who care about their privacy: activists, oppressed people, journalists and whistleblowers, as well as the average person.

dragnet
a system in which the police look for criminals, using very thorough methods

https://geti2p.net/en



  • TOR
During the circuit creation process, your client exchanges cryptographic keys with the first relay it connects to and begins encrypting traffic back and forth. Further each hop in transit between the various relays is encrypted using those relays’ cryptographic keys. You can visualize this as layers of encryption being wrapped around your data: this is where the phrase “onion routing” comes from when describing the type of network Tor establishes. Finally, your encrypted traffic is decrypted at the exit relay where it is then forwarded out onto the “regular” internet. This is one of the ways that Tor helps maintain your privacy online – each exit node is aggregating traffic from many other Tor users and putting it out onto the internet all at once. Your traffic becomes a small stream in the giant swath of data coming from and entering back into any given exit node. It is also important to note that your exit node only knows which intermediate node to send receiving data back to (this is also true for each internal to internal leg of the circuit). What this means is that your identity and the content of your traffic are cryptographically bifurcated – your entry node knows who you are but not what you are doing and your exit node knows what you are doing but not who you are. All the relays in between only know to forward the encrypted payload to the next relay on the circuit. Assuming that the content of your traffic does not reveal your identity, this permits you to browse the internet completely anonymously.

Tor also allows you to run and access what are called hidden services.
These are servers that are accessible only from within the Tor network itself
Among the various hidden services are various blogs, email servers, and forums.

I2P
I2P appears to provide many of the same benefits that Tor does.
However, I2P was designed from the ground up to provide a different set of benefits.
the primary use case for Tor is enabling anonymous access of the public internet with hidden services as an ancillary benefit.
I2P on the other hand, was designed from day one to be a true “darknet.”
I2P performs packet based routing as opposed to Tor’s circuit based routing
I2P does not rely on a trusted directory service to get route information. Instead, network routes are formed and constantly updated dynamically, with each router constantly evaluating other routers and sharing what it finds
I2P establishes two independent simplex tunnels for traffic to traverse the network to and from each host as opposed to Tor’s formation of a single duplex circuit.
This provides the additional benefit of only disclosing half the traffic in the case of an in-network eavesdropper.
From an application-level perspective there is a fundamental difference between the I2P and Tor networks as well.
Tor functions by providing a proxy on your local machine that you must configure your applications to use (of download specially configured application bundles).
In contrast, I2P is generally used by applications that are written specifically to run on the I2P network.

Tor provides one with better anonymous access to the open internet and I2P provides one with a more robust and reliable “network within the network,” a true darknet, if you will.
when implementing either of these two tools, one must always be aware that one’s ISP can see that he or she is using Tor or I2P (though they cannot determine the content of the traffic itself).
In order to hide this knowledge from one’s ISP, one should make use of a high-quality VPN service to act as an entry point to either one’s anonymous network of choice or to the internet at large.



https://www.ivpn.net/privacy-guides/an-introduction-to-tor-vs-i2p




  • The two primary differences between Tor / Onion-Routing and I2P are again related to differences in the threat model and the out-proxy design (though Tor supports hidden services as well).

Tor takes the directory-based approach - providing a centralized point to manage the overall 'view' of the network, as well as gather and report statistics, as opposed to I2P's distributed network database and peer selection.

Comparison of Tor and I2P Terminology


Tor I2P
Cell Message
Client Router or Client
Circuit Tunnel
Directory NetDb
Directory Server Floodfill Router
Entry Guards Fast Peers
Entry Node Inproxy
Exit Node Outproxy
Hidden Service Eepsite or Destination
Hidden Service Descriptor LeaseSet
Introduction point Inbound Gateway
Node Router
Onion Proxy I2PTunnel Client (more or less)
Relay Router
Rendezvous Point somewhat like Inbound Gateway + Outbound Endpoint
Router Descriptor RouterInfo
Server Router


Benefits of Tor over I2P
More resistant to state-level blocking due to TLS transport layer and bridges (I2P has proposals for "full restricted routes" but these are not yet implemented)
Centralized control reduces the complexity at each node and can efficiently address Sybil attacks
C, not Java

Benefits of I2P over Tor
Designed and optimized for hidden services, which are much faster than in Tor
Fully distributed and self organizing
Peers are selected by continuously profiling and ranking performance, rather than trusting claimed capacity
Floodfill peers ("directory servers") are varying and untrusted, rather than hardcoded
Java, not C

https://geti2p.net/en/comparison/tor



  • Navigating through the Darknet or Dark Web

On the surface, there is only one big difference between surfing the Darknet and surfing the “normal” web. URLs don’t look like anything you can actually read. They are random strings of characters followed by the extension “.onion”
For example, if you launch TOR and go to this URL: http://3g2upl4pq6kufc4m.onion/ you’ll reach DuckDuckGo’s search engine on the TOR network. DuckDuckgois is a search engine that emphasizes protecting searchers’ privacy and avoiding the filter bubble of personalized search results. If you try to access that same URL through Chrome for example you won’t be allowed to view it.

https://99bitcoins.com/accessing-dark-net-under-minutes-beginners-guide/


  • Darknet Chronicles Pt 1: Clearnet vs Darknet

The Clearnet
Put simply the clearnet is a term used by darknet users to define the regular internet accessible from any browser. This definition bundles the surface web and the deep web. Essentially covering anything accessible by the average non-TOR user.
The Darknet
Also known as hidden services or websites, these sites can only be accessed through specialized software or means. The most popular is a browser known as TOR. Another software used is called I2P for more advanced users

https://www.business2community.com/cybersecurity/darknet-chronicles-pt-1-clearnet-vs-darknet-01972328


  • torrenting 
Tunneling wraps those packets in others that provide extra security against prying eyes. In addition, the data is encrypted in transit, meaning ISPs, service providers and other middlemen see nothing but gibberish. Different providers use different encryption methods, the most common being IPSec, L2TP, and OpenVPN.
    http://www.firewall.cx/vpn/vpn-guides-articles/1185-vpn-for-torrenting-anonymous-torrenting-test-avoid-bandwidth-throttling.html

    • browsing
    https://ixquick.com
    http://yippy.com/

    • Orbot: Mobile Anonymity + Circumvention
    Ostel: Encrypted Phone Calls
    Gibberbot: Secure Instant Messaging

    https://guardianproject.info/apps/tutorials/

    • Tails

    Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity
    use the Internet anonymously and circumvent censorship;
    all connections to the Internet are forced to go through the Tor network;
    leave no trace on the computer you are using unless you ask it explicitly;
    use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging.
    https://tails.boum.org

    Sunday, February 23, 2014

    The Joel Test


    The Joel Test

        Do you use source control?
        Can you make a build in one step?
        Do you make daily builds?
        Do you have a bug database?
        Do you fix bugs before writing new code?
        Do you have an up-to-date schedule?
        Do you have a spec?
        Do programmers have quiet working conditions?
        Do you use the best tools money can buy?
        Do you have testers?
        Do new candidates write code during their interview?
        Do you do hallway usability testing?
       
        2. Can you make a build in one step?
        If it takes 20 steps to compile the code, run the installation builder, etc., you're going to go crazy and you're going to make silly mistakes.
        we required that the installation process be able to run, from a script, automatically, overnight, using the NT scheduler, and WISE couldn't run from the scheduler overnight, so we threw it out. (The kind folks at WISE assure me that their latest version does support nightly builds.)
       
        3. Do you make daily builds?
        Breaking the build is so bad (and so common) that it helps to make daily builds, to insure that no breakage goes unnoticed. On large teams, one good way to insure that breakages are fixed right away is to do the daily build every afternoon at, say, lunchtime. Everyone does as many checkins as possible before lunch. When they come back, the build is done. If it worked, great! Everybody checks out the latest version of the source and goes on working. If the build failed, you fix it, but everybody can keep on working with the pre-build, unbroken version of the source.
       
        4. Do you have a bug database?
       
        complete steps to reproduce the bug
        expected behavior
        observed (buggy) behavior
        who it's assigned to
        whether it has been fixed or not

    If the complexity of bug tracking software is the only thing stopping you from tracking your bugs, just make a simple 5 column table with these crucial fields and start using it.

    http://www.joelonsoftware.com/articles/fog0000000043.html