Friday, 26 April 2013

Why you should never use a CAPTCHA [by Josh Fraser]

I hate CAPTCHAs (you know, those squiggly bits of impossible to read text you have to fill out before you can do anything on some websites). I think all of us can relate to the experience of trying to register for a service or comment on a blog only to be stopped cold by an impossible CAPTCHA. Maybe you got it on the second or third try, but chances are you’ve also had occasions when you’ve bailed and decided it just wasn’t worth the effort.  Today I want to convince you to never add a CAPTCHA to your site.
Let’s start by looking at why CAPTCHAs were invented. The acronym stands for Completely Automated Public Turing test to tell Computers and Humans Apart. Quite a mouthful, eh? The idea is to have something that a computer can create but only a human can read. Whether or not humans can read CAPTCHAs is debatable, but that’s the idea anyway.  

Lots of sites use these things to attempt to stop automated requests. For example, you’ve got to fill out a CAPTCHA to get a Gmail account, send a message with a link on Facebook or even just email directions on Mapquest. CAPTCHAs are most often used to stop abuse around systems where there is a high incentive for automated systems to be used, like spamming everyone on Facebook. There are also a lot of people using CAPTCHAs where an alternative solution would suffice.

My biggest beef with CAPTCHAs is that they are so freaking annoying for users. They add an incredible amount of friction to the process — friction that you probably can’t afford. Sure, some CAPTCHA’s are better than others, but none are great. I understand you want to protect your site from spam and abuse, but are you ready to lose potential users over it?  The trade off just isn’t worth it, especially if you are a startup!

One of the things I’ve noticed is that many people use CAPTCHAs when a simple non-intrusive spam-stopper would suffice. For example, say you have a blog and notice you are starting to get a large amount of spam comments. You decide to add a CAPTCHA to fix the problem. The thing is, you’re not big enough to be a victim of a targeted attack, you’re just getting generic spam bots. You don’t need a CAPTCHA.

It’s far easier to stop generic spam bots than a targeted attack. There are a lot of different techniques you can employ, but a simple option is to add an extra field with a tempting name like “email” to your form that is then hidden using CSS. Humans can’t see the field and as a result will never fill it out. Any request that comes in with the field completed can easily be eliminated as spam. The beauty of this is you have a pretty effective spam-stopper without ruining the user experience or adding any friction to the process. A simple technique like this is probably enough to stop the majority of spam bots.

But what if you really are big enough to be at the receiving end of a targeted attack? What if you’re Facebook or Google? They might not be fun, but aren’t CAPTCHAs a necessary evil?  I don’t think so. CATCHAs still aren’t going to protect you. The bad news is that most CAPTCHA systems have already been cracked using OCR software making it trivial for your system to be compromised. For the rest, hackers have been known to set up porn sites that require you to enter a CAPTCHA in exchange for access to the adult content. What are you going to do to prevent that? Not to mention, there’s a booming business in India right now for breaking CAPTCHAs. The going rate is $2 per 1,000. Can you compete with that? If someone wants into your site, I’m sorry, but your annoying little CAPTCHA isn’t going to stop them.

Some people have taken more creative approaches to the CAPTCHA problem.  Joe Stump tweeted the other day about one solution he discovered. You’ll see a lot of these around the web, often added by people who hate CAPTCHAs but haven’t stopped to think through the details. I remember seeing one approach that Hot or Not used that asked users to pick the 3 most attractive people out of 9 pictures. While these sort of solutions are more fun for users than a traditional CATPCHA, they are usually still pretty worthless at providing any real security. 

For example, with Hot or Not, the odds of a computer correctly guessing the 3 attractive people are 1 in 84. While those aren’t great odds for a human, they’re not bad for a computer — especially if you have a botnet at your disposal! Other approaches like the ones that ask you to do simple math or ask simple questions like “what is known as man’s best friend?” are vulnerable too. In most cases, all you’d need to do to crack the CAPTCHA is throw the question at Google and analyze the responses that come back.  These systems are often also vulnerable by having a limited list of questions to ask so it doesn’t take long for a hacker to build up a dictionary of correct answers to feed to the bot.

reCAPTCHA from Google is another anti-bot alternative.  They proudly talk about all the good they are doing by using the technology to help digitize books. But even reCAPTCHA can be broken with 23% accuracy and it’s just as frustrating for users as the other alternatives.
So where does that leave us?  CAPTCHAs are annoying, you probably don’t need one and even if you did it could still be broken pretty easily.

The most balanced approach is to add some basic security to stop generic bots and then stop worrying and get rid of the CATPCHA altogether! Instead, watch out for suspicious IP’s and monitor for nefarious behavior (like spam links being sent to multiple users, large # of requests from one IP, etc).

We live in a world where spammers are a real problem and must be addressed, but CAPTCHAs are not the answer. You simply can not afford the friction. By using a CAPTCHA you are making the internet a whole lot less fun for all of us.

Monday, 22 April 2013

Servlets Vs Portlets


    Servlets and Portlets are web based components which use Java for their implementation.

    Portlets are managed by a portlet container just like servlet is managed by servlet container.

    Both static and dynamic content can be generated by Portlets and Servlets.

    The life cycle of portlets and servlets is controlled by the container

    The client/server model is used for both servlets and portlets

    The packaging and deployment are essentially the same, WAR/EARs.


    Servlets can render complete web pages, whereas portlets renders html fragments. These fragments are aggregated by the portal into a complete web page.

    The content type of JSR 168 portlets can be only cHTML, XHTML, WML. It does not support other content types.

    Portlets are not allowed to generate HTML code that contains tags such as body, frame, frameset, head, html, or title.

    A Portlet unlike a servlet doesn’t have URL attached to it so it cannot be accessed directly. Access is only through the portal page which holds the portlet.

    Portlets can be provided with controls to manipulate its window states or portlet modes.

    Multiple instances of a single portlet can be placed onto the same page.

    Portlets support persistent configuration and customization, profile information.

    Portlets can have two types of request viz. render request and action request.

    Portlets have two scopes within session; application scope for communication across portlets and portlet scope for intra portlet communication.

    Portlet cannot set the character set encoding of the response nor can it set the HTTP response headers.

    Portlets doesn’t have access to request URL. So it cannot access the query parameters appended to the URL.
    Portlets cannot set cookies.

    Typical methods of Portlet API are doView(), doEdit(), doHelp() and processAction() while those of servlet are doService(), doPost(), doGet().

Saturday, 20 April 2013

JDK 8 Feauture

Here are some of the features coming in JDK8
  • Improvement in java.lang package
  • Annotations on Java Types
  • DocTree API
  • Parallel Array Sorting
  • Bulk Data Operations for Collections
  • Collections Enhancements from Third-Party Libraries
  • Base64 Encoding and Decoding
  • New HTTP Client
  • More Security enhancement                                         
If you want to explore more about Lambda check here
Technical discussions on Lambda Dev here

What is the solution of JAR Updates and its dependencies...?

 Answer is:  Apache Maven 
Maven, a Yiddish word meaning accumulator of knowledge, was originally started as an attempt to simplify the build processes in the Jakarta Turbine project. There were several projects each with their own Ant build files that were all slightly different and JARs were checked into CVS. We wanted a standard way to build the projects, a clear definition of what the project consisted of, an easy way to publish project information and a way to share JARs across several projects.
The result is a tool that can now be used for building and managing any Java-based project. We hope that we have created something that will make the day-to-day work of Java developers easier and generally help with the comprehension of any Java-based project.
Maven's Objectives
Maven's primary goal is to allow a developer to comprehend the complete state of a development effort in the shortest period of time. In order to attain this goal there are several areas of concern that Maven attempts to deal with:
  • Making the build process easy
  • Providing a uniform build system
  • Providing quality project information
  • Providing guidelines for best practices development
  • Allowing transparent migration to new features
For more Details.. Go Through and any doubt about it send me mail ….

Zip Format Compress With JAVA Code


import java.util.ArrayList;
import java.util.List;

public class MyZip
    List<String> fileList;
    private static final String OUTPUT_ZIP_FILE = "C:\\";
    private static final String SOURCE_FOLDER = "C:\\testzip";

    fileList = new ArrayList<String>();

    public static void main( String[] args )
        MyZip MyZip = new MyZip();
        MyZip.generateFileList(new File(SOURCE_FOLDER));

     * Zip it
     * @param zipFile output ZIP file location
    public void zipIt(String zipFile){

     byte[] buffer = new byte[1024];


        FileOutputStream fos = new FileOutputStream(zipFile);
        ZipOutputStream zos = new ZipOutputStream(fos);

        System.out.println("Output to Zip : " + zipFile);

        for(String file : this.fileList){

            System.out.println("File Added : " + file);
            ZipEntry ze= new ZipEntry(file);

            FileInputStream in =
                       new FileInputStream(SOURCE_FOLDER + File.separator + file);

            int len;
            while ((len = > 0) {
                zos.write(buffer, 0, len);


        //remember close it

    }catch(IOException ex){

     * Traverse a directory and get all files,
     * and add the file into fileList 
    public void generateFileList(File node){

        //add file only

        String[] subNote = node.list();
        for(String filename : subNote){
            generateFileList(new File(node, filename));


     * Format the file path for zip
     * @param file file path
     * @return Formatted file path
    private String generateZipEntry(String file){
        return file.substring(SOURCE_FOLDER.length()+1, file.length());

Saturday, 6 April 2013

Most favorite Question : Logic Behind "System.out.println()"

System.out.println prints the argument passed, into the System.out which is generally stdout.

  • System – is a final class and cannot be instantiated. Therefore all its memebers (fields and methods) will be static and we understand that it is an utility class. As per javadoc, “…Among the facilities provided by the System class are standard input, standard output, and error output streams; access to externally defined properties and environment variables; a means of loading files and libraries; and a utility method for quickly copying a portion of an array…”

  • out – is a static member field of System class and is of typePrintStream. Its access specifiers are public final. This gets instantiated during startup and gets mapped with standard output console of the host. This stream is open by itself immediately after its instantiation and ready to accept data. When running a program from windows command line, it is the standard console.

  • println – println prints the argument passed to the standard console and a newline. There are multiple println methods with different arguments (overloading). Every println makes a call toprint method and adds a newline. print calls write()and the story goes on like that.

Thursday, 4 April 2013

Android Holo Colors Generator

Change Tabhost Setting Programattically

tabHost.setOnTabChangedListener(new OnTabChangeListener() {
public void onTabChanged(String arg0) {

// Log.i("***Selected Tab", "Im currently in tab with index::" +
// tabHost.getCurrentTab());
selTabPos = tabHost.getCurrentTab();
for (int i = 0; i < tabHost.getTabWidget().getTabCount(); i++) {
if (i == selTabPos) {
} else {


for (int i = 0; i < tabHost.getTabWidget().getTabCount(); i++) {
if (i == selTabPos) {
} else {

tabHost.getTabWidget().getChildAt(i).getLayoutParams().height = height / 15;

Wednesday, 3 April 2013

How to add tab layout without letting the activity to extend TabActivity? Part -2

How to add tab layout without letting the activity to extend TabActivity?

public void onCreate(Bundle savedInstanceState) {
    TabHost tabHost = (TabHost) findViewById(;

    TabSpec tab1 = tabHost.newTabSpec("TAB_1");
    tab1.setIndicator("Tab 1");

    //tab 2 etc...
    TabSpec tab2 = tabHost.newTabSpec("TAB_2");
    tab2.setIndicator("Tab 2");
<TabHost xmlns:android=""
    android:layout_height="fill_parent" >

    <LinearLayout android:id="@+id/LinearLayout01"
        android:orientation="vertical" android:layout_height="fill_parent"

        <TabWidget android:id="@android:id/tabs"
            android:layout_height="wrap_content" android:layout_width="fill_parent"></TabWidget>

        <FrameLayout android:id="@android:id/tabcontent"
            android:layout_height="fill_parent" android:layout_width="fill_parent">
            <LinearLayout android:layout_width="fill_parent"
                android:layout_height="fill_parent" android:id="@+id/tab1">
                <!-- tab 1 content goes here -->
            <LinearLayout android:layout_width="fill_parent"
                android:layout_height="fill_parent" android:id="@+id/tab2">
                <!-- tab 2 content goes here -->




Tuesday, 2 April 2013

Circular Menu Part-1

Main Activity

public class TestMenuActivity extends Activity {
CircleView cView;

public void onCreate(Bundle savedInstanceState) {

int numberOfElements = 11;
View[] elems = new View[numberOfElements];

EditText tv = new EditText(this);
tv.setText("Some text");
tv.setLayoutParams(new RelativeLayout.LayoutParams(
elems[0] = tv;

for (int i = 1; i < numberOfElements - 1; i++) {
Button newButton = new Button(this);
newButton.setText("Button   " + i);
newButton.setLayoutParams(new RelativeLayout.LayoutParams(
elems[i] = newButton;

Spinner sp = new Spinner(this);
sp.setLayoutParams(new RelativeLayout.LayoutParams(
elems[numberOfElements - 1] = sp;

cView = new CircleView(this, 115, elems);

How To Create Circle View (Dynamically...)

public class CircleView extends RelativeLayout {
static final int centerId = 111;
private final int radius;

private RelativeLayout.LayoutParams createNewRelativeLayoutParams() {
RelativeLayout.LayoutParams lp = new RelativeLayout.LayoutParams(
lp.addRule(RelativeLayout.ABOVE, centerId);
lp.addRule(RIGHT_OF, centerId);
return lp;

private View prepareElementForCircle(View elem, int distX, int distY) {
RelativeLayout.LayoutParams lp = createNewRelativeLayoutParams();

elem.measure(0, 0);
int deltaX = elem.getMeasuredWidth() / 2;
int deltaY = elem.getMeasuredHeight() / 2;
lp.setMargins(distX - deltaX, 0, 0, radius - distY - deltaY);
return elem;

public CircleView(Context context, int radius, View[] elements) {
this.radius = radius;

RelativeLayout.LayoutParams lpView = new RelativeLayout.LayoutParams(

View center = new View(context);
RelativeLayout.LayoutParams lpcenter = new RelativeLayout.LayoutParams(
0, 0);

this.addView(prepareElementForCircle(elements[0], 0, 0));
if (elements.length % 2 == 0) {
this.addView(prepareElementForCircle(elements[elements.length / 2],
0, 2 * radius));
if (elements.length > 2) {
for (int i = 1; i <= (elements.length - 1) / 2; i++) {
int y = i * 4 * radius / elements.length;
int x = (int) Math.sqrt(Math.pow(radius, 2)
- Math.pow((radius - y), 2));
this.addView(prepareElementForCircle(elements[i], x, y));
- i], -x, y));


Monday, 1 April 2013

Google to Launch an Android-powered Smartwatch

We are hearing a lot of news of Smart watch, that Apple and Samsung wants to launch Smart Watch now Google also wants to Jump in launch Android-powered Smartwatch. Google owns a patent of Dual-screen smart watch since 2011, and now Android team is working on that watch its possibiity that Googlesmart watch hit the market before Google Glass.

A smartwatch boom seems to be going on. Besides smaller companies debuting new wrist technology, the tech giants are also grabbing for a piece of the pie. Google is the newest company to supposedly be stepping into the watch world. According to The Financial Times, Google’s smartwatch is allegedly being developed by the company’s Android unit rather than its X Lab.
This is telling because it means that, unlike Google Glass, the company may be looking to get a consumer product out to users on a speedier timeline. According to The Financial Times, Google filed a patent application for a “smart watch” in 2011. Apparently, the patent has a dual-screened display and a interactive user interface. Over the past couple of weeks Apple has been rumored to be coming out with a smartwatch and Samsung has confirmed it’s working on one. Of course, none of these mammoth companies are breaking new ground. A lot of smartwatches, fitness bands, or some hybrid of the two have already been unveiled, including the long-awaited Pebble wristwatch and the 007-inspired Martian.