Java

How To Get Your Company Hacked In Record Time

Henry Dang Java, security, Software Development ,

DISCLAIMER: This article is satire, and should not be taken seriously. Although the methods listed here will indeed get your company hacked in record time, this article was written to highlight security vulnerabilities that programmers should avoid. The methods used in this article are strictly for educational purposes, and should not be used for malicious reasons.

These days, it can be a struggle to get your company hacked. Between all of the new security patches that programmers push out on a day-to-day basis, and all of the fancy tools that you can use to statically analyze your code, getting hacked can be a chore.

Fortunately, I’ve learned some highly-effective methods that will get your company hacked in record time — even if it’s a multi-billion dollar company with tens of thousands of employees.

Method #1 – Publicly Leak Your Secrets Into Your Code

I know what you’re thinking. This is too obvious, isn’t it? It’ll get caught in code review, or by code analyzers. Fortunately for you, this method is really effective. How effective, you ask?

It’s so effective, that it caused a massive data privacy breach for over 57 million users for a certain multi-billion dollar company. Don’t worry if you’re not a multi-billion dollar company, because it works even for small companies and small projects, as evidenced by the over 100,000 leaked secrets on GitHub.

Here’s how to do it.

STEP 1 – Add this snippet anywhere in your company’s code. Remember to purposely ignore any password, secret, or key-vault/secret manager that your company might have.


    private String secretKey = "COMPANY_SECRET_KEY_HERE";

STEP 2 – Upload this code to your company’s preferred git repository.

Here, the path diverges based on how your company handles code reviews. If your company does a code review and notices the secret, then they will ask you to change your code. Fortunately, there is still a way to leak your company’s secret keys, even if they ask you to change your code.

The trick is to push the code with the secret, remove it, then push again. If your company approves the PR without squashing, then the leaked secret can be obtained by checking out the commit where you had added the secret, but before you had removed it.

As seen in the image above, by squashing, the commit with the leaked secret disappears and all of it turns into one commit. But if there’s no squashing, and the full history is retained, then you can access the commit history to checkout the commit with the leaked secret.

Method #2 – “Hide” Company Secrets In Slightly Less Plain Sight

This one is almost identical to method #1. The difference is that instead of blatantly being in plain sight, you’ve put a flimsy barrier in-between. For example, you can publish a client library with your secrets inside. Since it’s a client library, users seemingly shouldn’t be able to view the source code to extract your secrets.

Let’s illustrate the scenario. You are a consumer for this client library, and you see the following class structure for one of the client classes:


public class ClassWithSecret {
    private String secret;
    .... (other fields and methods)
}

Sadly, since this is a client library, programmers can’t modify the source code. And since it’s a private field, other programmers won’t be able to read it. Looks fool-proof, doesn’t it? With no way to access the source code, we can have the users use our clients without providing any configuration.

Luckily for us, it’s actually easy to completely side-step this issue, even if the field is private. All you have to remember is that “private” fields are not actually private. They’re a formality for saying, “don’t try to access me, and if you try to do it the normal way, it’ll fail”.

To access private fields, you just have to use reflection, which is a form of meta-programming that will let you modify the runtime behavior of a program. 


public class ClassWithSecret {
    private String secret;
}

// Assume we have a ClassWithSecret instance
ClassWithSecret classWithSecret = ....; 

try { 
    Field field = classWithSecret.getClass().getDeclaredField("secret");
    field.setAccessible(true);
    Object secretVal = field.get(classWithSecret);
    System.out.println("The secret was " + secretVal.toString());
} catch (Exception ex) {
    ...
}

By using reflection, we can just manually make the field accessible, and it will be as if it never had a private modifier.

The same thing applies to constants, readonly fields, and more. With reflection, you can override basically any behavior, so you can’t rely solely on language features to protect secrets or to guarantee specific behavior when it comes to client libraries.

In a different vein, another way that programmers often “hide” their secrets is through environmental variables, and one of the worst ways to do it is by putting your secrets into your .bashrc file. Although some may disagree, using environmental variables as a way to hold your secrets is generally bad practice.

However, putting your environmental variables into your .bashrc is absolutely catastrophically bad practice. The worst part is that the majority of online tutorials will actually tell you to do this (there’s a reason why people use key vaults and secret managers!)

So why does this make you susceptible to getting hacked? Because by putting your environmental variables into your .bashrc, you are injecting your environmental variables into every single process that runs on your user. If even a single one of these processes, or one of their child processes dies, they will almost certainly dump or log their environmental variables in some way, and once this happens, your secrets are now visible in your logs/log files. Boom. Your secrets are now in plain-sight.

For a more detailed explanation, check out what Diogo Monica, former security lead of Docker, has to say about this.

Method #3 – Forget About Getting Hacked Online, Get Hacked In-Person

Having your data leaked by online hackers is one thing, but what about getting hacked in-person?

It might sound strange, after all, when was the last time someone got hacked in-person? But getting hacked in-person is actually quite easy. All you have to do is scribble down your company’s passwords onto a piece of paper, or maybe a Post-it note.

Remember that the oldest surviving piece of paper, the Missal of Silos, still exists even after a thousand years, while the oldest known electronic computer, the Eniac Computer, has only existed for a measly 75 years. Therefore, a piece of paper is more durable than a computer, which is why you should be storing your passwords on Post-it notes, rather than something like LastPass.

Now that your password is in the physical realm, where it can safely survive for another thousand years under the right conditions, all you have to do is record a video of yourself with your password in the background. If a video is too difficult, you can alternatively take a photo instead.

Once your password has been leaked to the internet, your company will have successfully been hacked.

Conclusion

Getting hacked can be hard, but as long as you follow this guide, it’s as easy as 1-2-3. Just remember that there are more ways to get hacked than the ones listed above.

If you’re finding that getting hacked is just too easy, you can up the difficulty by using key vaults/secret managers, squashing commits in pull requests, and using static-code analyzers to check for leaked secrets. And most important of all, check your logs for secrets. Secrets should never show up in your logs, because logs are generally publicly visible (ie; in a dashboard or error tracking service).

Now that you know how to get hacked in record time, I challenge you to flip this article on its head, and see how long you can go without getting hacked. Good luck!

Five Great Practices for Safer Code

Henry Dang General Programming, Java, python, Software Development

You’re sitting at your desk, glaring at your monitor, but it glares back at you with equal determination.

Every change you make introduces new bugs, and fixing a bug causes another bug to pop up.

You don’t understand why things are randomly breaking, and the lines of code just increase every day.

However, by coding in a rigorous and specific fashion, you can prevent many of these issues simply by being slightly paranoid. This paranoia can save you hours in the future, just by dedicating a few extra seconds to include some additional safeguards.

So without further ado, let’s jump right into the top five tips for safer code.

1. Stop Accepting Garbage Input

The common phrase “Garbage in, Garbage out” is one that rings strongly with many programmers. The fact is, if you accept garbage input, you’re going to pass out garbage output. If your code has any modularity at all, then something like this will likely happen :

def foo(input):
  do_stuff

def bar(input):
  do_other_stuff

garbage_input = 'Hi. I'm garbage input.'

some_variable = foo(bar(garbage_input))


As you call foo and bar and other functions, all of which depended on garbage_input, you find that everything has turned into garbage. As a result, functions will start throwing errors a few dozen passes down the line, and things will become very difficult to debug.

Another common mistake is attempting to correct the user’s input in potentially ambiguous cases, which leads to the second tip.

2. Don’t Try to Correct Garbage Input

Let’s take an example scenario :

Imagine you had a box that exported values from 0 to 1 on a display, depending on the number the user passed in.

One day, you suddenly get a value of 1.01, a value slightly higher than the maximum. Now, this should raise a red flag for most programmers. However, some programmers resort to doing the following :

def calculateValue(temperature):
  do_calculations

def getBoxValue(temperature):
  if calculateValue(temperature) > 1 :
    return 1
  elif calculateValue(temperature) < 0 :
    return 0
  else:
    return calculateValue(temperature)

The technique shown above is known as clamping, which is basically restricting the value to a certain range. In this case, it is clamped to 0 and 1. However, the problem with the above example is that it is now impossible to debug the code.

If the user passed in bad input, you would get a clamped answer, instead of an error, and if the calculateValue function was buggy, you would never know. It could be slightly inflating the value, and you would still never know, because the values would be clamped.

As an exaggerated example, if calculateValue returned 900,000,000, all you would see is “1”. Instead of embracing and fixing bugs, this tactic throws them under the carpet in the hopes that no one will notice.

A better solution would be :

def calculateValue(temperature):
  do_calculations

def getBoxValue(temperature):
  if(calculateValue(temperature) > 1
       or calculateValue(temperature) < 0):
    raise ValueError('Output is greater than 1 or less than 0.')
  else:
    return calculateValue(temperature)

If your code is going to fail, then fail fast and fix it fast. Don’t try to polish garbage. Polished garbage is still garbage.

3. Stop Double Checking Boolean Values in If Statements

Many programmers already adhere to this principle, but some do not.

Since Python prevents the bug caused by double checking a boolean value, I will be using Java, as the bug can only happen in languages where assignment is possible in if statements.

In a nutshell, if you do this :

boolean someBoolean = true;

if(someBoolean == true) {
  System.out.println('Boolean is true!');
} else {
  System.out.println('Boolean is false!');
}

In this case,

if(someBoolean == true)

Is exactly equivalent to :

if(someBoolean)

Aside from being redundant and taking up extra characters, this practice can cause horrible bugs, as very few programmers will bother to glance twice at an if statement that checks for true/false.

Take a look at the following example.

boolean someBoolean = (1 + 1 == 3);

if(someBoolean = true) {
  System.out.println('1 + 1 equals 3!');
} else {
  System.out.println('1 + 1 is not equal to 3!');
}

At first glance, you would expect it to print out “1 + 1 is not equal to 3!”. However, on closer inspection, we see that it prints out “1 + 1 equals 3!” due to a very silly but possible mistake.

By writing,

if(someBoolean = true)


The programmer had accidentally set someBoolean to true instead of comparing someBoolean to true, causing the wrong output.

In languages such as Python, assignment in an if statement will not work. Guido van Rossum explicitly made it a syntax error due to the prevalence of programmers accidentally causing assignments in if statements instead of comparisons.

4. Put Immutable Objects First In Equality Checks

This is a nifty trick that piggy backs off the previous tip. If you’ve ever done defensive programming, then you have most likely seen this before.

Instead of writing :

if(obj == null) {
  //stuff happens
}

Flip the order such that null is first. 

if(null == obj) {
  //stuff happens
}

Null is immutable, meaning you can’t assign null to the object. If you try to set null to obj, Java will throw an error.

As a result, you can prevent the silly mistake of accidentally causing unintentional assignment during equality checks. Naturally, if you set obj to null, the compiler will throw an error because it’s checking a null object when it expects a boolean.

However, if you are passing around methods inside the if statement, it can become dangerous, particularly methods that will return a boolean type. The problem is doubly bad if you have overloaded methods.

The following example illustrates this point :

final int CONSTANT_NUM = 5;

public boolean foo(int x){
  return x%2 != 0;
}

public boolean foo(boolean x){
  return !x;
}

public void compareVals(int x){
  if(foo(x = CONSTANT_NUM)){
    //insert magic here
  }
}

In this example, the user expects foo to be passed in a boolean of whether or not x is equal to a constant number, 5.

However, instead of comparing the two values, x is set to 5. The expected value if the comparison was done correctly would be false, but if x is set to CONSTANT_NUM, then the value will end up being true instead.

5. Leave Uninitialized Variables Uninitialized

It doesn’t matter what language you use, always leave your uninitialized variables as null, None, nil, or whatever your language’s equivalent is.

The only exception to this rule is booleans, which should almost always be set to false when initialized. The exception is for booleans with names such as keepRunning, which you will want to set initially to true.

In Java’s case,

int x;
String y;
boolean z = false;

In particular, for Python especially, if you have a list, make sure that you do not set it to an empty list.

The same also applies to strings.

Do this :

some_string = None
list = None

Not this :

some_string = ''
list = []

There is a world of a difference between a null/None/nil list, and an empty list, and a world of a difference between a null/None/nil string, and an empty string.

An empty value means that the object was assigned an empty value on purpose, and was initialized.

A null value means that the object doesn’t have a value, because it has not been initialized.

In addition, it is good to have null errors caused by uninitialized objects.

It is unpleasant to say the least when an uninitialized string is set to “” and is prematurely passed into a function without being assigned a non-empty value.

As usual, garbage input will give you garbage output.

Conclusion

These five tips are not a magical silver bullet that will prevent you from making any bugs at all in the future. Even if you follow these five tips, you won’t suddenly have exponentially better code.

Good programming style, proper documentation, and following common conventions for your programming language come first. These little tricks will only marginally decrease your bug count. However, they also only take about an extra few seconds of your time, so the overhead is negligible.

Sacrificing a few seconds of your time for slightly safer code is a trade most people would take any day, especially if it can increase production speed and prevent silly mistakes.

Taking a Quack at Duck Typing

Henry Dang General Programming, Java, Ruby, Software Development

Your friend, Ruby, goes out and buys Java a pet duck. But wait, on closer inspection, it’s not a duck at all! It just walks like a duck.

Quack!

And quacks like a duck.

“What’s the matter?” Ruby asks.

“It’s not a duck!” Java complains, distraught that the pet has no inheritance relations with the Duck class.

“If it walks like a duck, and quacks like a duck, it’s a duck!”

So what is duck typing?

Duck typing is a feature that allows a language to call a method on an object, if it has the method. Ruby doesn’t care what the object is, but rather, what methods the object has.

However, a caveat of duck typing is that the it tends to only be built-in to the language if the language handles type checking during runtime. This means that duck typing will only work on dynamically typed languages, such as Ruby. In languages like Java and C++, type checking is done during compile-time. As a result, if there is a type conflict, the program will not even compile. Languages that do type-checking during compile-time are called statically typed languages.

In Java, declaring an integer will look like this :

int x = 0;

The type (int) is explicitly stated, which means that Java checks for types during compile-time, making it a statically typed languages.

In Ruby, it would look like this :

x = 0

Ruby sees that x was assigned a number at runtime. Since x was assigned a number, Ruby automatically knows that x must be a Fixnum.

How does it work?

First, we need two different objects that have the same method name. However, the method can’t be given to the object via the same superclass, because it would instead be inheritance.

Let’s take a look at a simple example of duck typing.

class Duck
  def quack
    puts "Quack!"
  end
end

class Alien
  def quack
    puts "I'm not a duck, but... Quack!"
  end
end

def try_quack(duck)
  duck.quack
end

try_quack(Duck.new)
try_quack(Alien.new)

Output :

Quack!
I'm not a duck, but... Quack!

How did Ruby know?

In Ruby’s mind, the Alien instance and the Duck instance are essentially the same. When we called the try_quack method, Ruby wanted an object that had a quack method.

In this case, when we passed in the Duck instance, Ruby saw that the Duck object would quack, so it called the Duck instance’s quack method.

For the Alien, even though the Alien class has nothing to do with the Duck class, it still has a quack method. As a result, Ruby happily calls the Alien class’s quack method.

Conclusion

Duck typing is a powerful feature of Ruby that allows you to call methods on seemingly different objects, as long as those objects have the same method names. As a result, there is no need for inheritance. You simply call the method, and if the object has it, it will work.

Ruby doesn’t care who the object is, but rather what it is.

Mediator Design Pattern

Henry Dang Java, Software Development

The mediator design pattern is a behavioral pattern that allows different objects to communicate with each other by using a “mediator”. The objects invoke the mediator, and the mediator does the communication for the objects.

This is particularly useful when you are dealing with hundreds of objects, who all need to communicate with each other. Now, the objects could all communicate with each other directly, but it would be very sloppy to implement.

public class Person {
  private String name;
  public List<String> receivedMessages;

  public Person(String name){
    this.name = name;
    receivedMessages = new ArrayList<String>();
  }

  public void readMessages(){
    for(int i = 0; i < receivedMessages.size(); i++){
      System.out.println(receivedMessages.get(i));
    }
  }

  public void sendMessage(String message, List<Person> persons){
    for(int i=0; i < persons.size(); i++){

      //Obviously, don't send the message to yourself!
     if(persons.get(i) != this){
        persons.get(i)
          .getListOfMessages()
          //NAME: MESSAGE format, IRC-chat style
          .add(name + ": " + message);
      }
    }
  }

  public List<String> getListOfMessages(){
    return receivedMessages;
  }
}

In the above snippet, we allow only the Person objects to handle the communication. Since all communication is done through the Person object only, the Person object becomes rather bloated. It is also inappropriate for the Person object to control all the communication, especially if the person had other functionalities, such as walking, running, etc etc. The Person class simply becomes too bloated.

If someone wanted to use the system above, without the introduction of any other classes, in order to communicate to every other person, they would need some sort of global container to hold a list of every person’s name. In addition to this, the person’s list of messages is practically public, which defeats the idea of encapsulating and hiding away implementation details.

This system, in action, would look something like this :

public class Main {

  public static void main(String[] args){
    Person henry = new Person("Henry");
    Person jimmy = new Person("Jimmy");
    Person kim = new Person("Kim");
    Person john = new Person("John");

    List<Person> persons = new ArrayList<Person>(){{
      add(henry);
      add(jimmy);
      add(kim);
      add(john);
    }};

    //Now, Jimmy wants to send a message to everyone.
    jimmy.sendMessage("Hi everyone!", persons);

    //And now we can read out Henry's copy
    List<String> messages = henry.getListOfMessages();

    for(int i = 0; i < messages.size(); i++){
    	System.out.println(messages.get(i));
    }
  }
}

OUTPUT :
Jimmy: Hi everyone!

Using the Mediator Design Pattern

The above solution works just fine. However, it is incredibly messy, and puts far too much responsibility into the hands of the Person class, when it would be more appropriate to delegate the job to another class.

Let’s implement a mediator to do this task.

public class ChatMediator{
  List<String> chatHistory = new ArrayList<String>();

  public static void addMessage(String message){
    chatHistory.add(message);
  }

  public static void readMessages(){
    for(int i = 0; i < chatHistory.size(); i++){
      System.out.println(chatHistory.get(i));
    }
  }
}

Simple, right? Let’s see the effects of the mediator design pattern on the Person class’s implementation.

public class Person {
  private String name;

  public Person(String name){
    this.name = name;
  }

  public void sendMessage(String message){
    ChatMediator.addMessage(name + ": " + message);
  }

  public void readMessages(){
    ChatMediator.readMessages();
  }
}

The implementation of the Person class is refreshingly simple. Two methods with only one line of code in each. By using a mediator, we cut down the complexity of the Person class by a great amount, instead, delegating the complex implementations to another class.

In other words, the ChatMediator is the middle-man. It takes the message the Person wants to send, and handles the processing by itself. By doing this, the Person class is no longer bloated, and is incredibly easy to read and use.

And finally, putting it all into action :

public class Main {

  public static void main(String[] args){
    ChatMediator cm = new ChatMediator();

    Person henry = new Person("Henry");
    Person jimmy = new Person("Jimmy");
    Person kim = new Person("Kim");
    Person john = new Person("John");

    henry.sendMessage("Hey everyone!");
    jimmy.sendMessage("Hi Henry!");
    kim.sendMessage("Oh, hi guys!");
    john.sendMessage("Let's go to the park later!");

    henry.readMessages();
  }
}

OUTPUT:
Henry: Hey everyone!
Jimmy: Hi Henry!
Kim: Oh, hi guys!
John: Let’s go to the park later!

Conclusion

When you want multiple objects to communicate with each other, it is often best to use the mediator design pattern. In particular, if you are dealing with a class that contains many methods, in addition to the communication components, it is a good idea to delegate some of the responsibility to another class.

The mediator design pattern makes code simpler and readable. It abstracts away details that the class does not need to know, namely how the implementation works. As far as the Person class was concerned, it only needed to know that the sendMessage method would send a message, through the help of a mediator, and that it could read out all the messages by invoking the readMessages method. The implementation details do not matter to the Person class, so they can be safely delegated away to a mediator, leading to simple and encapsulated classes.

Double Brace Initialization

Henry Dang Java

In many languages, you can create list literals, which allow you to create a list with elements already pre-defined inside of it.

But what about Java?

List<Integer> list = new ArrayList<Integer>(1, 2, 3, 4);

If you come from any language that supports list literals, you would expect the snippet above to work. Unfortunately, the snippet doesn’t compile.

The alternative and obvious solution would be to write :

List<Integer> list = new ArrayList<Integer>();
list.add(1)
list.add(2)
list.add(3)
list.add(4)

While this approach does work, it has a drawback.
The drawback is that you cannot use anonymous lists as a parameter for a method. Since you can’t initialize and fill a list with data at the same time, it follows that you can’t create an anonymous list and fill it with data either.

public void printList(List<Integer> list){
  for(int i = 0; i < list.size(); i++){
     System.out.println(list.get(i));
  }
}

The printList method can’t be used with an anonymous list. Since you can’t insert any data into an anonymous list, the printList method is completely useless.

The Solution

Double brace initialization allows you to create a List and fill it with data at the same time.

  List<Integer> list = new ArrayList<Integer>() {{
    add(1);
    add(2);
    add(3);
    add(4);
  }};

With double brace initialization, you can now use an anonymous list as input.

  printList(new List<Integer>(){{
    add(1);
    add(2);
    add(3);
    add(4);
  }});

Output :
1
2
3
4

EDIT: The above can be more concisely done with :

printList(Arrays.asList(1,2,3,4));

You can also use for loops with double brace initialization, as well as declare variables inside.

For example :

printList(new ArrayList<Integer>(){{
  add(1);
  add(1);

  int x = 1;
  int y = 1;
  int z = 1;

  for(int i = 0; i < 8; i++){
    x = y;
    y = z;
    z = y + x;
    add(z);
  }
}});

In the code above, we are simply filling a list with the first 10 numbers of the Fibonacci sequence and printing them out.

The results :

1
1
3
5
8
13
21
34

 

How Double Brace Initialization Works

The first set of curly braces creates an inner class for the anonymous list.
The second set of curly braces will create an instance initialization block, which is a block of code that will run before the constructor is called.

Here’s an example of what that looks like :

public class A {
  {
    System.out.println("Hello World!");
  }
}

public class B {
  public static void main(String[] args){
    A a = new A();
  }
}

Output :
Hello World!

So when we do double brace initialization, what we’re really doing is creating a new List, making an inner class with the first set of braces, making an instance initialization block with the second set of braces, and then filling the list with data inside the instance initialization block.

Overall, double brace initialization is a quick and nifty trick that will save you the agony of actually making named lists and manually adding in the defined data one at a time, when you can simply insert an anonymous list with all the defined data instantly.

Top Five Tips for Cleaner Code

Henry Dang General Programming, Java, Software Development

We’ve both been there.

You open your favorite programming IDE, and right there. A glorious mess of spaghetti code. You have no clue what it means, and you can’t understand a single thing.

Bad code can waste precious hours of time, when it really should have only taken a few minutes to understand the code if it were refactored and cleaned up.

So today, I’ll teach you, in five simple tips, how to spare other programmers from facing a giant plate of spaghetti.

1. Stop Commenting

That’s right. Stop commenting. While this is controversial, comments are a sign of bad design. If someone needs to read your comment to understand what your code is doing, it is a sign that your code is unreadable. Follow common conventions for your programming language, and make sure what you’re writing is self-explanatory. Which leads into my second tip…

2. Use Good Variable Names

Everyone knows this, but few actually do it correctly. First of all, and this is the critical, stop shortening your variable names. Yes, you can shorten the word “minimum” to min, but if you’re working on an application that handles time, your reader may think min refers to minutes. In particular, if you’re shortening a word, and that shortened word can possibly refer to more than one word, don’t do it.

Readers may also be confused if your variable names don’t actually say what you mean.

For example, imagine if you created a variable called “days”. What does that mean? Days elapsed? Days before something happened? The amount of days in the month? Be specific. Refactor days to daysElapsed, daysInMonth. Do NOT put a comment and write “days refers to the days elapsed since …”. That is absolutely nonsense. Make your variable names self-explanatory.

3. Keep It Simple, Stupid!

Ah, the good ol’ KISS principle. The simplicity of your code determines whether someone looks at your code and says, “WTF IS THIS?” to “Okay, this makes sense.”

If you’re programming a certain function, be clear. Avoid using silly round-about ways. Especially avoid “clever” solutions. Clever and tricky solutions may be shorter or faster, but they can cripple reading speed. Usually, when people do these clever solutions, they will put comments everywhere to compensate for the fact that no one actually understands what they wrote, which ties into tip #1.

This principle also applies to re-inventing the wheel. If your language comes built-in with a feature, use it. Don’t re-implement a data structure that already exists. Often, it isn’t the programmer’s fault, though, since they might not know about the existence of a certain feature. However, this is not an excuse when you are working with other programmers. If what you wrote in 100 lines could be replaced by 1 line, then it should be refactored.

4. Stop Creating God Objects

A good object is one that knows only what it should know, and no more.
A god object is one that knows too much, in particular, things that it shouldn’t.

For example, imagine you had a chair object. It should not know anything except for itself. If your chair knows your social-security number, how much money you make a year, and how many chairs there are around it, then your chair is either the world’s greatest secret spy agent, or it shouldn’t exist.

5. Public Exposure

All variables in a class should be private, unless there is a very compelling reason for a variable to be public. There are very few reasons for a variable to be public, unless it is a global constant, such as Math.PI.

The inverse of this is also true. Stop exposing your privates! If your private variable does not require a getter, do not make a getter. You should be encapsulating your code.

If you have a rectangle class, and you only ever need its area, then don’t make a getter for its width or length. Just make a single public method that multiplies the private width and length variables.

Hide your implementation details! If you have a computer, and you just want to send an email, then there is no reason the user would need to know about the internal workings on the computer. The user doesn’t care how many volts the computer needs. The user doesn’t care about how many gigabytes of RAM the computer has. The user just wants to send an email. And your computer should allow them to do exactly that, in one simple function, without knowing anything else about the computer.

Remember these five points, and you’re sure to write cleaner code.

Java DOM Parser

Henry Dang Java

What is DOM?

DOM stands for Document Object Model, and it’s essentially the common convention for representing an XML and HTML files. However, for this specific tutorial, we will only be focusing on XML files.

The structure consists of elements, also known as nodes, which may have more elements inside of them.
For example, consider this list of players on a team:

<?xml version="1.0" encoding="UTF-8"?>
<team>
  <player>
    <first_name>Henry</first_name>
    <last_name>Dang</last_name>
    <ranking>1</ranking>
  </player>

  <player>
    <first_name>John</first_name>
    <last_name>Smith</last_name>
    <ranking>3</ranking>
  </player>

  <player>
    <first_name>Kelly</first_name>
    <last_name>Doe</last_name>
    <ranking>2</ranking>
  </player>
</team>

In this case, “team” is known as the root, but it is still an element.
The “team” element has three “player” elements inside of it. Each “player” element also has three distinct elements: “first_name”, “last_name”, and “ranking”.

The “first_name”, “last_name”, and “ranking” elements all have values inside, which are known as the element content. If an element has an element content (not an attribute), then it does not have any child elements.

How to Parse the XML

First, you need to create an XML file with the above elements pasted inside.

Next, we need to place the XML file inside the project.

Parsing the actual XML is simple and straight-forward.

public void parseFile() {
  DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();

  try {
    DocumentBuilder db = dbf.newDocumentBuilder();
    String path = new File("data.xml").getAbsolutePath();
    Document doc = db.parse(path);

    // Puts document into the conventional normal form
    doc.normalize();

    // Make a node list with all the "player" elements
    NodeList list = doc.getElementsByTagName("player");

    System.out.println("------------------------------");

    for (int i = 0; i < list.getLength(); i++) {

      // Grab the i'th "player" tag
      Node node = list.item(i);

      if(node.getNodeType() == Node.ELEMENT_NODE) {
        // If it's an element, we can safely cast the node to an element
        Element element = (Element) node;

        //Now we can print out the value for all
        //child nodes of the player element.
        System.out.println("First name : " +
          element.getElementsByTagName("first_name")
              .item(0)
              .getTextContent());

        System.out.println("Last name : " +
          element.getElementsByTagName("last_name")
              .item(0)
              .getTextContent());

        System.out.println("Ranking : " +
          element.getElementsByTagName("ranking")
              .item(0)
              .getTextContent());

      System.out.println("------------------------------");
      }
    }
  } catch (ParserConfigurationException | SAXException | IOException e) {
  e.printStackTrace();
}

And the output :

——————————
First name : Henry
Last name : Dang
Ranking : 1
——————————
First name : John
Last name : Smith
Ranking : 3
——————————
First name : Kelly
Last name : Doe
Ranking : 2
——————————

A* Algorithim

Henry Dang Java

A* is a popular pathfinding algorithm, and is often used in 2D games for finding the shortest path between two places.

How It Works :

It works by using two different lists : an open list and a closed list.
The open list contains all “open” spaces, or spaces that have not been traversed yet. The closed list contains all spaces that have already been traveled. In particular, it includes the spaces for any obstacles, and the starting point.
The algorithm itself works by looping through and checking the open spaces and its neighbors. When it finds a good space, it will add that space into the closed list, and remove that space from the open list. Eventually, the algorithm will find its way to the end point, in which case, the loop will terminate and the shortest path will be found.

But how does A* find the “best” space?
It calculates it through simple formula :
F = G + H

G is the cost of moving to a certain square. For the sake of simplicity, imagine that we have a man on a 10 by 10 graph. For the same of simplicity, the man will only be allowed to walk in the four cardinal directions. Since all of the squares are equidistant from the next, all of the squares must have the same G cost. In this scenario, the G value for moving a single square can be any number, but in this case, we will set it to 1.

H is the heuristic. A heuristic is essentially a “guess” of the distance between the starting point and the end point. There are many ways to calculate the heuristic, such as the Manhattan Distance and the Euclidean Distance. In this tutorial, we will be covering the Manhattan Distance.

Manhattan Distance can be calculated by the following psuedocode :

function getHeuristic
  x = abs(startX - endX)
  y = abs(startY - endY)
  return minCostToMove * (x + y)

In our scenario, imagine that the man starts at the upper top left of the graph, at (0, 10). The end point is at (0, 0), at the very bottom left of the graph.
If we calculate the heuristic at the starting point, we find that our H value is 10. In other words, our man is at an absolute distance of 10 units away from the end point.

From here, there are two possible moves the man can make : downwards and to the right.

Now, we can put the formula stated above to good use.

Let’s consider moving to the right.

F_right = G + H
F_right = 1 + 11 = 12

If the man moves to the right, he will incur an F cost of 12.

But what happens if we move downwards?

F_left = G + H
F_left = 1 + 9 = 10

Since F_left < F_right, it can be concluded that moving to the right will take us farther away from the end point than moving downwards. As a result, the man will move downwards, since the F cost is lower for moving downwards.

If we repeat this over and over again, the man will eventually reach the end square by moving straight downwards. If the man moves in any other direction besides downwards, he will incur a higher F cost, since the H cost would increase if his absolute distance increased.

Terminate Conditions

A* will continuously run until one of the following conditions are met :

1. There are no more open spaces that can be traversed.
2. The shortest path to the end is found.

The only time the 1st scenario would happen is if there is no available path to the end. In this case, if the end point is impossible to reach, then there will be no shortest path available.

If you need a path-finding algorithm, particularly for graph traversal, A* is one of the many algorithms you can use.

Basic Multithreading in Java

Henry Dang Java

Imagine that you have a sign-in system. However, for each sign-in, it takes half a second to complete. If ten people sign in, it would take five seconds to finish. For a hundred, it would take fifty seconds, and so forth. The run time would increase at a horribly fast rate if the sign-ins were processed one at a time.

But what if we wanted to process all of these sign-ins at the same time? We can solve this problem with multithreading. Multithreading is essentially the use of two or more threads at the same time in order to run a certain process concurrently.

(NOTE : this does not mean that an infinite number of sign-ins will all be processed in 0.5 seconds, as that requires an infinite number of processor cores.)

First, let’s create a dummy sign in class.

public class SignInRequest{
  public static void handleSignInRequest(){
    //insert magical logic here
  }
}

And then make a Request class using the Observer pattern, so that we can create a RequestListener afterwards.

Now, let’s create a new thread that we can run whenever we get a sign-in request.

public class SignInThread extends Thread{

  private SignInRequest request;

  public SignInThread(SignInRequest request){
    this.request = request;
  }
  public void run(){
    request.handleSignIn();
  }
}

At this point, we can use this SignInThread whenever we get a request.

public void onGetRequest(){
  SignInThread thread = new SignInThread();
  thread.start();
}

It is important that you run the start() method and not the run method.

By doing this, we can handle hundreds of sign in request concurrently, making the sign in process much faster.

In particular, threads are powerful when used with a computer with multiple cores.

For example, if you have 100 sign in requests, and multiple processor cores, you can split the sign ins between the cores by creating multiple threads. This means all of your cores can work at full-speed, whereas only one core would be used if it was not multithreaded.

However, you can multithread with a single core as well. However, when you only have one core, multithreading will not give any speed boosts, and it would be practically the same as if your code was single-threaded.

The most well-known use for multithreading is when you have a GUI. Consider a GUI program that calculates giant numbers. What happens if the calculation takes 30 seconds, and you decide to cancel the calculation? If the program only had a single-thread, this task would be impossible. The user cannot click the cancel button until the calculations are done. However, if it is multithreaded, then the calculations are completely separate from everything else. As a result, the user would be able to click the cancel button, since the calculations are done on a separate thread.

Multiple threads, with multiple cores, will cause your code to run much faster. Faster code, higher efficiency, and the ability to multitask. What’s not to like?

Sorting Lists with a Comparator

Henry Dang Java

You receive a list of names, and you’re told to sort them alphabetically.

“Well, that should be easy!” you think. You can just iterate through the list and sort it with merge sort or quick sort.

But why go through all that effort, when you can just use a Comparator?

public void sortListAlphabetically(List list){
  Collections.sort(list, new Comparator(){
    @Override
    public int compare(String a, String b){
      return a.compareTo(b);
    }
  }
}

Collections.sort takes in two parameters : a List and a Comparator.

You can override Comparator‘s compare method and specify how the sorting will work. In this case, the compareTo method compares the first string with the second, alphabetically. It does this over and over again, comparing each String to the next (using merge sort) until the whole list becomes sorted alphabetically.

Of course, since a Comparator is a functional interface, meaning it only has one method, you can call it in a more elegant way via a lambda statement.

public void sortListAlphabetically(List<String> list){
  Collections.sort(list, (a, b) -> a.compareTo(b);
}

No @Override tags. No method names. No bloated code.
Just elegance and simplicity.