I am Benjamin Johnston, a researcher and a developer. I believe in the power of technology to improve our life at home, work and play. My passion is for using artificial intelligence and social robotics to create systems that bring joy and amazement.
FriendFace is an intentionally insecure social network to teach web security. It was developed for Java EE 7 and tested on the GlassFish app server with a Derby/JavaDB database. It is designed to have many of the OWASP Top 10 vulnerabilities.
Before deployment, create a JDBC resource named "jdbc/aip" (without the quotes). On deployment, the application will automatically create database tables and pre-populate them with sample data.
I created the system while teaching a subject on advanced internet programming. It is intended to help teach a security mindset. Feel free to use it for any purpose. However, you should not deploy it on a publicly accessible server because it is so insecure.
FriendFace is an alternative to the OWASP WebGoat project. WebGoat is tutorial oriented: it is a set of guided exercises. In contrast, FriendFace is an ordinary application that is full of security holes.
FriendFace can be used to re-create something like the "Samy" MySpace worm. You can create a profile that "virally" becomes friends with anybody who sees the profile name.
In the following is a discussion of how the OWASP Top 10 vulnerabilities relate to the application.
Continue Reading (Published 28 December 2014)
JavaServer Faces is a component-based MVC framework for Java web development. It is the "officially endorsed" web framework in Java EE 7.
JavaServer Faces applications have an unusual structure.
To explain, first consider the difference between using the iterator and visitor design patterns. Assume you want to sum the elements of a list. With an iterator, your code takes an active role. It would request (pull) each element of the list one-by-one. It would then update the total using each element it retrieves. In contrast, a visitor takes a more passive role. You would implement a visitor class that updates a total for every element it receives. The list is then responsible for passing (push) each element to the visitor.
What makes JavaServer Faces applications unique is that their controllers are typically very passive. The controllers in most other MVC frameworks are typically very active. They orchestrate most aspects of transforming inputs into a view. In contrast, in a JavaServer Faces application, the container does most of the orchestration. This inversion of control causes most JavaServer Faces applications to use a design pattern in which the application model is exposed as JavaBeans properties of the controller.
I teach a class on Java EE development. I try to relate design decisions to design patterns. However, I could not find any pattern catalog with a design pattern that resembles JavaServer Faces.
Continue Reading (Published 5 December 2014)
In 2005, on comp.lang.prolog, I claimed that Prolog is excellent for screen-scraping web-pages. Last week - almost decade later - I received an email asking, "Why?"
The internet never forgets!
My claim was based on Prolog's powerful pattern matching features. In Prolog, pattern matching is referred to as unification.
Assume we have a variable called
Page whose value is as follows:
Page = html(body(h1('Sydney Weather'), p('Sunny')))
Then if we have a variable called
Forecast we can match it to a value using the following command:
html(body(_, p(Forecast))) = Page
Prolog will 'unify' both sides and output the result that
Forecast = 'Sunny'.
Pattern matching (or unification) is central to screen-scraping. In the remainder of this article I'll show how to combine unification with a HTTP and HTML parser. I'll then look briefly at the potential for natural language parsing.
Continue Reading (Published 31 May 2014)
I am currently teaching enterprise development with .NET.
I created this cheat sheet as a quick reference for ASP.NET MVC lab sessions. It includes Entity Framework, Validation, Razor and Controllers.
You might also find it useful.
(Published 16 May 2014)
I fear there is a public perception that robots are too "complicated". It is true that some problems are difficult. However, the basics are very accessible. It has never been easier to get started with robotics.
Programming a robot is literally as easy as creating a web-page.
I've recently been using the Sphero robot toy as a way to introduce people to robotics. Sphero works well with several technologies: Ubuntu, ROS, rosbridge, sphero_ros. These technologies make it easy to program complex robot behaviors. Because the technologies are standardized, the same programs can be used on other robots, including the PR2.
Continue Reading (Published 9 March 2014)
Should cars use sound instead of a dashboard?
Speedometer checks take attention away from the road. Audio could communicate the current speed without the driver needing to check the dashboard. It seems reasonable that, with audio feedback, a driver should spend less time looking away from the road.
I put this to the test and it turns out that, no, audio is distracting and annoying.
To prototype the idea, I purchased a Kiwi2 Bluetooth adapter made by PLX Devices. The device plugs into the On-board Diagnostics ("OBD-II") socket found in virtually all cars made since 1996. The OBD-II standard is designed for technicians to check engine trouble codes as well as retrieve real-time engine performance data.
Continue Reading (Published 2 February 2014)
In the photograph (by Srinivas Madhisetty), my software is giving Steve Wozniak a hug by a PR2 robot.
Continue Reading (Published 1 February 2014)
Prolog is one of my favorite programming languages. It is a very powerful language but has not had significant industry adoption (yet!).
Almost a decade ago, I set up keyword alerts for "Prolog" on the major career websites.
There is also a Project Management software system called Prolog. This resulted in many false alarms over the years. I hadn't come across a single authentic advertisement in a decade...
... until this one (CareerOne, 5 January 2014):
I had to pinch myself to be sure I wasn't dreaming.
(Published 1 February 2014)
My homepage is a place where I can experiment with technology as I know the "client" is tech-savvy.
When designing the technical architecture behind this site, I had three objectives:
My solution is to use Markdown encapsulated in RFC822 messages.
Continue Reading (Published 26 January 2014)
I have decided to start a "blog". I will use it to highlight my current projects. I will focus on projects that are experimental, incomplete, unsuccessful or 'just-for-fun'.
Prior versions of my personal website have had 'static' designs. They made it difficult to add new content. My intention is that the informality of this format will allow me to share work wouldn't suit publication elsewhere.
So, welcome! Feel free to let me know what you think!
(Published 25 January 2014)
Published 25 January 2014 by Benjamin Johnston.