I always liked the way Apple Rendezvous or Zeroconf was written by combining existing internet standards like DNS and DHCP in different ways.
Now we as Java developers can join in the fun as well. Strangeberry a cryptic (dare I say Stealth) startup in Palo Alto have released a LGPL'd library for publishing and listening for Rendezvous services.
This is super cool I think. The library itself is nice and lean. What this means is that anyone with a SOAP, XML-RPC or even just plain vanilla HTML service can publish it easy for use on very local networks.
This is code out of the readme file for Service Registration:
import com.strangeberry.rendezvous.*;Rendezvous rendezvous = new Rendezvous();
rendezvous.registerService(
new ServiceInfo("_http._tcp.local.", "foo._http._tcp.local.", 1234, "index.html")
);
and for Service Discovery:
import com.strangeberry.rendezvous.*;static class SampleListener implements ServiceListener
{
public void addService(Rendezvous rendezvous, String type, String name)
{
System.out.println("ADD: " + rendezvous.getServiceInfo(type, name));
}
public void removeService(Rendezvous rendezvous, String type, String name)
{
System.out.println("REMOVE: " + name);
}
}Rendezvous rendezvous = new Rendezvous();
rendezvous.addServiceListener("_http._tcp.local.", new SampleListener());
XML Digital Signatures
Dr. John Boyer has an interesting article about XML-Signatures.
It's a highlevel kind of introduction but also has some great insight into some of the pitfalls when making XML-Signatures legally binding.
But making digital records with the legal enforceability of paper can be challenging because software developers have been trained to separate logic, data, and context (presentation and questions). Consequently, often what is digitally signed is only the data, or answers portion, of a contract or form.
Later, under regulatory or court scrutiny, it may not be clear exactly what the signature authorized. Did it authorize the purchase of "500" widgets or "500" gadgets? Did "yes" mean that the nuclear power plant inspection was trouble-free, or that further inspections were required? What did the person see and intend when applying his digital signature? It cannot be proven because the context (questions) are not bound with the answers and protected from tampering by the digital signature.
Good point. Ian Grigg has made this point for years and has restisted xml formats for this exact reason. He's always been a proponent of having the signed "contracts" have both human and computer readable content. So it can be upheld in court.
For examples see the contracts at the webfunds site.
I have been designing NeuDist to support XML based contracts. The volume of many of these contracts will be such that you dont really want vast amounts of human readable explanations in it. Being XML you certainly could have it as comments and use the XML Canonicalization algorithm with comments, which I'm doing anyway.
My approach is to have a set of standard certified XSL tranforms for making human readable forms of them. These could be available in different languages as well. It might be a point actually now I'm thinking of it to have that transform be required before the signature. So the version in transport doesnt have the human readable language, but the version that is used to generate and verify the sig does. hmm.
You hear the most interesting things over lunch in Panama, so I'll report this more or less as I heard it.
It appears that I together with many other people were a bit to hasty to come to conclusions about what happened around the Panamanian ban of UDP ports for IP Telephony.
First of all while Cable & Wireless have a decidedly dodgy history in this business, it apparently wasn't them that pushed for the ban.
The story is that in reality it was one of the new telecoms licensees, TeleCarrier Inc. who made the complaint and pulled the strings. I'm not 100% sure that it was TeleCarrier as I'm just trying to get verification of it, so take the name with a grain of salt.
Apparently this newish telecoms company, which is owned by one of the most powerful families in Panama. These newcomers to the business, saw the potential for loosing money and called their pals at the government entity regulator, who decreed the resolution in October.
Cable & Wireless were apparently hurt by this as well, as they have agreements with several voice over IP companies including Net2Phone. In my article yesterday about C&W's results you can see how important the IP business is to them. After January I think even more so when the voice market is liberalised.
The second interesting thing I learnt about this yesterday was that when the government realised how damaging this was to the reputation of Panama, they were up in arms about it. I believe the head of the Ente Regulador has been called in for questioning by the national assembly and both sides of the assembly are united in being against the block.
What does this mean for the future? It's probably pretty safe to say that the Supreme Courts suspension of the block will be upheld and we wont see this again. It also hopefully means that the government will in the future be a bit more careful about how innocent sounding local laws and decrees can affect their reputation world wide.
I've started writing again on EconoFist.
If anyone is interested I've written several news items about the economy etc in Central America there today.
I still dont understand everything that happened here, but I just saw the strangest news story on one of the local channels here TeleMetro.
A farmer died today in Panama because he left his gun on the ground and one of his pigs shot him with it.
Has PETA or ALF secretly training Panamanian pigs for an armed uprising? I dont know.
I'm still not quite sure on how a pig can shoot its owner. But as far as I can understand it picked up the gun with its mouth and the shot was fired while chewing it.
They had graphic footage of the dead farmer on the operating table and xrays of the bullet in his head. No doubt the tabloids will have a field day with this tomorrow.
Until I know exactly how it happened I cant say if he should be given a Darwin award or only an honerable mention.
Las ganancias de C&W en Panamá [La Prensa]
C&W released their results for the year 2001-2002. As far as my Spanish goes "Ingresos" means income, which I take to be Revenue.
This graphic shows the highlights
Basically they have made a total revenue of £296M during that period, of which £56M were international voice, £172M domestic voice, £25M mobiles, £26M IP and Data and the rest others.
Out of this they made a net profit of £134M
Thats not really bad is it considering the 600 people they are laying off here.
C&W Panama is a cross venture between Cable & Wireless in the UK and the Panamanian State. According to the article (I guess I knew this before) C&W owns %49 and the state %49. The reaminder is owned by the employees.
C&W have done similar deals in the past in many other countries, in particular the Caribbean. This has been highly profitable for them, even in a time where theyve lost much money on their global data businesses and sold off their global cable operations.
I'm alive but my Cable Modem was dead for about a week after returning here.
After initially thinking I hadn't paid my bill, to then being told there was an area wide outage. They discovered that some one in my building had tried to help them selves to Cable service by breaking into the box. This basically killed my service, but I'm back up and in business now.
After a slightly painful contract here in London, I'm finally heading back to Panama.
Thank god for that. There is so much going on that I need to sort out when I get there.
Just saw this on Slashdot.
Secure Interaction Design
Its a list of 10 suggested principles for secure interaction design, by Ka-Ping Yee.
Ka-Ping Yee is one of the fore most (maybe only??) experts in the field and has been involved with quite a few cool projects over the years.
I'm big on Capabability Security, which Ka-Ping is quite heavily involved with as well.
The list makes a lot of sense to me and they even have some handy colorful charts you can print and paste on your cubicle wall.
Tyler Close who I've mentioned before here has got some interesting stuff coming in the field as well that I'm playing with now. I'll post a review fairly soon, but I can say that it's a java based secure xml configurable SQL 2 Web Services platform, based entirely on Capability Security.
He has quite a few cool Open Source libraries for doing such applications available now.
The reason I bring up Tyler here is that Tyler and Ka-Ping have both been quite active in the development of Mark Miller's amazing E Secure P2P Scripting Language
Many of Ka-Ping's prototypes have been hacked up in this unique language. The language and runtime is written in Java and supports most Java libraries.
But handles things like Crypto, Capabilities and Identity fairly transparently.
The language is still developing, but I think they've frozen the language features by now. (The mailing lists where for years full of ex lisp/python etc. people discussing their favorite features).
javai18n: December 2002 Archives
David Czarnecki announces his new I18nL10nPlugin for IntelliJ.
Just tried it. I'm no expert in this field, but need to learn more.
The way it works is that you right click a Class or package and select "Externalize Strings" from the popup menu. It analyses the files and creates resource bundles for each class containing the strings it uses.
It doesnt go in to the original sourcefile and replaces them with references to the resources, but thats probably a good thing.
Nice work David.
[La Prensa Web] Bell South brinda desde hoy tercera generación
Bell South Panama has gone live today with their CDMA 2000 based 3G network.
Currently its only available to contract subscribers, but in 6 months time they hope to have it open for prepaid subscribers.
Phones will be available from around $100 a set.
One thing I always used to hate about linux was SysV style init scripts.
I always wondered why they had to be so complicated. I would also always do something stupid so when a server restarted a service wouldn't actually restart. Also what happens when a service dies? (Basically nothing, unless you have other monitoring software)
Apache had a pretty architecture early on with a signle supervise process managing several worker processes.
This is similar to D.J. Bernstein's approach to services in daemontools. For some of the benefits read his faq. So from now on just trust me this is what you want if you're running daemons of various flavors on unix.
The process of using daemontools for other of DJB's software such as qmail and tinydns is pretty well documented. But there isn't much describing how you use it with other server software. This is what I'm planning to write about here.
The basic concept of installing a service under daemontools is quite simple. I'm assuming you've already installed daemontools under /service.
You basically create a new directory for your service. Dont do this under /service just yet though. So for Orion you could create a directory called daemontools in your orion directory.
Within that directory you create a new file called run. This file is just a simple shell script that runs your daemon in foreground mode. eg.
#!/bin/sh
cd /usr/local/java/orion
exec java -jar orion.jar
Make sure you make this file executable.
This is very barebones of course. The server would run as root.
To install the service you simply link the directory you created before into your /service directory. eg:
ln -s /usr/local/java/orion/daemontools /service/orion
Thats it. Try doing a ps auwx and you should see the orion java process running as well as process called supervise orion.
This supervise process is what manages the lifecycle of your service.
You can control it with the svc command. See the docs for more info. But the basic commands that you need are:
svc -t /service/orion - Sends the service a TERM signal and restarts it.
svc -d /service/orion - Brings the service down.
svc -u /service/orion - Brings the service up.
To see why daemon tools are cool try killing the orion process manually. If you proceed to do a ps auwx you will notice that it's been restarted. Aint that just the coolest.
To run Orion as a different user. Create the user eg. orion and add the setuidgid command before java. eg:
exec setuidgid orion java -jar orion.jar
To restart it do a "svc -t /service/orion"
As a final touch we'll add support for daemontools log mechanisms.
DJB normally recommends having a different user for the log process for security reasons. So create a user called "orionlog".
within your /service/orion directory create a new directory called "log" and a directory called "log/main". Chown log/main to the orionlog user and create a new file called "log/run" with the following content:
#!/bin/sh
exec setuidgid orionlog multilog t ./main
Make sure this file is executable.
Also modify your original /service/orion/run file by adding this line before the java process line:
exec 2>&1. This reroutes STDERR to STDOUT.
Finally restart it as before. You now have orion running well under daemontools.
The daemontools logs will be in /service/orion/log/main/current
To setup Postgresql create the same basic directory structure with the following as the run file:
#!/bin/sh
echo Starting PostgreSQL
exec 2>&1
exec setuidgid postgres /usr/local/pgsql/bin/postmaster -D /usr/local/pgsql/data
Use the same log/run file as for orion just change the username to postgreslog (and remember to add that as a os user). Then link it into the /service directory as /service/postgres.
I decided to do a cvs update of maven for the first time in a month or two.
Promptly the changelog part when I run maven site breaks with the following message:
changelog:generate:[ERROR] BUILD FAILED
[ERROR] repository connection string contains less than six tokens
I guess something has changed some where. I never used to explicitly specify a repository connection string. I always assumed it just picked it up from the CVS/root file.
More research is needed.
So I've got JIRA2 (EAP) installed as the NeuDist Issue Tracking System up and running.
I think Jira is quite cool. As I'm the only developer right now on NeuDist it's a bit lonely :-(, but Its pretty cool.
I plan on using it as not only an issue tracking system, but for generalised project management as well.
I guess I'm a simple guy, but besides it being easy/simple to use for me. I really like the Road Map.
I've been setting up the new EAP of JIRA for use on NeuDist.
After a work induced lull in NeuDist I'm back (with a vengance) and the first thing I need to do is to start managing the process better. While I'm the only developer at the moment, it helps me to be able to go in and monitor bugs and features.
JIRA is pretty cool. Atlassian gave me a free Open Source license, which is nice.
It was pretty easy to install. This has given me an excuse to install the new 7.3 PostgreSQL release and Orion.
I've set both of these up with DJB's excellent DaemonTools package.
I've used these for a while, but only on DJB packages such as djbdns and qmail.
It was remarkedly easy to do. I'll work out a quick howto and post it here.