Archive for the 'Uncategorized' Category


Notes on Java Collections..

Mar 23, 2009 in Java, JavaUsage, Uncategorized

Collections characteristics:

  • synchronized (hashtable-yes, hashmap-no, vector-yes, arraylist-no)
  • directionality (iterators)
  • allow null values (hashtable-no, hashmap-yes)
  • preserve insert order
  • duplicates (set-no, list-yes)


  • Collections interfaces: Collection, Set, List and Map.
  • To synchronize HashMap:

    Map m = Collections.synchronizeMap(hashMap);

  • Some implementations: HashSet, HashMap, ArrayList, LinkedList, TreeSet and TreeMap.
  • An ArrayList is resizable, where as, an array is not.
  • Hashmap overrides?

    The methods to override are equals() and hashCode().

  • Difference between Enumeration and Iterator?

    Enumeration is read-only. Iterator provides remove and add methods
    and it is fail-fast in multi-threaded configurations.

Converting jpg to png in C# (CSharp) ..

Jan 12, 2009 in .Net, Uncategorized

using System.Drawing;
using System.Drawing.Imaging;

// apt-get install libgdiplus

class CGTest1 {

    public static void Main() {

        /* Image bmpImageToConvert =

        Image bmpImageToConvert = Image.FromFile("images/sample3.jpg");
        Image bmpNewImage = new Bitmap(bmpImageToConvert.Width,
        Graphics gfxNewImage = Graphics.FromImage(bmpNewImage);
                              new Rectangle(0, 0, bmpNewImage.Width,
                              0, 0,

        /*bmpNewImage.Save(Server.MapPath("userData/" &
          Request.QueryString("ID") & "/" & e.Item.Cells(2).Text &

        bmpNewImage.Save("images/sample3t.png", ImageFormat.Png);

Thanks to :

CISSP notes – Ch. 1 – Access Control..

Nov 27, 2008 in CISSP, Security, Uncategorized

From: CISSP Training Guide by Roberta Bragg

CISSP Training Guide

Confidentiality – Disclosure
Integrity – Alteration
Availability – Destruction

CIA: Confidentiality, Integrity, Availability
DAD: Disclosure, Alteration, Destruction (Denial)

Access control is the collection of mechanisms that permits managers of a system to exercise a directing or restraining influence over the behavior, use, and content of a system.

In most cases, you want to give the user the least amount of access he needs to do his job and nothing else. This concept is often referred to as the principle of least privilege. It gives you the power of combining authentication with access control.

The biggest problem with accountability is shared accounts.

Common access control techniques (types of access control)

  • Discretionary access control
  • Mandatory access control
  • Lattice-Based access control
  • Rule-Based access control
  • Role-Based access control
  • The use of access control lists

Discretionary access control
 Essentially based on human decisions.

Mandatory access control
 Based on using subject classification levels

Lattice-Based access control
 Based on graphs, partial order: reflexive, anti-symetric and transitive.

Rule-Based access control
 ACLs – a formalized rule-based control mechanism.

Role-Based access control
 Bell-LaPadula (BLP).
 .. confidentiality: is to prevent, detect, and deter unauthorized access to information..
 Simple security rule: Read Up No, Read Down Yes or RUN-RDY
 Star (or *) property: Write Up Yes, Write Down No or WUY-WDN
 Biba Model
 Deals with integrity ; opposite to BLP:
 Simple security: Read UP Yes, Read DOWN NO
 Star property: Write DOWN YES, Write UP Yes

The use of access control lists

Access Control Methodologies

 Centralized, Decentralized

Intrusion Detection (IDS)

 Methods and tools for monitoring networks and hosts and looking for attacks.

 IDS method types:

  • Host/Network
  • Passive/Active (listening, observing/collecting, scanning)
  • Known/Unknown (types of attacks)

Types of attacks

  • Monitoring
  • Spamming
  • Active
  • Passive

A key motto of security (again) is: “prevention is ideal, but detection is a must.”

IDS technique types

  • Signature matching
  • Anomaly Detection

Most systems are based on signature detection with some anomaly detection.

Common tools: Nessus and nmap.

Setup ssh without a password ..

Jul 30, 2008 in Uncategorized


ssh-keygen is used to generate that key pair for you. Here is a session where your own personal
private/public key pair is created:

cantin@sodium:~> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/cantin/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): <– press Enter…
Enter same passphrase again: <– press Enter again ..
Your identification has been saved in /home/cantin/.ssh/id_rsa.
Your public key has been saved in /home/cantin/.ssh/
The key fingerprint is:
f6:61:a8:27:35:cf:4c:6d:13:22:70:cf:4c:c8:a0:23 cantin@sodium

The command ssh-keygen -t rsa initiated the creation of the key pair.

No passphrase was entered (Enter key was pressed instead).

The private key was saved in .ssh/id_rsa. This file is read-only and only for you. No one else must see
the content of that file, as it is used to decrypt all correspondence encrypted with the public key.

The public key is save in .ssh/

In this case, the content of file is

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEArkwv9X8eTVK4F7pMlSt45pWoiakFkZMw
WQM= cantin@sodium

It is one line in length.

Its content is then copied in file .ssh/authorized_keys of the system you wish to SSH to without being
prompted for a password.

The example shown here generated keys on sodium by user cantin. If the public key generated,
file .ssh/, was copied to your account, file .ssh/authorized_keys on, then
user cantin@sodium is allowed to SSH into your own account on without the use of
a password.

To summarize, a personal private/public key pair is generated using the ssh-keygen command.
The public key is then copied onto a remote systems’ .ssh/authorized_keys file. And you can
now SSH to the remote systems’s account without the use of a password.

Eclipse TPTP Setup with Tomcat ..

May 10, 2007 in Eclipse, Java, Uncategorized

Good info on setting up Eclipse TPTP (Tracing and Profiling Tools Project) with Tomcat.


Notes (Part 3) from HeadFirst Java..

May 14, 2005 in Books, Java, Uncategorized

  • — Basic network read pattern:
    Socket socket = new Socket("", 5000);
    InputStreamReader isr = new InputStreamReader(socket.getInputStream());
    BufferedReader reader = new BufferedReader(isr);
    String message = reader.readLine();

    — Basic network write pattern:

    Socket socket = new Socket("", 5000);
    PrintWriter writer = new PrintWriter(socket.getOutputStream());
    writer.println("message to send");
  • — Basic thread pattern
    public class RunnableJob implements Runnable {
      public void run() {
    RunnableJob rj = new RunnableJob();
    Thread thread = new Thread(rj);
  • — Thread data access synchronization
    — If we synchronize two static methods in a single
    class, a thread will need the class lock to enter either
    of the methods.
  • — Collections
    — ArrayList
    — TreeSet – elements sorted, no duplicates.
    — HashMap – name/value pairs.
    — LinkedList – better performance for insert and delete of elements.
    (better for large data sets)
    — HashSet – no duplicates, fast search by key.
    — LinkedHashMap – same as HashMap plus preserves order of addition.
  • — Basic sorting pattern:
    ArrayList slist = new ArrayList();
    slist.add("a string");

    New classes to be used with ArrayList must implement
    “Comparable” (self compare).

    See the use of a comparator (call it MyCompare) which
    implements the compare(MyObject, MyObject)
    method, like this:

    Collections.sort(theList, new MyCompare());
  • — Collection types summary:
    — List – sequence.
    — Set – uniqueness.
    — Map – key search.
  • — HashSet duplicate check methods:
    hashCode(), equals().
  • — Control on polymorphic ‘collection type’ usage..
    public void takeAnimals(ArrayList<? extends Animal> animals) {
      animals.add(someAnimal); // <-- add is forbidden by the '?' wildcard
  • -- Static nested classes have access to static variables
    of the enclosing class.

    -- Anonymous nested classes have peculiar syntax capabilities:

    button.addActionListener(new ActionListener() {
      public void actionPerformed() {

    ActionListener is not a class, is an interface but in
    this context the 'new' instruction means 'create an
    anonymous class and implement the ActionListener

  • -- Access levels and modifiers:
    -- public - access by anybody.
    -- protected - same package + subclasses in or out of
    the same package.
    -- default - same package only.
    -- private - same class only.
  • -- Enumerations - a set of constant values that
    represent the only valid values for a variable.

    public enum Members { JERRY, BOBBY, PHIL };
    public Members bandMember;
    if (bandMember == Members.JERRY) {

Hello world!

Jan 01, 2001 in Uncategorized

Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!
(backdated from 2008/06/14)