22 December 2008

Hacking the Amazone rainforest

Brazilian loggers are hiring hackers to break in to government systems and exceed their quota.
The Brazilian government will respond by raising the quota with 150%.

21 December 2008

JMS producer code example

Alternate example for Code 8-1 in SL351-EE5.
This example features:
- ejb client container resource injection
- Queue/topic agnostic API (JMS 1.1)

EJB life cycle callback handlers

SL-351-EE5 Extra excercise 10.1

1 Create a JMS connection when the AuctionManagerBean is created.
   Make the connection an attribute of the bean
2 Close the JMS Connection when the bean is destroyed.



Solution

15 December 2008

EJB2 => EJB3

These slides show an example of the changes in a session bean going from EJB 2 to EJB 3

10 December 2008

hiking sites

About a year ago a coleague at Uniway told me about geocaching.
Geocaching is a game, where you have to find hidden objects (caches) based on GPS coordinates and hints.
A great way to have an entertaining and beautiful walk in an area you don't know.
With our friends we did a cache related to the flooding of the Yzer estuary in World War I.

This weekend I stumbled upon routeyou, another nice walking site. They have got plenty of descriptions of hikes and bike trips. Here's an example walk.

21 November 2008

Netbeans 6.5 is out

Highlights:

  • PHP support
  • better javascript/AJAXsupport
  • better SQL support
  • Groovy support
  • automatic compile on save
  • CamelCase code completion!
  • Support for Windows UNC paths (shared network folders)!
  • slow startup!
The UML module is still unbundled (and rightly so)

19 November 2008

Free Microsoft Anti-virus coming

Microsoft will add their Live OneCare consumer anti-virus (subscription now $50/year) as a free offering, codenamed Morro (after a Brazilian town), from the second half of 2009 on.
It is difficult for MicroSoft to sell stuff that corrects security issues within their own products.
OneCare had less than 2% of the antivirus market. This is expected to rise now :)
Morro will be based on Micorosft Forefront client security and is expected to merge with the existing free Windows Defender (anti-spyware).
Meanwhile MicroSoft continues the Forefront Security Suite, their centrally managed enterprise security offering.

18 November 2008

Harry Potter on Open Source Software

Never trust anything that can think for itself
If you can't see where it keeps its brain.

Arthur Weasley

17 November 2008

chat aggregator

I am using MSN and Skype for chat/talk.
The rest of the project group wanted Google talk.
To keep things organised I went looking for a desktop aggregator.
Nobody supports Skype and because it is a bit flaky i decided to ditch Skype.

-digsby: private company storing all kinds of information about you including your passwords (we will not look at them)
- digsby: closed source
-digsy: windows only (just like me)
+digsby: also supports social networks like linked in.

Privacy is a concern with digsby and I would have gone for pidgin, but digsby installs and operates so much smoother that I fell for it.

Only drawback is that it starts with the buddy list open, but that's supposed to be a bug.

i'll keep an eye on pidgin to see if it gets any better.

12 November 2008

Spring eats Groovy


With venture capital burning in its pockets, Springsource has now acquired G2One, the company behind Groovy and Grails.
Sure is a combination of two great technologies.

25 October 2008

Solaris patching

Patch Check Advanced (pca) generates lists of installed and missing patches for Sun Solaris systems and optionally downloads patches. It resolves dependencies between patches and installs them in correct order. It can be the only tool you ever need for patch management, be it on a single machine or a complete network.

Sun has offered various tools in the past for patch analysis and management, e.g. PatchDiag, PatchCheck, PatchPro, smpatch, Sun Update Connection (see the Sun Patch Portal for details). Some of them are not actively maintained, some are huge and opaque, some don't run on older Solaris releases or stripped-down machines, some require complicated installation and registration procedures.

This is the intro for Martin Paul's excellent pca tool. Well said, and he's even ommiting the changes in underlying Sun tools and sites: updatemanager, anonymous FTP, wget, showrev, patchadd, installpatch, install_cluster, sunsolve, Sun xVM Ops Center (try pronouncing that), sunconnection.sun.com, updates.sun.com, updateserver.sun.com...

17 October 2008

web whiteboard














Dabbleboard is an intuitive flash alternative if you do not have a whiteboard or when you're teleconferencing.
It is transforming your mousedrawings to basic shapes, supports shape libraries and saving and interactively sharing your drawings.

13 October 2008

OpenOffice 3 is out

Finally the free opensource office suite is out with support for the docx format,
Microsoft's secret weapon for luring users to Office 2007.

11 October 2008

SpringSource relaxes maintenance policy

SpringSource is going through the growing pains of a free open source company going for money.
Venture Capitalists Benchmark (they're also in RedHat) and Accel invested $25.000.000 since may 2007, and these guys like to see some return.
Up to then, Interface 21, the company of Spring founder Rod Johnson, made its money mainly from consulting services.
By the end of 2007 the company got rebranded to SpringSource and since then their focus is on making money from the products (and maintenance contracts).
They started using their money to eat Covalent, an Apache support company and contributor. Covalent gave them access to support know how and teams. It also added leading public domain products like the apache webserver and tomcat to their portfolio.
In june SpringSource announced their own application server.
Since then they have been hauling over big heads from competing application server vendors on board: the BEA WebLogic product manager, the JBoss (now a RedHat subsidiary) COO...
They came up with a RedHat-like support policy, where you get major releases for free, but have to pay for minor releases.
After a storm of community protest they have now changed that: the community will get the latest and greatest binaries (source was and remains free), but paying customers get patches incorporated in older builds.
The new policy looks fair.
Still Spring is a one company product in contrast with the Java ecosystem where you have choice. The fact that this company is going commercial only makes the dependency stronger.

12 September 2008

Microsoft joins OMG

Continuing their re-commitment to UML, Microsoft has now joined the UML governing body, the OMG.
And it's not only words, they are actual doing things.
Microsoft will include 9 UML 2.1 diagrams in the next version of Visual Studio Team System 10, code named "Rosario".
Why?

  • they have not been able to kill UML
  • the MDA approach of UML tries to generate programs from models. It is not just drawing anymore, but graphically building real programs. Microsoft has always wanted to have mouse clicking developers rather than the typing type ,so that's a nice fit
  • MDA uses a PIM (Platform Independent Model) and a PSM (Platform Specific Model). If you use UML as a neutral language (for the PIM) you can fit in DSL as a PSM. So Microsoft can go for UML without dropping its DSL approach.

7 September 2008

Vista commercial

Vista: Do you really want to?

Vista brings the patronizing Windows policy of user confirmation prompting to new heights. The new thing is User Account Control (UAC) prompting:


For one thing some experts consider it broken.
But what is really a pain is that you can not turn off the prompting unless you disable User Account Control entirely.

Well, you can selectively turn off the prompting in the security policy, but not in the Home (Basic/Premium) edition. Making usable security an extra option is irresponsible, at the least.
David Cross a product unit manager at Microsoft, stated during the RSA Conference 2008 that UAC was in fact designed to "annoy users", and force independent software vendors to make their programs more secure so that UAC prompts would not be triggered.

A useful little program for disabling the prompting without disabling the security system is tweakUAC .
If you use tweakUAC this way, windows security center will (erraneously) report UAC is entirely turned off. And again, starts showing warnings every time you log on. You can turn that message off, though: double-click on the shield icon in the taskbar to open Windows Security Center. Then click on the “Change the way Security Center alerts me” link, in the left panel. Finally, choose one of the “Don’t notify me” options.

6 September 2008

In memorian Serge Vleugels


Hey Serge,

Dat was zo'n beetje je vaste stijl van begroeten als je binnenwandelde, de twee jaar dat je bij ons was als website programmeur. Eerste indruk : een echte geek. Voor wie buiten het computerwereldje niet weet wat dat is, je kan de geek herkennen aan:

  • Fanatiek over technologie (check)

    • enthousiast over free software

    • Microsoft hater

  • werkdag die wat uit de pas liep met een 9 to 5 job (check)

  • draagt T-shirt met computer teksten (check) als:

    • er zijn 10 soorten mensen: zij die binair begrijpen en zij die dat niet doen

  • leest fantasy boeken (check)

    • je was vooral gek van “de wetten van de magie” van Terry Goodkind.

      • Je nickname in chat programma's en zo was zeddicus of zed, je eigen boot heette Kahlan, twee figuren uit die boeken

      • eind dit jaar komt de TV serie uit in Amerika. Ik denk niet dat je je door iets laat tegenhouden om daar van de andere kant een connectie op te zetten.

  • Speelt fantasy games (check)

    • ik heb tot nu toe evenveel checks achter mijn naam dan jij, en we speelden ook beiden het Magic kaartspel. Het is bij de bedoeling gebleven een matchke te spelen op het werk, jammer genoeg.

  • communicatief, enthousiast, charmant (geen check)

    • als je je een tijdje kende, Serge, kwam je helemaal niet overeen met de typische geek, een wat in zichzelf gekeerde computeraar. Je kon heel openhartig en met veel tederheid spreken over de mensen (en soms ook de boten) die je dierbaar waren, die je koesterde. Je was duidelijk iemand die veel warmte kon geven en enorm van hen hield.

  • Ook je liefde voor boten was a-typisch. Je wou zelfs op die dingen gaan wonen. Je inzet ook om anderen te helpen, via je passies, door zeiltochten voor jongeren met moeilijkheden te leiden met de vereninging “de zachte kracht”.


Dan waren er ook tijden dat je verschoven uurregeling problematisch werd, je kwam pas 's middags op het werk, je was veel afwezig, je projecten gingen slechts op halve kracht vooruit. Ik denk dat de schaduw was die we bij Uniway zagen van je moeilijke momenten, van een andere Serge. En ik denk dat het dan ook voor je naasten moeilijk leven was.

Maar op andere momenten, als iets echt af moest, kon je er met tomeloze energie energie nachten en weekends lang (ook niet aangenaam voor het thuisfront) tegenaan gaan en knappe dingen opzetten. Zo werkten we samen aan de Mo website (het mondiaal magazine dat ook als bijlage bij Knack verschijnt). Je gaf op conferenties interviews over je projecten en voor Artsen zonder grenzen won je de “NGO website van het year” prijs.

Kasper, de oprichter van de internationale Typo3 open software gemeenschap, die ook onder de indruk was van Sege's werk en persoonlijkheid, publiceerde een mooi in memorian.

Serge leefde intens en liet niet makkelijk iemand onverschillig. Ik hoop dat iedereen voor wie hij dierbaar was de mooie momenten bij kan houden en daar troost uit putten.

5 September 2008

Quis custodiet ipsos custodes

A survey by Cyber-ArK conducted on 300 IT security professionals says:

  • 88 percent of IT administrators, say that if laid off tomorrow, they would steal confidential data (passwords,...)
  • one third of IT staff admitted to snooping around the network, looking at highly confidential information, such as salary details, M & A plans, people's personal emails, board meeting minutes and other personal information
Cyber-Ark sells software for... protecting sensitive information.

4 September 2008

Google Chrome Gears

Nice take on the Google Chrome browser by The Register:
Chrome is just a trojan to push the Google Gears browser plugin to the desktop.
Gears is a platform to build featurefull, fast applications, running in separate threads (exactly the Chrome features). The applications have access to a local database and can also run offline.

3 September 2008

Oracle buys yet another SOA vendor

I'm beginning to understand why Oracle relabeled its middleware portfolio Fusion.
They have just bought SOA vendor ClearApp.
Oracle is still in the process of merging their SOA offering with BEA Aqualogic. Aqualogic itself incorporates earlier BEA purchases like Flashline and Fuego.
Clearapp is monitoring the webservice components that make up SOA applications.

Google chrome

Google recently launched its own web browser: Chrome.
At first sight this is a frontal attack on Firefox and resembles Micorsoft's monopolistic behaviour.
The browser has a minimalistic non-spectacular look. Most important features seems to be speedy javascript and multithreading.
I hope this browser acts as a lab for things that can mature into Firefox, much like the hotjava browser did.
To be watched with caution.

29 July 2008

Browser plugins most popular point of attack

We could have expected it. According to a recent ISS (IBM now) X-Force study, all these nifty browser plugins, have become the biggest point of attack for hackers.
The major source of vulnerabilities is the browser:

And the most important source of vulnerabilities within the browser are plugins:

Surprisingly only exploits for internet exploder active-X plugins have been reported, while I thought the firefox plugins were the most popular.
Maybe their vulnerabilities don't get reported because most are small projects run by individual freeware contributors? There is a list with officially recommended add-ons, but these recommendations are probably more related to stability than to security.
Maybe they don't count extension exploits?

4 July 2008

Installing Vista

Installing Vista on our new PC. My first Dell. Good price and swift service.
Experiences:

  • no builtin support for mounting DVD images. Downloaded virtual clone drive. Once installed, just double click and your .iso file is mounted just like a real DVD.
  • to edit system files (like etc/hosts) you need to start your editor in admin mode first

3 July 2008

docX converter

Creating a new Office 2007 file format (.docx, .xltx) is a good way to push people to buying the new release. After all it is embarassing having to confess you work with old software and asking your partners to send stuff int the old format.
You can download a converter from Microsoft (if you have a valid legacy Office licence). It's been out for a while, but I notice many people don't know it.

1 July 2008

Favourite Firefox extensions


Nicest thing about firefox these days are its extensions.
Internet explorer is also jumping on the bandwagon but somehow this seems to pollute the field with all kinds of nagware.
Anyway, here are some of my favourites

Filter out ads to make you pages lighter and more zen. And you can subscribe to filter sets, filtering out the common ones (I got one for belgian/dutch sites).
Lets you render firefox tabs using internet explorer (on windows), so you can browse pages that don't follow standards (e.g. Sharepoint)
Convert a web page to a pdf. Usefull if you want to send a html report page or such to someone.

  • search buttons
    • SearchWP: Convert search words in the search box into buttons that let you immediatly search in the web page you found. Great, with a drawback: you have to take care to click next to the buttons when you want to modify the searchbox.
    • Searchbox Sync: Update your search box (left top) with search terms entered on search engine pages like google etc. By the same author as SearchWP and a great match.


No need to move to the menu's or keyboard anymore,
use the mouse to command your browser.


This one takes you forward in your browsing history. Press right mouse button, move left. As you see it highlights the command you draw.




This one does the same, but only by clicking. Keep left button pressed and press right. Obviously right button, then left takes you back



There's a standard set of actions and you can import your preferred actions from sets made by enthousiasts (plugins of the plugin), or add your own. I added this one from the gesture exchange site:



This mod opens my current page in a new tab. Handy when you want to "branch off" while browsing and still keep the main flow available.

27 June 2008

SCBCD

Did the sun JEE5 certification yesterday.
I started preparing the evening before, which did not leave nearly enough time,
but all was well :)
The exam is not easy, which is a plus for it's credibility, compared to some mock certifications on the market.
The EJB3 course I'm teaching at sun (sl351) is a good start, but not sufficient.
Mikalai
Zaikin
's SCBCD 5.0 Study Guide was the best resource I found on the web.

Topics I got:

  • JNDI, JPQL, transactions, exceptions, rollback
  • combining transactions and entitymanager
  • orm mapping of an association class
  • NO deployment descriptor syntax questions
  • libraries included in JEE5
  • mapping users to roles
  • business method that you can call locally/remotely
  • at which level can you apply specific annotations?
  • legal return types for @webmethod
  • composite primary keys
  • mixing EJB2/3
  • persistence units

Top level internet domains

ICANN says generic top level domains will soon be made available. Nice, all these .com names are a bit tecno indeed.

18 June 2008

Attack of the coffee machines





Internet hacking through domotica to become a reality?

Message on security focus:

Hi All,
I have a Jura F90 Coffee maker with the Jura Internet Connection Kit. The idea is to:

"Enable the Jura Impressa F90 to communicate with the Internet, via a PC.
Download parameters to configure your espresso machine to your own personal taste.
If there's a problem, the engineers can run diagnostic tests and advise on the solution without your machine ever leaving the kitchen."

Guess what - it can not be patched as far as I can tell ;) It also has a few software vulnerabilities.

Fun things you can do with a Jura coffee maker:
1. Change the preset coffee settings (make weak or strong coffee)
2. Change the amount of water per cup (say 300ml for a short black) and make a puddle
3. Break it by engineering settings that are not compatible (and making it require a service)

The connectivity kit uses the connectivity of the PC it is running on to connect the coffee machine to the internet. This allows a remote coffee machine "engineer" to diagnose any problems and to remotely do a preliminary service.

Best yet, the software allows a remote attacker to gain access to the Windows XP system it is running on at the level of the user.

Compromise by Coffee.

Regards,
Craig Wright GSE-Compliance

17 June 2008

Microsoft recommits to UML

Bill Gates reverses the decision to drop UML support in favour of a proprietary Domain Specific Language. UML support will be included in Visual Studio 10.
Microsoft was one of the original companies pushing UML 1.0.
They turned away from UML, when Rational, the creator of UML, was swallowed by IBM.

This is great news for a common modelling language independent of your choice of programming language.

News page...