Toby Eggitt

Ranch Hand
+ Follow
since Dec 08, 2004
Cows and Likes
Cows
Total received
1
In last 30 days
0
Total given
0
Likes
Total received
9
Received in last 30 days
0
Total given
3
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Toby Eggitt

And now, to slightly compound the confusion, I notice there's no notice suggesting end of life for the Java 8 certification exams...

Anyone privy to any information on that topic?
If you're going to put the effort into prepping for 816, then unless you've forgotten what you knew for OCA8, or have failed to round out your understanding of lambdas in the meantime, you should be ready for 819. It looks like they just squeezed the bulk of 816 and some of 815 into one exam.

Dimitri Nguyen wrote:

Oracle might have a point in removing the 1z0-815 though. From the feedback that I received from other developers, it mainly tests the things that the compiler already know, which is almost pointless since Java has compile-time checking. This knowledge only makes sense if you are writing a java compiler.



I know that's a common perspective, but it's not one I agree with. Sure, "in the field" the compiler will tell you what you did wrong, but the point is that if you *understand* the language, you can work this out from first principles. And it's the *understanding* that matters. Many a nasty trap, and a lot of wasted time, results from not really understanding what's going on, and just fiddling with it until it compiles.  Indeed,  when people make that complaint, for me it tells me something about them ;)

But again, just one opinion in a big ol' pot.

Dimitri Nguyen wrote:Can you please clarify this statement?

The breadth of material does have an advantage: if you don’t do well on one topic, it is likely to be less points on the exam.



I expect this means that with only 80 questions, you're not going to get many questions on any one topic, so if, you--for example--blow off learning concurrency entirely, you still have 79 questions you can hope to get right. In other words, learning some of the topics well could be sufficient.

I think this plays to my concern that this much coverage might simply result in so little testing as to prove very little.
I admit I don't see the point.

The first level exam tested some fairly basic (but absolutely essential) stuff about the core language, the nature of OO, and the like. I always felt it was "entry level" (for a professional programmer) and served a strong , valuable, purpose of distinguishing between two groups with little tangible work experience. One group who had made a solid effort to build their skill and knowledge base, and the other group those who had not made that effort and just figured they'd wing it and try to learn on the job.

The second level exam, by contrast, covers a frankly huge spread of advanced topics, many of which are entirely unknown to many quite experienced programmers working in industry. It was a way to set your five-plus year experienced self apart from those who had merely done the work asked of them, but not expanded their horizons beyond that.

But to do *both* at the same time??? What is that supposed to mean "I'm a relative beginner with a knowledge spread across years of advanced topics"? I don't get it, either the basic stuff is pointless, or the coverage of the advanced topics is little more than marketing-buzzword-level.

I fear that they might have just made the people who complain that "certification is pointless" have a stronger case (but only in respect of this particular exam--I still firmly believe that the effort put into preparing, and the demonstration that you're willing to be measured by someone else's standards, speaks volumes to the personal and professional qualities of the individual, as well as--obviously--improving skill sets.)

Actually, I suspect I do see the point. I think the reality might have been that very few bothered to take the second level exam anyway, and they wanted to force people's hands. That doesn't seem like a good reason, but does seem typical of Oracle's behavior in general.

Ah well, just my rambling opinion. I'll be interested to see how this plays out, but I'm not impressed at this point, Perhaps the ongoing discussion in this thread, or actually seeing the exam, will create a better feeling.

Thanks for this Junilu, yes, I mostly am aware of what one shouldn't do (thanks to OWASP) and the advised fixes. I'm really looking for real examples. I find that the canned "see how this breaks" examples always look so obvious that one feels only a fool would make such a mistake, and seeing a mistake that one knows was actually made, rather than an illustration, would be far more convincing.

But anyway, thanks again, and fwiw, I worked through the entire OWASP WebGoat project, which involves some lessons, followed by some "go ahead, try to break this deliberately" vulnerable code. I will say that while still not "real code" it was a fun and valuable exercise that I can recommend to anyone who has 24-40 hours for tinkering! YMMV of course, perhaps some will break it completely in less than that, but I suspect three days of fairly dedicated time is probably about right for version 25, where many of the hints are missing, misleading, or otherwise leave you do some "real" hacking (i.e. being imaginative and trying several alternative approaches while looking for clues
1 year ago
Well, I think that since you can hear the music, the approach is clearly workable. You just have to discover how to get a program that's started from a context that doesn't have a connection to your windowing system to connect successfully to your windowing system. I can tell you how to do that in Unix, but unfortunately have no clue in your environment. But at least it's a direction for investigation. Maybe go to a Windows admin forum and ask "how to start a gui program on my local system from a service" and see if they can help? Good luck!
1 year ago
Indeed, implicit, in what I was pondering is where do you expect this stuff to show up even if it works?

Since you seem to be configuring this to run when the servlet context is initialized, I guess you are trying to run it on the server, but if you're expecting the output to show up for any client you're definitely misunderstanding what webservers do. And of course, the other side of the question is why on earth would you want to use a webserver to launch a "system" program?! Most servers run headless where nobody can see them anyway
1 year ago
I don't know how this works in Windows, but in Unix like environments, there's an environment variable that needs to be set to tell a GUI application what windowing system it should connect to. Running a command without specifying that (and it's usually inherited from the places you're likely to start programs) will result in failure.

Of course, you're running windows, so I have zero clue if this has parallel considerations for that system, so if I just wasted your time, I apologize.

1 year ago
Greetings all. I'm on a bit of a mission to understand software security better, in a Java environment. My particular focus right now is to try to find--and understand--real examples of how code fails in practice. I've read extensive stuff about "don't do this" on a bunch of topics, and I've looked at a number of resources (e.g. metasploit) that would potentially show me how to *perform* an attack (with the goal of penetration testing one's own software, one hopes!) but what I'd really like to see now is examples of how real code has actually failed. E.g. how did the struts code permit remote code execution? I'm hoping some of you might be able to point me at such resources, either individual case studies, or perhaps whole data sets, that describe some of these.

I will add that I already found the OWASP web goat, and am trying to get into that. But I am hoping for specific, described, examples of real failures "in the wild", ideally (for impact's sake) associated with known dramatic breaches (Equifax, anyone?!)

Thanks
Toby
1 year ago
As side notes:

  • Java's "lambda expression" is primarily an anonymous function literal, it happens to have a closure capability in addition (though if no values are captured, this "doesn't happen".)
  • Java's closure mechanism was created at Java 1.1 with the advent of the ability to nest classes (particularly, but not exclusively, anonymous classes) inside the body of a method.
  • The beta release of Java 1.1 have closures that wrapped mutable state, but given that an immutable reference to a mutable object serves pretty well for those who want a mutable state to be captured in their closure, they decided that a copying implementation would be preferable, and with the copying implementation came the requirement for finality that is now "effectively final".
  • 1 year ago
    Here's a thought for amusement. "Closure" is first and foremost a functional programming concept no? Well, in pure functional programming there's no such thing as mutable state anyway, so tell me again how Java's "effectively final" rule is "not a real closure". I agree it's not the same as a JavaScript closure, but just because that's what you're familiar with doesn't make it king of everything. Alonzo Church would probably have something to say about that
    1 year ago

    Dmitrii Valov wrote:
    I mean something like in these examples.
    https://docs.oracle.com/javase/tutorial/java/generics/inheritance.html
    When we should override some methods with generic types.



    Wow, that's pretty evil that they include subclassing of generic types when the objectives don't talk about generics in any way. Still, I guess at least, from the context you give, it's not co/contra-variance.

    Hopefully I'll see for myself in a week. Can't believe how long it takes to deliver a stupid electronic voucher, and then how little availability the testing centers near me have. One open day per week for the rest of this month, then a bit better further out!

    Anyway, thanks again for the input!

    Dmitrii Valov wrote:Am I the first one here who passed this exam?


    I don't know, but you must be among the first, and regardless, many congratulations on a worthy achievement that's doubled on account of you having minimal resources for this new beast!

    Dmitrii Valov wrote:There were added several new themes from Java 8+
    - generic
    - generic-inheritance



    Can you add any more info regarding the generics questions you saw? There's no mention of generics in the published 1Z0-815 objectives, so this is pretty bad on Oracle's part if they did this. I can imagine the use of a few angle-brackets for giving generic types to something like a List, but more than that is pretty inexcusable to omit from the objectives. Also, what do you mean by generic inheritance? Are you talking about inheritance from a generic class/interface, or are you referring to co/contravariance?

    Thanks for letting us know what's going on with this!
    Toby

    Toby Eggitt wrote:Lots of interesting comments, and I admit I might have skimmed them a little too much, but did anyone mention that this compiles (but does not run  )

    on second look, I've a feeling I did skim it too quickly and missed that this was pretty much already there. Sorry!

    2 years ago