Scala Cheat Sheet Created
I started teaching myself Scala this week because I want to speed up coding of new projects without sacrificing quality, readability, reliability and performance. Scala seems like a good choice for this. I've also been interested in learning more about functional programming, and exploring the concurrency benefits that functional programming can bring to the table.
I've read halfway through a book on Erlang , another functional programming language, and am finding many similarities to Scala. (That book, BTW, "Programming Erlang: Software for a Concurrent World", by Joe Armstrong , is an excellent book and I highly recommend it.)
So far, I'm liking Scala a lot. It's comfortable because of it's close ties to Java and the fact that it runs in the JVM. It's also compatible with much of the Java code I've written in my life, so that's a huge plus!
My only complaint at this point is with the documentation I've found. There's a lot of great online documentation, but the quick start articles I've read thus far seem to skip all over the place and leave a lot out, so I find myself flipping from one to the other trying to make sense of what I'm reading. It would be a lot easier if I had a concise reference to glance at.
I decided that what's needed is a cheat sheet (pdf), but then couldn't find one, and because necessity is the mother of invention, I've written my own.
Now beware, this cheat sheet was created by a newborn 3-day old Scala programmer, so there may be a lot of corrections needed, and I'm certain it needs more information added to it, but I think this is good enough to start with for a quick start guide.
[Update: I've made several improvements and added a version number that I'll increment every time I update it.]
References for the quick start cheat sheet:
The Busy Developers' Guide to Scala series:
- “Don't Get Thrown for a Loop”, IBM developerWorks
- “Class action”, IBM developerWorks
- “Functional programming for the object oriented”, IBM developerWorks
Scala Reference Manuals:
- “An Overview of the Scala Programming Language” (2. Edition, 20 pages), scala-lang.org
- A Brief Scala Tutorial, scala-lang.org
- “A Tour of Scala”, scala-lang.org
"Scala for Java programmers", A. Sundararajan's Weblog, blogs.sun.com
Be a Wizard of SSL
SSL Tricks and Tips
Many of the developers I've worked with treat SSL as if it's the carrier of a new and virulent plague or the product of evil magic. They duck and run for cover whenever the boss shows up looking for someone to battle a new error. Having not ducked fast enough, I've found myself face-to-face with SSL on many occasions, and have survived to overcome the intimidation factor and tell you that solving most SSL problems is a snap and anyone can learn to do it. By becoming the SSL go-to person in your IT department, you'll win fame and recognition as the great defender against evil magic. I reveal below these mysterious secrets of common SSL problems and some simple tricks and tips for solving them.
Expired Certificate
Probably the most common problem is that the certificate can expire. When the certificate expires, the site breaks. You can view the certificate in your browser to see the expiration date when you try to load a page that is using an expired certificate. This is usually accomplished by right clicking on something, and differs by browser, so I'll leave you to learn how to view the certificate in your preferred browser.
Solution: Purchase a new certificate and follow the instructions to install it.
If you already did purchase and install a new certificate and you're still having problems, then it's likely a configuration issue, so check the "Certificate Configuration" section below.
Do You Verify Your Downloads?
Do you verify the integrity of your downloads?
I saw a notice announcing a new release of Apache Tomcat Native this morning, and when looking at the page, saw the usual notice, as follows:
"Use the links below to download Tomcat Native from one of our mirrors. You must verify the integrity of the downloaded files using signatures downloaded from our main distribution directory."
That made me wonder how many people who download actually do verify the integrity of their downloads? I know I do, but I've worked with developers who don't. It would be interesting to do a poll on that. I'd also be interested in knowing of any cases where the integrity verification failed. I've never had one fail.
Dependency Injection and Inversion of Control
I've been reading quite a few blog posts on dependency injection recently. I don't know why that's suddenly the topic to write about since it's been around for quite a while. I don't have any brilliant new revelations to offer, but just maybe a few thoughts in response to a blog post I read by a Jordan Zimmerman, "Dependency Injection Makes Code Unintelligible"[1].
First, a couple of quick definitions from Wikipedia:
"Inversion of Control, or IoC, is an abstract principle describing an aspect of some software architecture designs in which the flow of control of a system is inverted in comparison to the traditional architecture of software libraries."[2]
"Dependency Injection (DI) in computer programming refers to the process of supplying an external dependency to a software component. It is a specific form of inversion of control where the concern being inverted is the process of obtaining the needed dependency."[3]
The two topics I want to hit on from Jordan's post are testability of code that's been subjected to IoC/DI and, more trivially, the naming of dependency injection.
Top 25 Dangerous Programming Errors
Presenting the "CWE/SANS TOP 25 Most Dangerous Programming Errors" (more detail and pdf available here ).
This is an excellent, excellent list of very common programming errors that can and should always be easily avoided by the use of common sense and paying attention to what we're doing. They're presented in three categories: Insecure Interaction Between Components (think XSS), Risky Resource Management, and Porous Defenses.
CATEGORY: Insecure Interaction Between Components
- CWE-20: Improper Input Validation
- CWE-116: Improper Encoding or Escaping of Output
- CWE-89: Failure to Preserve SQL Query Structure (aka 'SQL Injection')
- CWE-79: Failure to Preserve Web Page Structure (aka 'Cross-site Scripting')
- CWE-78: Failure to Preserve OS Command Structure (aka 'OS Command Injection')
- CWE-319: Cleartext Transmission of Sensitive Information
- CWE-352: Cross-Site Request Forgery (CSRF)
- CWE-362: Race Condition
- CWE-209: Error Message Information Leak
CATEGORY: Risky Resource Management
- CWE-119: Failure to Constrain Operations within the Bounds of a Memory Buffer
- CWE-642: External Control of Critical State Data
- CWE-73: External Control of File Name or Path
- CWE-426: Untrusted Search Path
- CWE-94: Failure to Control Generation of Code (aka 'Code Injection')
- CWE-494: Download of Code Without Integrity Check
- CWE-404: Improper Resource Shutdown or Release
- CWE-665: Improper Initialization
- CWE-682: Incorrect Calculation
CATEGORY: Porous Defenses
- CWE-285: Improper Access Control (Authorization)
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
- CWE-259: Hard-Coded Password
- CWE-732: Insecure Permission Assignment for Critical Resource
- CWE-330: Use of Insufficiently Random Values
- CWE-250: Execution with Unnecessary Privileges
- CWE-602: Client-Side Enforcement of Server-Side Security
Read the full article and please use this list on your next software project. If you need further information and/or assistance in securing your code, OWASP is a great resource, check them out and help to support them.
safe to click,
no evil Javascript on these links
Menu
