griping about a “password” system

I emailed a company today asking for my account to be linked. I did NOT ask for a password reset. What I got was an email with plain text copy of my password. Aghhhhh! That’s just asking for someone to hack my account (or all the accounts.) Passwords should be stored using a one way hash at least.

Problem 1 – username

My user id is not my last name, email or anything I have any shot of remembering. And I didn’t get to pick it. Which means it is written down.

Problem 2 – storing the password in plain text

This company shouldn’t be storing passwords in plain text or any “encoding” where they can get the original password. And the only thing I can think of to make that worse is to email the password.

Problem 3 – password requirements

Since my password was sent in the clear, I went to change it. I wanted to make it a sentence about not emailing the password. That way if someone does it again, he/she at least has to read my note. I changed the letter s to $ in my sentence as one might expect. Guess what? Only letters and numbers are allowed.

Really guys? It’s 2015.

using our OCA 8 book to study for the OCA 7?

As of now, Oracle isn’t allowing developers to take the OCA 8 + OCP 7 to get OCPJP 8 certified. This means that some readers who have already bought our OCA 8 book might want to take the OCA 7. (In particular, those who need to get OCPJP certified by September or so and don’t want to take the beta exam.) Those new to Java/certs and just starting out now aren’t likely to find this constraining and can take the OCA 8.

Timeline

I’m predicting the OCP 8 exam will be released in September because:

  • The beta is launching April 25th.
  • I’m guessing they will give two months taking us to June.
  • Then Oracle needs 10 weeks to prepare the real exam taking us to September.

The beta is good because is is $50. It is bad because it is longer and you don’t get your score for months.

How do I “backport” the book for the OCA 7 exam

This matrix compares the OCA 7 and OCA 8 exams. This means you can read the OCA 8 book to study for the OCA 7 exam with the following changes:

  1. Skip the section on dates/times in Chapter 3.
  2. Skip the section on lambdas/predicates in Chapter 4.
  3. Skip the parts about static/default methods in interfaces in Chapter 5.

You’ll slightly overstudy this way. For example, OCA 7 doesn’t ask you to describe encapsulation. But not by any significant amount.

What JDK should I use?

Remember to either use a Java 7 JDK or compile with the -source 1.7 flag. For example:

javac -source 1.7 Jeanne.java

This will ensure you aren’t accidentally relying on a Java 8 feature. For example, the final keyword works a bit differently in Java 8. Not in a way that affects the OCA exam scope. But you could get confused if compiling with a different version