Win a copy of Head First Android this week in the Android forum!

Toby Eggitt

Ranch Hand
+ Follow
since Dec 08, 2004
Cows and Likes
Total received
In last 30 days
Total given
Total received
Received in last 30 days
Total given
Given in last 30 days
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Toby Eggitt

I'm not sure what you mean by "supporting". If you mean hacking on the code to fix bugx, then sure, learning enough to pass a certification will improve your skills in an applicable way. But if you mean supporting in the "system administration" sense, there will be pretty much zero relevance.

Jeanne Boyarsky wrote:The -J stands for "Java 25 means this exam costs $25". As Scott noted, it is the same exam content

Oh wow, fascinating. I did a search of the site for -J and simple J and it returned nothing both times. And the main page seems to list it without. I love it when people's marketing is consistent. Oh, wait ;)

Whatever, I think the OPs question is answered.
Hi all, now that there's "only one" exam (1Z0-819) is it discussed under the OCJP forum, or here in the Developer one (since the exam has "developer" in its name). Or perhaps both depending on where someone posts a question?

Also, I have a strong impression that the questions probably touch on a relatively limited part of the very vague objectives listed. Is there a discussion on what topics people have actually seen in "real-live, in the wild" questions?

Pretty sure you found a typo. I don't think there's any such thing as 1Z0-819J, only 1Z0-819 (unless, perhaps, that's a Japanese version). But the $25 offer seems to me to be for 1Z0-819.
And now, to slightly compound the confusion, I notice there's no notice suggesting end of life for the Java 8 certification exams...

Anyone privy to any information on that topic?
If you're going to put the effort into prepping for 816, then unless you've forgotten what you knew for OCA8, or have failed to round out your understanding of lambdas in the meantime, you should be ready for 819. It looks like they just squeezed the bulk of 816 and some of 815 into one exam.

Dimitri Nguyen wrote:

Oracle might have a point in removing the 1z0-815 though. From the feedback that I received from other developers, it mainly tests the things that the compiler already know, which is almost pointless since Java has compile-time checking. This knowledge only makes sense if you are writing a java compiler.

I know that's a common perspective, but it's not one I agree with. Sure, "in the field" the compiler will tell you what you did wrong, but the point is that if you *understand* the language, you can work this out from first principles. And it's the *understanding* that matters. Many a nasty trap, and a lot of wasted time, results from not really understanding what's going on, and just fiddling with it until it compiles.  Indeed,  when people make that complaint, for me it tells me something about them ;)

But again, just one opinion in a big ol' pot.

Dimitri Nguyen wrote:Can you please clarify this statement?

The breadth of material does have an advantage: if you don’t do well on one topic, it is likely to be less points on the exam.

I expect this means that with only 80 questions, you're not going to get many questions on any one topic, so if, you--for example--blow off learning concurrency entirely, you still have 79 questions you can hope to get right. In other words, learning some of the topics well could be sufficient.

I think this plays to my concern that this much coverage might simply result in so little testing as to prove very little.
I admit I don't see the point.

The first level exam tested some fairly basic (but absolutely essential) stuff about the core language, the nature of OO, and the like. I always felt it was "entry level" (for a professional programmer) and served a strong , valuable, purpose of distinguishing between two groups with little tangible work experience. One group who had made a solid effort to build their skill and knowledge base, and the other group those who had not made that effort and just figured they'd wing it and try to learn on the job.

The second level exam, by contrast, covers a frankly huge spread of advanced topics, many of which are entirely unknown to many quite experienced programmers working in industry. It was a way to set your five-plus year experienced self apart from those who had merely done the work asked of them, but not expanded their horizons beyond that.

But to do *both* at the same time??? What is that supposed to mean "I'm a relative beginner with a knowledge spread across years of advanced topics"? I don't get it, either the basic stuff is pointless, or the coverage of the advanced topics is little more than marketing-buzzword-level.

I fear that they might have just made the people who complain that "certification is pointless" have a stronger case (but only in respect of this particular exam--I still firmly believe that the effort put into preparing, and the demonstration that you're willing to be measured by someone else's standards, speaks volumes to the personal and professional qualities of the individual, as well as--obviously--improving skill sets.)

Actually, I suspect I do see the point. I think the reality might have been that very few bothered to take the second level exam anyway, and they wanted to force people's hands. That doesn't seem like a good reason, but does seem typical of Oracle's behavior in general.

Ah well, just my rambling opinion. I'll be interested to see how this plays out, but I'm not impressed at this point, Perhaps the ongoing discussion in this thread, or actually seeing the exam, will create a better feeling.

Thanks for this Junilu, yes, I mostly am aware of what one shouldn't do (thanks to OWASP) and the advised fixes. I'm really looking for real examples. I find that the canned "see how this breaks" examples always look so obvious that one feels only a fool would make such a mistake, and seeing a mistake that one knows was actually made, rather than an illustration, would be far more convincing.

But anyway, thanks again, and fwiw, I worked through the entire OWASP WebGoat project, which involves some lessons, followed by some "go ahead, try to break this deliberately" vulnerable code. I will say that while still not "real code" it was a fun and valuable exercise that I can recommend to anyone who has 24-40 hours for tinkering! YMMV of course, perhaps some will break it completely in less than that, but I suspect three days of fairly dedicated time is probably about right for version 25, where many of the hints are missing, misleading, or otherwise leave you do some "real" hacking (i.e. being imaginative and trying several alternative approaches while looking for clues
2 years ago
Well, I think that since you can hear the music, the approach is clearly workable. You just have to discover how to get a program that's started from a context that doesn't have a connection to your windowing system to connect successfully to your windowing system. I can tell you how to do that in Unix, but unfortunately have no clue in your environment. But at least it's a direction for investigation. Maybe go to a Windows admin forum and ask "how to start a gui program on my local system from a service" and see if they can help? Good luck!
2 years ago
Indeed, implicit, in what I was pondering is where do you expect this stuff to show up even if it works?

Since you seem to be configuring this to run when the servlet context is initialized, I guess you are trying to run it on the server, but if you're expecting the output to show up for any client you're definitely misunderstanding what webservers do. And of course, the other side of the question is why on earth would you want to use a webserver to launch a "system" program?! Most servers run headless where nobody can see them anyway
2 years ago
I don't know how this works in Windows, but in Unix like environments, there's an environment variable that needs to be set to tell a GUI application what windowing system it should connect to. Running a command without specifying that (and it's usually inherited from the places you're likely to start programs) will result in failure.

Of course, you're running windows, so I have zero clue if this has parallel considerations for that system, so if I just wasted your time, I apologize.

2 years ago
Greetings all. I'm on a bit of a mission to understand software security better, in a Java environment. My particular focus right now is to try to find--and understand--real examples of how code fails in practice. I've read extensive stuff about "don't do this" on a bunch of topics, and I've looked at a number of resources (e.g. metasploit) that would potentially show me how to *perform* an attack (with the goal of penetration testing one's own software, one hopes!) but what I'd really like to see now is examples of how real code has actually failed. E.g. how did the struts code permit remote code execution? I'm hoping some of you might be able to point me at such resources, either individual case studies, or perhaps whole data sets, that describe some of these.

I will add that I already found the OWASP web goat, and am trying to get into that. But I am hoping for specific, described, examples of real failures "in the wild", ideally (for impact's sake) associated with known dramatic breaches (Equifax, anyone?!)

2 years ago
As side notes:

  • Java's "lambda expression" is primarily an anonymous function literal, it happens to have a closure capability in addition (though if no values are captured, this "doesn't happen".)
  • Java's closure mechanism was created at Java 1.1 with the advent of the ability to nest classes (particularly, but not exclusively, anonymous classes) inside the body of a method.
  • The beta release of Java 1.1 have closures that wrapped mutable state, but given that an immutable reference to a mutable object serves pretty well for those who want a mutable state to be captured in their closure, they decided that a copying implementation would be preferable, and with the copying implementation came the requirement for finality that is now "effectively final".
  • 2 years ago