Rich Web Experience

NFJS / Java World Podcast


Private Events

NFJS will come to your company »

Blogs

View all Blogs >>
  • Nathaniel Schutta

    Author, speaker, software engineer focused on user interface design.

    Clearly I’ve kicked off a trend - one day, I post about pro cess, a more»

  • Richard Monson-Haefel

    VP of Developer Relations, Curl Inc.

    more»

  • Erik Doernenburg

    Principal Consultant @ Thoughtworks

    For a few releases the Apple development tools have included OCUnit and many developers have now started to write unit tests. There are lots... more»

  • Ryan Shriver

    Business and Technology Consulting

    more»

  • Ted Neward

    Enterprise, Virtual Machine and Language Wonk

    The Pragmatic Programmer says, "Learn a new language every year". This is great advice, not just because it puts new tools into your mental... more»

  • Andrew Glover

    Co-author of "Continuous Integration"

    Dan North, the veritable progenitor of behavior driven development (or BDD), more»

  • Brian Pontarelli

    Brian Pontarelli - founder of Inversoft

    Found a good shortcut for getting access to hidden folders in OS X file dialogs and the Finder. It requires some typing and it doesn’t... more»

  • Neal Ford

    Application Architect at ThoughtWorks, Inc.

    Last weekend, I spoke at the Ag ile Experience in Reston. It was a great con more»

  • Mike Levin

    Software Developer specializing in Web2.0 websites

    GMail complains that the 44 Kbps internet dial up connection I'm using may be too slow. It suggests that I switch to HTML view. I reload the... more»

  • Jason Rudolph

    Author of Getting Started with Grails

    Tests increasingly serve multiple roles in today’s projects. They help us design APIs through test-driven development. They provide... more»

  • Jared Richardson

    Agile coach and co-author of Ship It

    For those of you who are wondering if Ruby is enterprise worthy, then eRubyCon is for you. The speaker list is a "W more»

  • Vladimir Vivien

    Software Engineer / Consultant

    Judging from the list of features that will be included in NetBeans 6.5, more»

  • Alex Miller

    Sr. Engineer with Terracotta Inc.

    Looks like the JavaOne team now has most of the audio up from the JavaOne 2008 conferen more»

  • David Bock

    Principal Consultant, CodeSherpas Inc.

    I just spent this weekend speaking at the Ag ile IT Exchange conference i more»

  • Howard Lewis Ship

    Creator of Tapestry and HiveMind

    Just hit a NullPointerException in some code: public boolean isOwner() { return authManager.getUser().equals(blog.g etOwner( more»

  • Michael Nygard

    Agile technology leader and dynamicist

    A couple of years ago, the Minneapolis-St. Paul airport introduced self-pay parking gates. Scan a credit card on the way in and on the way... more»

  • Scott Leberknight

    Chief Architect at Near Infinity

    I ran into a situation the other day with Groovy that baffled me at first. Let's create a range from 0.0 to 10.0 and then use it to check if... more»

  • Matt Raible

    Creator of AppFuse and author of Spring Live

    From the Link edIn Engineering Blog: more»

  • Venkat Subramaniam

    Founder of Agile Developer, Inc.

    This morning I got an email "I thought you might get a kick to see that your (and Andy���s) book was named one of the Top 100 Software more»

  • Guillaume LaForge

    Groovy Spec Lead & Project Manager

    more»

  • Jeff Brown

    G2One Director Of North American Operations - Groovy and Grails Developer

    I am pleased to announce that we have worked up a Grails plugin for Hudson. more»

  • Kirk Knoernschild

    Software Developer & Mentor

    I’ve published a summary of the OSGi survey results on the APS blog more»

  • Stuart Halloway

    CEO of Relevance

    I was talking to Tim the other day about auditing Rails projects, a more»

  • Graeme Rocher

    Project Lead of the Grails Project & CTO of G2One

    Brian Guan, one of the pioneers of Grails use within Link edIn, has started a more»

  • Brian Goetz

    Author of Java Concurrency in Practice

    This surprised the heck out of me.�� We recently finished a new TV room down in the basement.�� We have a 50″ plasma TV, mounted on the... more»

  • Pramod Sadalage

    Co-author of "Refactoring Databases:Evolutionary Database Development"

    So we version control/source control everything on our project.. code/data/artifacts/diagrams etc. yesterday I said why not extend it to my... more»

  • Jason Harwig

    Software Engineer

    I was reading a blog entry at more»

  • Craig Walls

    Author of Spring in Action

    For quite some time I've been pondering OSGi and how it fits into enterprise Java. And that interest has been magnified over the past month... more»

  • Keith Donald

    Lead of Spring Web and Creator of Spring Web Flow

    Today I am delivering a presentation entitled more»

  • Pratik Patel

    Software Architect

    Shake off that St. Patrick's day hang-over by coming over to the AJUG meeting this Tuesday, March 1 more»

  • Pete Behrens

    Organizational Agility Coach

    Marti nig & Associates Methods & Tools group recentl more»

  • Joseph Nusairat

    Author of Beginning JBoss Seam & Co-Author of Beginning Groovy & Grails

    Today is the first day of JBoss World, I survived the first three presentations and waiting for the keynote to be  complete to d more»

  • John Heintz

    Principal Consultant with New Aspects of Software

    This post is to mostly keep track of the numerous blog threads going on about IDLs and schemas for REST. I find myself with more to say that... more»

  • Brian Sam-Bodden

    Java author, Ruby geek and Open Source Advocate

    In this installment we are going to build the Dashboard page of the Tempo application. T more»

  • Mark Fisher

    Spring Integration Lead

    In my recent post, I had mentio more»

  • Ron Bodkin

    Chief Software Architect, Quantcast

    I'm looking forward to speaking at The Rich Web Experience conference in San Jose next month. The event runs from September 7th through 9th.... more»

  • Mark Goodwin

    Web Application Security Specialist

    We've already looked at one of the two big problems posed by anti DNS pinning on Java applets; because there's rebinding on the applet and... more»

  • Scott Davis

    Author of "Groovy Recipes" & TDD Expert

    Every time I see a live show at the Denver Botanic more»

  • Romain Guy

    Java User Interface expert.

    more»

  • Ramnivas Laddad

    Author of AspectJ in Action, Principal at SpringSource

    InfoQ.com has published my AOP myths and realities talk recorded at a No Fluff Just Stuff conference. InfoQ.com founded by Floyd Marine more»

  • David Geary

    Author of Graphic Java and co-author of Core JSF

    The 2006 NFJS tour kicked off t more»

  • Jason Hunter

    Author of Java Servlet Programming

    I just posted the JDOM 1.1 release for download. This release includes about 20 improvements and bug fixes. more»

  • Kito Mann

    Editor-in-chief of JSF Central and the author of JSF in Action

    Java™Server Faces (JSF) technology, a server-side framework that offers a component-based approach to Web user-interface development,... more»


In the Spotlight - Jason Harwig

Software Engineer

Jason Harwig full-time job is a software engineer at Near Infinity Corporation, an enterprise software development and consulting services company headquartered in Reston, Virginia. In his spare time he runs Pine Point Software LLC, writing Mac OS X applications in Cocoa/Objective-C.

His interests include Cocoa, JavaScript, OpenGL and user-interface design.

























Presentations by Jason Harwig

Object-Oriented and Functional Programming in JavaScript

Like it or not, JavaScript is the language used for any kind of web development. Since it's the only supported language of the browser, and customers demand rich web experiences, JavaScript is the king of the web. But, increasingly complicated user interfaces require a more disciplined approach to coding in the scripting language.

JavaScript's malleable nature allow it to be used in different programming paradigms including procedural, functional, and object-oriented. Unlike Java's class-based structure, JavaScript has a prototype inheritance structure that gives it great flexibility.

Advanced Web Graphics with Canvas

I hate images. Not pictures or icons, mind you, but user interface graphics. I think that small gradient PNGs that web developers set to repeat are the spacer gifs of today. Images are hard to change, and slower to download.

Canvas is an HTML 5 standard for drawing bitmap graphics. It was created by Apple Inc, for drawing dashboard widgets. Since then all other browsers have added support (it works in IE with a JS library).

JavaScript Security - Seeing the possibilities of a sand-boxed scripting language

JavaScript's popularity in recent years has brought with it the attention of hackers, white and black. Both sides looking for ways to do things that weren't intended with the scripting language.








Jason Harwig


Jason Harwig's complete blog can be found at: http://www.nearinfinity.com/blogs/page/jharwig

JavaScript Obscured (How to confuse coworkers)
Thursday, June 5, 2008

I was reading a blog entry at Web Reflection that outlined some obscure solutions to common JavaScript patterns.

I thought that entry was interesting, but I'm not sure I'd use them because of code readability and maintenance. It did get me thinking of some other ways to obscure simple tasks.

a better ternary?

Have a co-worker that thinks ternary expressions are ugly? Offer them this alternative:

  var saveFunc = isNew ? insert : update;

  // becomes...

  var saveFunc = [update, insert][+isNew];

Looks a little crazy, huh? It works because a '+' or '-' before a boolean converts the boolean to a one or zero depending on its truthiness. The one or zero is accessing that element of the array. They'll be begging for ternary after that.

I think I might actually use that that syntax in situations where I need to add one depending on a boolean:

  var version = x + (+shouldIncrement);

  var version = x + (-shouldNotIncrement);

throw out parseInt

Converting a string to a number is often done with parseInt. There are some gotchas that many people fall into in that the second parameter to parseInt is not required, but should be. For instance:

  var x = parseInt("08");
  // x is 0, because it assumes octal (base 8)
  var x = parseInt("08", 10); // force base 10
  // x is 8

  // an alternative
  var x = +"08";
  // x is 8

  // Negation works also
  var x = -"08";
  // x is -8

Use them wisely, or preferably never.


Improving CSS
Thursday, April 10, 2008

Of the trinity of web technologies, CSS is by far the worst at this stage. It's a language that begs for more power.

Wouldn't it be cool if you could do this? 

@variables {
  NEAR_INFINITY_ORANGE: #C96522;
}

div.header {
  background-color: var(NEAR_INFINITY_ORANGE);
}

or do property transitions like this: 

div {
  opacity: 0;
  transition: opacity 1s linear;
}

div:hover {
  opacity: 1;
}

or do transformations on elements? 

#downloadLink {
  transform: rotate(10deg)
}

... well it's coming, and in some cases already here. The last two are already working in Safari 3.1 and there is a spec for CSS variables.

Hopefully we are past those days where a spec is released, but no one could use it until 5 years later. Ajax took ~6 years for crying out loud.

twitter: jharwig


Server-side JavaScript and Jaxer
Wednesday, January 23, 2008

The web community has been buzzing about the new Ajax server, Jaxer, from Aptana. If you haven't heard see John's, or Dion's Ajaxian posts about it.

Now, overall, I am really excited about the future in this project. The problem I had is all their examples use synchronous XMLHttpRequests. We already know why this is unfriendly to users.

Here is a shortened example from Aptana:

Here the call to getName() must return the name, so it runs synchronously. Jaxer provides a getNameAsync() method that accepts a callback (and uses an async XMLHttpRequest call) but it's hidden deep in a technical FAQ page.

Obviously the synchronous code reads better, but until JavaScript has some kind of continuation support to make async calls look synchronous, [functionName]Async should be the only -- or at least default -- means of server communication. Otherwise all Jaxer apps will seem perceivably slow to users, not to mention preventing all other browser windows from responding while requests are active.


Filtering JavaScript From HTML Content in Java (Sanitizing user input)
Saturday, December 1, 2007

I gave a JavaScript security talk last month, and one of the topics was HTML filtering. I gave examples of how MySpace tried to filter executable code, while still allowing HTML tags for formatting. MySpace, of course, failed to foresee every attack vector, and the Samy worm was born.

HTML filtering was never recommended because it was so difficult to get right, and with no proven libraries, trying to build a solution would almost certainly contain security holes. Thanks to Arshan Dabirsiaghi we finally have something to use. He has created the OWASP AntiSamy project to easily sanitize HTML input. AntiSamy is currently implemented as a Java 1.5 compatible library, but there are plans to support other platforms.

Here's a sample usage...

AntiSamy sanitizer = new AntiSamy();
CleanResults results = sanitizer.scan(request.getParameter("html"));
String html = results.getCleanHTML();
if (!results.getErrorMessages().isEmpty()) {
    log.warn("Input contains errors");
}

JavaScript Security Slides from No Fluff Just Stuff
Thursday, November 8, 2007

I spoke at the Reston, VA No Fluff Just Stuff conference again this past weekend. The talk was on JavaScript security covering topics including:

  • Cross-site scripting (XSS)
  • Cross-site-request forgery (CSRF)
  • JSON Hi-jacking
  • JavaScript portscanning
  • JavaScript and CSS History "Go Fish"

Here are the slides...


More of Jason Harwig Blog »