Friday, March 29, 2013

Spring RequestBody Mapping Errors

If you have error gotten back a nice 400 Bad Request from Spring MVC when trying to map a pojo with @RequestBody this will help you find out what is failing.

public String handleMethodArgumentNotValidException(
MethodArgumentNotValidException error) {
return "Bad value";

public String handleTypeMismatchException(TypeMismatchException ex,
HttpServletRequest req, HttpServletResponse resp) {
LOGGER.error("Parameter failure: {}"
+ ex.getRootCause().getLocalizedMessage());
LOGGER.error("Invalid value is: {}" + ex.getValue());
LOGGER.error("Required type is: {}"
+ ex.getRequiredType().getSimpleName());

return "Bad value";

public String handleMessageNotReadableException(
HttpMessageNotReadableException ex, HttpServletRequest req,
HttpServletResponse resp) {
LOGGER.error("Failure: {}" + ex.getRootCause().getLocalizedMessage());

return "Bad value";

Wednesday, March 27, 2013

Spring @Transactional boundaries

InvalidDataAccessApiUsageException: detached entity passed to persist:

I experienced the exception above recently and thought it was simply, something like one of the following links:

Detached - a detached instance is an object that has been persistent, but its Session has been closed. The reference to the object is still valid, of course, and the detached instance might even be modified in this state. A detached instance can be reattached to a new Session at a later point in time, making it (and all the modifications) persistent again. This feature enables a programming model for long running units of work that require user think-time. We call them application transactions, i.e., a unit of work from the point of view of the user.

In fact though it was because I was executing the queries across two different transactions and once I added @Transactional to the service method they were being executed in -- it changed to the same transaction.

Tuesday, March 12, 2013

Browser based security attacks

2 Common Types

  1. Cross-site scripting uses known vulnerabilities in web-based applications, their servers, or plug-in systems they rely on. Exploiting one of these, they fold malicious content into the content being delivered from the compromised site. When the resulting combined content arrives at the client-side web browser, it has all been delivered from the trusted source, and thus operates under the permissions granted to that system. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access-privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. Cross-site scripting attacks are therefore a special case of code injection.
  2. Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf[1]) or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.[2] Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.     The Browser Exploitation Framework (BeEF)


3 Types:
  1. Ad-hoc polymorphism
  2. Parametric polymorphism
  3. Subtype polymorphism (or inclusion polymorphism)
Subtype polymorphism (or inclusion polymorphism): In object-oriented programming, subtype polymorphism or inclusion polymorphism is a concept in type theory wherein a name may denote instances of many different classes as long as they are related by some common super class.[1] Inclusion polymorphism is generally supported through subtyping, i.e., objects of different types are entirely substitutable for objects of another type (their base type(s)) and thus can be handled via a common interface.

Parametric polymorphism: Parametric polymorphism allows a function or a data type to be written generically, so that it can handle values identically without depending on their type.[4] Parametric polymorphism is a way to make a language more expressive, while still maintaining full static type-safety.
Parametric polymorphism is ubiquitous in functional programming, where it is often simply referred to as "polymorphism". The following example shows a parametrized list data type and two parametrically polymorphic functions on them:

Look further into Type Theory.

In mathematics, logic, and computer science, type theory generally refers to a class of formal systems, some of which can serve as alternatives to naive set theory as a foundation for all mathematics. In type theory, every "term" has a "type" and operations are restricted to terms of a certain type.

Douglas Crockford: Monads Douglas Crockford: Monads Talk Functional programming in Scala Erlang let it crash model Garbage collection in Erlang, very interesting read.

Erlang and "Let it Crash" Programming

Although Erlang is designed to encourage/facilitate a massively parallel programming style, its error handling may be even more noteworthy.

  1. Error handling in Erlang is very different from error handling in conventional programming languages. The key observation here is to note that the error-handling mechanisms were designed for building fault-tolerant systems, and not merely for protecting from program exceptions. You cannot build a fault-tolerant system if you only have one computer. The minimal configuration for a fault tolerant system has two computers. These must be configured so that both observe each other. If one of the computers crashes, then the other computer must take over whatever the first computer was doing. This means that the model for error handling is based on the idea of two computers that observe each other.
  2. Links in Erlang are provided to control error propagation paths for errors between processes. An Erlang process will die if it evaluates illegal code, so, for example, if a process tries to divide by zero it will die. The basic model of error handling is to assume that some other process in the system will observe the death of the process and take appropriate corrective actions. But which process in the system should do this? If there are several thousand processes in the system then how do we know which process to inform when an error occurs? The answer is the linked process. If some process A evaluates the primitive link(B) then it becomes linked to A . If A dies then B is informed. If B dies then A is informed.
    Using links, we can create sets of processes that are linked together. If these are normal processes, they will die immediately if they are linked to a process that dies with an error. The idea here is to create sets of processes such that if any process in the set dies, then they will all die. This mechanism provides the invariant that either all the processes in the set are alive or none of them are. This is very useful for programming error-recovery strategies in complex situations. As far as I know, no other programming language has anything remotely like this.

Friday, March 1, 2013

Changing your default python version on OSX

$ man python
$ which python
$ python -V
Python 2.7.1
# temporarily change version
$ python -V
Python 2.6.6
$ python -V
Python 2.7.1
# persistently change version
$ defaults write Version 2.6
$ python -V
Python 2.6.6

How the Query Optimizer Chooses Execution Plans for Joins

Nested Join
Merge Join
Hash Join

Row Strategies
Table scan slowest
Index scan
Index seek fastest

A "sort merge" join is performed by sorting the two data sets to be joined according to the join keys and then merging them together. The merge is very cheap, but the sort can be prohibitively expensive especially if the sort spills to disk. The cost of the sort can be lowered if one of the data sets can be accessed in sorted order via an index, although accessing a high proportion of blocks of a table via an index scan can also be very expensive in comparison to a full table scan.

A hash join is performed by hashing one data set into memory based on join columns and reading the other one and probing the hash table for matches. The hash join is very low cost when the hash table can be held entirely in memory, with the total cost amounting to very little more than the cost of reading the data sets. The cost rises if the hash table has to be spilled to disk in a one-pass sort, and rises considerably for a multipass sort.

You should note that hash joins can only be used for equi-joins, but merge joins are more flexible.

In general, if you are joining large amounts of data in an equi-join then a hash join is going to be a better bet.

11.6.2 How the Query Optimizer Chooses Execution Plans for Joins

OpenID and OAuth

OpenID is (mainly) for identification/authentication
OAuth while mainly for authorization can do both authentication and authorization


Publisher --> Exchanges binding to Queues --> Consumers

Direct Exchange

Direct exchange is often used to distribute tasks between workers but messages are load balanced between consumers and not between queues.

Messages can be persistent but this is per message and not related to whether the queue is durable or not.

Message attributes, content type, encoding, routing key, delivery mode, message priority, message publishing timestamp, expiration period, …

When does the Broker remove messages from the queue?
After broker sends a message to an application (using either basic.deliver or basic.get-ok AMQP methods)
After the application sends back an acknowledgement (using basic.ack AMQP method)
In the above statement if the message fails to deliver aka an acknowledgement was not received the message can be requeued and delivered to another consumer.

Remember with Queues you cannot redeclare a queue with different attributes other you will get a channel level exception code 406 (PRECONDITION_FAILED)

Channels in AMQP are "lightweight connections that share a single TCP connection", nice way to share between threads.

hcp125:~ randy$ rabbitmqctl list_exchanges
Listing exchanges ...
acmeExchange direct direct
amq.fanout fanout
amq.headers headers
amq.match headers
amq.rabbitmq.log topic
amq.rabbitmq.trace topic
amq.topic topic
dhcp125:~ randy$ rabbitmqadmin delete exchange name=acmeExchange
exchange deleted
dhcp125:~ randy$ rabbitmqadmin delete queue name=mathQueue

AMQP is extensible

Declaration of exchanges and queues can include additional attributes that the broker can use. For example, per-queue message TTL in RabbitMQ is implemented this way.

Two interesting reads on Rabbit Performance

Asynchronous Proxy and some related links

Nginx seems to be the standard reverse proxy uWSGI Fast Asynchronous Python Web Server

Slickgrid Links

My example in backbone demonstrations.

The Meaning of URL, URI, URN and IRI

Some Camel methods take a parameter that is a URI string. Many people
know that a URI is "something like a URL" but do not properly understand the
relationship between URI and URL, or indeed its relationship with other
acronyms such as IRI and URN.
Most people are familiar with URLs (uniform resource locators), such as
"http://...", "ftp://...", "mailto:...". Put simply, a URL specifies the location of a
A URI (uniform resource identifier) is a URL or a URN. So, to fully understand
what URI means, you need to first understand what is a URN.
URN is an acronym for uniform resource name. There are may "unique
identifier" schemes in the world, for example, ISBNs (globally unique for
books), social security numbers (unique within a country), customer numbers
(unique within a company's customers database) and telephone numbers.
Each "unique identifier" scheme has its own notation. A URN is a wrapper for
different "unique identifier" schemes. The syntax of a URN is "urn::". A URN uniquely identifies a resource, such as a
book, person or piece of equipment. By itself, a URN does not specify the
location of the resource. Instead, it is assumed that a registry provides a
mapping from a resource's URN to its location. The URN specification does
not state what form a registry takes, but it might be a database, a server
application, a wall chart or anything else that is convenient. Some
hypothetical examples of URNs are "urn:employee:08765245",
"urn:customer:uk:3458:hul8" and "urn:foo:0000-0000-9E59-0000-5E-2". The
("employee", "customer" and "foo" in these examples) part
CHAPTER 3 - GETTING STARTED WITH APACHE CAMEL 11of a URN implicitly defines how to parse and interpret the that follows it. An arbitrary URN is meaningless unless: (1) you
know the semantics implied by the , and (2) you have
access to the registry appropriate for the . A registry does
not have to be public or globally accessible. For example,
"urn:employee:08765245" might be meaningful only within a specific
To date, URNs are not (yet) as popular as URLs. For this reason, URI is widely
misused as a synonym for URL.
IRI is an acronym for internationalized resource identifier. An IRI is simply an
internationalized version of a URI. In particular, a URI can contain letters and
digits in the US-ASCII character set, while a IRI can contain those same
letters and digits, and also European accented characters, Greek letters,
Chinese ideograms and so on.

Decoupling your architecture

Messaging Techniques

Spring Remoting
Remote Method Invocation (RMI)
Spring's HTTP invoker



Naming Servers

Abstraction on top of messaging
Camel abstracts away your messaging layer so you can just call methods on services and if you route everything properly.
Spring Integration also does this but we had issues with the way it considers a service only a method while we wanted an
entire class to represent a service with multiple methods

Serialization Protocol
Java Serialization only works in java land and not in a polyglot system.
Protocol Buffers seems to fit nicely here

Maven Niceties

While I am not condoning the use of maven, I am stuck using it most of the time.

Anyways "mvn dependency:tree" is nice for finding out why a dependency was included.

Also "mvn archetype:generate" is nice in a project especially if you have a multi module project, as you can enter this inside the
parent to generate child projects.

Intellij also has a nice feature to display a maven dependency tree.

Javascript Prototypal Inheritance

Javascript's prototypal inheritance can be tough to wrap you head around, but I think an easy way to think about prototype and __proto__ is the following:

When you create a new object you would say
var bob = new WorkerBee();
given the following definition of WorkerBee as
function WorkerBee (projs) {
  this.projects = projs || [];
WorkerBee.prototype = new Employee;

function Employee (name, dept) { = name || "";
  this.dept = dept || "general";

When you see the above code you may think what would happen if you forgot to instantiate a new Employee when you set WorkerBee's prototype.
aka WorkerBee.prototype = Employee;
Well lets try it out, first off you will see that you can no longer access variables set in Employees constructor
so or dept will be undefined
also you will notice that bob will not be an instanceof Employee anymore since you broke the inheritance chain by not saying new Employee

Some Notes are below to convince your self further of your understanding of prototype and __proto__.

function Ninja(){}

Ninja.prototype.swingSword = function(){
  return true;

var ninjaA = Ninja();
assert( !ninjaA, "Is undefined, not an instance of Ninja." );

var ninjaB = new Ninja();
assert( ninjaB.swingSword(), "Method exists and is callable." );

var ninja = (function(){
 function Ninja(){}
 return new Ninja();

// Make another instance of Ninja
var ninjaB = new ninja.constructor();

assert( ninja.constructor == ninjaB.constructor, "The ninjas come from the same source." );

Quick test of prototypes

car instanceof Vehicle
Car.prototype = new Vehicle;
car instanceof Vehicle
car = new Car;
car instanceof Vehicle

function Blah() {}
> Blah.prototype
> Blah.prototype.constructor
function Blah() {}
> Blah.prototype.constructor.__proto__
function Empty() {}
> Blah.prototype.constructor.__proto__.constructor
function Function() { [native code] }
> Blah.prototype.constructor.__proto__.constructor.prototype
function Empty() {}
> Blah.prototype.constructor.__proto__.constructor.prototype.constructor.prototype
function Empty() {}

Determining instance relationships

Property lookup in JavaScript looks within an object's own properties and, if the property name is not found, it looks within the special object property __proto__. This continues recursively; the process is called "lookup in the prototype chain".
The special property __proto__ is set when an object is constructed; it is set to the value of the constructor's prototype property. So the expression new Foo() creates an object with __proto__ == Foo.prototype. Consequently, changes to the properties of Foo.prototype alters the property lookup for all objects that were created bynew Foo().
Every object has a __proto__ object property (except Object); every function has a prototype object property. So objects can be related by 'prototype inheritance' to other objects. You can test for inheritance by comparing an object's __proto__ to a function's prototype object. JavaScript provides a shortcut: the instanceof operator tests an object against a function and returns true if the object inherits from the function prototype. For example,
var f = new Foo();
var isTrue = (f instanceof Foo);
For a more detailed example, suppose you have the same set of definitions shown in Inheriting Properties. Create an Engineer object as follows:
var chris = new Engineer("Pigman, Chris", ["jsd"], "fiji");
With this object, the following statements are all true:
chris.__proto__ == Engineer.prototype;
chris.__proto__.__proto__ == WorkerBee.prototype;
chris.__proto__.__proto__.__proto__ == Employee.prototype;
chris.__proto__.__proto__.__proto__.__proto__ == Object.prototype;
chris.__proto__.__proto__.__proto__.__proto__.__proto__ == null;
Given this, you could write an instanceOf function as follows:
function instanceOf(object, constructor) {
   while (object != null) {
      if (object == constructor.prototype)
         return true;
      if (typeof object == 'xml') {
        return constructor.prototype == XML.prototype;
      object = object.__proto__;
   return false;