Diginotar

I just updated my (virtual) server, on which this weblog is running too. The update log was rather interesting this time:

Setting up tzdata-java (2011j-0ubuntu0.11.04) ...
Setting up ca-certificates (20090814+nmu2ubuntu0.1) ...
Updating certificates in /etc/ssl/certs... WARNING: Skipping duplicate certificate brasil.gov.br.pem
0 added, 1 removed; done.
Running hooks in /etc/ca-certificates/update.d....
updating keystore /etc/ssl/certs/java/cacerts...
  does not exist: /etc/ssl/certs/DigiNotar_Root_CA.pem
done.

For those living outside the Netherlands: DigiNotar was a issuer of ssl and pki certificates, similor to Verisign. Their main customer was the Dutch government. Turned out DigiNotar was hacked by Iranian hackers, but not only that, the hack happened a few months ago but they decided not to inform their clients. In the mean time, Dutch governmental communication wasn’t as secure as you might hope.
Of course the Dutch government did perform audits on DigiNotar – sort of, they outsourced the audit to the great company PwC, who verified that all of their procedures were correctly written down in Word documents with proper headings and jargon that pleases business consultants (quote from the DigiNotar website: ‘Certificering ETSI door PricewaterhouseCoopers  (november 2010 – november 2013) ‘) Of course they didn’t look at the actual software and IT security – why would anyone care about such technical details?

For more information, I found the following timeline.

Geplaatst in Various

Serializable Exception in Java

When  you use Wicket as webfrontend framework to build your application, sooner or later you’ll encounter the NotSerializableException. This is because Wicket will want to serialize any state you have into a HTTPSession. In Wicket, the first three pages are usually in memory too, so you could ignore the exception for a while, but of course this will fail immediately in case use want to use your webapplication in a clustered configuration. Not to mention you should never ignore Exceptions anyway.

The problem in solving such a Serializable exception is finding the field that is not Serializable. The stacktrace of java doesn’t help much. Fortunatelly, after some searching I’ve found the solution, in the comment of blog posting: add the option -Dsun.io.serialization.extendedDebugInfo=true to the JVM startup parameters.
Now the stacktrace gives you the exact fieldname or expression that is causing the problems, as you can see in the example below:

2011-07-23 21:44:50,362 ERROR [http-8080-1] [] org.apache.wicket.util.lang.Objects - Error serializing object class nl.gerbrandict.forum.AdminPage [object=[Page class = nl.gerbrandict.forum.AdminPage, id = 2, version = 0]]
java.io.NotSerializableException: org.springframework.beans.factory.support.DefaultListableBeanFactory
- field (class "org.springframework.orm.hibernate3.HibernateTransactionManager", name: "beanFactory", type: "interface org.springframework.beans.factory.BeanFactory")
- object (class "org.springframework.orm.hibernate3.HibernateTransactionManager", org.springframework.orm.hibernate3.HibernateTransactionManager@10fd8ce3)
- custom writeObject data (class "org.springframework.transaction.interceptor.TransactionInterceptor")
- object (class "org.springframework.transaction.interceptor.TransactionInterceptor", org.springframework.transaction.interceptor.TransactionInterceptor@2c96cb51)
- field (class "org.springframework.transaction.interceptor.TransactionAttributeSourceAdvisor", name: "transactionInterceptor", type: "class org.springframework.transaction.interceptor.TransactionInterceptor")
..
        - field (class "nl.gerbrandict.forum.AdminModel", name: "person", type: "class nl.gerbrandict.forum.Person")

(note: not publishing the entire stack trace and using some sample dummy field/classnames).
Although I haven’t tried, enabling this option in production is most likely a bad idea, because Serialization is already a pretty inefficient process without any debugging information enabled. In my case, I was using a PropertyModel somewhere, using non model as target object.

Getagd met ,
Geplaatst in Reviews

OpenID from my website

A lot of websites now provide a way to authenticate yourself via OpenID. That way, you don’t have to remember a separate username and password to login to such a website, while still being secure.
The only challenge in using openid is remembering your openid URL, because there are quite a few possible openid providers. I currently can choose from (amongst others) Google, Yahoo, mijnopenid.nl, hyves.nl and quite a few others. Instead of remembering the username/password you have to remember which openid provider you’ve used for what account – which I think is the reason other authentication mechanism as facebook’s connect are becoming more popular. I’ll write about that later, in this page I just want to explain how I made my homepage, http://www.gerbrand-ict.nl an openid provider.
Very simple:

  • My homepage is running WordPress, a popular open source weblog.
  • There are a lot of plugins for WordPress, of which one is the openid plugin. By going to the administration screen and then to the section plugins, you can install the openid plugin easily by entering openid in the search box.
  • After installation, setup a default account.
  • Now I can authenticate myself to any site that uses openid, by just entering http://www.gerbrand-ict.nl !
Geplaatst in Technology

Slow right click on Windows

Besides by Mac laptop I have a Windows desktop at home. Windows 7 is all in all quite a nice OS. However, after using Windows for a while, Windows seems to start degrading. Of course one solution is to reinstall Windows, but that’s not exactly a clean solution. I wanted to know the source why Windows seems so slow. Better investigation seems the only problem is the File Explorer, especially when using the context menu/right clicking on a file.
This led me to think some third shell extension for the explorer might be the cause.
After some google’ing I found this nice article: slow right click. In the article a tool is listed: ShellExView. Using this tool you can disable any shell extension that’s hooked in the explorer. I disabled all software not coming from Microsoft, and my Windows starting working smoothly again! Of course any overlay icons from for example TortoiseSVN don’t work anymore, but that’s the whole idea of  these shell extensions. Now I just have to shell extensions one by one to find out what’s the actual cause of the slowness, but that’s better then reinstalling windows.

Getagd met
Geplaatst in Reviews

Wicket Exception when using wrong order in addComponent

Today I working on a application that uses the Wicket framework. I was plagued with the following Exception:

WicketMessage: org.apache.wicket.WicketRuntimeException: component myForm:myTable:editor not found on page nl.gerbrand-ict.gui.HomePage[id = 4], listener interface = [RequestListenerInterface name=IActivePageBehaviorListener, method=public abstract void org.apache.wicket.behavior.IBehaviorListener.onRequest()]

Root cause:

...

In place of the … there was a full stacktrace, which information that’s not not relevant for this posting.

Turned out the solution was pretty simple, but the cause isn’t that easy to find and is quite a good example how some design decisions in Wicket aren’t considered as clean.

Lees meer ›

Getagd met ,
Geplaatst in Technology

JavaFX 2.0

Yesterday I attended a NLJug meeting at Oracle at De Meern on JavaFX, called ‘JavaFX 2.0 EA‘. The meeting was presented by Roger Brinkley, who’s a called ‘Community leader’, of Mobile and Embedded. That he was formally part of Sun wasn’t hard to see based on his clothing and style.

Roger gave an overview of the new JavaFX 2.0, the road-map and the planned features. The software seems to be developed in an agile manner: the dead line is fixed, as is policy at Oracle (not meeting a dead line means exit for the responsible executive), but the final set of features is not.
The preview is available now for a limited audience, in May the first public beta will be released and in November the final will be available.

Lees meer ›

Getagd met ,
Geplaatst in Reviews

Software engineering is design all the way: code as design

Recently I came across an article I remember reading quite some years ago and having quite an influence on my thinking.
A short summary in my own words. Creating software is usually viewed as a form of engineering, hence the name software engineering.  Engineering consists of designing constructs and building them. Lees meer ›

Geplaatst in Methodology

Enabling accesskeys for javascript events

Using the accesskey attribute, you can enable hotkeys for various html input elements. This allows one to get the focus to an input element by using the ALT-key + <CHARACTER> (on Windows) or CTRL-key + <CHARACTER> (on Mac). This way, your page is accessible by keyboards besides mouse.

Here’s the example taken from the Mozilla DevCenter:

  <label value="Enter Name" accesskey="e" control="myName"/>
  <textbox id="myName"/>
  <button label="Cancel" accesskey="n"/>
  <button label="Ok" accesskey="O"/>

Both buttons as well as the input box can be accessed by ALT+E, ALT+N, ALT+O on Windows or CTRL+E, CTRL+N or CTRL+O on a Apple-Mac.

This is quite easy to program, and works for all popular browsers (including Internet Explorer, Safari or Firefox).
There might be cases where you want to execute some javascript when an accesskey is hit, for example to fire a java-event. Almost all webapplications use javascript one way or another. Fortunately, you don’t not complitated key-event-handling javascript to do that, just use an empty link:

<a href="#" accesskey="y" onclick="some javascript"> </a>

The javascript is executed when the acesskey is hit, this case an ALT+y on Windows. The link is not displayed, so you’re free wetter or not to display a button, link or anything within your web-application.

Getagd met , ,
Geplaatst in Technology

Creating an ear with version for Weblogic using Maven

Using the ear plugin of Maven 2 creating an ear is very easy. The produced ear follows the JEE spec, so you can normally use it in any application server.
I’m using the ear plugin as well, in my case to be used for Weblogic 9. Weblogic has a feature that allows you to update applications on the fly using the Deployments, update command. However, to be able to use that feature well, the MANIFEST file of the ear has to include a Weblogic specific version field called WebLogic-Application-Version, with a unique version for each ear you’d want to include. Without the version number, Weblogic will list the application twice in the weblogic administration console.

Lees meer ›

Getagd met
Geplaatst in Technology

Google buys Instantiations

A while a go I used to do Swing development, and I sometimes used the tool of Instantiations to develop my GUI. I quite liked the tool.
Before that I used Visual Basic and Visual Studio frequently. I never fully understood why people would fiddle so much with pixels, stylesheets, colors etc when you could just design your GUI visually.
Well, Instantiations has GWT design tool as well. I recently tried it out very shortly. The tool looked very nice.
I just recently Google bought Instantiations. Will this mean developer productivity in frontend development is cool again?

Getagd met , ,
Geplaatst in Various

Google

Bol.com