Money waste at the government

The (Dutch) website Computable has a interesting article on how awful it is the government wastes enormous amounts of money on it-projects. With that regard a report by System Error on the UK government who are (were?) equally awful is still a good read: Fixing the flaws in government IT

Geplaatst in Ideas Getagd met ,

Databases on SSD

SSD disk are becoming increasingly popular. As they read faster, you might consider running databases such as Oracle DBMS, MySQL or non-sql databases. However, interestingly, originally databases are optimized for tradition hard drives with spinning disks: most importantly: data is read in small chunks, and sequential reads are faster than random reads. I can’t remember everything anymore, but I do remember doing calculations on various reading/writing algorithms during my university days.
For SSD’s this model doesn’t hold anymore: this blog posting shortly explains why: Why theory fails for SSDs There’s no difference, if I understand correctly between random reads and sequential reads. However writes are much slower. Also SSD’s have to calculate the physical address for every different read or write access. Meaning if you read a different part of the disk continuously, this will be slower then reading in the same pattern again and again.

Of course the theory doesn’t fail, but it just doesn’t apply to SSD :-).

Geplaatst in Technology Getagd met , ,

Diginotar

I just updated my (virtual) server, on which this weblog is running too. The update log was rather interesting this time:

Setting up tzdata-java (2011j-0ubuntu0.11.04) ...
Setting up ca-certificates (20090814+nmu2ubuntu0.1) ...
Updating certificates in /etc/ssl/certs... WARNING: Skipping duplicate certificate brasil.gov.br.pem
0 added, 1 removed; done.
Running hooks in /etc/ca-certificates/update.d....
updating keystore /etc/ssl/certs/java/cacerts...
  does not exist: /etc/ssl/certs/DigiNotar_Root_CA.pem
done.

For those living outside the Netherlands: DigiNotar was a issuer of ssl and pki certificates, similor to Verisign. Their main customer was the Dutch government. Turned out DigiNotar was hacked by Iranian hackers, but not only that, the hack happened a few months ago but they decided not to inform their clients. In the mean time, Dutch governmental communication wasn’t as secure as you might hope.
Of course the Dutch government did perform audits on DigiNotar – sort of, they outsourced the audit to the great company PwC, who verified that all of their procedures were correctly written down in Word documents with proper headings and jargon that pleases business consultants (quote from the DigiNotar website: ‘Certificering ETSI door PricewaterhouseCoopers  (november 2010 – november 2013) ‘) Of course they didn’t look at the actual software and IT security – why would anyone care about such technical details?

For more information, I found the following timeline.

Geplaatst in Various

Serializable Exception in Java

When  you use Wicket as webfrontend framework to build your application, sooner or later you’ll encounter the NotSerializableException. This is because Wicket will want to serialize any state you have into a HTTPSession. In Wicket, the first three pages are usually in memory too, so you could ignore the exception for a while, but of course this will fail immediately in case use want to use your webapplication in a clustered configuration. Not to mention you should never ignore Exceptions anyway.

The problem in solving such a Serializable exception is finding the field that is not Serializable. The stacktrace of java doesn’t help much. Fortunatelly, after some searching I’ve found the solution, in the comment of blog posting: add the option -Dsun.io.serialization.extendedDebugInfo=true to the JVM startup parameters.
Now the stacktrace gives you the exact fieldname or expression that is causing the problems, as you can see in the example below:

2011-07-23 21:44:50,362 ERROR [http-8080-1] [] org.apache.wicket.util.lang.Objects - Error serializing object class nl.gerbrandict.forum.AdminPage [object=[Page class = nl.gerbrandict.forum.AdminPage, id = 2, version = 0]]
java.io.NotSerializableException: org.springframework.beans.factory.support.DefaultListableBeanFactory
- field (class "org.springframework.orm.hibernate3.HibernateTransactionManager", name: "beanFactory", type: "interface org.springframework.beans.factory.BeanFactory")
- object (class "org.springframework.orm.hibernate3.HibernateTransactionManager", org.springframework.orm.hibernate3.HibernateTransactionManager@10fd8ce3)
- custom writeObject data (class "org.springframework.transaction.interceptor.TransactionInterceptor")
- object (class "org.springframework.transaction.interceptor.TransactionInterceptor", org.springframework.transaction.interceptor.TransactionInterceptor@2c96cb51)
- field (class "org.springframework.transaction.interceptor.TransactionAttributeSourceAdvisor", name: "transactionInterceptor", type: "class org.springframework.transaction.interceptor.TransactionInterceptor")
..
        - field (class "nl.gerbrandict.forum.AdminModel", name: "person", type: "class nl.gerbrandict.forum.Person")

(note: not publishing the entire stack trace and using some sample dummy field/classnames).
Although I haven’t tried, enabling this option in production is most likely a bad idea, because Serialization is already a pretty inefficient process without any debugging information enabled. In my case, I was using a PropertyModel somewhere, using non model as target object.

Geplaatst in Reviews Getagd met ,

OpenID from my website

A lot of websites now provide a way to authenticate yourself via OpenID. That way, you don’t have to remember a separate username and password to login to such a website, while still being secure.
The only challenge in using openid is remembering your openid URL, because there are quite a few possible openid providers. I currently can choose from (amongst others) Google, Yahoo, mijnopenid.nl, hyves.nl and quite a few others. Instead of remembering the username/password you have to remember which openid provider you’ve used for what account – which I think is the reason other authentication mechanism as facebook’s connect are becoming more popular. I’ll write about that later, in this page I just want to explain how I made my homepage, http://www.gerbrand-ict.nl an openid provider.
Very simple:

  • My homepage is running WordPress, a popular open source weblog.
  • There are a lot of plugins for WordPress, of which one is the openid plugin. By going to the administration screen and then to the section plugins, you can install the openid plugin easily by entering openid in the search box.
  • After installation, setup a default account.
  • Now I can authenticate myself to any site that uses openid, by just entering http://www.gerbrand-ict.nl !
Geplaatst in Technology

Slow right click on Windows

Besides by Mac laptop I have a Windows desktop at home. Windows 7 is all in all quite a nice OS. However, after using Windows for a while, Windows seems to start degrading. Of course one solution is to reinstall Windows, but that’s not exactly a clean solution. I wanted to know the source why Windows seems so slow. Better investigation seems the only problem is the File Explorer, especially when using the context menu/right clicking on a file.
This led me to think some third shell extension for the explorer might be the cause.
After some google’ing I found this nice article: slow right click. In the article a tool is listed: ShellExView. Using this tool you can disable any shell extension that’s hooked in the explorer. I disabled all software not coming from Microsoft, and my Windows starting working smoothly again! Of course any overlay icons from for example TortoiseSVN don’t work anymore, but that’s the whole idea of  these shell extensions. Now I just have to shell extensions one by one to find out what’s the actual cause of the slowness, but that’s better then reinstalling windows.

Geplaatst in Reviews Getagd met

Wicket Exception when using wrong order in addComponent

Today I working on a application that uses the Wicket framework. I was plagued with the following Exception:

WicketMessage: org.apache.wicket.WicketRuntimeException: component myForm:myTable:editor not found on page nl.gerbrand-ict.gui.HomePage[id = 4], listener interface = [RequestListenerInterface name=IActivePageBehaviorListener, method=public abstract void org.apache.wicket.behavior.IBehaviorListener.onRequest()]

Root cause:

...

In place of the … there was a full stacktrace, which information that’s not not relevant for this posting.

Turned out the solution was pretty simple, but the cause isn’t that easy to find and is quite a good example how some design decisions in Wicket aren’t considered as clean.

Lees meer ›

Geplaatst in Technology Getagd met ,

JavaFX 2.0

Yesterday I attended a NLJug meeting at Oracle at De Meern on JavaFX, called ‘JavaFX 2.0 EA‘. The meeting was presented by Roger Brinkley, who’s a called ‘Community leader’, of Mobile and Embedded. That he was formally part of Sun wasn’t hard to see based on his clothing and style.

Roger gave an overview of the new JavaFX 2.0, the road-map and the planned features. The software seems to be developed in an agile manner: the dead line is fixed, as is policy at Oracle (not meeting a dead line means exit for the responsible executive), but the final set of features is not.
The preview is available now for a limited audience, in May the first public beta will be released and in November the final will be available.

Lees meer ›

Geplaatst in Reviews Getagd met ,

Software engineering is design all the way: code as design

Recently I came across an article I remember reading quite some years ago and having quite an influence on my thinking.
A short summary in my own words. Creating software is usually viewed as a form of engineering, hence the name software engineering.  Engineering consists of designing constructs and building them. Lees meer ›

Geplaatst in Methodology

Enabling accesskeys for javascript events

Using the accesskey attribute, you can enable hotkeys for various html input elements. This allows one to get the focus to an input element by using the ALT-key + <CHARACTER> (on Windows) or CTRL-key + <CHARACTER> (on Mac). This way, your page is accessible by keyboards besides mouse.

Here’s the example taken from the Mozilla DevCenter:

  <label value="Enter Name" accesskey="e" control="myName"/>
  <textbox id="myName"/>
  <button label="Cancel" accesskey="n"/>
  <button label="Ok" accesskey="O"/>

Both buttons as well as the input box can be accessed by ALT+E, ALT+N, ALT+O on Windows or CTRL+E, CTRL+N or CTRL+O on a Apple-Mac.

This is quite easy to program, and works for all popular browsers (including Internet Explorer, Safari or Firefox).
There might be cases where you want to execute some javascript when an accesskey is hit, for example to fire a java-event. Almost all webapplications use javascript one way or another. Fortunately, you don’t not complitated key-event-handling javascript to do that, just use an empty link:

<a href="#" accesskey="y" onclick="some javascript"> </a>

The javascript is executed when the acesskey is hit, this case an ALT+y on Windows. The link is not displayed, so you’re free wetter or not to display a button, link or anything within your web-application.

Geplaatst in Technology Getagd met , ,

Google

Bol.com