Planet Apache

Syndicate content
Updated: 15 hours 31 min ago

Bryan Pendleton: The wheels of regional planning roll along ...

Thu, 2015-01-08 19:18

Next door to my office, a redevelopment project has been underway for years.

I wrote about this a little more than a year ago: Up comes the Respect.

Since then, things have (on the surface) been quiet.

But it turns out, behind the scenes, things move along!

This month, an organization called the San Francisco Bay Conservation and Development Commission has been reviewing the proposed Alameda Boatworks development project.

Why?

Well, the project is on the waterfront, and the SFBDC cares about the waterfront:

When BCDC was established, only four miles of the Bay shoreline were open to public access. By drawing attention to the Bay, the Commission has played a major role in making the Bay and its shoreline a national recreational treasure. The Golden Gate National Recreational Area and numerous local, regional, and state parks and recreation areas have been established around the Bay since the Commission was established. The Commission has also approved thousands of new boat berths and has required that public access be provided along 65 miles of the shoreline as part of new waterfront projects. Now over 200 miles of the Bay shoreline are open to the public.

So, what did they review?

Well, they reviewed the Alameda Boatworks project plan, and they reviewed the explanatory exhibits.

The project plan is interesting, in particular the section where they talk about the challenges of planning a brand-new waterfront project in the face of climate change and expected sea level rises.

But the exhibits are particularly enjoyable to read, beautiful artwork, design drawings, artist's projections of what the site will look like.

If you could see it now: bare dirt, chain link fences, rocks and dust.

I think I will much prefer the waterfront trails, benches and playgrounds, parks and trees.

Hopefully it won't be too many more years.

Categories: FLOSS Project Planets

Matt Raible: Integrating Node.js, Ruby and Spring with Okta's SAML Support

Thu, 2015-01-08 13:52

Security has always piqued my interest, ever since I first developed AppFuse and figured out how to make J2EE security work back in 2004. I hacked AppFuse to have Remember Me functionality, then moved onto Acegi/Spring Security. Spring Security had the features I needed, even if it did require almost 100 lines of XML to configure it. These days, it's much better and its JavaConfig - combined with Spring Boot - is pretty slick.

That was the first part of my security life. The second phase began the night I met Trish, and learned she sold security products. She knew of OWASP and their top 10 rules. It was Trish that inspired me to write my Java Web Application Security presentation. I really enjoyed writing that presentation, comparing Apache Shiro, Spring Security and Java EE's security frameworks. I followed up the first time I presented it with a number of blog posts and screencasts. Hmmmm, maybe I should update the presentation/screencasts to use Java configuration only (#NoXML) and submit it to a couple conferences this year? I digress.

I had to do a security-related spike over the last couple weeks. I was trying to get SAML authentication working with Okta and my client's Active Directory server. Luckily, someone setup the AD integration so all I had to do was try a few different languages/frameworks. I searched and found ThoughtWorks' okta-samples, which includes examples using Node.js and Sinatra (Ruby + JRuby). I also found a Spring SAML example that includes one of my favorite things in JavaLand: Java-based configuration.

I'm happy to report I was able to get all of these applications working with my client's Okta setup. This article will tell you how I did it. For each application, I created a new application on Okta using its "Template SAML 2.0 Application" and added myself in the application's "People" tab. Each section below contains the configuration I used for Okta. The instructions below assume you're similar to me, a developer that has Java 8, Node and Ruby installed, but none of the specific frameworks. As I write this, I have everything working on my Mac with Yosemite, but I wrote the instructions below using one of my old laptops, fresh after a Yosemite upgrade.

The first thing I did was checkout ThoughtWorks samples.

git clone https://github.com/ThoughtWorksInc/okta-samples.git Node.js

I started by getting the Node.js sample working. For Okta's configuration, I used:

Setting Value Application label Okta Node.js Example Force Authentication false Post Back URL http://localhost:3000/login/callback Name ID Format EmailAddress Recipient http://localhost:3000/ Audience Restriction http://localhost:3000/ authnContextClassRef PasswordProtectedTransport Response Signed Assertion Signed Request Compressed Destination http://localhost:3000/login/callback Attribute Statements email|${user.email},firstName|${user.firstName}

The Node.js sample uses express, as well as passport and passport-saml. The passport packages are used to handle the SAML authentication and connect is used to compress the requests from your local server.

The only thing I needed to do to make the Node.js app work was to paste the X509 cert string and target URL into its config.json from the Okta app. In Okta's Admin interface, I clicked on the "Sign On" tab and clicked its "View Setup Instructions" button. I copied the "Redirect Login URL" value and copied it into config.json's entryPoint value. I then downloaded the certificate and opened it in vi. I ran the following two commands to remove ^M and line endings (more details here).

:%s/<Ctrl-V><Ctrl-M>//g :%s/\n//g

Next, I copied everything between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- and pasted it into the cert value of config.json. I had to remove the comments from config.json for everything to work.

After making these changes, I was able to run "npm install" and "npm start" and successfully login at http://localhost:3000.

Ruby

The Ruby sample uses Sinatra, omniauth and omniauth-saml. To run the okta-ruby-sinatra application, I had to start by installing Bundler.

sudo gem install bundler

Then I installed all the required gems for this project using the following command.

bundle install

This resulted in the following error:

An error occurred while installing nokogiri (1.6.1), and Bundler cannot continue. Make sure that `gem install nokogiri -v '1.6.1'` succeeds before bundling

I tried Bundler's suggestion, but it failed:

Gem::Installer::ExtensionBuildError: ERROR: Failed to build gem native extension. /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/bin/ruby extconf.rb mkmf.rb can't find header files for ruby at /System/Library/Frameworks/Ruby. framework/Versions/2.0/usr/lib/ruby/include/ruby.h

I then tried upgrading to Xcode 6.1.1. I received the same error and running "bundle update sinatra" and "sudo gem update --system" didn't help anything. I found an old Stack Overflow answer that suggested running "xcode-select --install" to install Xcode's Command Line Developer Tools. After doing so, I ran "sudo gcc" to accept to all Apple's licensing agreements. I ran "bundle install" again and this time it failed with the following error:

----- libxml2 is missing. please visit http://nokogiri.org/tutorials/installing_nokogiri.html for help with installing dependencies. ----- ... An error occurred while installing nokogiri (1.6.1), and Bundler cannot continue. Make sure that `gem install nokogiri -v '1.6.1'` succeeds before bundling.

I tried Bundler's suggested again: "sudo gem install nokogiri -v '1.6.1'". This didn't work, so I tried "bundle update" and it finally worked. I ran "bundle install" for the final time, followed by "ruby app.rb". WEBrick started and I created a "Okta Ruby Example" application on Okta with the following settings.

Setting Value Application label Okta Ruby Example Force Authentication false Post Back URL http://localhost:4567/auth/saml/callback Name ID Format EmailAddress Recipient http://localhost:4567 Audience Restriction http://localhost:4567 authnContextClassRef PasswordProtectedTransport Response Signed Assertion Signed Request Compressed Destination http://localhost:4567/auth/saml/callback Attribute Statements email|${user.email},firstName|${user.firstName}

To configure Sinatra with Otka's settings, I started by renaming the config.yml.sample file:

mv config.yml.sample config.yml In Otka's Admin UI for the application, I clicked on the "Sign On" tab and clicked its "View Setup Instructions" button. I copied the "Redirect Login URL" value and copied it into config.yml's target_url value. I then downloaded the certificate and ran the the following command in the directory I downloaded it to.

openssl x509 -noout -fingerprint -in "okta.cert"

I copied the fingerprint into config.yml's fingerprint value and restarted the app. I opened http://localhost:4567 in my browser and was able to successfully login.

JRuby

To start with JRuby, I first read the project's README. It mentioned issues with "nokogiri" and explains the project contains a patched release of nokogiri 1.6.0. Since I knew there was a later release, I modified Gemfile and removed the version and path information from the last line. I copied the config.yml from the Ruby project and ran the following commands to install Bundler, the project's dependencies and start the app.

jruby -S gem install bundler jruby -S bundle install

Running the second command resulted in the following error:

Your jruby version is 1.7.18, but your Gemfile specified jruby 1.7.4

I modified Gemfile to specify "1.7.18" and tried again. This time it worked. I started the application using the following command:

jruby app.rb NOTE: If you see the the following in your browser window, it means you forgot to copy config.yml from the Ruby project. undefined method `auth' for Sinatra::Application:Class

When I tried to login at http://localhost:4567, I saw an infinite redirect and the following error in my console.

W, [2015-01-08T08:53:22.514000 #56144] WARN -- : attack prevented by Rack::Protection::SessionHijacking 0:0:0:0:0:0:0:1 - - [08/Jan/2015 08:53:22] "GET / HTTP/1.1" 302 - 0.0190 0:0:0:0:0:0:0:1 - - [08/Jan/2015:08:53:22 MST] "GET / HTTP/1.1" 302 0

Stack Overflow indicated this is a problem caused by an old version of rack-protection. Running "jruby -S bundle update rack-protection" updated the project to use rack-protection 1.5.3 (was 1.5.1). After restarting and trying again, I received the following error:

I, [2015-01-08T08:59:32.679000 #56176] INFO -- omniauth: (saml) Callback phase initiated. E, [2015-01-08T08:59:34.747000 #56176] ERROR -- omniauth: (saml) Authentication failure! invalid_ticket: Onelogin::Saml::ValidationError, Digest mismatch 0:0:0:0:0:0:0:1 - - [08/Jan/2015:08:59:34 -0700] "POST /auth/saml/callback HTTP/1.1" 302 9 2.0760 0:0:0:0:0:0:0:1 - - [08/Jan/2015:08:59:34 -0700] "GET /auth/failure?message=invalid_ticket&strategy=saml HTTP/1.1" 404 449 0.0080 0:0:0:0:0:0:0:1 - - [08/Jan/2015:08:59:34 MST] "GET /auth/failure?message=invalid_ticket&strategy=saml HTTP/1.1" 404 449 - -> /auth/failure?message=invalid_ticket&strategy=saml 0:0:0:0:0:0:0:1 - - [08/Jan/2015:08:59:34 -0700] "GET /__sinatra__/404.png HTTP/1.1" 200 18893 0.0200 0:0:0:0:0:0:0:1 - - [08/Jan/2015:08:59:32 MST] "POST /auth/saml/callback HTTP/1.1" 302 9 - -> /auth/saml/callback 0:0:0:0:0:0:0:1 - - [08/Jan/2015:08:59:34 MST] "GET /__sinatra__/404.png HTTP/1.1" 200 18893 http://localhost:4567/auth/failure?message=invalid_ticket&strategy=saml -> /__sinatra__/404.png

At this point, the only thing different from my working version and my old laptop was the version of Java. My old laptop had "build 1.8.0_05-b13", so I upgraded to the latest version of Java 8 (update 25). This didn't help, so I tried updating all bundles with "jruby -S bundle update". This failed too, so I figured I'd try to use the version of JRuby that was on my working laptop (version 1.7.16.1). I installed Homebrew, ran "brew install jruby", removed the newer version from my path and downgraded the version in Gemfile. I had to re-install Bundler and the projects dependencies with the following commands.

jruby -S gem install bundler jruby -S bundle install

Same error again. I reverted Gemfile.lock and ran the only bundle update command I'd run on my working laptop:

$ jruby -S bundle update sinatra

Unfortunately, this still didn't fix the issue. I copied the project from my working laptop and tried running that project. It failed, proving that it was an environment issue, not a project/code issue. I tried rebooting and when that didn't work, I gave up. It's pretty strange this didn't work on a fresh Yosemite install - it took me less than 10 minutes to get it working originally.

Spring

The Spring sample I got working with Okta was Vincenzo De Notaris' spring-boot-security-saml-sample. This project uses Spring Boot and Spring Security SAML. I created a "Okta Spring Example" application on Okta with the following settings.

Setting Value Application label Okta Spring Example Force Authentication false Post Back URL http://localhost:8080/saml/SSO Name ID Format EmailAddress Recipient http://localhost:8080/saml/SSO Audience Restriction com:vdenotaris:spring:sp authnContextClassRef PasswordProtectedTransport Response Signed Assertion Signed Request Uncompressed Destination http://localhost:8080/saml/SSO Attribute Statements email|${user.email},firstName|${user.firstName}

The biggest thing I learned while trying to get these values correct was that Request needs to be set to Uncompressed.

After cloning the GitHub project to my hard drive, I added a new SSO provider by adding a new bean to WebSecurityConfig.java. The URL I got from Okta's Admin UI: Sign On > View Setup Instructions > Public Link (near the bottom of the page).

@Bean(name = "idp-okta") public ExtendedMetadataDelegate ssoOktaExtendedMetadataProvider() throws MetadataProviderException { @SuppressWarnings({ "deprecation"}) HTTPMetadataProvider httpMetadataProvider = new HTTPMetadataProvider("https://client.okta.com/app/random-key-here/sso/saml/metadata", 5000); httpMetadataProvider.setParserPool(parserPool()); ExtendedMetadataDelegate extendedMetadataDelegate = new ExtendedMetadataDelegate(httpMetadataProvider, extendedMetadata()); extendedMetadataDelegate.setMetadataTrustCheck(false); extendedMetadataDelegate.setMetadataRequireSignature(false); return extendedMetadataDelegate; }

For the SSL connection to work, I had to download the certificate and import it into the application's keystore. To do this in Chrome, I went to https://client.okta.com, clicked on the lock icon in the address bar, then dragged/dropped the certificate image to my desktop. This resulted in a *.okta.com.cer file on my desktop. I added it to the keystore using the following commands (thanks Stack Overflow).

keytool -importcert -file ~/Desktop/\*.okta.com.cer -keystore src/main/resources/saml/samlKeystore.jks

When prompted for the password, I entered "nalle123". This value is specified in WebSecurityConfig.java's keyManager bean. I then added this provider to the list of providers in the metadata bean.

@Bean @Qualifier("metadata") public CachingMetadataManager metadata() throws MetadataProviderException { List<MetadataProvider> providers = new ArrayList<MetadataProvider>(); providers.add(ssoOktaExtendedMetadataProvider()); providers.add(ssoCircleExtendedMetadataProvider()); return new CachingMetadataManager(providers); }

After making these changes, I started the application using "mvn spring-boot:run". I navigated to http://localhost:8080, chose Okta as my Idp and logged in successfully!

Summary

This article shows you how I got Node.js, Ruby and Spring applications working with Okta's SAML support. My experience with this when I first tried it: Node was super-easy, Ruby was a bit more difficult, JRuby was a cinch and Spring took several days. As you can tell from this article, Ruby/JRuby were the most difficult to make work on a clean machine.

All in all, working with Okta has been a pleasant experience so far. Hopefully this article helps make it a good experience for you as well.

Categories: FLOSS Project Planets

Bryan Pendleton: The Martian, redux

Thu, 2015-01-08 10:04

Well? Have you read The Martian yet?

If not, and you're still on the fence, there's a very nice interview with author Andy Weir over on the Nautilus site: The Hit Book That Came From Mars.

It's a great interview: Weir is very relaxed and revealing about how The Martian's success surprised him as much as anyone:

You know, I spend a lot of time trying to figure out why people like the book, because I’d like to write another book that they like that much.

It's a great book; he's a great writer; he sounds like a good human being, too.

I hope all this attention encourages him to continue writing great books.

Categories: FLOSS Project Planets

Claus Ibsen: IDC Report on Business Value of using JBoss Fuse (with Apache Camel)

Thu, 2015-01-08 04:08
This is just a blog post that has more commercial nature, but you can't have one without the other. In fact this is what keeps Apache Camel alive and doing so well, due also to its commercial success.

This report may be of interest to people who are looking for hard evidence of the value add of using Apache Camel commercially, from products such as JBoss Fuse.
IDC interviewed 6 organizations that report achieving significant business value by using Red Hat® JBoss® Fuse, in particular, and making their application integration and development efforts more efficient and productive. These 6 organizations are achieving a 3 year average return on investment (ROI) of 488% and earning back their investments in JBoss Fuse in 8.2 months.The report is downloadable as-is (no registration) from Red Hat website at: http://www.redhat.com/en/resources/value-red-hat-integration-products

Some of the highlights I see in relationship to Apache Camel are:


  • JBoss Fuse allows developers to program in Java, which becomes more of an extension to the application rather than a separate development experience. This resulted in making JBoss Fuse easier to adopt. As one customer explained, "One of the biggest advantages that we see with this product is that the integration tool is provided as a domain language. So it's like a natural extension of the Java language. You write integrations as if you're writing Java code. That means that all of the skills you need to debug in Java are the same skills required when you write integrations in this language. You don't have to go to another IDE or another toolset to understand how to write it. It's just Java code."
  • Another customer cited the team's desire to actually know and understand what the code is as a reason for adoption: "Before, we had a problem with the software, and actually being able to prove to the vendor that there was a problem before they would get around to fixing it is a lot harder if you can't actually see any of the code. And this is not a small issue … In order to lodge a request, we would often have to prove to them by writing a sample program and prove that they are the cause of the issue — in a way that it's reproducible in their environment."
  • A shipment and logistics company's application integration and development efforts benefit from the flexibility of JBoss Fuse's use of Apache Camel: "JBoss gives us the opportunity to help the developers in ways that wouldn't necessarily be possible with a graphical user interface tool."
  • Customers also said that they benefit from Red Hat's support and the ability to have access to and understand the code used for their applications. One customer praised Red Hat's support: "The customer service support from Red Hat has been exceptional. They gave us access directly to the developers who are writing the code, whereas it can be hard to actually get access to developers with other solutions."

  • Just a note to the last bullet. Our support program allowed the customer direct access to myself and other Camel core committers, so we were able to help them quickly, and also fix and improve Apache Camel based on their issues and findings.

    The report has more details, and hard numbers stating the "before" vs "after" and their gains (development time, performance, and many others) and cost benefits, such as pretty graphs as shown below:



    Categories: FLOSS Project Planets

    Justin Mason: Links for 2015-01-07

    Wed, 2015-01-07 18:58
    Categories: FLOSS Project Planets

    Nick Kew: Where do I find lost files and mail settings on Mac?

    Tue, 2015-01-06 19:19

    OK, today the macbook lost my mail.

    That is to say, instead of Mac’s mail client launching normally, showing me my folders and connecting to my servers, it gives me the setup wizard.  It won’t even let me bypass the wretched wizard and launch the mailer.

    OK, I haven’t lost anything irretrievable (except perhaps some long-forgotten drafts), but I’d really rather not do battle with that wizard again: so much frustrating guesswork to find the settings that’ll talk to imap and imaps servers.  Are my settings somewhere I can retrieve them?

    It’s at this point I realise how hopelessly irrelevant my Unix knowledge is when it comes to a Mac.  There’s no lost+found directory.  “ls -la ~ |grep -i mail” (and variants) turn up nothing.  Neither does a look in Mac’s /Applications/Mail.app turn up anything that looks remotely promising.

    More frustratingly, neither does Google.  My attempts to google this question just turn up screenfuls of how to do things using the Mail GUI.  The same mail client that refuses to launch without the ritual incantation of the setup wizard.  Grrrr …

    Dear lazyweb, Anyone know where in the mac filesystem I might look?  MacOS announces itself as 10.7.5.


    Categories: FLOSS Project Planets

    Justin Mason: Links for 2015-01-06

    Tue, 2015-01-06 18:58
    • Mantis: Netflix’s Event Stream Processing System

      Rx/reactive in style, autoscaling, support for queue/broker-based strong consistency as well as TCP-based lossy delivery

      (tags: netflix rx reactive autoscaling mantis stream-processing)

    • Bad Kids Jokes

      ‘I now a man with a wooden leg named sea what was the name of the other leg SAND’

      (tags: funny humor kids jokes humour)

    • The Hit Team

      Fergal Crehan’s new gig — good idea!

      The Hit Team helps you fight back against leaked photos and videos, internet targeting and revenge porn.

      (tags: revenge-porn revenge law privacy porn leaks photos videos images selfies)

    • F1: A Distributed SQL Database That Scales

      Beyond the interesting-enough stuff about scalability in a distributed SQL store, there’s this really nifty point about avoiding the horrors of the SQL/ORM impedance mismatch:

      At Google, Protocol Buffers are ubiquitous for data storage and interchange between applications. When we still had a MySQL schema, users often had to write tedious and error-prone transformations between database rows and in-memory data structures. Putting protocol buffers in the schema removes this impedance mismatch and gives users a universal data structure they can use both in the database and in application code…. Protocol Buffer columns are more natural and reduce semantic complexity for users, who can now read and write their logical business objects as atomic units, without having to think about materializing them using joins across several tables. This is something that pretty much any store can already adopt. Go protobufs. (or Avro, etc.) Also, I find this really neat, and I hope this idea is implemented elsewhere soon: asynchronous schema updates: Schema changes are applied asynchronously on multiple F1 servers. Anomalies are prevented by the use of a schema leasing mechanism with support for only current and next schema versions; and by subdividing schema changes into multiple phases where consecutive pairs of changes are mutually compatible and cannot cause anomalies.

      (tags: schema sql f1 google papers orm protobuf)

    Categories: FLOSS Project Planets

    Bernd Fondermann: Speaking at JAX'09

    Tue, 2015-01-06 12:05

    At the JAX'09 conference in Mainz end of April next year I'll be giving three talks on the whole, wow. One will be about Apache Lucene. The second will be a short talk about Apache Hadoop, a project which will be hard to fit into 30 minutes.

    And I'm especially excited to be able to speak about XMPP again, after the FastFeathertalk I gave at ApacheCon EU 08.

    By the way, ApacheCon EU 09 is one month before the JAX and still nothing to be heard about the accepted sessions...

    Categories: FLOSS Project Planets

    Bernd Fondermann: Community-wise, you are wrong every time

    Tue, 2015-01-06 12:05

    Open source projects aren't conflict free zones. People are trying to get along with each other most of the time, and sometimes this just doesn't work. That is life. We have to be prepared to be confronted with misbehavior, crossing of social barriers, accusations, misunderstandings, egos, cultures, you name it, when all we really want to do is hack cool stuff. That's the downside of working at really cool software projects. There are other developers you have to deal with. At Apache, conflicts mostly start or at least are fought over 'technical issues'. Everybody appearing publicly at Apache - users, committers, members - is ethically bound to communicate in a consensus-driven and open minded way. But if you really don't find a consensus, and every supposedly fruitful technical argument makes people angry, frustrated, annoyed or any other kind of bad mood, there is probably a more substantial underlying community issue ventilating.

    Warning signs are statements like 'I know I am right, why do you insist in your position?', 'This [my opinion] is a known fact. Period.', 'Everbody knows this, but you!', 'Simply change your tool/IDE/settings/operating system/keyboard layout/brain and shut up!'. 'I don't like people telling me what to do.'

    This happens when people became unable to let any other opinion approach to there minds that they seem to be shutting down for everything what everybody else is saying. The blue screen of discussion death, so to speak. They become very defending when in fact they there is no reason. Finding consensus becomes impossible.

    What's the solution when such a situation emerges? That's really difficult. So, let me tell you "The Parabel from the Developer with the Server Bug":

    Once upon a time there was a developer. He was programming against a server API. He laid out the client application brilliantly. He wrote tests, he reviewed the code. He even briefely talked to other developers about it. Then he let the client connect to the server. And all his excellent client was telling him is that there was a transmission error. Since he prepared his client program so thoroughly, certainly there was a bug in the server implementation. So he downloaded the sources (lucky him!) and looked into them. There he found ugly code, bad design, potential security holes. He ranted, he cursed. He thought about ways to torture the server app developer. He couldn't find the server bug, even less than the doomed soul writing this crap of a server. He turned away in disgust.

    In the evening, he met a friend and told his story. They both shook their heads in disbelief about the misery with the server bug. At some point over the third cold beverage his friend asked the developer: Have you checked if it's a bug in your own client code? The developer just laughed.

    Well, the next day the developer stumbled about a tiny little incorrectness in his own code, a probable misunderstanding of the server API spec. Small change. He started up his client again, and, can you believe it, everything just worked smoothly.

    That's the end of the story. Is there anything to learn from this? In computer programs, you might be able to find a prove (test case, svn log, etc.) for who did wrong what and when. This is not the same for community issues. If a fight breaks out, and you are a part of it, you are wrong every time. Fighting is a community bug. Take a step back before blaming others. Fix your own errors first. Let the others fix their own errors first, too. Then go back to discussion. Be polite. Be overly careful with every single word. Be pragmatic. Try to find a consensus, even if it's only to have a consenus. All parties will be unsatisfied. Maybe it will be painful for you more than the others. Maybe you have to go through this multiple times. But you have created something beyond just coding. You fixed the community.

    Categories: FLOSS Project Planets

    Bernd Fondermann: e-mail 1.0

    Tue, 2015-01-06 12:05

    While bravely fighting with the IMAP implementation in Apache James, Robert is hoping for relieve by new e-mail protocols. And indeed, it's high time. A lot of energy, both in productivity time and electrical power, is wasted. Wasted by huge piles of spam and other types of unsolicited e-mail. And this is not only a social phenomenon, it is made possible by the protocols used to transfer mail between computers. These protocols (SMTP, IMAP, POP) stem from the information technology middle ages. They are not appropriate for today's needs. We need something better. I don't talk about 'e-mail 2.0' here. We need 'e-mail 1.0', first.

    So the proposed goal is to establish RMEP, based on HTTP and XML. I don't think HTTP is an appropriate prerequisite. HTTP is a client/server protocol. It is not designed for message transfer. It is designed for hypertext transfer in the request/response world. And yes, you can probably make every protocol or type of messaging working embedded into HTTP. But there is no way to hide that the protocol wasn't originally build for this purpose. The interesting parts of such a mail protocol would be contained in the XML part, though. So using HTTP only leads to a half-hearted solution. We would start from a broken protocol and end up with a new protocol embedded in an another-purpose host protocol.

    The best would be to use a protocol which is especially designed for exchanging messages, both between client/server and server/server, which from the beginning supports security, encryption and compression and is extensible. Which is transport agnostic and uses XML as its syntactical foundation.

    A protocol matching all this is already in broad use, it is well-specified and understood. Mature, if you want. It's called XMPP, Extensible Messaging and Presence Protocol. The community around XMPP is open and very welcoming. And if you want, you can even transport XMPP via HTTP. XMPP is not restricted to request/reponse (polling). The server can truely push to its clients which reduces network traffic and makes life easier.

    XMPP is not RESTful. But access to a single message and complete message structures (trees of mailboxes) could be RESTyfied within XMPP. XEP-0013 could be a starting point. Mailboxes and storage would still need to be specified as separate XMPP extensions.

    Let's just hope that in the end the next-generation e-mail protocol (be it RMEP, XMPP or something else) will be chosen for its technical merits and not only because of politics.

    Categories: FLOSS Project Planets

    Bernd Fondermann: Joseph Weizenbaum passes away at the age of 85

    Tue, 2015-01-06 12:05

    A sad moment for computer sience and humanity in the information technology age as software developer, researcher and philosopher Joseph Weizenbaum died on March 5th (bios in en, de, the news in german).

    He worked and taught for over 30 years at MIT but he always kept a healthy and quite entertaining critical distance towards computer and technology. He constantly reflected about our usage of information technology. And more than once he came to the conclusion: Don't use it this way!

    He grew up in Berlin where he also lived for the last decade or so. When he was still a child his family luckily escaped Nazi Germany. Weizenbaum returned to the Nikolaiviertel neighborhood after his wife's death.

    His great book 'Computer Power and Human Reason' had a major influence on me. Still highly recommended! His last article (german original), published on the day of his 85th birthday in german newspaper Sueddeutsche Zeitung is still laying on my desk beside the laptop. It is about the perception and interpretation of all the information which is accessible to us these times. The article's subtitle (printed version only) translates to: "Earth could be paradise, if only we were able to truely understand it."

    Categories: FLOSS Project Planets

    Bryan Pendleton: Even the language is thrilling

    Mon, 2015-01-05 20:51

    I love the writeup in National Geographic's Beyond the Edge blog: Yosemite Climbers Attempt Historic First Free Ascent of El Capitan’s Dawn Wall.

    I'm not a climber, nor will I ever be (waaaay too much fear of heights), but I really enjoyed reading the article.

    This week all eyes are on climbing’s center stage, El Capitan, the 3,000-foot monolith in Yosemite National Park, as professional climbers Tommy Caldwell, one of our 2015 Adventurers of the Year, and Kevin Jorgeson vie to make history and complete the first free ascent of the Dawn Wall. Should they be successful in free climbing the Dawn Wall, it will be one of the most significant climbing achievements of all time.

    I'm sure that at least part of the reason I'm fascinated by climbing is because it's a "gearhead sport"; that is, there's lots of equipment to learn about.

    But another reason that I find climbing fascinating is the exotic jargon it's evolved to describe the activities of the sport:

    Pitch 16 is the infamous “Dyno Pitch,” in which the climber has to make a jump (dyno) six feet horizontally, and latch onto a downward sloping edge of rock and hold on while controlling the swinging momentum. Thus far Kevin has had the most success in sticking this rowdy move; Tommy, however, has had less success. On this push, Kevin plans to do the dyno.

    Tommy, however, plans to circumnavigate the dyno with a 5.14a variation. He will climb in a “loop”—reversing 20 feet of the last pitch, down-climbing 50 feet from the belay, and then coming back up to join a point above the dyno.

    Yes, we need the rain (oh, boy do we need the rain).

    But yes, it's been delightful to go for long walks in the park during my holiday break, and to ride my bike to work each day.

    And yes, it's delightful when an extended stretch of clear, dry weather leads to such a thrilling event!

    Categories: FLOSS Project Planets

    Justin Mason: Links for 2015-01-05

    Mon, 2015-01-05 18:58
    • Avleen Vig on distributed engineering teams

      This is a really excellent post on the topic, rebutting Paul Graham’s Bay-Area-centric thoughts on the topic very effectively. I’ve worked in both distributed and non-distributed, as well as effective and ineffective teams ;), and Avleen’s thoughts are very much on target.

      I’ve been involved in the New York start up scene since I joined Etsy in 2010. Since that time, I’ve seen more and more companies there embrace having distributed teams. Two companies I know which have risen to the top while doing this have been Etsy and DigitalOcean. Both have exceptional engineering teams working on high profile products used by many, many people around the world. There are certainly others outside New York, including Automattic, GitHub, Chef Inc, Puppet… the list goes on. So how did this happen? And why do people continue to insist that distributed teams lower performance, and are a bad idea? Partly because we’ve done a poor job of showing our industry how to be successful at it, and partly because it’s hard. Having successful distributed teams requires special skills from management, which arent’t easily learned until you have to manage a distributed team. Catch 22.

      (tags: business culture management communication work distributed-teams avleen-vig engineering)

    • Hack workaround to get JVM thread priorities working on Linux

      As used in Cassandra ( http://grokbase.com/t/hbase/dev/13bf9kezes/about-xx-threadprioritypolicy-42 )!

      if you just set the “ThreadPriorityPolicy” to something else than the legal values 0 or 1, [...] a slight logic bug in Sun’s JVM code kicks in, and thus sets the policy to be as if running with root – thus you get exactly what one desire. The operating system, Linux, won’t allow priorities to be heightened above “Normal” (negative nice value), and thus just ignores those requests (setting it to normal instead, nice value 0) – but it lets through the requests to set it lower (setting the nice value to some positive value).

      (tags: cassandra thread-priorities threads java jvm linux nice hacks)

    Categories: FLOSS Project Planets

    Dave Johnson: 2014 side projects

    Mon, 2015-01-05 08:46

    For various reasons, I've always got a couple of coding projects on the back burner, things that I hack around with on weekends and breaks. In 2014, I started four projects and learned about Ember.js, jQuery Mobile, Apache Shiro, Apache CXF and the Arquillian test framework.

    I like to share my code, so I've put my code on GitHub and I'm going to write a brief post about each here on my blog. I'll provide links as I go and, of course, I welcome any criticisms and suggestions for improvement that you might have. First up: the Usergrid-Mobile project.

    The Usergrid-Mobile project


    To be honest, Budapest was the goal of this project. In the Spring of 2014, I decided that the best chance of getting to ApacheCon EU in Budapest was to create a great "mobile development with Usergrid" talk, and to do that I needed a great example project. The resulting project shows how to create a dumbed-down Foursquare-style "checkin" app using HTML5, JavaScript, jQuery Mobile and Apache Cordova.

    Luckily for me, my talk was accepted for ApacheCon EU and in November I traveled to Budapest (took some photos) and gave the talk there.

    I also presented the talk at the All Things Open conference in Raleigh, NC and you can view a video of that talk, Mobile Development with Usergrid on YouTube.



    You can find the code for usergrid-mobile on GitHub. I also created a Vagrant File to launch a local instance of Usergrid for demo purposes. It's called usergrid-vagrant.

    That's all for now. Next up: Usergrid-Ember.

    Categories: FLOSS Project Planets

    Justin Mason: Links for 2015-01-04

    Sun, 2015-01-04 18:58
    • Amiko Alien2 / Enigma Discussion Thread – boards.ie

      Enigma is a Linux based alternative to the default Spark operating system on these boxes. Enigma is a more customisable OS and provides the ability to add plugins which can accomplish many tasks enabling users to have a box which might look and perform like a Sky box, giving a 7 day EPG and an alternative to series link. Looks like a pretty solid hacker community…

      (tags: alien2 tv enigma dvr freeview saorview pvr)

    • Hague reassures MPs on Office 365 data storage as Microsoft ordered to hand over email data

      William Hague, the leader of the House of Commons, has responded to concerns raised by an MP about the security of parliamentary data stored on Microsoft’s Cloud-based servers in Europe. “The relevant servers are situated in the Republic of Ireland and the Netherlands, both being territories covered by the EC Data Protection Directive,” William Hague wrote in a letter to John Hemming, MP for Birmingham Yardley. “Any access by US authorities to such data would have to be by way of mutual legal assistance arrangements with those countries.” [...] John Hemming MP told Computer Weekly Hague’s reassurances carried little weight in the face of aggressive legal action by the US government.  “The Microsoft case makes it clear that, in the end, the fact that Microsoft is a US company legally trumps the European Data Protection Directive [...] and where [the letter says] the US authorities could not exercise a right of search and seizure on an extraterritorial basis, well, they are doing that, in America, today.” Sounds like they didn’t think that through…

      (tags: mail privacy parliament office-365 microsoft mlat surveillance)

    Categories: FLOSS Project Planets

    Bruce Snyder: Halloween, Thanksgiving and SCI Recovery :: Bruce Snyder's Status

    Sun, 2015-01-04 15:57
    (I wrote this post in early December, but I forgot to post it, so here it is!)

    Halloween and Thanksgiving are standard American holidays and they are definitely a good way to mark the progress of my recovery. They seemed to so far away for so long and yet they flew right by this year.

    When you have kids, Halloween is a pretty fun time for them. From picking out pumpkins, to carving jack-o-lanterns, to jumping into big piles of leaves, to various Halloween parties leading up to the evening of trick-or-treating. When my girls were younger, they would get so excited for Halloween. They loved picking pumpkins right out of a pumpkin patch and couldn't wait to carve them. We would get out Halloween decorations for the house and carve our pumpkins together. They would really get into it with elaborate designs that they would trace on the pumpkins and require some time investment to carve whereas I would always carve simple, silly faces on my pumpkin that took no time at all to complete, but would make everyone laugh. Well this was the first year where my kids were not into Halloween very much.

    This year I was on my own to hand out candy to the trick-or-treaters. Janene was away on a business trip and both my girls were with their friends elsewhere in town. Although I've been mostly walking with the crutches at this point, any time I need to carry something I still need to sit down in the wheelchair to do so. It was too difficult for me to hold the door open to greet the trick-or-treaters while holding the big bowl of candy, so I sat in my wheelchair. It was still fun though because I was down low enough to see all the kids at their eye level and they instinctively helped to hold the door open as I put candy in their bags. Many of the kids know me from coaching soccer, volunteering at the elementary school, etc., so they talked to me about how my recovery is progressing. It was nice to see them all.

    Janene's folks came into town for several days to celebrate Thanksgiving and it was nice to have some family around for a while. They participated in our Thanksgiving traditions of fixing a big meal, going to see a movie and playing games afterwards. We also took the girls to see The Nutcracker ballet in Denver (as we have done for many years now) and afterwards we had dinner at a wonderful sushi restaurant. They also helped us put up Xmas holiday decorations around the house including all the outdoor lights. Janene and I have always done this with the girls but there's no way that I can climb a ladder and be on the roof in my current state so Janene's dad helped with that part.

    I continue with my recovery from the spinal cord injury. I continue to walk on a treadmill just about every day during the week because we have a couple in the fitness room I'm building at my work office. I've worked up to about 40 minute sessions walking at about 2.5 miles per hour. Although this is not much by normal standards, it is really helping my body to recover quite a lot.

    I also I got a stationary bike recently so that I can ride it on a regular basis. It is already help to rebuild the muscles in my hips and butt. I'd love to just put one of my bikes on my trainer an spin like I used to do, but there's no way that I can sit on a regular road bike seat at this point. The stationary bike has a wider more padded seat that allows me to ride for about 20 minutes at a time with a small amount of tension. Although it's a very different ride, it still feels good to be pedaling again.

    I continue with physical therapy appointments in Boulder twice a week. These sessions are important because my physical therapist shows me many exercises to do and is continually checking my progress, but most of the recovery is my responsibility. I have to keep doing the work every day and stay motivated to beat the muscle atrophy that has transformed my body so much. Because I have been through muscle atrophy almost 30 years ago when I had one of my knees reconstructed, I know what the hard work is all about. I also know that physical therapy is what can save you from a major injury. And so, I fight on.
    Categories: FLOSS Project Planets

    Edward J. Yoon: 10년 전 Web 2.0 인터넷 수준에 묶여 있었다!

    Sun, 2015-01-04 07:08
    고속도로 운전하면서 라디오에서 우연히 듣게 된 유엔미래포럼 박영숙 대표의 강연.

    목소리만 듣고 처음에는 박 대통령 신년사하는 줄 알았으나 내용이 너무도 유익했다. 우리는 급변하는 세상에 살고 있음을 다시 한번 느끼게 해주는 강연이었고, 웹 컴패니 구글, 페이스북, 그리고 아마존 등이 왜 그렇게 무인자동차, 드론 등에 투자를 추진하는지도 다시금 생각하게 되었다.

    뭐 물론 이런 내용은 꾸준히 생각하고 있었지만서도 미생물에서 점점 생물이 되어가는 ㅋ... 다세포 생물을 움직이는 감각세포 출현에 버금가는 혁신의 시대에 내가 살고 있구나! 라고 강하게 느꼈다.

    나는 다시 한번 나를 돌아봐야 한다. 현재도 여전히 10년 전의 Web 2.0 인터넷과 그에 필요한 기술 수준에 발묶여 있는건 아닌지. 틀을 다시 한번 깨고, 쫓아야할 때다.

    비록 이 몸은 묶여(?)있지만 어느때보다 나의 상상력과 비전은 미래를 향하고 있다. :)
    Categories: FLOSS Project Planets

    Gianugo Rabellino: And so it goes…

    Sun, 2015-01-04 03:49

    You stop updating your blog. A few weeks go by, then months, then all of a sudden you realize it’s been years since you wrote anything. Starting again is hard, as you feel you should write something important, explain why you have been away, condense years of stories into a big catching up post, commit to a New Year’s resolution of getting back to blogging and try to stick to it – the works.

    Or, you can just rediscover how much you really like FreeBSD, play with jails for a while, spend some time migrating a couple of databases and thinking that after all it’s just a blog, the world keeps on rolling with or without it and what is four years without posting among friends?

    So here is to a fresh install of WordPress on the latest FreeBSD, all running on Azure (more in upcoming posts). And to whatever may come next. I’m not promising it will last, but it feels good to be back.

    Categories: FLOSS Project Planets

    Justin Mason: Links for 2015-01-03

    Sat, 2015-01-03 18:58
    Categories: FLOSS Project Planets

    Dave Johnson: Phoenix Websites

    Sat, 2015-01-03 15:15

    My eldest son Alex and his friend Austin have started a website design and creation business called Phoenix Websites and, of course, I think this is a great thing. They're not yet out of high school and just getting started, but they've already landed a couple of real live customers. They've got some skills and are not afraid of hard work, so if you're a Triangle-area small business owner and you need a nice new website, check them out.

    Like any new business, they need some link love so here we go: Phoenix Websites: Website design and creation services in the Raleigh-Durham Triangle-area. Follow them on twitter at @phoenixrdu

    Categories: FLOSS Project Planets