Stan’s Signed Snippets

My positive/negative coding experiences

Java Generics in Depth

Why do we need Java generics?

Generics introduce a new level of compile-time type safety. This in itself makes it one of the most impactful updates to Java’s core, and arguable, brings a sane amount of type safety to the Collections framework. The most common bug this is meant to address is a nasty ClassCastException when we believe an object is of one type when really it’s not. With Generics, this is caught at compile-time. Additionally, it improves code readability by absolving the programmer from using explicit casts.

Quick overview of terminology

simple generic class that extends another generic class
1
2
3
4
5
6
public class MimicList<T> implements List<T> {
  public void add(T item) { ... }
  
  public String findAlphaMimic() { ... }
...
}

Here, MimicList is a generic type. T is the type placeholder. The placeholder isn’t limited to a single letter - any valid Java identifier will do. A generic type can have one or more type placeholders. By adding type holder to a class, we are turning it into a generic type. It is represented by a concrete type when we declare/initialize MimicList as a concrete parameterized type. If your generic class is extending or implementing another generic class, you can use the same type placeholder(T) in the class we are extending to represent the same type. You cannot initialize a generic type directly(new MimicList() ) because it is an abstract type. You also cannot use a primitive type to as a type parameter. That’s because it must be convertible to java.lang.Object when the compiler performs type erasure.

Using Express.js and Dust.js on Node.js

Express.js is the most full-featured and popular Node.js open source framework. However, its default template library of choice – Jade, is far from impressive. Not only does it use it’s own syntax(you cannot use plain HTML), but it is limited to server-side rendering. In this post, we will setup Dust.js with Express.js for server-side rendering, as well as discuss a possible implementation with client-side rendering.

Securing PHP-Flash Communication

Virtually every computer in the world has flash installed. Whether you’re running Debain or Windows 7, there’s a distribution of Adobe Flash available for you. That makes Flash the most interoperable environment available. Now let’s say you want to embed Flash into a website. Either you want a submission form, chat box, or a simple game, you will most likely need to communicate back and forth with the server. Doesn’t sound hard at all, especially with so many libraries available and so many services you can use(REST, XMLRPC, JSON, XMLSocket for low latency communication, or just a simple HTTP GET request to the PHP page). However, how sure are you of the validity of the data transferred from the client-side Flash app back to your server?

All programming languages preach to never trust user input directly. For a simple example, a good program will even check that a person’s name is made of valid and accepted characters. However, too many people unfortunately ignore this rule when they create Flash apps. Even if you’re creating a contact form field, there are many ways a user could exploit your site if you don’t properly secure the client’s input. Most notably, he could create an SQL injection the input fields.

Fortunately for form fields, there are bullet proof ways to secure them. In the following section I will discuss those. However, I will also talk about more sophisticated applications such as games which track levels and submit high scores. In these cases, it’s not possible to secure your high score list 100% , but you can make it sufficiently difficult for most.

Parenthesis Confusion in C++

I ran into this problem at least once, and I never actually thought about why it worked with or without the parenthesis, and thought that I was just doing something else wrong. But it was only so easy for me because I was doing a relatively small project, and the changes usually didn’t affect any other files. I never really thought why or how it works. But if you’re developing large scale applications or just portions of it, you need to make sure that you use it properly, or it might be a pain to debug it later. For example, as I will explain later, forgetting to add a parenthesis will keep POD class values from being properly initialized in some cases. If you don’t know the properties of POD class initialization, you could be scratching your head when a comparison fails or the compiler throws you a run-time error! If this doesn’t make sense yet, I recommend that you continue reading.