Thursday, December 24, 2009

Monday, December 21, 2009

iphone/ipod touch location services

Well... it seems that Apple use Skyhook to do more accurate location based services than I expected.
I always thought the iPhone 3G simply used A-GPS and cell triangulation to determine your position - yet it was wildly accurate INSIDE my office....
turns out they use Wireless Location services - Skyhook have a massive database (using wardriving) of all the MAC addresses of wifi access points, and use this to determine your geographical location (in combination with GPS, A-GPS and cell triangulation),
heck, they even pay drivers to wardrive around the world.

Coverage is mostly densely urban europe, north america, australia and some asia (tokyo-osaka, HK, taipei, seoul, bangkok, beijing).

Monday, November 09, 2009

j2moose - how to reverse engineer j2ee

Saw this interesting research project:
Enabling the evolution of J2EE applications through reverse engineering and quality assurance


To quote:
To address the complexity of enterprise applications, J2EE offers a conglomerate of several technologies, (e.g. Enterprise Java Beans - EJB or Java Server Pages - JSP) using several languages, (e.g. Java, XML or SQL). In this context, simply applying existing reverse engineering and quality assurance techniques developed for object-oriented systems fails due to two major reasons:

analyzing only the Java source code overlooks the information written in other languages such as the XML configurations, the JSP files, the database structure or the SQL statements, and
even when analyzing the Java source code we need to consider the technology specific patterns (e.g. implementing specific interfaces).
This project aims to conduct a systematic study in reverse engineering and quality assurance of J2EE applications. In particular, we target the following questions each of them being addressed in a separate track:

How do we model J2EE to support analysis of the different languages?
What defines internal quality in J2EE applications and how do we measure it?
How do we visualize the diversity of languages to support understanding of J2EE applications?


Doc: http://scg.unibe.ch/archive/projects/Gurt06aJSP.pdf
Master: http://moose.unibe.ch/about
Description: http://scg.unibe.ch/research/hasler07

The implications for me: I want something to do automated marking for J2EE assignments. Basically a first pass would reverse engineer the submitted code, decide/visualise the model with certain matrices and then award a technical mark.
Humans (tutors) would then mark the assignment for completeness, correctness and qualitative measures such as "ease of use", "look and feel", "niceness" :-)

Friday, October 23, 2009

weblogic weirdness with @webservice @stateless beans

Weblogic 10.3 has a weird bug.
If you annotate a Stateless session bean, then add @WebService to it, it won't deploy and will give a strange message about xxxbean_xxx_WSOImpl.class not found.

Turns out that there is an SERVER side cache in your domain directory which confuses the EJB compiler and deploy tool
Remove the entire contents of $DOMAIN/servers/AdminServer/cache/EJBCompilerCache/*
(where $DOMAIN is your weblogic domain directory)


Oh, you also need to give your stateless bean a mappedName eg:
@Stateless(name="crapBean", mappedName="ejb/crapBean")

Friday, October 16, 2009

AMIS Technology blog � Blog Archive � EJB Dependency Injection of Session Bean Facade in JSF 1.2 on WebLogic 10.3 (JSF with JPA)

AMIS Technology blog � Blog Archive � EJB Dependency Injection of Session Bean Facade in JSF 1.2 on WebLogic 10.3 (JSF with JPA)

Also ork around for the issue of not being able to dependency inject Session Bean directly into JSF Managed Beans http://softquipeut.blogspot.com/2007/12/injection-dun-ejb-dans-un-back-bean-jsf.html

Tuesday, September 22, 2009

Monday, September 14, 2009

Monday, August 24, 2009

Programmer Competency Matrix

Programmer Competency Matrix | IndianGeek

A very true list of what programmers need have to be uber gurus.

Wednesday, July 22, 2009

Oracle workshop for weblogic 10g3 missing JPA

It seems that Oracle in it's wisdom deliberately removed JPA tools from Oracle Workshop for Weblogic 10g3.

The simple solution? Copy the feature from an existing Europa 3.3.2 WTP install.
For some reason, you can't use the eclipse update manager (Webtools update site) to download it - Oracle zapped the file I think? They only seem to offer the later Dali version, which of course doesn't work on the current europa based Workshop 10g3

The files to copy are:
  • features/org.eclipse.jpt.feature_1.0.2.v200802140100-77-7_CYQCD2CaLYCHCD
  • plugins/
    • org.eclipse.jpt.core_1.0.2.v200802140100.jar
    • org.eclipse.jpt.db.ui_1.0.0.v200705300001.jar
    • org.eclipse.jpt.db_1.0.2.v200802140100.jar
    • org.eclipse.jpt.doc.user_1.0.1.v200709120000.jar
    • org.eclipse.jpt.gen_1.0.2.v200802140100.jar
    • org.eclipse.jpt.ui_1.0.2.v200802140100.jar
    • org.eclipse.jpt.utility_1.0.2.v200802140100.jar

I actually made an eclipse extension directory for this, but really, this should be dumped into the bea/tools/eclipse_pkgs/2.0/eclipse_3.3.2/eclipse directory since this is really really the original eclipse europa. SILLY BEA/ORACLE!!!

You also need the Data Tools Project, get as a minimum 1.5.2 version: ie:

Update manager: Europa Discovery Site -> Database Development & -> Enabling Features -> Data Tools Platform JDT enablement

This downloads:

  • org.eclipse.datatools.connectivity.feature
  • org.eclipse.datatools.modelbase.feature
  • org.eclipse.datatools.sqldevtools.feature
  • org.eclipse.datatools.enablement.feature
  • org.eclipse.datatools.connectivity.db.generic.ui
  • org.eclipse.datatools.connectivity.db.generic
  • org.eclipse.datatools.doc.user

Then you can do New -> Project -> JPA project as usual.

See the tutorial at http://www.eclipse.org/webtools/dali
IMPORTANT NOTE: this is only Dali 1.0, so use the 1.0 tutorial at as an example tutorial



Saturday, July 18, 2009

Eclipse ganymede with Hibernate

Here is the KLUDGE way of doing hibernate with ganymede.
http://edemmorny.wordpress.com/2009/04/28/using-eclipse-dali-with-hibernate-as-persistence-provider/

In the past (actually very near past), you simply had a hibernate facet against your dynamic web project. You then loaded the libraries as needed.
Now you do stupid stuff like the old days, add stuff by hand.... this defeats the purpose of an IDE!!
I D I O T S.

Eclipse ganymede - more rants

Well it seems eclipse Ganymede Java EE version now discards many useful tools from Europa.
for example, you no longer have struts or hibernate facets in dynamic web projects.
This stupid decision is one for the dogs.
I also noticed that the default JPA providers are Eclipselink and Oracle (Bea) Kodo. Odd that both oracle projects got on the list but the #1 popular provider (Hibernate) didn't make it.

This is an example of political decisions at Eclipse making the product worse , not better, and more exclusive, not inclusive.

Here's another one - the default web service code is all based on Apache Axis. Now don't get me wrong, Axis is ok, but Axis2 is bloatware. So where is the Metro toolkit here? Ahah, nope, Apache (Sanjeva/Dave) koolaid at work here ("let's make axis more popular by excluding the web services stack used by glassfish, weblogic etc").

Oh, you mean IBM is part of the eclipse council? mmmm, no co-incidence that Axis is part of the IBM stacks now ... ??

Eclipse Ganymede update sux

It turns out that Eclipse 3.4 ganymede turns of the "classic" update by default in anything except bare bones Eclipse.
You don't even have the GUI option of turning it off.

Well this web site (http://hamandeggs.wordpress.com/2009/01/20/eclipse-34-ganymede-and-classic-update/ ) shows you how to turn it back on!!

YAY!. P2 Sux.

Tuesday, June 30, 2009

10 dying IT skills | 10 Things | TechRepublic.com

10 dying IT skills | 10 Things | TechRepublic.com
To quote the article:

There are some things in life, like good manners, that never go out of style. And there are other things, like clothing styles, that fall in and out of fashion. But when an IT skill falls out of favor, it rarely ever comes back. Here’s our list of 10 dying IT skills. If any of these skills is your main expertise, perhaps it’s time to think about updating your skill set.

Note: This article is based on a Global Knowledge white paper by Linda Leung.

1: Asynchronous Transfer Mode

ATM was popular in the late 90s, particularly among carriers, as the answer to overworked frame relay for wide-area networking. It was considered more scalable than frame relay and offered inherent QoS support. It was also marketed as a LAN platform, but that was its weakness. According to Wikipedia, ATM failed to gain wide acceptance in the LAN where IP makes more sense for unifying voice and data on the network. Wikipedia notes that ATM will continue to be deployed by carriers that have committed to existing ATM deployments, but the technology is increasingly challenged by speed and traffic shaping requirements of converged voice and data networks. A growing number of carriers are now using Multi-Protocol Label Switching (MPLS), which integrates the label-switching capabilities of ATM with the packet orientation of IP. IT skills researcher Foote Partners listed ATM in its IT Skills and Certification Pay Index as a non-certified IT skill that has decreased in value in the last six month of 2008.

2: Novell NetWare

Novell’s network operating system was the de facto standard for LANs in the 1990s, running on more than 70% of enterprise networks. But Novell failed to compete with the marketing might of Microsoft. Novell tried to put up a good fight by acquiring WordPerfect to compete with Windows Office, but that move failed to ignite the market, and Novell eventually sold WordPerfect to Corel in 1996. Novell certifications, such as Certified Novell Engineer, Master Certified Novell Engineer, Certified Novell Certified Directory Engineer, and Novell Administrator, were once hot in the industry. But now, they are featured in Foote Partners’ list of skills that decreased in value in 2008. Hiring managers want Windows Server and Linux skills instead.

3: Visual J++

Skills pay for Microsoft’s version of Java declined 37.5% last year, according to the Foote Partners’ study. The life of J++, which is available with Microsoft Visual Studio 6.0, was not a smooth one. Although Sun Microsystems licensed Java to Microsoft to develop J++, Microsoft failed to implement some features of the official Java standard while implementing other extensions of its own. Sun sued Microsoft for licensing violations in a legal wrangle that lasted three years. Microsoft eventually replaced J++ with Microsoft .NET.

4: Wireless Application Protocol

Yes, people were able to browse the Internet in the late 90s before Apple’s iPhone. Web site operators would rewrite their content to the WAP’s Wireless Markup Language, enabling users to access Web services such as email, stock results and news headlines using their cell phones and PDAs. WAP was not well received at the beginning because WAP sites were slow and lacked the richness of the Web. WAP has also seen different levels of uptake worldwide because of the different wireless regulations and standards around the world. WAP has since evolved and is a feature of Multimedia Messaging Service, but there is now a new generation of competing mobile Web browsers, including Opera Mobile and the iPhone’s Safari browser.

5: ColdFusion

ColdFusion users rave that this Web programming language is easy to use and quick to jump into, but as many other independent software tools have experienced, it’s hard to compete with products backed by expensive marketing campaigns from Microsoft and others. The language was originally released in 1995 by Allaire, which was acquired by Macromedia (which itself was purchased by Adobe). Today, it is superseded by Microsoft .NET, Java, PHP, and the language of the moment: open source Ruby on Rails. A quick search of the Indeed.com job aggregator site returned 11,045 jobs seeking PHP skills, compared to 2,027 CF jobs. Even Ruby on Rails, which is a much newer technology - and which received a major boost when Apple packaged it with OS X v10.5 in 2007 — returned 1,550 jobs openings on Indeed.com.

6: RAD/extreme programming

Back in the late 90s and early 2000s, the rapid application development and extreme programming development philosophies resulted in quicker and more flexible programming that embraced the ever-changing needs of customers during the development process. In XP, developers adapted to changing requirements at any point during the project life rather than attempting to define all requirements at the beginning. In RAD, developers embraced interactive use of structured techniques and prototyping to define users’ requirements. The result was accelerated software development. Although the skills were consistently the highest paying in Foote Partners survey since 1999, they began to lose ground in 2003 due to the proliferation of offshore outsourcing of applica­tions development.

7: Siebel

Siebel is one skill that makes a recurring appearance in the Foote Partners’ list of skills that have lost their luster. Siebel was synonymous with customer relationship management in the late 90s and early 2000s, and the company dominated the market with a 45% share in 2002. Founded by Thomas Siebel, a former Oracle executive with no love lost for his past employer, Siebel competed aggressively with Oracle until 2006 when it was ultimately acquired by the database giant. Siebel’s complex and expensive CRM software required experts to install and manage. That model lost out to the new breed of software-as-a-service (SaaS) packages from companies such as Salesforce.com, which deliver comparable software over the Web. According to the ITJobsWatch.com, Siebel experts command an average salary of GBP52,684 ($78,564), but that’s a slide from GBP55,122 a year ago. Siebel is ranked 319 in the job research site’s list of jobs in demand, compared to 310 in 2008.

8: SNA

The introduction of IP and other Internet networking technologies into enterprises in the 1990s signaled the demise of IBM’s proprietary Systems Network Architecture. According to Wikipedia, the protocol is still used extensively in banks and other financial transaction networks and so SNA skills continue to appear in job ads. But permanent positions seeking SNA skills are few and far between. ITJobsWatch.com noted that there were three opening for permanent jobs between February and April, compared to 43 during the same period last year. Meanwhile, companies such as HP offer consultants with experience in SNA and other legacy skills, such as OpenVMS and Tru64 UNIX for short-term assignments.

9: HTML

We’re not suggesting the Internet is dead, but with the proliferation of easy-to-use WYSIWYG HTML editors enabling non-techies to set up blogs and Web pages, Web site development is no longer a black art. Sure, there’s still a need for professional Web developers, but a good grasp of HTML isn’t the only skill required of a Web developer. Professional developers often have expertise in Java, AJAX, C++, and .NET, among other programming languages. HTML as a skill lost more than 40% of its value between 2001 and 2003, according to Foote Partners.

10: COBOL

Is it dead or alive? This 40-year-old programming language often appears in lists of dying IT skills. But it also appears in as many articles about organizations with legacy applications written in COBOL that are having a hard time finding workers with COBOL skills. IBM cites statistics that 70% of the world’s business data is still being processed by COBOL applications. But how many of these applications will remain in COBOL for the long term? Even IBM is pushing its customers to “build bridges” and use service-oriented architecture to “transform legacy applications and make them part of a fast and flexible IT architecture.”



Wednesday, June 17, 2009

A developer's perspective on Google's Android SDK

A developer's perspective on Google's Android SDK

Android sucks

It seems that android (even the 1.5) version doesn't support WPA-enterprise (nor WPA2-enterprise).

or.. at least the UI.
(see http://code.google.com/p/android/issues/detail?id=1386)

But good news - since this is based on Linux, and linux supports WPA-enterprise, an enterprising (sic.) student at Purdue, Fan Zhang, has built an android app to edit the wifi supplicant code in the linux kernel to allow you to edit the supplicant configuration file!
http://forum.xda-developers.com/showthread.php?p=3765595

You can download the app from the Android Marketplace, or from here:
http://web.ics.purdue.edu/%7Ezhang42/wifiHelper.apk

The source is here: wifihelper - Google Code


Monday, June 15, 2009

How-To: Use iPhone as USB Mass Storage & File Viewer - MacTalk Forums

How-To: Use iPhone as USB Mass Storage & File Viewer - MacTalk Forums

Actually you only need to load the Discover app on the iphone. 
It then runs as a web server at http://x.x.x.x:8888 so you point your pc browser at this address then upload.
The app is supported by adware. Quite annoying. But heck it is free.
The fileview is excellent. Supports pdf and xls/doc files (readonly)


Friday, June 05, 2009

Running J2ME on Android

Now that I have my new Android Developer Phone 1 (aka, HTC Dream or T-mobile G1), I'm investigating how to develop apps on it

There is a complete new toolkit (Android SDK) and Eclipse Plugin (which includes the emulator). And a tonne of new APIs to learn (growl)

But what about J2ME? It's not natively supported on the Android platform.

Lucky for us, there are 2 "emulators" / Bridges for it.

(1) Assembla J2ME Android Bridge: This is a set of bridging libraries - just port your code to the Android eclipse  platform, plug these libraries (which emulate javax.microedition.*) and away you go. Although only tested on  1.0r2 and I just upgraded to Android 1.5.. ggrr

(2) Run an emulator on Android. Not the fastest thing to do. Try http://www.netmite.com/android/ aka the MIDP runner. Hey, this supports the Bluetooth API too!! Great.

(3) My preferred alternative is to use J2ME Polish. This development platform is great - you write to their libraries, and then choose the device to build against. The beauty of this is that you can choose other targets too like Nokia, Blackberry, Android, generic J2ME devices etc. And you use CSS styles to decorate your application. And includes HTML/RSS browser widgets in addition to the usual microedition.lcdui stuff.
Also apparantly it has a Windows Mobile, iphone and Palm target for builds. Assuming you have the relevant toolkits installed of course :-)

Monday, May 18, 2009

The Five Essential Phone-Screen Questions

Stevey's Home Page - The Five Essential Phone-Screen Questions�

Without further ado, here they are: The Five Essential Questions for the first phone-screen with an SDE candidate:

1) Coding. The candidate has to write some simple code, with correct syntax, in C, C++, or Java.
2) OO design. The candidate has to define basic OO concepts, and come up with classes to model a simple problem.
3) Scripting and regexes. The candidate has to describe how to find the phone numbers in 50,000 HTML pages.
4) Data structures. The candidate has to demonstrate basic knowledge of the most common data structures.
5) Bits and bytes. The candidate has to answer simple questions about bits, bytes, and binary numbers.

The FizzBuzz test & programmers ... or not

Coding Horror: Why Can't Programmers.. Program?

Simple test for programming skills:
Write a program that prints the numbers from 1 to 100.
But for multiples of three print "Fizz" instead of the number and for the multiples of five print "Buzz".
For numbers which are multiples of both three and five print "FizzBuzz".


See also:

Separating Programming Sheep from Non-Programming Goats

it seems fundamental skills are not being understood:


See also :http://www.cs.mdx.ac.uk/research/PhDArea/saeed/

All teachers of programming find that their results display a 'double hump'. It is as if there are two populations: those who can, and those who cannot, each with its own independent bell curve. Almost all research into programming teaching and learning have concentrated on teaching: change the language, change the application area, use an IDE and work on motivation. None of it works, and the double hump persists. We have a test which picks out the population that can program, before the course begins. We can pick apart the double hump. You probably don't believe this, but you will after you hear the talk. We don't know exactly how/why it works, but we have some good theories.

So true. I see this in all my programming subjects!!!

Wednesday, April 29, 2009

Improve your XSLT coding five ways

Improve your XSLT coding five ways

Top hints are:

Tip 1: Cascading style sheets, tables, and XSLT

Tip 2: HTML entities

[ incidentally, to use non-breaking spaces, use #&160; ]

Tip 3: Multiple input documents

Tip 4: XSLT and client-side JavaScript

Tip 5: Automating style sheet creation


Friday, April 24, 2009

Star Trek XI trailer music

Nice trailer music for the next stat trek movie.

http://www.imeem.com/people/hhz_iA/music/2KihKMOL/two-steps-from-hell-freedom-
fighters/#

Thursday, April 23, 2009

Oracle Take a REST on JAX-WS with WebLogic Server 10.3

You can also do a similar trick using metro (which incidentally is what is actually installed on weblogic 10.3 under the covers :-)
Dunno if you can try it via java se6 built in httpserver (endpoint). Might try it out.

Wednesday, April 15, 2009

GNS3 - a Cisco network simulator

Woot! A colleague at work suggested the following for practicing your Cisco certifications
Graphical Network Simulator 3

This basically simulates the common hardware used by the following CISCO routers:

Cisco 3600 series (3620, 3640 and 3660), 3700 series (3725, 3745) and 2600 series (2610 to 2650XM, 2691).


The core module is the Dynamips project (http://www.ipflow.utc.fr/index.php/Cisco_7200_Simulator)

XML appliances and SOA

Christian Bernard's research on current XML appliances.


Translated version of http://ws-express.blogspot.com/2008/10/solutions-appliances-xml-et-soa.html


Note this list is a mix of Application and Security vendors:

Current players:

Layer 7
IBM Websphere Datapower (ex-Datapower)
Intel SOA (ex-Sarvega)
Forum Systems
Cisco ACE (ex-Reactivity)
Cisco AON
Vordel
Cast Iron
F5 BIG-IP
Radware
Dajeil
Xtradyne
Acatel-Lucent Omniaccess
Meddius
Stampede
Strangeloop
Sonoa
Solace
Safenet
Azul
Bee ware

Original list:

Dawn of the App Aware Network

Part of my research is looking at moving apps from the core of the network to the edge (or network aware devices).

Web services (and XML-RPC and REST) and Enterprise Service Bus fit this model quite nicely.

XML accelerator Devices such as Cisco AON or Cisco ACE (ex-Reactivity) or IBM Datapower can be used to replace the Web services routing function required by modern distributed applications into the network.


The implication?


This changes the model of application development from a software-architecture centric viewpoint into a services oriented architecture.

And the commoditisation of this will drive costs down for enterprises and will harm revenue for middleware vendors.

The edge is here.
Why not go a step further? How about pushing application processing to the edge of the network?
In my Faculty [Engineering and IT]/School of Computing and Communications, we are developing Mobile Health applications using 'motes' - tiny devices running a pico-net (and a mutant version of Java)

Tuesday, April 14, 2009

Testing post by windows live writer

this is a test of windows live writer.

I used to use w.bloggar, but it now fails on blogger.

Ditto with Post2Blog

The issue with free code is that is rarely is updated when the underlying API’s change.

 

Curse you blogger!

Monday, April 13, 2009

Calling RPC/encoded web services from JAX-WS clients

Glen Mazza's Weblog

Returning PDFs from Web Services using MTOM and Apache FOP

Glen Mazza's Weblog

JAX-RS as the one Java web framework to rule them all?

James Strachan's Blog: JAX-RS as the one Java web framework to rule them all?

Paul Fremantle's Blog: Three SOA Case Studies

Paul Fremantle's Blog: Three SOA Case Studies

emerging technologies conference in philadelphia

Glenn Mazza: emerging technologies conference in philadelphia

Don’t Invent XML Languages

Don’t Invent XML Languages
Tim Bray in 06 suggested that you shouldn't reinvent any XMl language, unless you can prove it doesn't fit the "BIG 5":
The Big Five
Suppose you’ve got an application where a markup language would be handy, and you’re wisely resisting the temptation to build your own. What are you going to do, then? ¶

The smartest thing to do would be to find a way to use one of the perfectly good markup languages that have been designed and debugged and have validators and authoring software and parsers and generators and all that other good stuff. Here’s a radical idea: don’t even think of making your own language until you’re sure that you can’t do the job using one of the Big Five: XHTML, DocBook, ODF, UBL, and Atom.

XHTML + Microformats:
If you’re delivering information to humans over the Web, even if you don’t think of it as “Web Pages”, it’s almost certainly insane not to use XHTML. Yes, XHTML is semantically weak and doesn’t really grok hierarchy and has a bunch of other problems. That’s OK, because it has a general-purpose class attribute and ignores markup it doesn’t know about and you can bastardize it eight ways from center without anything breaking. The Kool Kids call this “Microformats” and in fact I accidentally invented one on ongoing last November; look at that template and its class attributes. ¶

And of course, if you use XHTML you can feed it to the browsers that are already there on a few hundred million desktops and humans can read it, and if they want to know how to do what it’s doing, they can “View Source”—these are powerful arguments.

DocBook
Suppose you’re building something that needs to go bigger and deeper and richer than XHTML is comfy with, and you want to repurpose it for print and electronic and voice, and you need chapters and sections and appendices and bibliographies and footnotes and so on. DocBook is what you need. It’s got everything you could possibly begin to imagine already built-in, and there are lots of good tools out there to do useful things with it. ¶

ODF
Suppose you’re working with material that’s going to have a lot of workflow around it, and be complex, visually if not structurally, and maybe some day will be printed out and have signatures at the bottom. ODF is what you want. Not the most Web-oriented approach, but on the other hand the authoring tools are more human-friendly than anything else on this list. ¶

UBL
If you’re working with invoices and purchase orders and that kind of stuff (and who isn’t?), do not even think of inventing anything. A whole bunch of smart people have put hundreds of person-years into pulling together the basics, and they did a good job, and it’s ready to go today. Look no further. ¶

Atom
Suppose you think of your data as a list of, well, anything: stock prices or workflow steps or cake ingredients or sports statistics. Atom might be for you. Suppose the things in the list ought to have human-readable labels and have to carry a timestamp and might be re-aggregated into other lists. Atom is almost certainly what you need. And for a data format that didn’t exist a year ago, there’s a whole great big butt-load of software that understands it. ¶

Wednesday, April 01, 2009

weirdness with java 6 JAX-WS

strange error occuring with Jax-ws on Java JDK 1.6.0_06 or lower. after building the stubs with wsimport and writing a trivial client, you get javax.xml.ws.WebServiceException: unexpected XML reader state. expected: END_ELEMENT but found: START_ELEMENT when running against a document/literal web service However, upon upgrading to JDK 1.6.0_07 (or higher) it now works? seems there was a bugfix in 07 update

Tomcat security

One painful thing I'm learning is the restrictions tomcat has when running under the -security option.Basically many things (eg: jaxb, jax-ws, axis) can't run.
Locating the appropriate permissions is pretty daunting.Now lhttp://www.onjava.com/pub/a/onjava/2007/01/03/discovering-java-security-requirements.html has a tool calledProfilingSecurityManager (which is just a custom SecurityManager class) which displays the permissions required(basically start catalina with -Djava.security.manager=secmgr.ProfingSecurityManager)You then use a perl script
Another reference is http://www.petrovic.org/blog/2006/05/07/tomcat-security-option-and-catalinapolicy-file
Basically export CATALINA_OPTS=-Djava.security.debug=access,failurethen run catalina.sh run -security
Look in catalina.out for denied.Then seek for "domain that failed ProtectionDomain" for the codebase or domain.
http://www.jchains.org/ also allows you to do the same for standard java execution.

Tuesday, March 31, 2009

Java Logging API and How To Use It

Java Logging API and How To Use It

On tomcat 5.5 we have the JULI library which replaces the standard java logger.
So to get per-context logging, put
logging.properties into WEB-INF/classes with the following contents:
handlers = org.apache.juli.FileHandler, java.util.logging.ConsoleHandler

############################################################
# Handler specific properties.
# Describes specific configuration info for Handlers.
############################################################

org.apache.juli.FileHandler.level = FINE
org.apache.juli.FileHandler.directory = ${catalina.base}/logs
org.apache.juli.FileHandler.prefix = myapp-prefix.

java.util.logging.ConsoleHandler.level = FINE
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter

ps: here are the standard set of JULI properties:
  • org.apache.juli.FileHandler.directory
  • org.apache.juli.FileHandler.prefix
  • org.apache.juli.FileHandler.suffix
  • org.apache.juli.FileHandler.level
  • org.apache.juli.FileHandler.filter
  • org.apache.juli.FileHandler.formatter

Tuesday, March 24, 2009

Disabling Certificate Validation in an HTTPS Connection (Java Developers Almanac Example)

Whilst suffering extreme pain due to self-signed certificates (hint: UTS IT ?) here is a nify trick to roll your own non certificate checking class:
Disabling Certificate Validation in an HTTPS Connection (Java Developers Almanac Example E502)

e502. Disabling Certificate Validation in an HTTPS Connection
By default, accessing an HTTPS URL using the URL class results in an exception if the server's certificate chain cannot be validated has not previously been installed in the truststore. If you want to disable the validation of certificates for testing purposes, you need to override the default trust manager with one that trusts all certificates.
exception if the server's certificate chain cannot be validated has not previously been installed in the truststore. If you want to disable the validation of certificates for testing purposes, you need to override the default trust manager with one that trusts all certificates.

// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
}
};

// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
}
   


Client:

// Now you can access an https URL without having the certificate in the truststore
try {
URL url = new URL("https://hostname/index.html");
} catch (MalformedURLException e) {
}

Friday, March 20, 2009

Critical Steps to Secure Tomcat on Windows NT/2K/XP

Critical Steps to Secure Tomcat on Windows NT/2K/XP

wow, running tomcat can really cause security holes.
fancy
Runtime rt = Runtime.getRuntime();
rt.exec("c:\\SomeDirectory\\SomeUnsafeProgram.exe")

running under the system context (As Administrator!!) of windows.

boo yaa!

Wednesday, March 18, 2009

this is a blog post using w.bloggar http://wbloggar.com/download.php

A quick way of entering blog entries.

chris

Tuesday, March 17, 2009

converting unix date to excel date

been bugged by this for while - on unix the date timestamp is number of seconds since 1/1/1970
On excel, it's 1/1/1900
So to convert the unix timestamp to microsoft excel, use the formula:
=timestamp/86400 + "1/1/1970"
(where 86400 = 24 * 60* 60 ie: # seconds in a day).
Oh you might also want to add/subtract an offset for the timezone (depending on the timezone settings of your unix box). eg: for +10 GMT (sydney, melbourne, canberra) add 10/24 ie: 0.416667

ps: make the cell format Date or Time or Custom format.
Personally I prefer ddd dd/mm/yyyy HH:mm:ss (ie: Tue 03/03/1999 23:59:43)

Sunday, March 15, 2009

2008 SOA magazine readers choice

I'm personally a bit dubious about the readers choice result from SOA magazine ( http://soa.sys-con.com ) since it gives very high rankings to IBM websphere software.

Some make sense and some don't.
Best App server:
  1. IBM websphere (yeah, huge number of commercial, plus ambigous since this includes WASCE and probably Apache Geronimo)
  2. Glassfish (big push from SUN)
  3. Weblogic (ol' favorite, but Oracle owns this now and god knows how they market it)
  4. WSO2 (** weird?? Where did this come from? Maybe manipulation?)
  5. JBoss (huh, would have thought this near #2 or #4)
Best IDE
  1. NetBeans (assuming 6.1, which is excellent)
  2. Rational Application Developer (eclipse)
  3. Oracle JDeveloper (not eclipse)
What's weird is where are all the other Eclipse-oid based IDE's?

Best Integration Server
  1. Websphere Integration Developer
  2. Fiorano ESB
  3. Java CAPS (glassfish++)
Agree with IBM being the big gorilla here. What's surprising is the gain of Sun servers, which traditionally are a pile of dog sh*t (since Sun never seemed to understand the enterprise and hence the dogs breakfast of J2EE 1.3/1.4)

Best Opensource SOA
  1. WASCE (does this include Apache Geronimo??)
  2. Sun openESB
  3. SoapUI
Since where was WASCE SOA? This is yet another Java EE server. Also what the heck is SoapUI doing here? This is just a test/development IDE (although as a JNLP java applet)

Best Portal
  1. IBM Websphere Portal
  2. Sun Portal
  3. Weblogic Portal 10.2
Yeah yea, Websphere blah blah. IBM must have stacked the whole review with their internal staff. or fanboys. Still surprising Sun is in the list. Maybe they gave staff a couple of hours to fill the survey too :-)



Best Security
  1. IBM Datapower XML security gateway XS40
  2. Sun access manager/open SSO
  3. oracle web services management
  4. Metro
No surprises about IBM, Datapower is a damned good appliance. IBM liked it so much they bought the company. Big surprise to see Sun in there twice (#2 and #4). Though metro is actually quite good.

Best SOA platform
  1. IBM Websphere
  2. Fiorano SOA
  3. Sun Java CAPS
IBM, IBM, IBM, IBM. Sigh, this report is so biased it's getting tedious.

Best SOA Testing tool
  1. Rational Tester for SOA
  2. SoapUI
Ditto. Though rational is pretty good, SoapUI is a hell of a lot more lightweight, yet pays it's way (the community edition is free :-). Could do with more test management though.

Best SOA Tool
  1. Fiorano ESB
  2. Sun Java CAPS
  3. Rational Software Architect
  4. Rational Team concert
What, IBM *NOT* at the top? Someone at IBM messed up (and probably got forced to move to Bangaldore as punishment).
It's a bit weird to mix development tools (#3 RSA & #4 Rational Team) with servers (#1, #2). Maybe that's why IBM got pushed down, staff got confused..

Best SOA training site
  1. IBM SOA Sandbox
  2. SOA Training Curriculum (MomentumSI)
IBM SOA Sandbox is great, so this choice actually makes sense.

Best SOA Book
  1. IBM"The New Language of Business: SOA & Web 2.0"
  2. Amberpoint et al An Implementorメs Guide to SOA ヨ Getting it Right
  3. IONA Understanding SOA with Web Services
All vendor "books". Basically a "white" paper advertorial disguised as a book.

Best SOA or XML Site:
  1. IBM's SOA Microsite
  2. www.fiorano.com
Yeah they are ok. What about non-vendor stuff.

Con-clusion:

sys-con SOAWorld magazine tries to be a vendor neutral but they need some mechanism to do a real unbiased report. Maybe if Gartner or any of the reputable firms would run the survey I would be less skeptical.




Thursday, February 26, 2009

Do's and don'ts with babies :: Hilarious pics

Do's and don'ts with babies :: Hilarious pics

Made me cry with laughter. Though I didn't see what's wrong with the last 2 ones..