November 19, 2010

Java Tip #10: The instanceof-operator is null-safe

Another quick-shot Java Tip. Keeping it simple because I don't have much time currently. It's one of the lesser-known facts of the instanceof-operator and I've seen it's applicability in some sources but YMMV.


Use the Java operator instanceof for implicit null-checks. Sometimes there is the need to check for both (eg. in equals()-methods), non-null and a certain class. Instead of checking for each condition seperately one can use just the instanceof operator, which handles a null-pointer in the same manner as a non-matching class.



if (field != null) {
    if (field instanceof SomeClass) {


if (field instanceof SomeClass) {


Small readability gain.


This seems to be one of the lesser known facts about Java there can be a small confusion with other participants on the same code who interpret this to an aparently missing null-check. But this comes as no danger when the other person just re-adds the null-check, there should be no bad effect on the logic. Maybe just spread this knowledge to your participants somehow ;)

November 12, 2010

Windows XP explorer changed behaviour on SP3

Yes, I know, Windows XP is already almost at the end of its life and there isn't much more to add to it. But since I got a new notebook at work to try out and I'm currently in the process of fitting it to my needs, which also involves installing an alternate shell, I'm writing down a small finding for which I found no additional information on the rest of the internet.

The behavior of the "/e" parameter for the Windows Explorer (explorer.exe) has changed between Service Pack 2 and Service Pack 3. This change only has an effect, if there is an alternate Windows shell active. Until SP2 if there is no explorer.exe process running, a call to "explorer.exe /e" starts the shell and tries to open the folder "/e" which obviously leads to an error (and a started Windows shell). If there IS a running "explorer.exe" process found, a call to "explorer.exe /e" opens the file manager window. With SP3 the "/e" is interpreted in a consistent manner and the explorer starts in the File Manager mode regardless if there is already an "explorer.exe" running or not.

So if you're running an alternate shell, want to wire the Windows+E keyboard shortcut to the file manager (or file explorer) using "explorer.exe /e" and experience the Windows Shell starting over your shell with an error, make sure that you install the Service Pack 3 (which you should anyway, regardless of your shell).

November 1, 2010

Google, Facebook and Privacy

This is a late post on the never-ending discussion about the data privacy inside large companies, especially such data-centric ones like Google and Facebook (see later in the post). In this posting I'm referring mostly to Google and Facebook but be aware that similar discussions and many related topics are not at all limited to these companies and I just take the most known ones as an example. I'm writing this because it gets more frequently in the recent weeks that I'm involved in talks and discussions about privacy issues on different internet services, so here I try to write down my own position. I'm trying to back most of my comments with references here (be sure to check them out if you want to understand my point of view) but of course I'm already biased so take this as my completely personal opinion as of the end of 2010!

Why I have trust in Google

Google had to take a heavy hit when it publicly announced that it had found out that there was payload data from unencrypted WLANs stored during their StreetView programme and recently because people sent email and passwords over unencrypted WLAN.

For me, contrary to aparently most other opinions, this causes Google to rise in my trust because I'm very sure that any other company which had a similar incident would do everything to prevent public knowledge of this. Not so Google. They proactively stepped forward, disclosed the data acquisition accident and invited public authorities to come in to review and check the collected data before they are deleting it without further processing.

The company must have known very well that these actions would impact its image but this didn't stop it from further cooperation in almost any aspect of this incident. For example an evaluation of official british privacy groups found no evidence of personal data in the StreetView logs although this was again stated as a disappointment (german) by other data protection groups later on. Google also let an external company review the whole process of the data acuisition and processing for the StreetView programme which came to the conclusion that the whole process did at no point analyze or process recorded data from connections in the WLAN. It really did only enough processing of the WLAN headers to be able to locate the WLAN, which was the whole point of this programme.

Collecting WLAN data and positions is common practice and many companies have specialized in the area of geolocation via WLAN IDs (eg. SkyHook and even Apple itself), yet only Google is ranked high in the news for data breach while almost nobody criticises these other companies or thinks of real attackers who are surfing the streets and scanning unencrypted WLANs for importand data. For software developers and engineers it's almost clear that the data breach of Google was really just an oversight (german) during the software development and I certainly salute Google to bite the bullet for a whole industry branch. It even takes complaints from its competitors who think that during this public criticism on Google is the right time to take the chance and join beating the rival.

In my opinion Google was (and still is) one of the most respectable companies if the topic is about data security. There were of course other minor accidents with data privacy but almost every time they reacted fast and closed the holes or changed the processes within a very short timespan. As of my knowledge there has only been one incident where an internal maintenance employee who, because of its maintenance activities had access to users' data, abused his rights and accessed users' data without their consent or internal maintenance reasons. Google did react on this but I think it could have done faster and with a more clear statement.

As a final hint, if someone is really interested what data Google collects for each person hop over to the Google Privacy Center and read the small and (in my opinion) quite clear (compared to any other) privacy statement. There you also have the possibility to access the Google Privacy Dashboard where you can yiew and manage almost all the data stored with your account, change the Google ads preferences or even opt-out of it and disable the statistics collection by Google Analytics. It even maintains a publicly availale list of requests from governments to Google for removing content or providing user information.

Why I have no trust in Facebook

Try to find such features on sites like Facebook. In fact Facebook already has a quite impressive list of similar privacy issues, ranging from simple data collection features for crawlers (which is still available to this date) to collecting data of users without accounts on Facebook (german). Although Facebook has often said to tighten up their privacy settings and make it easy for users to adjust them it's still a very complicated process to strip down your privacy options and requires constant review of your sharing settings when you don't want to keep the default settings and share your data with the whole world. There already have been privacy support applications created which assist you in checking and correcting Facebooks privacy settings via easier interfaces. How sick is this? Some people even think to the extend that Facebook should just give in and simply sell your data right away.

Of course Facebook serves its original purpose, connecting people and sharing information, quite well and it may be the ideal tool for many people to do so. But in fact, I doubt that most of the users on Facebook are really aware to which extend Facebook really collects and connects information which is provided in known and unknown means by its users.

My conclusion

In the end I'm always a bit confused and disappointed when people state that they don't trust a certain big company because of "privacy reasons" without having a real justification at hand to do so and then maybe even take this discussion to their Facebook, Twitter or MySpace. I personally still give Google a magnitude of trust in advance of sites like Facebook and from my current point of view there is not much possibility to change my opinion or see me creating an account on this site in the near future.