satish bodas

Ranch Hand
+ Follow
since Jun 19, 2008
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by satish bodas

Thanks a bunch Bert for giving an insight

I dont know how much I can achieve - but will start giving it a thought and then some shot !



Thanks ,
~satish
13 years ago
Thanks James and Ilja for the details .

Regards,
~satish
If one wanted to approach writing a chess game what would be the considerations .

Most rudimentary ( and probably impossible approach )
To take a stab ::

First move by white consists of following possibilities ::
16 Pawn moves
4 Knight moves ( 2 possible moves for each Knight)

So total possibilities = 20 for the first move by white

Now for each move the possibilities grow exponentially .

Obviously this is not the way to go .
Also rather than just brute force - there is also the need to make the best possible move

Just curious - how are such programs written ?

what is the approach used ?

how is the inteligence of choosing the best move written ?

Thanks ,
~satish
[ October 09, 2008: Message edited by: satish bodas ]
13 years ago
Hello ,

I was bitten with the sudoku bug and was an avid solver of the daily sudo in the newspaper.

Thought would go about developing a program that would solve the puzzle once you feed it the problem .

I thought of two posible approaches
- apply brute force
- apply logic

Went with the apply logic approach ::

what I did was whenever I could deduce a solution to one of the sqaures manually - I listed down the steps / rules used to deduce the solution

I then converted these steps / rules into programmatic logic

That way whatever puzzles my mind could solve I put them down into code

I was able to solve simple / medium level puzzles

since I myself am not able to solve complex / difficult sudoku puzzles ( my limitation ) - couldnt write the code .

what are your thoughts ?

just curious - is this approach even remotely close to AI ?

Looking forward to your comments !

Thanks ,
~satish
13 years ago
Hello ,
In current project I am supposed to be working on the architecture of the project .

To be honest I dont have a clue

Can somebody help me with ::
- what would be good books to read which are more practical than theory
- what is the realistic flow ? i.e req spec >> use cases >> architecture >> design >> implementation ?
- how does architecture differ from design ?

- what are the considerations in architecture

Our project is a web based application intended to take care of adminsitration of multiple products
( common user mgmt etc )

PS :: Head first ooad is what I am referring to

Thanks ,
~satish
Hello ,
Trying to understand seam and what I understand is ::
- acts like a glue to bind JSF and EJB

For this - why do I need a framework .

There is one more rant - but thats more for jsf - I find it difficult to grasp

Struts is so much more simpler !

Thanks ,
~satish
Hello ,
I am new to web services and have a question ::


Scenario ::
Need to invoke a web service that would store some information in db
also would need to myself write some data to a local db

So essentially have to perform two operations
will be using a sateless session bean ( ejb 3.0 )

If the order of operations is ::
1 >invoke web service
2 >write to local db

If there are errors while I try and write to local db - can the data in web service be reversed ?

one solution could be first write to local db .....

However I want to first invole web service

Thanks ,
~satish
13 years ago
hello ,
just wanted to know which is the best tool to use for profiling jboss ?

In eclipse I see a option >> start in profile mode but gives an error - no profiler set

is there any good profiler plugin for eclipse that will work well with jboss 4.2.2 ga ?

Thanks ,
~satish
13 years ago
hello ,
I start jboss in debug mode

However i am unable to start debugging

The error I get is "unable to connect"

I am sure this is related to the port no .

Question is how do I know the port no configured to run in debug mode when i do the same through eclipse

( normally I specify the same in jboss file :: run.bat )

Thanks ,
~satish
13 years ago
I had posted a few of my queries earlier regarding SSL and thanks to the forum members got a lot of concepts cleared / understood

I get a lot of crappy emails in mailbox related to phishing

"your account has irregularities ...... click here to login ...... etc etc"

I normally ignore / delete such emails

But after the refresher on security I wanted to test / play around .

So on one such received emails ( for a bank that I dont even have an account with ) - I clicked on their "click here" link

It opened up a browser and then a pop up came up regarding the certificate

What I found strange is ::

1 >The certificate was issued by a trusted certifying authority
2 >The certificate date is valid

The only place where the warning came up in IE was ::


Name on the security certificate is invalid or does not match the name of the site



I understand why this is happening .
In the browser the site is seen as :: www.blahblahsbodas.com
while the name in certificate is :: www.someauthenticbank.com

Now what I find strange is if I was the one spoofing / creating such sites

lets say :: www.satishbodas.com - than I would also get the certificate from any trusted ca with the name as www.satishbodas.com

That way in IE there would be no warnings and the certificate would get accepted ?

am I missing something

PS :: my intent is not malicious - am trying to understand !

Thanks ,
~satish
[ September 18, 2008: Message edited by: satish bodas ]
13 years ago
thanks Pat , Ulf and Greg for clearing my concepts.

Thanks ,
~satish
13 years ago
Thanks Ulf for the detailed explanation .

(As an aside, make sure you understand the difference between an encoding and an encryption).



spot on - that should have been encryption / decryption rather than encode /decode . Thank you.

I am still confused with a few points though
To quote Greg in earlier post ::


However, SSL does not require authentication and provides the DH anonymous ciphersuites for unauthenticated connections. These ciphersuites are also implemented in the JSSE, and can be identified by the string 'DH_anon' in the SunJSSE provider documentation



Question A ::
So my understanding is - SSL can also be used without a "authenticating" certificate ?
This may be rarely used - but if so desired can be used without a certificate ?

To further quote ::



#2 and #3 - Those are the same (HTTPS always involves a certificate). ...


So Ulf believe you are referring to the most used and predominant usage of https ( with certificates ) ?


Question B ::
who is responsible for the encryption ?
( when we use ssl with certificates )
Is the encryption an inherent part of https or is it the certificate that specifies the encryption /decryption algorithm

but these days always every certificate uses 128 bit.....



From this statement of yours - i guess its the certificate that decides the algorithm for encryption / decryption

Question C ::
So if I create a certificate using keytool can I guarantee that it uses 128 bit ?
and if so than why should I spend a lot of money to buy a certificate from these companies .
If my certificate is as secure as theirs ( agreed their algorithms will be more complex ) - but as Ulf specified if keytool gives me 128 bit than thats a tought nut to crack right ?

Question D ::
Continuation of question C
So the value addition of a certifying authority is that they are "trusted"
I recently had read a KPMG pdf downloaded article regarding how certifying authorities are now also issuing certificates minus the authentication !
( agreed - end users customers may not trust a certificate posing as "satish bodas" not signed by Thawte / verisign etc )

Question E :: ( final question honest ! )
where can I get a good read / understanding about the public / private key ?

Thank you Greg , Pat and Ulf for enhancing my knowledge .

Regards,
~satish
13 years ago
Thanks Greg and Pat for your replies .

what I meant by secure regarding ssl ( corrected as tls ! ) is what is it that guarantees its "secureness" ?

To postulate ::
If I were a hacker and lets say someone was posting his login credentials on a form ::

1 >Plain http :: How do I get to "sniff" this data ?
Is it at all possible
I want to know more as an education rather than any ill intent

2 >same as 1 but scenario with https

3 >same again + https + certificate

Regarding certificates - so all that the certificating authority does is
give out an encoding / decoding mechanism ?
( I have my beginner's questions regarding certificates ... which I will ask in a separate thread )

So all that these authorities are supposed to "authenticate" is to verify that I am really who I proclaim to be is that it ?

Scenario ::

================================================================
I start a B to C business and want end users to buy stuff over the internet
To keep it safe decide to use https with certificates
( this is just a simple abstraction .... sure there will be much more involved )

Now I have two choices ::
1 >buy a certificate from a certificating authority ( thawte , verisign etc )
2 >Create my own certificate using jdk

Use this certificate on web server

Any client accessing the site is asked to either "accept / decline / " certificate .

From my personla experience ( and you can call me a fool ! ) I hardly bother reading any of the popo ups or ads .
If I am online and want to do a transaction - I just hit the website - if I get such certificate popup - simply accept and moce on

IN such scenarios ::

1 >How does someone else fake my certificate
2 >Even if we have a valid / false certificate - for people like me who blindly accept - it doesnt matter does it

Last question - for some sites like citibank on https - when I login I do not see this popup ?

is it because these certificates are by default accepted by bropwser ?

so if I purchase a certificate from thawte / verisign - than my site also wouldnt show this popup ?

long post and I agree it may not be very clear but as thoughts came to mind I put them down .

Thanks ,
~satish
================================================================
13 years ago
hello ,
have been searching on java ranch and also jdk documentation regarding security .

( I am new to security ! )

My questions were ::
1 >If we use SSL we try and make the communication secure - how is it determined that the communication is secure

2 >Is it always necessary to have certificates when we use SSL ?

How is the encryption decryption happening between client and server ?

Thanks ,
~satish
13 years ago
Hello ,
I did try and do a search on this forum but am not able to successfully do what I want .

My understanding of a Virtual host :: On same Tomcat want to host two applications having their own urls ::
example :: www.myappA.com:8080 & www.myappB.com:8080

With this understanding I tried to setup a virtual host ::
In "server.xml"

The portion in bold is the one that I wanted to add as a new host


Tried accessing the above using the URL ::

http://www.ca.scm.com:8080/



Nothing happened .
So I added following entry in my host ::


Now above URL works .

However I wastnt very sure if it "really" worked - so I commented out the "host" entry in "server.xml" and then retried the URL

Problem 1 ::
Browser still showed me the index page of ROOT application
So that means my new virtual host is NOT being used but "default host"

How do I ensure that my new Virtual host is used ?

Problem 2 ::
Under the "localhost" which is default I have a application supplied by Tomcat called ROOT
In this exists a JSP called index.jsp

Even if I make any changes to this file Tomcat still shows up the same page

Where is tomcat getting the details from ?

any help is appreciated
Thanks ,
~satish
13 years ago