Tuesday, 2 December 2008

distributing mercurial to disconnected locations

Having some issues, teething problems with Mercurial. Here is the story:

Started a tiny mini project, a quick currency conversion web app, as typing the extra 10 characters into google is too cumbersome after a while....

Naturally picked new technology to play with, this time it being Grails and Mercurial. Having already played abit with groovy in my recent
wishlist facebook app, the next step to grails was not too hard. With NetBeans excellent support for groovy and grails, getting up and running was quick.

Having followed the story of Mercurial, Bazaar, git and other DVCSes recently. My adoption of them have only been delayed by being busy and not having a new project to test them out with. But now came the chance, and Mercurial being the one I wanted the most to try out, (wish their push back to SVN became usuable soon). It being integrated into NetBeans already also helped.



But I quickly became a little stuck. Mercurial does have a lot of documentation
(2), and many blogs to cover a large set of situations. But nothing quite described (spoon fed) me the steps I needed. Maybe playing a bit devil's advocate, but...

Basically I would develop this app in two places. I do 99% at home, while I'd also use it at work, thus would do the odd tweak there as well. SSH and web shared repositories is not an option due to work policies. So they are two disconnected locations.

So I create a grails app, do hg init. But then how do I get it to the other location??? I can not do a hg clone a b, because they are in different locations. A public shared repository is not an option.

There is not a guide for how distributed groups get started (without a public shared repository), only that it is a very distributed SCM. :0

OK, so what I will have to do is tar up the project, take it to the other location and clone it. Then email changesets somehow, presume with export or bundle.

Actually I see you can pull other repositories into any repository, so I suppose I can hg init a folder in each location, but still need to tar across an initial copy?

oh well. Guess I can document it next week.

Thursday, 30 October 2008

Doh! Server is down

Bugger, think my server has gone down. Its an Amazon ec2 instance, and been up for awhile. But now it cant be reached, not even within their cloud. Tried to reboot it via elasticfox, no luck.

Never got time to make the disk persistant, with the new Elastic Block Store. Doh! Again.

Havent synced to S3 for a while, probably months. Doh! 3rd time.

Don't think Ive lost much critical stuff. All flurdy.com changes are gone, but google cache may retrieve some of it. All logs is also gone, and any recent changes to application databases...

And my subversion server was on the same server. Doh! 4th.

Wish I could afford to run more than one instance on ec2, so that I could spread load, seperate concerns and not have a single point of failure which kills everything!

Better start to get another server up and reconfigure it. But not sure when Ill get the time. But I also wont receive any email till then as it was also my email server!

Wednesday, 29 October 2008

Not always flurdy

Ive been using the username alias flurdy since probably about 1994-95, when at university I had to start picking a username for different sites in the early years of the internet.

Flurdy, came naturally as I had to pick something unique, and being a Norwegian lost in England, some friends called me flurdy-gurdy, with some references to the Bork-Bork Swedish chef in the Muppets show. (Actually it was the nickname "Fjords!" that stuck, and some friends from uni still call me by that today!)

Flurdy has been a good username as I haven't needed to use flurdy-012 or some random extension to use popular services. So I dont have to remember what username is used for what and where. ( Hackers be aware, there is something called PwdHash, so these are not the accounts you are looking for... I dont use it but hopefully that will disinterest them...)

I become so attached to the username, that it is the alias I use for all my development work, and flurdy.com is my main web site, even though ivar.co.uk would be more natural. So it has become my identity, so much that I even now sell t-shirts with the logo. If I start a business (again) I would probably use flurdy brand more than the eray one I had planned.

However flurdy is not 100% unique, and does not always mean it is me. On some websites, the flurdy user is not actually me. I dont think I have fans, especially not copycat ones. :) But I found some people actually named Flurdy, mostly irish, and there are probably a few that also use that username for some reason or another.

So for instance on del.icio.us, flurdy is not me! Nor is it in Yahoo, eBay, Digg or Stumbleupon.

In del.icio.us I am flurder instead. Actually on Digg and Yahoo, it might be me, I just cant get the password reset!( I never put in my real birthdate and similar, as I dont think they need to know. And never the same spammable email address either...) But definetly in delicious and stumbleupon it is someone else!

I just wonder if people mistakenly assume all flurdys are me, and presume it is my links in del.icio.us for instance. As is turns out that person has similar links to me, so probably doesn't cause any problems! Been weird if it was some tree-hugging artist living in the pacific, but then he probably wouldn't use del.icio.us.

But I shouldn't complain, a google search on flurdy is mostly me for pages, especially if you remove gurdy. But the odd non-me are still on each page...

Wednesday, 15 October 2008

groovy netbeans so far

been hacking away at groovy with netbeans as IDE for the past few weeks. Also using it with spring for a facebook application.

Well, I am still coding the java way... Hard to take the red pill. Groovy is nice, but not sure Ill use it for all coding in future applications. It can certainly be partly used, for often changed code. It may however replace my perl scripts.

As for netbeans and its groovy support. It does not seem finished: Its useable with neat tricks, but still fiddly, and some things just dont work. E.g creating a project from netbeans, then wouldnt let you add groovy classes to groovy folders only java source folders. Creating a project from scratch using maven archetype got working, but new java sources arent' happy then...

As in general use of netbeans it is very good, however a nightmare on a low memory machine, especially with encrypted disks. If I type one word, ill have to wait 10 secs before I can type the next word. Infuriating. So notepad++ is my general editor on that machine.

On a still low spec machine but without an encrypted disk it is better than eclipse. However all popups take 10secs before they finish "scanning", so they are irritating.

As for general development with groovy, it certainly increases developer velocity. However I keep flicking back to Java as certain mixture of architecture and technology is not quite there yet.

One thing that does work well with groovy and spring is spring's new annotation based configuration.

One thing I hope will soon work is dynamic beans, which spring has, but does not as yet work with annotations.

Monday, 6 October 2008

Why waste money with inferior equipment?

Single most expensive element of any project and regular company expenses is the salary of people, ie human resources.

Then why do companies insist on saving money elsewhere which increases the cost of staff? Ie. why so restrictive on hardware and software tools?

I think most managers see the expenses on e.g. new PCs as the only place they can make cuts, and are too blinkered to see the effect. Which is increased salary expenses as people take longer to do their job.

Yes, they should not be frivilous, and people always want new gadgets, which some are unneccassary and cause distraction. But they restrict people far too much which in the end costs them more.



For example (and the reason form my rant):
I am a consultant contracted out to a client. Both from my employer and client I have really inferior PCs. And they fail to see this costs them more than it saves.

( This is not specifically targeted at my current client, which is one of the better ones Ive encountered, but they suffer from the same problem. )

The PC I must use have a really slow single core processor with little memory, so most of my time is spendt waiting for the screen, IDE, explorer to refresh.

And the disks is encrypted, which really causes everything to slow down to a halt, especially due to low memory, that the swap file is used a lot...

I don't help by having weblogic, jetty, 1 or 2 eclipse workspaces and netbeans, and 10+ firefox tabs up at the same time, but the machine should handle this.

I would guess as much as 1/3, minimum 1/5, of my time is wasted waiting for the pc to catch up. If you add that up, for 40 hour week say ~10 hours a week is wasted. That is 10 000kr or £1000 per week of invoicable time.

Sure, some waiting will always happen. Especially with inneffective build scripts, wandering concentration... etc.

So they save an initial £1000-2000 by giving my an old machine. But it costs them e.g. £4000 every month! Blinkered wastefullness.

Not to mention only supplying 1 small screen slows down productivity when Im not waiting....


Why restrict developers? If I had a 4gb+ multicore laptop/desktop, or if running linux/osx server processing access, 2 screens, my productivity would be nearly doubled!

( Yes, slow maven scripts (and little use of jetty etc) means I tend to wander onto digg.com for too long while building, but that is another issue... )


As for my real employer, the direct saving is not so obvious if supplying better hardware, as I am mostly working on client pcs. But there are also consequences of that the one they supply is rubbish.

So doing internal development, evening personal development is more and more difficult, or even absent, as the hardware tools is not there. The one I have from them is even less capable, so it is fast becomming just an email reader.

It is a risk for them, as I ( and I presume the others ) are contacted weekly by recuiters offering gadget budgets, macbook pros etc.


So several articles, research papers have been published to inform managers that salary expenses outweight all other costs so much, then why do they not see to optimise that expense? It is very annoying / tempting when reading / hearing of people being given the right tools to do their job, when you are not. :(

Thursday, 2 October 2008

too much sports!

I do too much sport.

Not that looking at me that would be your first impression, :) but sometimes I think I do.

Clarification: I don't play sports 24/7 anymore. But I am interested in and pursue too many sports. And no, not just as a spectator, but active participant.

As a kid I would play all sports all the time. I would play football (soccer) once or twice a day, I would play ice-hockey all winter, I would ski, swim, etc at any oppertunity etc.

This continued with a lot of football and hockey throughout university. Large quanteties of beer and kebabs at university, followed afterwards with no time due to work, technology and girlfriend meant my physical shape no longer reflected a sporting interest...


But my moan today is that I still do too many different sports, and I enjoy them all, and I do none often enough to get good at any of them. Im not bad at any sport, but not great at most.

Once a week, which in reality works out to twice a month, I still play football, mostly 3-a-side indoors, and now also floorball (innebandy).

Before I changed contract to down the road I used to cycle to work. Now it is only the occational trip at weekends.

Squash, played twice this month. Before that it was two years.

Tennis, got the gear, used to play a few times a year. Last time: two years ago.

Ice hockey - go skating a few times a year, no-one to play with anymore....

Rollerblades - Go 5-10 times in the summer, which are brief in Norway.

Kayak - did beginners course last month. Loved it. Cant imagine Id go more than once or twice a year.

Sailing - still waiting to get round to do my beginners course.

Climbing - ditto

Downhill skiing - More now I live back in Norway. About 4-5 times during winter.

Crosscountry skiing - An option again now Im in Oslo. 3-4 times a year.

Jogging/running - finally a sport I don't enjoy. but get dragged along. about once a week at the moment, hoping to cut down to once a month.

Gym - stopped paying membership when I moved.

Keen on any other sports as they come along: badminton, basketball, (beach) volleyball, surfing, snowboard, you name it.

So in the end its all different sports every time, and a long time between each time I do the same sport, so I don't think Ill make the olympics. :)

Monday, 22 September 2008

groovy maven netbeans jetty facebook spring

Time to rewrite my old wishlist facebook application.

The old one (v3.x) dont work anymore as the web services are gone, I took them offline many months ago. The new application will use the wishlist 4.x web services running on wish.flurdy.com.

Tech stack for this project will be:

Language: groovy.
Build tool: maven.
Web server: jetty (maven plugin).
IDE: netbeans (6.5, with groovy plugin and maven plugin).
Framework: spring (+mvc and WebServices).

So really, only groovy is new compared to the other wishlist projects, but it will be nice to see groovy interact with them.

Already hitting some snags with groovy, maven and netbeans. Seems to be a few posts on how to use netbeans and groovy, or maven and groovy, but not all 3 together.

May at some stage try grails.

Friday, 19 September 2008

groovy spring annotation

Hmmm.

Groovy supports well spring's annotations.
Spring's dynamic language tags are also handy.

But I wish there was some dynamic language annotation!

As in eg, I have a Service written in Groovy such as:

@Service
class PersonService {

@Autowired
PersonRepository

blah blah ...

}

wouldn't be nice if I could:

@Service
@DynamicScript("Groovy")
class PersonService {

@Autowired
PersonRepository

blah blah ...

}

thus enabling it to be a refreshable bean without xml!

Sunday, 14 September 2008

No value specified for parameter when using MySQL with JPA/Hibernate

I came across a problem when swithching database for a project from HSQLDB to MySQL.

I am using memory based HSQL for unit tests.
I am using file based HSQL for development testing.
I have changed my integration tests to using MySQL from file based HSQL.
Final production release will probably use MySQL or Firebird.
(This isn't commercial work, so no Oracle in any stack...)

But when I switched to MySQL, JPA/Hibernate starting complaining about: No value specified for parameter 2. As usual the generic multiple vendor reasons for using JPA/JDBC usually is not true...

Was a bit dumbfounded with this error, but eventually found the solution : http://opensource.atlassian.com/projects/hibernate/browse/HHH-2605.

As it turns out there is a bug in the version of Hibernate that I use.

I depend on
 <dependencies>
 ...
   <dependency>
    <groupId>org.hibernate</groupId>
    <artifactId>hibernate-   entitymanager</artifactId>
    <version>3.3.1.ga</version>
   </dependency>
 ...
 </dependencies>

And this version in the maven repositories was uploaded with wrong transparent dependency to hibernate 3.2.4.ga, which is buggy.

But the quick fix is to change my own dependency management to use version 3.2.6.

Thus this change solved the problem:
 <dependencyManagement>
 ...
   <dependency>
    <groupId>org.hibernate</groupId>
    <artifactId>hibernate</artifactId>
    <version>3.2.6.ga</version>
   </dependency>
 ...
 </dependencyManagement>

Maven causes problems, but also solves problems...

Friday, 12 September 2008

Copying message to Sent folder?

Problem sending email in Thunderbird?

Encountered this problem a few times, so thought I'd blog my about my last solution to this.

Frequently people when trying to send email with the Thunderbird mail client, are not able to do so, and a popup with the text "Copying message to Sent folder" are forever present on the screen.

There are many causes for this symptom (1,2,3,4,5), and several solutions (1,2,3,4,5,6). It seems it is a problem the Mozilla mail clients have suffered for a long time.

In my last encounter, which was a family "helpdesk" case, so VNC session across the sea. :)

As mentioned the problem was that the "Copying message to Sent folder" message was continuously displayed, so the sender had no indication whether the mail was sent or not. It was. But never copied to the Sent folder. Nor by canceling where they able to save it to the Drafts folder.

What seemed to be the problem was the selection of where the Sent and Drafts folders where. In Tools/Accont Settings and Copies and Folders. They had it set to the default, ie. eg. the "Sent" of each account. This had worked for a long while before.

But by changing this to the custom option, and manually choosing the Sent folder, solved the problem! I also had to create the Sent folder for one account, and a Drafts folder in the local account.

No doubt, Ill re-encounter this in the future, hopefully Ill remember to check my own blog...

Wednesday, 10 September 2008

find cool t-shirts

Ive set up a shop for t-shirts, shirts and jumpers. Its at flurdy.spreadshirt.net.

Most likely myself, friends and family will be the most interested, but the general public may find them funny, so help yourselves!?

There are some longsleeved shirts and hoodies, some tops for woman, but mostly t-shirts. Most are branded with flurdy logos. Prices are in british GBP at the moment.

These are generally shirts I would buy myself, maybe other share my taste... Here is one of my t-shirts:
test

Monday, 8 September 2008

find friends, spam friends, next family

I use facebook to link up with old friends and collegues. Now less and less, as not much happens on it anymore, as most friends I know that are likely to be on are now on it and have found all their likely friends. So now it is quieter than the rush of last year.

The novilty has worn off, people have already caught up with old friends, the funny apps have now worn off, they need another reason to check facebook so they need a big push to keep people checking the site.

The events organiser needs to expand perhaps, as only some people use it. Have it integrate with other tools and calendars (google/Outlook), merge with marketing do's, football fixtures. SMS notifications etc. My other suggestion is upTo soon to be at flurdy.com, an application for people to list what they would like to do. Not explicitly every time, but more "at weekends i am up for a game of football", or "fridays I would agree to go out for a drink". So when you think right I fancy going to a concert this weekend, you can quickly see which of your friends could be interested. A quick poll later and you got your gang.

Linkedin.com is good as well. Other people probably have had more use out it for creating business proposals, but I find it usefull as a career aid and whom to contact regarding certain situations etc.

doostang.com is very slick. More aimed at pure recruiting. More usefull for the american, californian people, however as its run by my old flat mate Mo, I am biased.

Today I found geni.com, very nice. Again a data privacy situation like facebook and linkedin, but I am already pumping in my family tree! Think they will quickly grow their users, as people have to put in family hence spread the network, as opposed to optionally spam friends on other sites.

Friday, 5 September 2008

Snakes and Adders. And what is that?!




Nice adder on the steps upto our summer cabin in Norway a few weeks ago, before going up the stairs! Further delaying us getting into the house. Then it decided to go under the cabin, which really reassured us...
Poisonous, but don't kill you unless you are really unlucky.



However this one might do:


(Not the blue pipe, but the orange snake by the wall.)

This was in Vietnam, on the slopes down from Dalat towards the coast. We had stopped for a break in our cycling trip from Saigon to Hanoi, and I really needed the toilet... We spotted this snake sliding into the men's toilets. A local Vietnamese man inside spotted the snake and ran out. That reassured me as I still needed to go into the toilet...

Since the snake was going and out the holes on one side, I decided to sneak into the cubicles on the other side. But when I checked them out, they were very dark and full of mosquitos. Since this was still far inland, and off the beaten track, I now had a choice between malaria and dengue fever or a snake bite from a snake that the locals seemed to fear...

Better the devil you know, so I put out some centuries and a very quick pit stop on the snake side!

Still wonder what type of snake it is. Brown orange body, 1.5m long. Was not able to identify it by looking up some sites on the net. Probably some expert will tell me it is a harmless grass snake, but as the locals were not chuffed about it, I decided not to cuddle it.

Thursday, 4 September 2008

Off to javazone!

JavaZone is on again next week. Complete geekfest, but I still enjoy it.

Tend to be very excited the first day, attending most presentations and then start missing a few the second day which is the last day. Spending more time in the stands chatting to companies, trying to blag freebies instead. The first evening also has social events in the evening, which Ive avoided before, as it seemed quite geeky and I was new to this country. Also last year clashed with a football match, which I went to my local pub to watch instead. But suppose Im a geek as well, and Ill have a few pints at least, especially if they are free..

Back to work afterwards I am usually very keen to try all the new technologies and methods.
A few days later dissapointed that I wont have to time investigate most of them.
And a week or two later, forgotten most...

But I do usually pick up something, which does improve my abilities, and then usually able to apply it to work. If not immidietly, I usually apply it to some of my hobby projects instead. Which then usually I reuse at work sometime later, when a new project starts. So I think the two days of non invoicing is worth it in the long run.

Excited to hear or even meet people which work you read on the net. People from Springsource, Google and Sun et al. Last year it was good fun to see the JavaPosse people, listen to Matt Raible, who's work always seem to encounter the same issues I have.

Attended several Mule presentation's last year(2007). Including one by Ross Mason himself, although the one by two guys from Atos Origin, Jos Dirksen and Tijs Rademakers, was much more useful. But even though I think it is a great product, I still haven't had the time to implement it anywhere yet.

Wish those damn 36hour days would soon be standard...

Friday, 22 August 2008

Lunatic politicians over Oslo parking permits (beboerparkering)

Oslo Kommune, my local council, have some time ago agreed to launch a parking permits scheme( Beboerparkering). Up till now the residential areas of the city have enjoyed free curb side parking. The scheme may start at the end of the year.

I have lived and visited many places with such schemes, and they have always been exceptionally limiting, and a real nuisance, especially to guests. So I am really annoyed the council have agreed to this.

How can people and politicians be so blinkered?! I keep reading articles, interviews of people on the street, and no one seems to think this is a bad idea, and no one is asking the obvious questions. Will this improve their parking problems? No it wont!

I was surprised most political parties supported this idea, not just the petulant spoilsports of SV and KRF, but all large parties on the left and right. Suppose it is a sneaky way to grow their coffers and ban people from the freedom of cars.


I live on Industrigata in Majorstuen in Oslo, which is part of the initial trial area. It is an area very close to the city centre and has a popular shopping street, Bogstadveien, going straight through it.


The parking situation up till now:
* Free curb side parking.
* During day time, busy but some available parking spaces on every street.
* In the evening, impossible to find a space, average 20-40 minutes search, especially if you work late.


Reasons for permit scheme:
* To stop commuters parking here during office ours and then walking to city centre.
* Allow local residence parking.


Details of scheme:
* Charge for permit. Initially 300kr/year.
* Limited permits, for residence only.
* Need permit between 09-17 weekdays and 09-15 Saturdays.
* Visitors can stay for 2 hours at any time.


So what does that entail?


Positives:
* More free spaces during daytime. Which means unemployed and pensioners can park. Great. Do they need a car?
* Shoppers targeting specific shops will still be able to park.


Negatives:
* No change for the evening. Will still be as chocker full as before.
* We now have to pay for parking. What is to say this charge will not increase?
* General shoppers are now unwelcome, if it is not a brief visit.
* Tourists whom drive are now unwelcome.
* Businesses resident in the area are now unwelcome, even if they get a few permits.
* Visitors are now unwelcome, if it is not a brief visit. Staying over is not an option, even if drinking.
* Will encourage more residents to drive to work, as they may not have permit to park both cars during daytime.
* Commuters will now park in another area, causing more congestion in that area.
* Residents with no permits, or 2nd car owners will have to park in next door area, causing more congestion in that area.


This is what the blinkered people don't realise. They will NOT be able to park any easier as it will still be full in the evening. This is because in the evening it is 99% residents whom are parking. The outsiders is negligible at this time. And there simple is too many resident per car park space. And a scheme will not change that.

The only way that there will be noticeable more spaces in the evening, is if the residents themselves wont get enough permits. And that is not a good solution. That is beating the locals with a stick.


And enforcing commuters to not park in the area, is not a good idea. Yes some misuse the free parking, but others actual work in the area, need to drive due to kids/distance or poor public transport options. Not to forget they usually leave some business behind by popping into shops in the area on the way home. And blocking them out is not needed as there are spaces available during daytime.




And I don't even own a car!

Firefox 3 ACHTUNG ACHTUNG self signed certificate

Lately as a techie geek, a very minor thing have annoyed me. (Non techies can switch off now).

Firefox 3 was launched a few months ago, and it is a great evolution in the subject of browsers. The progression in security and anti-phishing is very laudable. But one thing really annoys me (hence this post):

The huge ACHTUNG ACHTUNG process when encountering a site that uses a self-signed certificate for SSL. And the reasons and responses to why this is so.

A self-signed certificate is SSL certificate for encrypting and authenticate the site you are visiting. Self-signed means, that the certificate has not been signed by a 3rd party (at least not one you browser knows), thus the authenticated can not be guarantied. However the traffic is still fully encrypted.

Banks, web shops, medium to large businesses and high volume web sites do not have a reason for using self-signed certificates. They should afford the the costs and effort of setting up proper authenticated certificates. Expired and invalid certificates should not be accepted from them.

However for smaller organisation, charities, tiny business, personal sites and application, and small application, self-signed certificates is a great help. They are free and ensure encryption.

I have perhaps 50 odd tiny applications and web sites on a range of domains. I am not about to hand over $500-5000 a year to some 3rd party racketeering company to secure and authenticate all these sites. Especially as I probably make only about $100 a year on them, mostly from ads!

Yes, some of the sites are only used by me and a limited known user group, so the warning is shortlived. However for many of them they are for the general public, and needs volume to be make any money or to be of any interest. If any becomes a huge success, then I can get a decent certificate, but most of them will never be. Nor for the rest of the web with similar issues as mine.



So what is the problem with Firefox 3 ?

When encountering a self-signed, the new version of Firefox displays a full page alert. This ACHTUNG, ACHTUNG, alert in striking yellow and a policeman stopping you, is quite off-putting. To still view the site you have to go through 4 clicks of yes, really yes, accept etc.

Previous version, Firefox 2, displayed a pop-up box, where you could view the certificate, reject or accept it. Other browsers displays similar warnings, but not quite as rigorous as FF 3, which are not necessarily better.

With this new warning page, the majority of the casual web users will either be put by either the effort needed to enter the site, or scared off by the warning. The minority of the users which are technologically savvy will not be put off by the alerts, and will still be able to view the site. Also the users which are very specifically interested in the site, will perhaps ask for assistance first, but may still view the site. Depending whom your target users are, the majority may now never visit your site/app or will already be slightly peeved off.

So Firefox 3 is by its actions recommending web sites not to be encrypted.



Why the new warning?

The reasoning for a warning, is because the site can not be authenticated, thus perhaps a phishing attempt and/or it may be possible a Man in the Middle Attack has occurred. And the new extended process is so users are more aware of this than previous.

Valid points and I believe the users should be informed somehow. However I do not agree the scale of the warning is justified. And it does create a huge hindrance for many valid web sites.




Benefits and risks of using certificates

If the site has a 3rd party signed certificates, which all important sites should have, especially where money is changed hands, then only a a valid signed certificate is acceptable. Fair enough. But 3rd party authentication does not guarantee authentication, you may still have misstyped the url. The 3rd party may not have rigoursisly checked the authentisity of the site before singing the certificate. etc. But it is usually a safe bet that it is secure.

Expired or invalid certificates for important sites, is not acceptable either. But again for the less important, less resource rich people and organisation, it should be to a degree. At least it is authenticated. But for general web sites, these certicatesd is lax on behalftheir IT, and should be noted in some way.

Self signed certificates, are great in ensuring encryption. This prevents network snooping of passwords etc, which is very easy to do. Yes it can not authenticate the site. And Man in the Middle Attack is possible if it is the first time you visit this site. However Man in the Middle Attacks are extremely rare and difficult to do. Self-signed is not for banks etc.

Changed certificates. Sometimes for valid reasons a certificate is changed, e.g. when the old one expires. This should be warned of and yes, especially for self-signed certificates, a big alert warning should be prompted.

No certificate, as in plain http, unencrypted traffic. I believe we should use SSL/TLS as much as possible. When you need to log on in any way, the site should be encrypted. Any data specifically to/about you sent over the net should not be able to snooped on by casual listeners.




Developers responses and people comments

What really also annoyed me is the reasoning by developers and the advocacies by people comments in articles about this warning.

They say it is better to block people than to allow access to unauthenticated sites. Or people really need to be warned, and if they are not smart enough then too bad. Which is just bad business and ignorant.

Or no excuse not to cough up for certificates and that self-signed sites does not deserve any pity. Well that is okay for rich people, but not me, and not the millions of tiny sites that make up the majority of the web!

Or the typical techie replies that the warning is no problem, only a few clicks and they really like the information etc. Which is again ignorant of the huge portion of users which will be terrified with this unfriendly warning.

Or that Man in the Middle Attacks is really dangerous and should over prioritise any usability. No, MitMA are rare, very rare. Yes, important to protect about, but we should not stop people using the web by doing so.

Or that unauthenticated SSL is worse than plain http due to perhaps impression of authenticated. No, plain unencrypted http is terrible, as snooping is easy and common. It really is a problem with how the browsers show the distinction between unauthenticated and authenticated sites, not the sites.




The outcome and my suggestions


The current police warning by Firefox 3 is a very bad solution. It will cause:
* Many self-signed sites to convert to unencrypted.
* More easy snooping of peoples passwords as sites go unencrypted.
* Some self-signed to purchase certificates.
* Loss of information spread, ad revenue and business for small sites.
* Confidence in Firefox in progressing usability


What Firefox needs to do is to distinguish the different states of certificates (which it already does to a degree).

Signed 3rd party certificates.
Display the new signed favicon as it does. with lock in status bar etc. no problems with it.

Expired or invalid signed certificates.
Warn but allow access.

Changed signed certificates.
No warning.

Self-signed certificates on 1st encounter
Warn but allow access. But not the ACHTUNG ACHTUNG approach. A simple change of icon to a red broken lock as in previous netscape versions is enough information. A cleaner drop down bar like the new remember password bar, to allow import of cerficate, inspection and links for more information would be much better. Maybe colour location bar red, till the certificate is accepted. If not the certificate is not kept once the session is over.

Self-signed certificates on re encounter with previously accepted certificate
No warning. Just the red lock. Or with a question mark over the favicon.

Changed self-signed certificate.
ACHTUNG ACHTUNG warning.

No certificate, unencrypted.
Maybe this should be changed to show users that it is not secure in any way?!


enough ranting. no one will read this (not the whole post anyway ) :)


(Ps. Man in the Middle Attack is when some other machine between you and the site pretends to be the site and intercepts your traffic, and responds with its own fake certificate)

Grrrr!

I am sometimes worried about myself (or perhaps human kind ).

Real issues and problems, like wars, famine, murders etc while it is obviously really bad for the people concerned, and I do have some sympathies, ( and its interesting in a news sense), but it does not really upset me. Ok, I am not cold harted and do get involved, sometimes.

However little minor everyday things really ticks me off. Like being overtaken while queing in a car or shopping queues. Or how general things annoy me, like how my fellow Norwegians are quite cold and rude, my former fellow Englishmen are quite ignorant. Or that Norwegian SV politicians really pisses me off as most things they say and do generally is trying to make most people's life worse, in a quite sadistic and petulant way. Or when the people above/next door have their bass on slightly too loud, never mind people being slaughtered in Georgia/Sudan (or wherever my biased one-sided news channel reports it from), but the extra noise is really bad...

Or in a more selfish example, when e.g. encountering a Romanian beggar on the streets, I am not upset enough that an EU country can have such huge problems with social differences and discrimination of minorities, I am however annoyed that they are allowed into this country, do not work and disturb me. Terrible, I know.

In the local news, a car parking permit scheme is about to be introduced in Oslo, and that really got me annoyed how blinkered people and politicians are. And I don't even have a car! Think that will be another blog post.


Lately as a techie geek, another minor thing have annoyed me. Firefox 3 new ACHTUNG ACHTUNG alert for self-signed certificates. Think will be another blog post as well.

Saturday, 19 July 2008

Netbeaning again

Return of the lost child...

Been an Eclipse devotee for several years now. But have recently returned to NetBeans. I was using netbeans before eclipse, but changed as eclipse offered more and faster development. (And JBuilder, Kawa, jedit in ancient time before then...)

Been really impressed with NetBeans 6.1, it has really moved on from 4.x range I was using, and the 5.0 version I last checked out.

First impression was how well maven works within netbeans. In eclipse the m2eclipse plugin does somehow works, but is cumbersome, and always something is a pain. In netbeans, the mevenide just works. Plain and simple. It just works as it should do, with full module structure, easy usage, seem fully integrated with the rest of the ide. nice.

In general netbeans is a lot clearer and cleaner, eclipse interface is very messy and cumbersome.

So Ill be a Sun slave for awhile now, till the next new better thing arrive...

( looking through my blog, it is becomming more and more geeky. oh well. :) )

Thursday, 17 July 2008

Firefox extensions

Arent Firefox extensions fabulous? No? Oh. you got a life...
Anyway for the rest of us, they are.

Here are my favourites, I dont always install all of them on every machine, but quite a selection every time.

  • Fast dial:
    essential, such an eye candy. and usefull.

  • del.icio.us bookmarks:
    new firefox 3 bookmarks, are nice, but i use several machines, several users, several profiles, sometimes not firefox, so syncing bookmarks is key.

  • faviconizeTab:
    nice.

  • Web developer:
    Must have for web developers. Suprisingly I use it much anymore, so Ive realised I just dont do much frontend coding anymore.

  • Firebug:
    Like web developer, good css/ajax debugging tool.

  • Foxyproxy:
    Not recommended for everyone, but nice work extension to automatically alter which proxy you use. (In case they monitor how much time you "research on the net".

  • ie tab,
    if in windows, even less reason to ever click on e!

  • quick java:
    quick buttons to enable/disable java

  • NoScript
    essential security tool, a bit overzealus.

  • pwdHash: handy.
  • adblock plus:
    if some adds annoy you, or as i often encounter, slows your pc down to a grind if you tab open 5-10 news articles with lots of flash adds....

  • remember the milk for gmail:
    handy

  • twitterfox:
    nice not essential

  • facebook:
    nice not essential

  • CTRL+TAB:
    Nice idea, but lacks some configurability, so needs to mature a little.
    Tab scope:
    Nice, but not that usefull,
    Tab sidebar
    Very nice
    Ctrl Tab Preview
    If only it was updated to FF3

  • google preview:
    just usefull, not essential.

  • Split Browser:
    Handy viewing some side by side. A bit buggy last time I used it.

  • firegpg:
    nice, if only people would care about encrypting emails...

  • google toolbar:
    used to always install it, not bothered in the new firefox 3

  • foxtrick:
    if you play hat trick, then foxtrick was essential, and is still usefull.


  • modify headers
    ,
    if debugging web apps .


  • gmail notifier
    :
    if you dont have an external one.
    works with google apps.

  • Elasticfox:
    Essential if you use amazon ec2 alot


  • S3 fox
    :
    Handy amazon S3 browser.

  • google browser sync:
    Very handy, but discontinued for firefox 3.
    Syncing many things, but the element I used was passwords.
    very usefull as i use many machines, often reinstalling firefox,
    and dont want to remember every password.
    downside was privacy, but id rather trust google,
    than some 3rd party i dont know. (better the devil you know)

Friday, 16 May 2008

New Postfix howto!

I have finally updated my Postfix howto!
It is now based on Ubuntu 8.04 Hardy Heron. And as before includes detailed, easy to follow instructions of building a mail server using Postfix, Courier, MySQL, amavisd, SpamAssassin, ClamAV, SASL, TLS and SquirrelMail.

It is not quite finished yet however, but I would recommend following it rather than the old one. But keep referencing the old one as it has a lot of detail. The new howto, edition 7, does at the moment only include the core packages, but enough to get a advanced and secure server up. For any extensions and further info it still referes to the old edition (5). But I will keep padding it out with old and new content.

New for this edition is the inclusion of Amazon Elastic Computing Cloud(EC2) as reference build of the server. I have also made public AMIs for people to launch and customize if they so choose.

Hope it is of use to people!

Cheers,
Ivar Abrahamsen

Wednesday, 30 April 2008

elastic experience

Been playing with Amazon's web services, EC2 and S3.

EC2, Elastic Computing Cloud, is really nice. In a nutshell, it allows you to create servers on the fly as and when you need it.

My initial impression before using it was that is would be very good for high load, performance intensive applications for larger corporations or research. And not for my use; low to none performance, tiny web sites and web apps, which are mostly used by just me.

The main reason was the cost of running one 24/7 is costly with amazon pricing, especially as it would be idle most of the time. At most I get 500 web site visitors a day, thats only 1 every few minutes.

But after playing around with EC2, I have realised it can also be very usefull for my meagre usage. Initially it looked a conveluted way of creating and accessing EC2 and S3. But the starter guide was actually quite easy to follow. And then the firefox extensions for both makes admin very easy.

I run a subversion server on my normal server for my code, websites, documents etc. But its does not need to be online 24/7. I can just bring up an EC2 AIM instance for a little while, or even for the daytime hours.

I also use my current server to run test apps, which only I use. They do not need to be up for very long. EC2 will be fine.

The main cost will be the 24/7 hosting of my static web sites. If I run one, I might as well run them all on the same instance. But I worked out the costs is on par the ISP is charging for my co-location server. However it's costs are shared with others, which I may not be able to do with EC2.

So now Im moving from one physical server doing everything(including crashing and being down for long periods), to several dynamic instances with at least one permanent. Will keep a look at costs to see how much more this way is costing.

Will have to write and create some routines to persist to S3 some of the data of the instances. This looked a pain initially, but I think it is just a period of adaption before it will be acceptable.

One thing Im not sure I can move to EC2 is my email server. But google apps is handling well some of my domains, I might just convince myself to move it all to it.


Ps. The one odd, funny thing, but to be aware of with EC2, is that after you have terminated your instances, try after awhile the ip again in a browser. I have gotten other people's instances whom have been handed the IP, but often their websites are in their initial install state. So Ive seen default admin pages for CSM apps(ie with default passwords as well) etc being exposed to anyone before the actual owner logs in and changes settings. Remember you can be in the opposite situation as well.

Sunday, 27 April 2008

Grrrrrrr

My server keeps crashing. No idea why. And I cant physically get to it anymore. It feels really frustrating.... :(

It has been up faultlessly for more than two years so suppose ive been spoilt.

And the other people I share the server can neither get to the server easily, but at least they still work in the same country as the ISP. But it means days delay between reboots. And then some hours of searching for why it crashes before its gone again.

Things is, it worked faultlessly when we removed it from the isp and ran it for a few days at someones house. But in the ISP it dies within a day.

If it is hardware, my main suspect is always the powersupply. But I cant remember what the specs where......

Tuesday, 22 April 2008

No single default persistence unit defined

If you getting nowhere with this type of problem:

Using spring and jpa, and you get this error:

No single default persistence unit defined in {classpath*:META-INF/persistence.xml}

And you DO have a persistence.xml in your classpath.

Then the cause is simple.

You may have other persistence.xml files as well in your lib/jars.

Solution, add your persistenceUnitName to entityManager bean.


<bean id="entityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
<property name="dataSource" ref="dataSource" />
<property name="persistenceUnitName" value="blahblahYourName" />


which matches the one in your persistence.xml


<persistence-unit name="blahblahYourName">

</persistence-unit>