techno.blog("Dion")

It is interesting to see the Hierarchy of the Apache Software Foundation.

It is amazing to think of the amount of hard work and effort that goes into open source communities such as Apache (and others).

CP has talked about porting web app security between different application servers.

Whenever I read about these things, I wish that the specs would cover more, so we didn’t have to do this kind of infrastructure work.

The Servlet spec does a good job and giving us portability among app servers (unlike the EJB experience), however there is still room for improvement.

You can’t just drop a war file in, if you are doing wacky security stuff. It would be nice if this info could be put in the standard, so we COULD. Cookie auth should be a flag that you can just turn on. There should be a standard Realm interface which you can extend and tie together in the web.xml to handle the authentication, etc etc. All should be pluggable, and defined in one place.

J2EE always seems to only go part of the way there when it comes to items like this. Another example is how JAAS allows you to have pluggable authentication/authorization, but how about a standard was to actually manage users? How about a standard createUser(…)/edit/delete?

This is what we have available in PAM on Unix, and we want it at an API level in J2EE!

In August of 2003, the FreeBSD Foundation released its first
binary distribution of the Java runtime environment for the FreeBSD
platform. Since that time, the Foundation has funded additional
development to port the Java 1.4.x to FreeBSD, and worked diligently
to simplify the licensing process for “OEM” distribution of our
binaries. Work on the Java 5 port has also recently begun. While
we are pleased to report tremendous success in supporting Java
development initiatives, our negotiations with Sun Microsystems have
yielded few results.

The seemingly constant restructuring at Sun has made it difficult
to find and retain consistent contacts in their licensing program.
The latest blow to our efforts was the recent notification of
Sun’s desire to revoke and renegotiate the FreeBSD Foundation’s
SCSL license. From what we can determine, Sun is re-negotiating
all SCSL licenses to standardize their Java revenue model.

Even after receiving notice of the termination of our license
attempts to contact Sun to renegotiate the license have gone
unanswered. For now, it is safe to assume that the Foundation
will engage in another lengthy, and potentially costly, licensing
negotiation before our binary distributions can continue.

In the mean time, the FreeBSD Foundation is continuing its support
for Java development. With the recent introduction of Java 5.0,
and FreeBSD 5/6’s new KSE thread library, there is still much
work to do. This should ensure that FreeBSD continues to enjoy
excellent Java support while we await resolution of the Java
licensing issue.

This is one sided, as it comes from a Free BSD newsletter, but I hope that Sun focuses more on building the community than getting in the way of things. It is annecdotes like these that give Sun part of its identity.

I always hate it when I see a project with confi settings in env variables, properties files, and the myriad of XML deployment descriptors.

Spring has helped out a lot with its PropertyPlaceholderConfigurer that allows you to put everything in one place (like a properties file or three) and suck them out into ${variables}.

How about getting values into something like a web.xml?

One generic solution is to use your build system do the work for you.

With ant, you can use filters and when you copy over certain files, ant can do the s/SOME_VALUE/the real value/g.

E.g.

Turn on filtering when you copy

<copy todir=”${build.web.dir}/WEB-INF/classes” filtering=”true”>
<fileset dir=”${resources.dir}”/>
</copy>

Setup tokens to filter on

<filter token=”smtpHost” value=”${smtpHost}”/>
…

Juergen just added a new class to what will be Spring 1.1.4: ServletContextPropertyPlaceholderConfigurer.

This class looks into the web.xml for <context-param>’s if the ${value} isn’t found. This isn’t the same as the other solution, as the core value is now in the web.xml, rather than having everything in ONE place, and pushing that to the other config files.

I always hate it when I see a project with confi settings in env variables, properties files, and the myriad of XML deployment descriptors.

Spring has helped out a lot with its PropertyPlaceholderConfigurer that allows you to put everything in one place (like a properties file or three) and suck them out into ${variables}.

How about getting values into something like a web.xml?

One generic solution is to use your build system do the work for you.

With ant, you can use filters and when you copy over certain files, ant can do the s/SOME_VALUE/the real value/g.

E.g.

Turn on filtering when you copy

<copy todir=”${build.web.dir}/WEB-INF/classes” filtering=”true”>
<fileset dir=”${resources.dir}”/>
</copy>

Setup tokens to filter on

<filter token=”smtpHost” value=”${smtpHost}”/>
…

Juergen just added a new class to what will be Spring 1.1.4: ServletContextPropertyPlaceholderConfigurer.

This class looks into the web.xml for <context-param>’s if the ${value} isn’t found. This isn’t the same as the other solution, as the core value is now in the web.xml, rather than having everything in ONE place, and pushing that to the other config files.

Chris Nokleberg has answered Hani’s desire for a simple tool to find dependencies between two codebases. He hacked JarJar to do just this.

He shows the example of:

$ java -jar jarjar.jar –find –level=jar j1.jar:j2.jar:j3.jar:j4.jar

giving you:

commons-beanutils-1.6.1.jar -> commons-collections-3.1.jar
commons-betwixt-0.5.jar -> commons-digester-1.5.jar
commons-betwixt-0.5.jar -> commons-beanutils-1.6.1.jar
commons-betwixt-0.5.jar -> commons-collections-3.1.jar
commons-cli-1.0.jar -> commons-lang-2.0.jar
commons-codec-1.2.jar -> commons-codec-1.3.jar
commons-dbcp-1.2.1.jar -> commons-pool-1.2.jar
commons-dbcp-1.2.1.jar -> commons-collections-3.1.jar
commons-digester-1.5.jar -> commons-collections-3.1.jar
commons-digester-1.5.jar -> commons-beanutils-1.6.1.jar
commons-jxpath-1.2.jar -> commons-beanutils-1.6.1.jar
commons-pool-1.2.jar -> commons-collections-3.1.jar
commons-validator-1.1.3.jar -> commons-collections-3.1.jar
commons-validator-1.1.3.jar -> commons-beanutils-1.6.1.jar
commons-validator-1.1.3.jar -> commons-digester-1.5.jar

Very nice. IMO, tools like these should be in the JDK itself. The graph that he has on his blog would also be very helpful.

In some ways I also would like to have a way to have a jar file show a dependency to another component library in a maven-esque way (I want the module foo, version 1.4) rather than Class-Path: /some/path/to/it. That would cut down on the libs that are laying around (although you end up having most of them in your MAVEN_REPO instead of all of your lib dirs if you go that way! Much better)

Bruce Schneier has written about easy to remember PINS with respect to the Chip and Pin system that countries like the UK are putting into practice.

What is this Chip and Pin?

Each credit card has a chip on it. When you purchase something, you put in your credit card, and then put in your pin number. If you are at a restaurant, the waiter will normally bring over a handset to do this.

The ideal is that signatures (non-digital) are a joke. So, let’s make the credit card useless without a special token that only the owner knows about.

Currently the system is out there in the UK, and soon it will be mandatory (there is a grace period as everyone gets updated cards etc… although most cards have had them for a few years).

As Bruce points out, some people are scared that they will forget their PIN number, and laughes at some credit card agencies for saying:

Keep forgetting your PIN? It’s easy to change with chip and PIN. To something more memorable like a birthday or your lucky numbers.

That is indeed dumb :)

A lot of other people are worried about having someone look over your shoulder, nick your pin, and then hold the key to anything!

I don’t really have that worry, and you can at least be a little careful when putting it in. How easy is it NOW that someone can:

a) Easiely learn your signature
b) Does anyone REALLY check your signature?

In the US I put “SEE ID” instead of a signature, and make them ask for my drivers license. This extra step wouldn’t work in the UK as everyone is too scared to get an evil STATE ID ;)

Personally, I hope we get the chip and pin here in the US soon.

The civilized call it Table Tennis. The uncouth call it Ping Pong. When I came home from europe, I found a new table in my basement (courtesy of my wife). I always wanted one as a kid, so it is fun to finally have it!

Now I need to take back my pink tennis bat from KT and take on the world!

It has been an interesting experience coming home from europe this time. For the first time ever, I *really* feel like I have come back HOME, and was so happy to walk through the door. Especially after another 20 hour day when all was said and done (with the usual complications that I end up with: no tube running so having to run to a bus, almost missing connecting flight due to winds, etc).

Good to be home.

I don’t think I would ever have presumed to author a blog titled ‘Mary Poppins’. I mean. I am not 12 anymore.

Mary Poppins is a new show which just started showing in London’s West End. I heard amazing reviews, but never thought we could get tickets (since Ticket Master and other places weren’t helping). It turned out that we were on a bus (which is a nice break from the tube, as you can actually see something), and saw the theatre. Since it was an old school bus, we ran down from the top level, and jumped out the back. There was a huge line around the inside of the theatre. The line was people waiting for any cancellations, and bar the first few, I am sure a lot of them went home unhappy. My wife is pretty bold, so she went right to the box office and asked if they had anything. There were a couple of single tickets in the gods for that night, but he JUST had 2 tickets next to eachother on a side. It was restricted seating, but we thought we would go for it anyway, and felt lucky for it.

So, it was our last night, and we headed to the theatre again. We got there pretty early, and often you find yourself shoulder to shoulder inside. Luckily, the theatre opened a balcony so we were able to hang out with a nice view.

I have been to a few shows in nose bleeders. It can sometimes be a bit tough, and I was planning myself for the fact that we may not be able to see things. However we were incredible lucky. The seats were next to the boxes and had an amazing view. I prefered it to many of the ‘normal’ seats that I have had (which have no leg room, and someone with a frizzy head of hair always sits in front). Here we had plenty of room, and were at a perfect height. We were already a lot more excited for the show.

I am always a fan of theatre. It is so magical, and the energy is magnetic. It doesn’t compare to a movie :)

Mary Poppins was one of the best performances that I have ever seen. It was fun, bright, and refreshing. Never a boring moment, and the actors were great. When Mary flew off for the last time, she was even in spitting distance to us.

Phenominal. If you have a chance to see Mary Poppins in London, or when it comes around to you, check it out. I think it would be especially great to be there with a 6-12 year old.

2005. I remember playing games as a kid. Maybe I was throwing around Transformers. But the games that used imagination talked about the future.

“In 2005 we will …..”

Now the future is the present.

I hope everyone has a great 2005, and my thoughts are with the people in asia.