Login Frame

As for simple starter (not too simple), let us learn how to build code for simple login frame with background image and a simple function that will exist the frame upon cancel button pressed.



package app.ams.gui;

import java.awt.Color;
import java.awt.Container;
import java.awt.Dimension;
import java.awt.Font;
import java.awt.Toolkit;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.awt.event.FocusAdapter;
import java.awt.event.FocusEvent;
import javax.swing.ImageIcon;
import javax.swing.JButton;
import javax.swing.JDialog;
import javax.swing.JLabel;
import javax.swing.JPasswordField;
import javax.swing.JSeparator;
import javax.swing.JTextField;
import javax.swing.border.Border;
import javax.swing.border.SoftBevelBorder;

/**
 *
 * @author prajin
 */
public class Login extends JDialog {

    private JLabel loginIdLbl;
    private JLabel passwordLbl;
    private JTextField loginIdTxt;
    private JPasswordField passwordTxt;
    private JButton okBtn;
    private JButton cancelBtn;
    Container container;
    Border border;
    Dimension dimension;
    JSeparator separator;

    public Login() {
        createAndShowGUI();
    }

    private void createAndShowGUI() {
        setUndecorated(true);
        dimension = Toolkit.getDefaultToolkit().getScreenSize();
        border = new SoftBevelBorder(5, Color.BLACK, Color.DARK_GRAY);
        Font font = new Font("Batang", 0, 15);
        setBackground(Color.LIGHT_GRAY);
        setLayout(null);

        loginIdLbl = new JLabel("Login ID : - ");
        loginIdLbl.setBounds(10, 15, 100, 25);
        loginIdLbl.setFont(font);
        passwordLbl = new JLabel("Password : - ");
        passwordLbl.setBounds(10, 50, 100, 25);
        passwordLbl.setFont(font);

        loginIdTxt = new JTextField(35);
        loginIdTxt.setBounds(120, 10, 270, 25);
        loginIdTxt.setFont(font);
        loginIdTxt.addFocusListener(new FocusAdapter() {

            @Override
            public void focusGained(FocusEvent fe) {
                txtFieldFocusGain(fe);
            }
        });

        passwordTxt = new JPasswordField(35);
        passwordTxt.setBounds(120, 50, 270, 25);
        passwordTxt.setFont(font);
        passwordTxt.requestFocusInWindow();
        passwordTxt.addFocusListener(new FocusAdapter() {

            @Override
            public void focusGained(FocusEvent fe) {
                txtFieldFocusGain(fe);
            }
        });

        passwordTxt.addActionListener(new ActionListener() {

            public void actionPerformed(ActionEvent evt) {
            }
        });

        loginIdTxt.addActionListener(new ActionListener() {

            public void actionPerformed(ActionEvent e) {
                passwordTxt.requestFocusInWindow();
            }
        });

        separator = new JSeparator();
        separator.setOrientation(0);
        separator.setBackground(Color.GRAY);
        separator.setBounds(120, 80, 270, 10);
        okBtn = new JButton("OK");
        okBtn.setBounds(120, 90, 120, 30);
        okBtn.setFont(font);
        okBtn.addActionListener(new ActionListener() {

            public void actionPerformed(ActionEvent e) {

            }
        });
        cancelBtn = new JButton("Cancel?");
        cancelBtn.setBounds(270, 90, 120, 30);
        cancelBtn.setFont(font);
        cancelBtn.addActionListener(new ActionListener() {

            public void actionPerformed(ActionEvent e) {
//                dispose();
                System.exit(0);
            }
        });
        pack();

        add(loginIdLbl);
        add(loginIdTxt);
        add(passwordLbl);
        add(passwordTxt);
        add(separator);
        add(okBtn);
        add(cancelBtn);
        ImageIcon icon = createImageIcon("/app/ams/images/login_background.png");
        JLabel lbl = new JLabel(icon);
        lbl.setSize(400, 130);
        add(lbl);

        setSize(400, 130);
        setResizable(false);
        setLocation(((int) dimension.width / 2) - 200, ((int) dimension.height / 2) - 65);
        setVisible(true);
    }

    private void txtFieldFocusGain(FocusEvent ae) {
        loginIdTxt.setBorder(null);
        passwordTxt.setBorder(null);
        loginIdTxt.setBackground(Color.WHITE);
        passwordTxt.setBackground(Color.WHITE);
    }

    protected static ImageIcon createImageIcon(String path) {
        java.net.URL imgURL = Login.class.getResource(path);
        if (imgURL != null) {
            return new ImageIcon(imgURL);
        } else {
            System.err.println("Couldn't find file: " + path);
            return null;
        }
    }

    public static void main(String args[]) {
        javax.swing.SwingUtilities.invokeLater(new Runnable() {

            public void run() {
                Login login = new Login();
            }
        });
    }
}

Here’s the output of login window frame : –

Swing based Login Frame

What is Obfuscators?

For the programmer who spends 1000’s of hrs in coding to develop a software, keeping it safe from unwanted access and modification is mostly concern. It’s nature of most programmer to try hide there source code in fear, that it will lead to the safety compromise in there software. This may be true to security apps, it will provide vital information and may lead to serious loop holes. Some programmer try to hide there code using psuedo code or making it difficult to read. This process is called obfuscator.

A tool to mechanically replace all variable and method names with random meaningless names. The process is sometimes called shrouding. This makes it harder to reverse engineer class files.

Obfuscators won’t stop an even mildly determined pirate, just the rank amateurs. Before you throw up your hands in despair:
This process may be handy when some security level is needed but just don’t jump into any conclusion without knowing some vital facts.

1. Are you paranoid or suffering from delusions of grandeur. Is your code really so wonderful it would be worth extensive effort decompiling rather than just writing from scratch? Will it actually harm you if someone steals a method of yours rather than writing it from scratch?
2. Consider legal remedies against those who reuse your code without permission. You might send sniffers (similar to virus scanners) over the net looking for signature DNA in other people’s code that indicates they stole parts of your program.
3. Do your customers want code or a code/support package? They may have almost no interest in getting it from pirates.
4. Consider adding tamper proofing to your code so that if anyone changes the program in the tiniest way it will develop hard to discover bugs. Learn the art of psychological warfare with the pirates. Make the pirate think he has won, then hit him with yet another delayed time bomb. He never knows when the job is done. Throw in red herring code that looks like some complicated security system but which is actually gibberish. Let the pirate waste hours discovering that. Riddle your code with a wide variety of anti-tampering devices. Camouflage them in as many ways as you can think of. The simpler the tampering test, the more it looks like ordinary code. Don’t immediately react to a tampering detection. You want the punishment to come considerably later, via a circuitous, hard to trace, route. Camouflage your punishments as ordinary bugs.
5. You can burn in the CPU serial number at branding time so the code won’t work on any other Pentium III or IV CPU.
Pentium CPU Serial Number
6. Consider adding snitching code so that if some tampering is detected, you hear about it. You don’t want to flag all your anti-tamper devices so blatantly.
7. Issue frequent updates, preferably with automatic install. If you are Machiavellian, add an early-death gene that triggers if a new update does not arrive in time. The poor pirate has to start over with each new release. This technique is also useful for encouraging deadbeat customers to pay their bills for custom coding. A variant is to automatically change the password 60 days after the install. If the customer has paid, you tell him the new password.
8. If a standalone program needs to check in with Mom once a month for any reason, that will tend to scare off pirates.
9. Use an AOT optimising native code compiler, perhaps in conjunction with an obfuscator. Native code is much harder to decompile than Java bytes codes. If you are serious about obfuscation, this is the only way to fly.
10. Check out on the hacker sites which obfuscation techniques they most dread.
11. essay on unmaintainable code. If you make it so hard to maintain that even you can’t do it, what chance to pirates have?
12. Keep in mind that any off-the-shelf obfuscator is going to be a lot easier to defang than hand-crafted obfuscator strategy.
13. If a project is big enough to be worth stealing, it is almost impossible to understand it even with commented source, without getting some hints from the author. If it is not that big, what’s the huge secret you are hiding?
14. Java is very easy to decompile and defang any simple minded authorisation just by removing the call to the authorisation routine. You need to hide this in JNI and also put into that same JNI code that has practical value so that if it is turned off the program stops working, ideally in a very non-obvious and non-immediate way.
15. I consider it immoral to keep coding tricks secret. Why make others waste time reinventing the wheel? We all benefit if we share source code.
16. The ultimate obfuscation tool is to never let the hacker see the code — run anything critical on a webserver. The most fool proof way of preventing theft is never to give the customer the critical object code. It runs only on a server. This means your customers need 24/7 Internet access to use your app, but for commercial customers such access is becoming more and more common.
17. You can digitally sign your code or registration keys with Sun jar signing or with a tool such an the Transporter. This will slow down hackers too lazy to take apart your code, but it will stop those who try to patch the license files with a binary editor or to create counterfeit ones. If you add additional consistency checks to the license file information and check it as indirectly as possible in as many places as possible and delay failure as innocuously as possible, you will drive the hacker mad.
18. Often all you want is to make it difficult to modify constants burning into the code such as customer registrations, capabilities, customer customisations, customer identification. You are more concerned someone will pirate a copy by burning in now constants without any understanding of the program itself. Obfuscators can hid the information in Strings and make it hard to charge using techniques such as this: XOR each char of every string with a 16-bit random number generated from a known seed. To get the strings back at class load time, repeat the process with the same seed.
19. For low volumes, I hand compile each customer’s individual copy of the application, which hard wires her configuration constants in a thousand places into the byte code. Options she is not currently using are not even present in the code. This is a variant of the DOS technique where I shipped Abundance apps preconfigured with a specific printer driver. If the customer changed printers, she would tell me and I would ship her a new executable.

This list is derived from David Waite’s art of Psychological warfare:

1. Never break quickly. If someone has to wait a day to find out that their try at hacking didn’t work, they will never figure out what to do.
2. Require updates. If you require frequent updates, they cannot be running a hacked version of the client. We have people go out, ask how things are going, test out the computer, install and uninstall software, look for odd executables.
3. Make purchasing valuable. Technical support is a Good Thing™ for this. I swear some programs don’t include documentation just so you will have to call and register.
4. Make every executable different (in some indistinguishable way, unless you have two side-by-side). If you put a hidden serial number in your code and make people register it, then you know whom to sue when they re-release your code.
5. Look at Vermilion FTP. Evil! (that means fiendishly cunning). The serial number contained assembly code, function tables, and xored keys to mask it all. If you got the 100 character serial number wrong, it just crashed when it couldn’t find the ‘connect’ function (for example). Normally if a program is considered hard to crack people will start attacking it (for glory and ego-fodder, I imagine). Most people gave up on this one.

One fellow finally did, after a full year of trying. Released a detailed description of what he did, just so people could understand his Hell (which was forwarded to me, which I read in awe). With Java you could do this with bytecode. Since you can write your own class loaders in Java, the opportunities for confounding the pirates abound.
6. Use an application server. If key parts are on the web, then they would have to hack your server in order to get around your protection. You cannot reverse engineer what you cannot see. Many Internet programs use this.

Some Obfuscators work on the source code, and others on the class files.

Note : – Many thanks to http://mindprod.com for having this wonderful guide.

Code def.

As a programmer do you know what code is? While I was reading a book about python I found out something that I should share.


As an example, here’s the definition of the noun “code” from the Jargon File:
“The stuff that software writers write, either in source form or after translation by a compiler or assembler.
Often used in opposition to ‘data,’ which is the stuff that code operates on. Among hackers this is a mass
noun, as in ‘How much code does it take to do a “bubble sort”?’ or ‘The code is loaded at the high end of
RAM.’ Among scientific programmers, it is sometimes a count noun equivalent to ‘program;’ thus they may
speak of ‘codes’ in the plural. Anyone referring to software as ‘the software codes’ is probably a ‘newbie’
or a ‘suit’.”


For comparison’s sake, here’s the definition of the verb “code”:
“To write code. In this sense, always refers to source code rather than compiled. ‘I coded an Emacs clone
in two hours!’ This verb is a bit of a cultural marker associated with the Unix and minicomputer traditions
(and lately Linux); people within that culture prefer v. ‘code’ to v. ‘program,’ whereas outside it, the reverse
is normally true.”
The noun “program” is defined as being:
• “A magic spell cast over a computer allowing it to turn one’s input into error
messages”
• “An exercise in experimental epistemology”
• “A form of art, ostensibly intended for the instruction of computers, which is
nevertheless almost inevitably a failure if other programmers can’t understand it”

Worst case password

Very few people understand what password means. It’s not just a secret word, it’s a key of door to many thing. If the so called secret word is found by someone who isn’t supposed to know, then everything is almost lost. Password isn’t just a word to pass thru.

Many users have weak password or even worst, easily guessable password. Passwords like

  • 123456
  • password
  • abc123
  • 123456789

are very easy to guess by cracker. It’s only matter of hours if not minutes, they can crack password and enter into system. Once inside, who know what they will do. Weak password are specially dangerous for online transaction – bank account, e-mail ids. A article from http://www.theregister.co.uk/2010/01/21/lame_passwords_exposed_by_rockyou_hack stated this :

If these login names and password are easy to guess then it’s all the more likely that hackers will be able to break into accounts using brute force dictionary attacks and readily available password cracking tools. If users (as they often do) use the same login credentials for social networking sites and more sensitive accounts (email, online banking etc) then the problem gets even worse.

Weak passwords are mostly result of lack of knowledge of user on

  • How to create password?
  • Remembering long passowrd
  • Being cryptic
  • Using combination of letters (A-Z , a-z), number (0-9) and symbols (like @,#,! etc)

When creating new password, never ever – never use you name or family name as password, cuz they are dead easy to guess.
Also never use name of someone close or family member name just because you love them, and want to show affection by doing this,  and please no dogs name. It’s so lame cuz it make looks like you don’t have creativity to even create, a descent password.
When creating password, length matters. Whether encryption is 128 or 256 bit, it’s good as user level of password complexity. A simple password like iloveyou, 12345 are very easy to crack even if it is encrypted with strong encryption Algorithm.
They say – “It’s strong as it’s weakest joins.”
Never try to use single password for everything, which means bank, emails, websites etc. Even remembering multiple password is hard, just create couple of them, use them and don’t give them to anyone. Hide it, even from your spouse. Try to change password every 6 months. I know how we forget this fact, that once we created password, we tend to forget to change it, until long enough something rings up.
Don’t be moron, yeah moron who will reply to mail, that issues security threats warning, fearing his everything is in danger.  If  you should ever receive mail then chill out and think in calm before replying. Never give password to suspicious site or any mail that say they require password re authentication or blah blah. Your bank won’t send mail to ask your password. Someone could be phishing
.

Users should be persuaded, if needed helped, for usage of strong password. At this age, when electronics are progressing at quantum speed, just use of 6 characters length password and thinking it to be safe, is fools way. Recent study, suggested that in near future, minimum password length should be made 11 characters long. Using 128 bits encryption won’t be enough and service provider should move to 256 bits encryption. The best solution is to be user aware, enough aware, that just relying on service provider for safety won’t do.


Some links more about password security :

Weak passwords stored in browsers make hackers happy

Password reset questions dead easy to guess

Most consumers reuse banking passwords on other sites

Java as first programming language?

I was reading this article “How To Become A Hacker” in net, there is a link related to “The Pitfalls of Java as a First Programming Language” and few questions arose in my mind after going through the article.

Is java should really be used by novice learner for learning programming language? How much will they learn, how much skills they will gain etc? This article is more likely the counter argument for the argument raised by some professors questioning the Java as first programming language for freshmen. When I’m referring article, I’m talking about java. If you are interested in the article itself, I have provided the link at bottom. After going through article, I felt professors arguments are correct up to some length like ‘Novice nowadays don’t have skills, that they had when C/C++ were at prime’, but I ended up supporting counter arguments. What I want to say is : It’s not ‘JAVA’ fault if someone is lacking some skills (low level programming and formal methods). A person’s fault can’t be pointed to other, not to Java (by no ways). If I don’t know something (say I have forgotten C/C++ and specially pointers, memory management), it’s me at fault. C/C++ taught us many aspect of programming and we were grateful. But those don’t support our current needs. ‘C’ is structural based and even ‘C++’ is OOP, it was far from best. It had flaws, that were unsuited for 21st century requirements.

As myself being a programmer, I use java mostly than any other. It can closely relate my interest to some working program. Whenever there’s idea in head, I write it down and start to code. First, do some rough sketching, a visible prototype with simple UI’s and what it suppose to do pseudo-codes. All this is made easy by Java. Java inherits it’s OOP concept mostly from ‘C++’ and syntax from ‘python’. So, it has been mostly smooth transition from ‘C++’ to ‘Java’ for programmers.

Many critics blame java for spoiling habit of programmers. Huh… what? Java is good. Java is clean, manageable, nicely designed and importantly it is object orientated. In this imperfect world, nothing is perfect, not even java. But it’s java strength that matters, which we use and talk about. Java have been around with us for sometime. It is better than many other languages due to it’s vast library, support and cross platform ability. It never hurts to explore, learn more and find new aspects. Our mindset should be open, welcoming to various techs. I suggest you to go through the article itself.

the pitfalls of java as a first programming language : a response

3days without email

3 days, yeah 3 long days, 72 hrs ,that’s the time I haven’t been able to properly access my hotmail account. At first day, I thought it was technical problem and homail will fix it. I can login, but the inbox was a mess. A real mess. Only text, that also left align of window and link isn’t working. How can I check all of my e-mail in inbox if the inbox link is not working.
All I could do is just count the number of mail that has stack up in my inbox.
But today what I found is that, my hotmail account is working fine in my home, I wondered why is it not working in workplace? My guess is there must be network problem, which is interfering and making the mess. Gotta talk this issue with my network admin and solve it. Could it be due to trouble in router or bandwidth usage quota?

Open source app that I like

Buying every software is impossible. I would be broke if I do. So using open source software is most viable and economic idea.
Here are the some of open source software that I use and think others should also try there hand.

1. OpenOffice.org
I call the OpenOffice.org as the alternate for the commercial Microsoft office package. It is full-featured office productivity suite, consisting word processing, spreadsheet, presentation, drawing, and database functions. It even offers import / export feature from Microsoft office allowing data exchange

2. 7-Zip
When I first encountered 7-Zip, I mistake it for another version of winzip. From the start I liked 7-Zip. It incorporates a wide range of decompression formats and its own advanced LZMA-based compression engine, 7-Zip delivers performance on par with proprietary formats like RAR and ACE while remaining entirely open and extensible.

3. VLC Media Player
Only recently I started to use VLC for every purpose. But it’s giving me all satisfaction that other probably can’t! It can play almost all media, they say, I believe it.

4. VirtualBox
I may not use virtual box every time but it is powerful product which is rich in feature, high performance and most importantly free. VirtualBox runs on Windows, Linux, Macintosh and OpenSolaris hosts and supports a large number of guest operating systems. It is great tool when need to have multiple of OS in a single system.

USB flash drive inside floppy disk.

Do you remember 3.5-inch floppy disk? Barely 1.44mb size(enough for that time), sturdy design and slim thickness, made a news when Charles Mangin, who is Hardware hacker, took the innards from a USB Flash drive and slotted into his an old 3.5in floppy disk case.

What he did was, remove floppy disk innards, strip off USB drive outer cover and assemble them into one. He added the red led light, which works when floppy cum USB drive is connected to the USB port.