browser plugins

A friend asked me what browser plugins I use. Rather than write an email back, I thought “well that makes a good blog post.” Aside from the plugins practically everyone has (like Java, Acrobat, etc), this page lists what I use.

Safari plugins

My main browser is Safari. I have:

Plugin What is is for
Live CSS Editor  Testing CSS changes without loading the page
Firebug Lite for Safari JavaScript debugging
Unicorn CSS validator equivalent to this page
W3C Validator XHTML, CSS and RSS validator equivalent to this page (not sure where I downloaded it from)
No Follow Shows which links have no follow
Ghostery This is the most recent plugin that I’ve added. It shows you which third party sites have content on the page and makes it easy to customize what you allow.

I used to use plugins for Delicious and Feedly, but replaced them with the bookmarkets

Safari plugins

I also have some Firefox plugins:

Plugin What is is for
Alexa Toolbar  The Alexa toolbar shows you the “popularity” of a site. This plugin “phones home” with your business so I don’t want it in my main browser. It is useful when looking at SEO though. For example, my friend owns NYC Doula Service and asked me a question about her ranking. It was convenient to have tools installed.
PageRank  Shows Google page rank value. I don’t know if this one phones home, but I keep it in Firefox because Alexa is there.
Heartbleed  Earlier this year when the Heartbleed vulnerability was new, someone wrote a plugin to check sites. This plugin was only available in Firefox. That’s why this one is in Firefox, it isn’t a plugin that I think is spying on me.

OWASP A9 – Using Insight/CLM for CodeRanch

This week at CodeRanch we have a promotion for Iron Clad Java. Before the promo, I wanted to make sure we didn’t have anything embarrassing going on. We had already dealt with XSSCSRF, Clickjacking and brute force logins. As I looked through the OWASP Top 10, I realized that I had no idea how we were doing on A9 “Using Components with Known Vulnerabilities”.

I saw that Sonatype provides a free Insight scan. I did that and got a nice summary:

clmHigh level summary

The high points of the summary are that:

  1. We use 58 libraries
  2. No high known security vulnerabilities in the libraries we use!
  3. Need to look into the details for the license “issues” since we are non-commerical.


I then clicked on the other tabs and got a sample report. That’s the line where free lives. Since CodeRanch doesn’t have a budget, I asked the vendor for a free credit to see the report and they graciously agreed.

I then learned:

  1. All four of our security “issues” were in commons-httpclient. This library isn’t used anywhere in the codebase or in unit tests. I checked the description of the issue and we don’t  use that part of the library. So clean! I’m impressed that a completely volunteer run site came out clean. Good job to all the mods who update the jars!
  2. The license part showed a variety of licenses. For example dom4j and hibernate-core came up. The licenses would be more useful if we were a company and owned the product/could configure it ourselves.
  3. It was cool seeing the ages of the components we use. And which ones are exact matches vs similar. (I’m sure we didn’t edit hibernate-core!)

This report would be clearly be more useful for a large company. More applications and more people who work on them makes it harder to know what is going on. Still, I’m glad I didn’t have to check 50+ libraries by hand.

Disclaimer: I received free access to the detailed report in exchange for writing this review.


jeanne’s oca/ocajp 8 java programmer I experiences

Two years ago, I took the OCA/OCAJP 7 Java programmer I exam and wrote about my experiences. I took the exam this time as part of writing the Java OCA 8 Programmer I Study Guide.

What’s new in version 8?

As you can see from the OCA/Java SE 8 Programmer I official exam page, most of the objectives are the same on OCA 7 and OCA 8. There is a mapping by objective title/number on CodeRanch. The new topics were:

  • Running from the command line
  • Compare and contrast the features and components of Java such as: platform independence, object orientation, encapsulation, etc.
  • Wrapper classes
  • Lambdas/predicates
  • Java 8 date/time classes

How did I study?

As I got a 98% on the previous version of the exam, I didn’t really need to study. [edit: I got a 91% of the OCAJP 8 and a perfect score on all the new Java 8 topics]. It was more of review. Plus writing a book on the topic really gets you ready.  I “studied” by doing all of our review and practice exam questions within a week of the test. This also served as a nice sanity check that the questions we wrote prior to taking the beta were decently in sync. (It’s interesting when writing a cert book that you are writing the questions without seeing the exam. This is good as it prevents accidentally mirroring the questions of the moment in the book. As Oracle changes questions over time, it is better to be learning the topics/tricks from a book and improving your skills/test taking ability.)

To learn the Java 8 in the first place, I read two books:

Oracle has some tutorials:

I also wrote a bunch of practice code. And wrote lots of lambda expressions in other languages.

Test Day

  • The exam software claimed that if you pressed the control key, it would cross out an answer so you could remember which ones you eliminated. That’s a good idea. Unfortunately, pressing the control key did absolutely nothing and clicking merely selected an answer I wanted to rule out as correct. I hope they fix this as it is a nice feature.
  • When I took the OCA 7, I had all the time in the world. On this exam, I had enough time to do the questions, but not enough to review them all. The beta gives you just over a minute per question. The real exam gives more time.
  • I went back to my usual exam center. They gave me an “erasable notebook” with 9 pages and an eraser. This meant I could write as much as I wanted. I probably filled about 4 pages as I went. It’s not the same as the paper/pen they used to gie, but is perfectly sufficient.