Saturday, December 22, 2012

Board games on the iPad: a technology showcase

Of the thousands and thousands of titles available for the iPad and tablets generally, a genre where the device comes into its own is that of board game conversions.
Stone Age screenshot

A number of excellent implementations of genuinely absorbing strategy board games (as well as more traditional games such as Scrabble and Monopoly) are now available, with more being continually added to the list. Here are a couple of favourites I have reviewed recently:


  • Settlers of Catan, something of a "classic" among strategy board game fans, works particularly well on the iPad and in this implementation includes (as in-app purchases) the Seafarers and Knights & Barbarians extensions, making the iPad version extremely good value for money.
  • Stone Age is a more recent board game, involving a combination of "resource gathering" as found in Catan along with turn play revolving around "strategic choice of actions". The iPhone implementation discussed in the review is very playable, faithful to the original and attractively presented, with a high-resolution iPad version on the way. In the meanwhile, the iPhone version will play on the iPad, albeit in slightly low resolution if you have a non-retina iPad.
  • Puerto Rico and its card game cousin San Juan are both available for iPad. Puerto Rico features an admitted slightly crowded screen in order to fit on the entire game board and islands of up to 5 players. Its card game cousin San Juan is slickly presented and its less complicated layout lends itself well to the iPad.

A key features of all of these implementations is pass and play mode, to which the iPad clearly lends itself. Like many other board game fans, I look forward to seeing what further offerings become available over the coming months and will post reviews of my favourites to the Multimobilia site.

Thursday, December 20, 2012

LetterMeister for iPhone free for limited period

The LetterMeister word puzzle game published on this site is now free to download for a limited period, reduced from the regular price of $1.99 Take advantage to download your copy now!

If you have a QR Code reader for iPhone, then scan the image to the right. Else search for LetterMeister in the App Store for more information.

The desktop version is also available for Windows, Linux and Mac OS.



Monday, December 10, 2012

New comments and links facility being rolled out

On most pages of the Javamex programming site, you can now add feedback and questions to the articles. Look out for comments boxes in the following locations:

  • in the box to the right of the main page;
  • in the box at the top right of certain "popular" articles;
  • in the box at the bottom of the page beneath most articles.
Some popular articles on the site where we may expect to see comments include the sections on the Java volatile keyword and synchronisation, Java threads (which includes various tutorials on threading and multitasking in general, including thread scheduling) and random numbers, which looks at various pitfalls associated with using the standard Java random algorithm and how and when better algorithms should be used, e.g. for security purposes or to improve "simulation" type applications.

It is hoped that by having this comments facility, both regular and new readers of the Javamex programming tutorials will be able to engage in discussion and improve both their knowledge and the content of the tutorials.

Sunday, November 25, 2012

Encrypted world war II droppings

The public's imagination has apparently been captured this month by stories of an encrypted World War II message found attached to the leg bone of a carrier pigeon that had apparently been lodged in a chimney in Surrey for the past 70 years.

There doesn't seem to be complete consensus on the identity of one or two of the letters, but a transcription of the message looks essentially as follows:


AOAKN  (.)  HVPKD   FNFJW    YIDDC
RQXSR        DJHFP      GOVFN   MIAPX
PABUZ        WYYNP   CMPNW  HJRZH (.)
NLXKG       MEMKK   ONOIB    AKEEQ
WAOTA (.)  RBQRH    DJOFM    TPZEH
LKXGH        RGGHT    JRZCQ     FNKTQ
KLDTS         GQIRW    AOAKN

The dots in parentheses probably aren't part of the encoded message as such, assuming word/phrase/sentence boundaries were not explicitly encoded. But they may be a clue to such boundaries, with the scribe inadvertently inserting them as they came to the end of a sentence/phrase. They suggest that at the time of transcription, such boundaries were still present, probably ruling out a system akin to today's modern block ciphers.

Notice the sequence "AOAKN" appearing both at the start and end, which is presumably not part of the encoded message, but possibly a reference to the encryption key, some kind of "message start/end codeword", or some kind of authentication sequence.

So what does the message say? Can it be decoded with modern computational methods? Simple schemes such as letter substitutions and even variants of the FairPlay cipher apparently used at one point during WWII could potentially be deciphered.

But despite various rumours and hypotheses I have seen on a few Internet forums, unfortunately, the distribution of letters in our mystery message appears to be consistent with encryption using a one time pad. In a one time pad, one "mixes" each letter in the message with the next letter of a secret randomly generated sequence known only to the sender and recipient. If implemented properly (meaning the stream of letters forming the one time pad has to be genuinely random and never re-used for multiple messages or parts of messages) then this scheme is completely secure. (Modern stream ciphers are inspired by the technique, but rely on a generating a pseudorandom sequence from a relatively small secret random key; as with modern cryptographic techniques in general, they are "secure enough in practice for the use to which they are put" if their usage guidelines and limitations are properly understood.)

One hope for "cracking" the message would be if the such a scheme was not implemented properly (for example, using as "secret" one time pad a sequence of letters based on a known text such as the American Constitution, or indeed any text in a common language with well-studied letter/word distributions.

One other thing seems clear: if the message is crackable without more information, the people with the tools and knowledge to crack it are GCHQ if they can be bothered.  So my guess is that (a) with minimal resources and standard tools they have decoded the message and this is a recruitment drive, or (b) GCHQ have ascertained the scheme is some variant of a one time pad (or not something they can trivially decode with the resources they can be bothered to devote to some one-off 150 character message from World War II) and what is being sought is some of the "social" knowledge around locating the key/clues to its generation in case they can then idly decode it with close to zero effort.

And in the worst case, the story has revived public interest in history, mathematics, computing etc while being a temporary distraction from the humdrum financial turmoil and political scandal which otherwises graces our news outlets.

Thursday, November 8, 2012

Reading environment variables and system properties in Java

The first of a new section of forthcoming tutorials "miescellaneous and system" features of Java, a new tutorial has been added on reading environment variables and system properties in Java.

The tutorial looks at issues such as:

what technically is the difference between OS environment variables and Java system properties?
commonly defined properties for cross-platform use
how to enumerate environment variables and properties, including how to unify the two separate APIs.

As usual, comments, feedback and requests for new tutorials are welcome via the Javamex forum.

Saturday, September 1, 2012

Java 7 patched, although there are still reports of vulnerabilities

The reported vulnerability in Java 7, which allows untrusted code to override the SecurityManager and hence run malicious code on a client machine, was patched by Oracle on Thursday. Java 7 Update 7 fixes the vulnerability in the form in which it is actually known to be being exploited "in the wild".

General users can download the update to Java here.
Developers can download the update here.

There still remain reports that the patched version still contains a vulnerability allowing the SecurityManager to be overridden, but not in a form currently known to be being exploited. You are advised to "watch this space"...!

Wednesday, August 29, 2012

Serious vulnerability in Java 7: another nail in the coffin for Java as a client-side web technology

On Monday, an "extremely critical" vulnerability was announced in version 7 (i.e. all versions 1.7.x) of the Java Runtime.

The vulnerability is effectively that Java's Security Manager settings, controlling permissions that govern critical operations such as file access, network connectivity, running external processes, can be overridden. In particular, the Java web browser plugin normally sets security restrictions ("sandboxing") meaning that arbitrary files cannot be read from the host machine and arbitrary processes cannot be started by a Java program embedded in a web page. The vulnerability discovered in Java 7 effectively allows these restrictions to be bypassed (specifically, this example code does so by making reflective calls via the Javabeans framework).

This vulnerability-- more so than previous cases, it seems-- has sparked a strong message from many commentators that Java applets are no longer a fundamental part of the web infrastructure. The advice given by many industry commentators is that Java is not needed by most users and should be disabled: the security risk it poses outweighs the benefit for non-specialist users.

If for you, Java is still a "core" piece of web technology, then less extreme action you could take:

  • using Google Chrome, go to chrome://plugins and ensure that the Java plugin is not set to "Always allow" and only run Java on sites that you trust;
  • use another browser, with Java disabled (or a device such as the iPad that doesn't support Java) for browsing sites that are not in your "trusted" list;
  • when using a public network (e.g. in a coffee shop etc), use a browser or device that does not have Java installed (e.g. your iPad is safe);
  • if you have to use your laptop over a public network with a Java-enabled browser, do so over a VPN.

Of course, whenever you browse to an untrusted web site and/or use a non-encrypted connection over a network with components that are easily controlled by a third party (e.g. in a miscellaneous coffee shop) there is a tangible risk from various possible vulnerabilities. What arguably makes this vulnerability different is that: (a) it is relatively easy to exploit by an attacker; (b) in the race to close the vulnerability, the Bad Guys currently have the "upper hand": an exploit has already been integrated into standard hacking tools whereas no patch is available or announced (at the time of writing).

So... check your Java settings and watch this space!

Update: a patch has been released which partially addresses this vulnerability.

Sunday, August 26, 2012

LetterMeister 0.72b

A miunor update to LetterMeister was released today. Version 0.72b of the word puzzle game for desktop makes an improvement to the rendering of certain on-screen prompts (such as level announcements) to improve the anti-aliasing of the text.

Wednesday, August 22, 2012

Version 0.71b of LetterMeister word puzzle game

LetterMeister, the free word puzzle game published on this site, is now in version 0.71b and includes German as one of the language options. Full details, including some details of how German has been implemented specifically, are given in this blog post.

Sunday, August 19, 2012

Version 0.7b of LetterMeister released

A new update to the LetterMeister word puzzle game for Windows, Linux and Mac was released today. The new version is a minor update to the version released the other week which now includes French and Spanish in addition to English.

Thus, the game should provide a fun way for language learners to reinforce their French and Spanish vocabulary.

LetterMeister word game is also available for iPhone/iPad and can be downloaded from the App Store in the usual way. The latest version for iOS also features the option to play in Spanish and French in addition to English. It also features Game Center integration, allowing you to pit yourself against friends and other LetterMeister players!

For those looking for a more structured way to learn and practise their vocabulary, you may be interested in French Vocab Games, also available from the App Store.

Wednesday, July 18, 2012

Free in-app purchases... if you're prepared to hand over your iTunes credentials to Russian hackers...

There's nothing like a reminder that IT Security Is Difficult when examples emerge of companies with significant development resources falling victim to security holes. Such is the case with this exploit of iOS in-app purchases exposed a few days ago.

In this particular case, I don't think the consequences of the flaw will necessarily be so terrible. To implement it, you apparently need to install certificates, fiddle with DNS settings and hand over your iTunes account credentials to Russian hackers-- I suspect that at least one of these steps may be a hurdle for the average user of a platform generally chosen specifically by users who want to avoid this kind of hackery-pokery. But it serves as a wakeup nonetheless.

The wakeup call to Javamex readers is that the main programming flaw appears to have been a failure to adhere to a basic principle of secure connections: ensure that the server that you think you're talking to actually is the server that you're talking to!

LetterMeister 0.4b released

LetterMeister 0.4b, released at the beginning of this week, now includes in-game music.

Tuesday, June 26, 2012

LetterMeister 0.3b released

A small update to the free desktop version of LetterMeister has been released today. If you're into puzzle games and you haven't tried it yet, then what are you waiting for?

If you're not familiar with the game, then the idea is to re-arrange letters in a "crossword" grid to reveal the original scrambled words. To help you, coloured clues guide you to the correct positions. The game can be configured to suit your level of vocabulary, so it is suitable for both English learners at a relatively basic level and advanced students of English and word game aficionados.

If you download the game, please remember to Like LetterMeister on Facebook to follow updates.

Thinking of switching to Mac? Don't throw your PC away yet!

It turns out that Orbitz are planning to offer Mac users more expensive hotels than PC users when booking their holiday.

Just two questions:

  • will this lead to a spate of "disguise your Mac as a PC" plugins for Safari?
  • will Orbitz also be offering Linux users a selection of hotels with reprogrammable safes and replumbable showers?

Friday, June 22, 2012

We're going into space!

I will be participating in the ArduSat project to send an Arduino-based satellite into space. This means I will have a week's runtime on the satellite and will be asking Javamex readers for your suggestions of experiments/photographs that you would like to see taken from the satellite. More details to follow shortly: watch this space!

UPDATE: The ArduSat team have been enormously successful in reaching their funding goal within a few days of launching the project. The goal is now to raise funds to send a larger satellite, allowing more interesting experiments. This is really a unique opportunity for ordinary developers to get involved. Click here to see why you should back the project.

(Right: the Orion Nebula. Photo: Neil Coffey.)

Thursday, June 21, 2012

Don't leave your iPhone connector plugged in near moisture!

How many of you leave your iPhone connector permanently plugged in ready to charge your iPhone when needed? Well, if you do, be careful that the connector doesn't get near moisture. This is what I discovered had happened to mine the other day!

Monday, June 4, 2012

Nothing to do with Java programming: today's lunar eclipse

It's got nothing to do with Java programming whatsoever other than my scheduled coffee consumption for the rest of the day. I made the effort to get up early today to capture a few pictures of this morning's lunar eclipse and the results were not disappointing. This picture is taken through a 5 inch telescope just as the moon begins to set over the horizon as the day dawns: you can see the approaching silhouettes of the trees on the left and the section of the moon in the earth's shadow in the bottom right.

So as I settle in for a caffeinated less-than-productive day of programming, I thought I'd share this picture with fellow programmers... :)

See @BitterCoffey on Twitter for a larger version of this and another picture from the eclipse.

Friday, June 1, 2012

Javamex now has a Facebook page

Finally, a Facebook page has been set up for Javamex. Announcements about new material, discussions about Java etc will be posted to the page.

Like Javamex on Facebook.

Can Java be copyrighted? Last chance to give your opinion!

Please don't forget to give your opinion in this site's survey on whether a programming language can be copyrighted. Over 100 responses have been received, but it would be nice to get a few more before publishing the results. So... don't be shy!

How do you convert to and from hex in Java?

A question that I've seen come up fairly regularly among beginners, and indeed among some more experienced programmers, is that of how to convert from decimal to hexadecimal and vice versa in Java. This page explains how to convert integers to/from hex in Java.

LetterMeister v 0.2 beta for Windows/Linux/Mac OS

Version 0.2 beta of the LetterMeister word puzzle game was released today and is now available as a free download. To run the game, you will need Java runtime version 6 or later.

This is a port of the original LetterMeister game for iOS.

The update brings some graphical and UI improvements. If you do download the game, then in order to receive notifications of updates please also subscribe to the game's Facebook page via the in-game button.

Thursday, May 10, 2012

Can a programming language be copyrighted?

If you haven't done so already, please don't forget to fill in our survey on the copyrightability of programming languages: the results are due to be published soon!

Max length increased for Javamex forum

The maximum allowed length of entries/comments on the Javamex blog has been increased. It has come to my attention that the previous length was a little short for adding questions plus sample code. If anyone still has trouble posting their question, then please contact me or leave a comment here.

Wednesday, May 9, 2012

Hash codes again: picking the right horse for the course

An interesting question on the Javamex forum concerning hash codes.

Tuesday, May 8, 2012

Using BufferedImages in Java: what type gives fastest performance?

The first pages of a new section on graphics programming in Java includes some information on the performance of different types (formats) of BufferedImage.

As you will be aware if you have used this class, BufferedImage provides a range of different internal formats, specified by a constant at the type of creating the image object. Sometimes it can be non-obvious which format to opt for among apparently functionally similar choices. For example, TYPE_3BYTE_BGR vs TYPE_INT_RGB are functionally similar, as are TYPE_INT_BGR vs TYPE_4BYTE_ABGR. But is there any performance difference between using an int or separate bytes per component? And how much of a peerformance hit is it to include an alpha (transparency) component?

Or perhaps it is better to opt for one of the USHORT types allowing storage in only 2 bytes per pixel, thus requiring less data throughput and presumably higher performance?

As an example, some actual performance tests of BufferedImage.setRGB() are given. Integer storage is shown to be better performing overall than byte-by-byte storage, as is maybe to be expected. But on the test system, a perhaps surprising finding is that when combined with integer storage, including a transparency component actually increased performance, presumably because this combination is closest to the native image format used on this system. Despite the throughput argument, 1- and 2-byte per pixel formats performed poorly. The moral of the story is that measurement is as important as common-sense assumptions!

Comments/discussion about BufferedImage are welcome here or in the corresponding page of the Javamex forums.

Wednesday, May 2, 2012

iPad advertising trouble again...

Apple continues to meet with pressure over the advertising of the iPad 3. This time, it's the turn of the UK's Advertising Standards Authority to pressure Apple into removing references to "4G".

Monday, April 16, 2012

New Javamex blog

The old Javamex forum is shortly to be retired. A new Javamex forum has now been set up to take its place. From now on, if you wish to ask a question about Java or the Javamex web site, please do so on the new forum.

Note that you will need to re-register on the new forum.

New article: file system notifications

A new article has been added on file system notifications. The article explains how your Java app can ask the underlying O/S to be notified of modifications to files in particular directories, e.g. for monitoring log files, watching for files created by an external process, or files opened by your application.

The article also looks at some of the limitations and pitfalls of using Java's WatchService API.

Saturday, February 25, 2012

Win a £20 iTunes voucher

To celebrate the launch of the new LetterMeister game published on the Javamex site earlier this week, enter the LetterMeister hi score competition to have the chance of winning a £20 iTunes gift certificate!

Wednesday, February 15, 2012

If we were to "fix" the Internet today, would we get it right?

Prof Alan Woodward of Surrey University presents an interesting viewpoint today on the state of our current Internet infrastructure. Practically all of the present "security" features were shoehorned in on top of an infrastructure that was never really designed with security in mind. With the benefit of hindsight, maybe what we need is simply a new infrastructure, designed from the ground up to meet our current needs and use, be that in terms of security or other features.

On the other hand, security isn't the only feature absent from basic Internet infrastructure because it was not thought of in the 1970s. It is probably for similar historical reasons that the Internet crosses many political boundaries that some of our current governments appear to wish it didn't cross.

So if we were to re-design the Internet today, some questions arise:
- the infrastructure that we have today met the needs and capabilities of the 1970s; how would we guarantee that a new infrastructure invented today wouldn't simply be reflecting the needs and capabilities of 2012? In 20 years time, would there be a similar conversation ("well, you see, quantum decryption wasn't a real threat back in the 2010s")?
- what would the political pressures be on an Internet infrastructure invented in 2012? How many back doors into the security features would governments try to force into the specification? How much pressure would there be for the application of content filters and bandwidth allocation to reflect the degree of bribery (sorry, "funding") provided by such-and-such corporation to the political parties involved in legislating the infrastructure?

We should also be careful not to mask political failure as being a purely technological problem. On some level, identity theft and other cybercrimes occur both because our technology permits it and because, one way or another, our political structures still leave the risk-benefit tradeoff stacked in favour of the criminals in question.

Wednesday, January 25, 2012

Symantec advise users to disable pcAnywhere

According to a white paper released by Symantec, the source code to various of its produces that hacker group Anonymous recently threatened to disclose was stolen in 2006, and users are advised to disable pcAnywhere until further notice. Specifically, the paper states:

"pcAnywhere is a product that allows for direct PC to PC communication and this does expose some risk if the compromised code is actually released."

This seems to imply that pcAnywhere is based on security through obscurity. (Presumably, the same security risk actually exists, albeit to a lesser extent, whether or not somebody releases the source code: whatever information is in the source code is in principle available by reverse engineering the compiled code.)

To me, the event underlines at least two lessons:

- this is precisely what may happen if you rely on security through obscurity
- if you have some security-sensitive source code stolen, "right now" would be a good time to review the stolen code, rather than 6 years later...

Or is there something about the content of the white paper and the incident in general that I'm misunderstanding?