Java Unchecked Compiler Warnings

Posted by Richard on

When you work with a team of Java developers of varying experience levels, you will often see compiler warnings that are ignored by Java 5 — and thus just as often ignored by the developers who figure that if it isn’t important to Java, it isn’t important for them to fix either. I find the warnings quite annoying, and finally reached the point today where I decided to fix them (sending the developers a message as well).

Java 5.0 (aka “1.5”, aka “Tiger”) introduces “generics” — which provide a way for you to communicate the type of a collection to the compiler, so that it can be checked. Once the compiler knows the element type of the collection, the compiler can check that you have used the collection consistently and can insert the correct casts on values being taken out of the collection. Generics are a good thing. Omitting them will cause these ignorable, yet annoying and avoidable compiler warnings.

Problem #1:

warning: [unchecked] unchecked call to add(E) as a member of the raw type java.util.ArrayList

ArrayList arrUserInfo = new ArrayList(10);
UserInfo userInfo = null;
userInfo = createUserInfo();
arrUserInfo.add(userInfo);

The fix below tells the compiler that arrUserInfo should expect only UserInfo objects.

ArrayList<UserInfo> arrUserInfo = new ArrayList<UserInfo>(m_pageSize);

Problem #2:

warning: [unchecked] unchecked call to put(K,V) as a member of the raw type java.util.Hashtable

private Hashtable env = new Hashtable(10);
env.put("java.naming.ldap.factory.socket", "com.foobar.SSLSocketFactory");

Again, tell the compiler what type of objects to expect:

private Hashtable<String, String> env = new Hashtable<String, String>(10);

Problem #3:

Two different warnings about the same code. “warning: [unchecked] unchecked conversion” and “warning: [unchecked] unchecked method invocation: sort(java.util.List,java.util.Comparator) in java.util.Collections…

public class FooBarOptionComparator implements Comparator {}

public static void sortOptions(ArrayList<OptionItem> list) {
    Collections.sort(list, new FooBarOptionComparator());
}

Solution:

public class FooBarOptionComparator implements Comparator<Object> {}

It’s really nice to have fewer compile-time warnings!

If you’re still stuck, feel free to read more information about Java generics on Sun’s official documentation website.

Editing the HOSTS File in Vista

Posted by Richard on

With their latest Vista (non)operating system, Microsoft has decided in their infinite wisdom that you do not need permission to edit the HOSTS file (and many other system files), telling you instead after an attempted edit that:

“Access to C:\Windows\System32\drivers\etc\hosts was denied.”

There are many reasons you might want to edit the HOSTS file:

  • Block browser access to a website;
  • Block an application from contacting an update or heartbeat website;
  • Block advertisements from specific content providers;
  • Mimic a hostname without requiring chnages to DNS;

In my case, this morning, I was trying to run a development version of WordPress on my local computer, but WordPress won’t allow itself to be accessed by visiting http://localhost or http://127.0.0.1.

One Solution of Many

Right-click Notepad, and select the “Run as administrator” option. Now simply open the HOSTS file with Notepad (the file’s still in the C:\Windows\System32\drivers\etc\ folder). This time when you save your changes, there will not be an access-denied message.

Thanks to Michael for pointing out that Linux does the same thing: Just preface the command with “sudo”, as in “sudo vi /etc/hosts

Using Google to Crack Passwords

Posted by Richard on

Back in October, a hacker broke into a security-themed blog named Light Blue Touchpaper. The hacker then promoted himself to an administrator. I am not aware of any damage caused by the perpetrator since the blog owner rapidly discovered the break-in, disabled the account, and tightened up security. While doing so, he examined the database to see if he could learn more information about the hacker.

What he discovered was the MD5 hash of the password. At first he wrote a rudimentary brute-force cracking program to try to determine the password. Quickly giving up, he turned to Google, surprisingly finding the answer right away: “Anthony”

Naturally, I decided to do the same on a larger scale. The following list of common passwords and their “secure” MD5 hashes was found simply by Googling:

  • 098f6bcd4621d373cade4e832627b4f6 (test)
  • 0be5a6c82893ecaa8bb29bd36831e457 (personal)
  • 0d107d09f5bbe40cade3de5c71e9e9b7 (letmein)
  • 0f4137ed1502b5045d6083aa258b5c42 (windows)
  • 1a1dc91c907325c69271ddf0c944bc72 (pass)
  • 334c4a4c42fdb79d7ebc3e73b517e6f8 (none)
  • 3c3662bcb661d6de679c636744c66b62 (sex)
  • 51149f6fea1a3179b364f1994e06e4d4 (secretpw)
  • 5d41402abc4b2a76b9719d911017c592 (hello)
  • 5ebe2294ecd0e0f08eab7690d2a6ee69 (secret)
  • 5f4dcc3b5aa765d61d8327deb882cf99 (password)
  • 5f532a3fc4f1ea403f37070f59a7a53a (microsoft)
  • 7c6a180b36896a0a8c02787eeafb0e4c (password1)
  • 827ccb0eea8a706c4c34a16891f84e7b (12345)
  • d8578edf8458ce06fbc5bb76a58c5ca4 (qwerty)
  • e99a18c428cb38d5f260853678922e03 (abc123)
  • eb0a191797624dd3a48fa681d3061212 (master)
  • f561aaf6ef0bf14d4208bb46a4ccb3ad (xxx)

I found hundreds, if not thousands of common words and their MD5 hashes — far too easily. Another reason to use hard-to-guess, non-dictionary passwords. Lucky for me, none of the MD5 hashes of my medium- or high-security passwords are in Google’s results yet. The MD5s for all my simple passwords (less than seven digits long) are all readily available.

This is dåmn scary.