Java Coffee Break Newsletter Volume 3, Issue 7 http://www.javacoffeebreak.com/ ISSN 1442-3790 ================================================================= In this issue * Featured Java Websites * Article : Java Viruses - are you at risk? * Q&A : What can cause an object to fail to initialize properly? * Q&A : I'm trying to compile a Java source file, and get the error message "bad command or filename". What did I do wrong? * Q&A : What is a "magic number" in Java, and why does it sometimes go bad (referring to a bad magic number error when loading applets) ? ================================================================= /* * Looking for answers to those tricky Java problems? * Sure you can try newsgroups, or read FAQs. But if you * need an answer -now- , then try HotDispatch. * HotDispatch is an open community of Java experts, where * you can get accurate and low-priced consulting support. * How low? You set the price! * Best of all, new users receive $25 credit (limited time only) * * --> http://www.hotdispatch.com/home?aff=235138707 */ ================================================================= Featured Java Websites Here are a selection of websites that may be of interest to readers. Moving from Java to XML doesn't need to be a chore XML and Java are two hot topics in their own right. Combine them together, and you've got sizzle. Sun Microsystems offers this free tutorial that shows you how to integrate XML with Java. The tutorial covers three critical issues: understanding XML theory, walking through XML documents sequentially using the SAX model, and parsing XML documents as a tree of objects (using the DOM model). If SAX, DOM, and XML sound like meaningless jargon, this is the tutorial for you. With plenty of code and step-by-step instructions, you'll be writing XML in no time. http://java.sun.com/xml/tutorial_intro.html Software Development Magazine Online If you're a serious software developer, then you need Software Development Magazine. Unlike many publications, SDM puts their best articles online for free, and there's an extensive archive of back-issues. There are articles on programming techniques, debugging, tools and IDEs, software design, and much more. There are also regular articles on individual languages such as Java and C++. This is a great read for developers, packed full of useful tips and tricks to improve your software. http://www.sdmagazine.com/ ================================================================= /* * Want a great deal on books, music, movies, software, or * garden & patio items? Yes - Amazon now sells garden & patio * items, along with electronics, health and tools. Whatever * you're looking for, you'll find it at Amazon.com * * --> http://www.amazon.com/exec/obidos/redirect-home/davidreillysprog */ ================================================================= Article : Java Viruses - are you at risk? Computer viruses can attack any operating system and computing architecture. Until recently, however, it was believed that Java was immune, since it didn't use native code. StrangeBrew, and others like it, are amongst the world's first portable OS-neutral viruses -- By David Reilly Few people today would be unaware of the very real threat of computer viruses. Even if you're not computer savvy, the likelihood that a computer failure would affect you at some point in your everyday life is fairly high. When you use an ATM, buy groceries, swipe a credit card or drive on the roads, you are relying on the services of computers - even if you're not actively aware of it. Now I certainly don't want to alarm readers, but computer viruses can have some pretty nasty effects. While sometimes they are mild annoyances, there are some pretty serious viruses around that can cause loss of data, or can cause loss of service (such as the spate of email viruses last year that brought down the mail servers of Fortune 500 companies). So a keen awareness of viruses is important, particular for software developers. Ignorance can be dangerous, and can give one a false sense of security. Until recently, it was generally believed that viruses had to be written in assembly language or low-level machine code. However in the last few years a growing number of viruses have been written in interpreted languages and program macros for applications like Outlook and Word/Excel. So it was only inevitable that eventually, the Java language would be used to write viruses. Of course, the fact that it was inevitable didn't mean that the Java community saw it coming. Indeed, even long after the release of the first Java virus (dubbed StrangeBrew), even some noted experts tried to bury their heads in the sand and deny that it was really a virus. The thought that Java, billed as a secure programming language, could be susceptible to viruses was frightening; too frightening for some to accept. Enter the virus The world's first Java virus was identified by Symantec's automated virus search engine in late 1998, and dubbed StrangeBrew. StrangeBrew used a novel approach - it was capable of replication by modifying the byte-code of Java class files. Like other viruses, it was written in machine code, but in the case of StrangeBrew, the machine code was Java byte-code capable of executing on a Java Virtual Machine (JVM). StrangeBrew could search for .class files, just like a .COM or .EXE infector searches for application software. But Java is secure.... right? Java applets executing within a web browser are tightly controlled, and constrained by a rather strict security manager (known as the 'sandbox'). Any unsigned applet is prevented from file access, or from opening a network connection to a remote machine other than the machine from which it was loaded. So, StrangeBrew infected applets are unable to propagate, since they can't access your hard drive. So StrangeBrew is safe..... right? StrangeBrew is still capable of infecting your system if it is freed of the applet sandbox. This means that application software (run from the command-line prompt) can infect other application software. So StrangeBrew is more likely to affect users that run Java applications, or Java software developers. Other Java viruses StrangeBrew may have been the first Java virus, but is certainly not the last. In 1999, another Java virus was identified (again by Symantec), and dubbed BeanHive. Nor is this likely to be the last strain of Java virus identified. Are Java viruses a threat? So far, outbreaks have been minimal, and the payload included with StrangeBrew and BeanHive has been fairly non-destructive. BeanHive also contained bugs, which made it unlikely that it would spread. It appears that both viruses were proof-of-concept creations, designed to make the Java community aware that it is not immune to the threat of viruses. Neither present a serious risk to users. That is not to say, however, that a more serious virus outbreak can't happen. Indeed, the networking support within Java would make viruses capable of extreme damage, such as spiriting away password files or sensitive documents off a user's machine. Summary Java, like any computing platform, is not immune to viruses. While the strict security restrictions on applets make it unlikely applets will be used to transmit viruses, the increasing use of Java applications by users make the possibility of a serious viral outbreak very likely in the future. Certainly don't panic - but be aware that Java is no different to other operating systems like Windows and Unix, and that a Java virus is capable of infecting both platforms! ================================================================= Q&A: What can cause an object to fail to initialize properly? When creating a new instance of an object, the JVM will call the appropriate constructor, which is a method that initializes an object's state. Objects can have overloaded constructors, which are constructors that take more than one set of parameters. If no constructor is defined, a default constructor will be called. Initialization problems can occur in any constructor, and for a variety of reasons. The most common reason is that invalid parameters were passed to the constructor. Unless the constructor relies on some external objects, this will be the trigger. Sometimes, there could be a defect in the code, but most likely, it is because invalid arguments have been passed, or that a null argument was passed incorrectly. How will you know if an object didn't initialize properly? This will usually manifest itself in an exception at runtime, and the most common exception will be a java.lang.IllegalArgumentException, or in the case of an error a java.lang.NullPointerException or a java.lang.RuntimeException. Well crafted applications will either catch such exceptions, and fail gracefully, or ensure that they don't violate some important precondition about parameters (for example, passing an out-of-bounds or null value). Always be sure to check the API documentation for an object constructor, to prevent such errors. ================================================================= Q&A: I'm trying to compile a Java source file, and get the error message "bad command or filename". What did I do wrong? This is a VERY frequently asked question for Windows users of the JDK. You need to add a path statement in your autoexec.bat file on windows to allow the javac.exe program to be found. For example, if you installed java to the c:\java\ directory, you'd add the following to autoexec.bat set path=%path%;c:\java\bin\ Hint: change the path to your installation dir (e.g. c:\jdk1.1.7\bin) Remember to rerun the autoexec.bat file or reboot before trying to compile again, or the path setting will not be acted upon. ================================================================= Q&A : What is a "magic number" in Java, and why does it sometimes go bad (referring to a bad magic number error when loading applets) ? The class definition files (*.class) for Java applets are loaded over the network. Sometimes during the transmission of files, the connection may be aborted, or may be scrambled, causing class loading to fail. Sometimes when copying files over to a web server, they may become garbled or a disk error might occur. For this reason, special care is taken by the JVM and the class loader, to verify that classes are intact. One of the precautions is that every class definition contains at the beginning the magic number, a sequence of four bytes that identify a file as a Java class definition file. For those curious to know what the magic number is, it is the hexadecimal number CAFEBABE, which is used by the class loader to see if a file is really a class definition file. Please don't ask me why it spells out cafebabe - my guess it was an attempt at humor. ================================================================= The Java Coffee Break Newsletter is only sent out to email subscribers who have requested it, and to readers of the comp.lang.java.programmer and comp.lang.java.help newsgroups. If you'd like to receive our newsletter, and get the latest Java news, tips and articles from our site, then get your FREE subscription & back issues from http://www.javacoffeebreak.com/newsletter/ If you are an email subscriber and no longer wish to receive the JCB Newsletter, please unsubscribe by emailing javacoffeebreak-unsubscribe@listbot.com