Many Java developers work in the financial web applications sphere. Yet most know very little about security and threat models. Since the browser is the main entry point into our applications, it is one of the primary tools we need to analyze when figuring out threat models.

A threat model is a type of threat that we are trying to secure ourselves against. A common mistake by naive developers (and marketeers) is to pronounce a system secure. What you really need to do is find out what are the possible bad things that could happen and secure against it. This is called threat modelling.

Ian Grigg has been one of the most vocal critics of SSL’s lack of a distinct threat model. See Whats your threat model? for more info. He couldnt find any prior good analysis of the browser threat model so as any good critic does he has worked on coming up with a document describing the browser threat model

He first lists various well known threat models on the internet and then identifies the ones specific to browsers. The three main ones being:

Phishing

These are the attacks that have become common place at the moment, most often on PayPal, but also on banks.

To Phish you normally would send a spam containing a fake email pretending to be from a given financial institution. This would give you some url to login to say your paypal account and change your password. The url would redirect you to their fake site, which harvests the passwords thus giving access to the users funds.

This is one of the largest and most serious problems at the moment. There are a range of different solutions, which like AISD treatments are probably best taken together in coctails. Ian mentions some high tech solutions such as improved SSL userinterface. There are also various relatively lowtech solutions, we as web developers can use to identify fake sites.

Eavesdropping

This has allways been relatively easy on the internet. With WIFI its become childsplay. One of my favorite tools to scare the bejezus out of managers to take this serious is to demonstrate Ettercap running on my notebook in a clients office. For use with WIFI first “break” the hard security using a tool such as AirSnort

As Ian points out the only real way to secure against this is by using encryption. SSL is the obvious tool to use here. For us Java developers, please lets encrypt the RMI/CORBA/SOAP/XMLRPC etc traffic as well. We almost never do this, leaving huge security holes.

While Ian mentions that privacy is generally the main victim in this. When we are talking about financial applications this is very important. When we also at the same time pass clear text authenticating tokens such as passwords along, we have even further issues.

Man in the Middle

This is the most celebrated threat model and the one which SSL’s CA’s were supposed to protect us against. Essentially this is a fake site between the user and the server. This intercepts and modifies or grabs the requests.

Ian writes:

There are extraordinarily few reports of MITMs. Some reports come from demonstrations.

There are no known reports of MITMs over the SSH network, which is arguably the highest prized network to attack, as it could create the pool of hacked machines to further deploy attacks. Likewise, OpenPGP and SSL have not experienced any successful MITMs that have been reported.

DNS has been “poisoned” several times, resulting in email and web sites being diverted. The former was for a privacy attack (salacious emails being revealed in political campaign) and the latter was a demonstration of the weakness of DNS.

MITMs remain the stuff of legend. Because of their poor filtering characteristics, and their active tracks and evidence, they remain the tools of only a select few fringe attackers with obscure interests.

I agree pretty much with this. Phishing and Eavesdropping are potentially a lot more serious, allthough less sexy. The expense introduced by the CA’s into the whole process of protecting against this kind of attack has left us much more open to the others.

DOS

Finally but not least Ian mentions DOS, which he classifies as a browser threat. This is when a machine is taken over by a trojan or virus and is part of a distributed denial of service attack against some server, such as the recent mydoom family.

I am not sure I agree that this is a browser threat model. I would say that this is more of a generalised threat model against:

• Normal PC’s
• Web servers

While serious these attacks dont really involve the browser though, so I dont think it can really be seen as a valid part of this list.

There are various other kinds of attacks that I think should be included in the list as they do include the browser. The most important being Cross Site Scripting which is a combination of browser and server related (and yes this is our responsibility as developers to test for).

A good resource for web application developers is OWASP who are attempting to raise awareness amongst us developers. See their 10 most critical web application security vulnerabilities I wouldnt be suprised if you found some in your own apps. Everyone does. Most of these aren’t browser threats, but you really should check it out anyway.

Just got back from probably the noisiest and liveliest carnival I have ever been to. The traditional carnival in Las Tablas, Panama.

While most tourists who do carnival in Panama go to Panama City, you must visit Las Tablas to really see the soul of the people. It is essentially 4 days and 5 nights of non stop dancing, Seco, singing, fireworks and general bachanal.

The fotos on this page are all from Friday the opening night, where the queens from last year paraded getting ready to hand over the crown to the new new queen.

Calle Arriba vs Calle Abajo

Most of the small towns of the Azuero peninsula in Panama have a friendly yet fierce competition every year between Calle Arriba and Calle Abajo. These are two “virtual” streets who each compete for the winner of the the queen of the carnaval. Essentially these are like the samba schools in Rio. Of course these towns are much smaller, so 2 is about realistic for each one. The sizes of these towns dont stop the creativity and vibrancy surrounding them.

Nights of Luxury

The nights are for Lujo (or Luxury). The cars and costumes are extremely ellaborate and they use vast amounts of fireworks, singing and crazy horn music to illustrate the point.

Each car starts with the flag bearers who are then followed by some dancers and drummers on the floor. These guys also at times blow up what seems like 100’s of thousands of firecrackers.

These guys are followed by the main car. This was the car for Calle Arriba’s first night. Click the top thumbnail for Calle Abajo’s car.

Every night the cars and costumes are different. The queens are accompanied by several girls and princesses.

After the main car you get a crowd of seco drinking members of the groups dancing and singing songs loaded with insults about the other queen. I didnt personally understand a word of it but, I’m assured that it was very funny. Finally you get the band on a seperate car. This is a pretty intense horn based orchestra who performs all night long on nothing but pure Seco as well.

Gay Carnaval

In Las Tablas Panama’s gay community plays a very active role in the carnival. They help out with everything from makeup and costumes to roudy behaviour. They also have their own queens, whos contest Reina Momo is televised by the always hilarious program La Cascara.

The leader of the chorus for Calle Abajo was a hilarious black gay guy, who one night was wearing an Afro wig complete with a bone through it.

Security

Generally speaking it was a pretty calm peaceful carneval with only one real violent event. Where one Panama City gang member was most likely killed by another. Security was very strict and everyone agreed that the police did an excellent job.

For the mojadero (see below) the police were dressed very coolely in black swimshorts and tshirts.

Pub Herrerano

After the parades everyone congregates in the open air makeshift night club Pub Herrerano or simply PH. This place gets unbelievably crowded and the crowd goes nuts all night long.

The music is mainly Reggae and Merengue. Drinks cost $1, bottles of Seco cost $10 and half gallon bottles $15. So you can imagine it was a merry place.

PH’s are normally found at all the major festivals and carnivals throught the year in Panama. We also went to the one in La Villa de los Santos, which was a bit less crowded and probably more enjoyable for your average foreigner.

Mojadera (The wettening)

The daytime at any Panamanian carnival is the reign of the Mojadera or Culecos. In Las Tablas this consisted of about 10 petrol tankers filled with water, spraying it out over the dancing carnival goers.

Everyone normally goes in bathing suits and old tshirts. I met some Dutch tourists who had been suprised by this and were soaked in their normal street clothes.

This is just crazy. Supposedly Panama uses more freshwater during carnival than for the entire rest of the year. I’m not sure that its true, but it definitely looked like it. Just imagine 100,000 people completely soaked to the skin and dancing. This is definitely worth experiencing. But please dress appropiately (and dont bring cameras, cellulars or anything else that could get damaged).

Andrew talks about how he believes that password security that is based on MD5 is bad.

There are a number of ways to do this. First off is the “dictionary attack” which means we check the dictionary for words and try them all or combinations of them. Lets presume that although you’re foolish enough to think this password encryption scheme makes sense, that you have at least thought of that and put some kind of sensible password verification which prevents stupid passwords from being chosen (such as dictionary words). However, if you use a password system like “must be 20 characters long” then you can walk into the office and see that all users will have a post it prominently placed because they can’t remember a 20 character long password. Or they will store it in IE’s password memory feature.

Now this is all true. Password security is not as secure as most people might think. However MD5 is better than clear. Actually MD5 is pretty bad. You should use SHA1 instead, as MD5 has been proven to be insecure.

The best way to see for your self is to download one of the excellent free password recovery tools (Note euphemism) John the Ripper is the best for Unix and Cain & Abel is the best for windows. First time you run Cain & Abel on a windows machine can be quite frightening.

These tools will show the importance of more complex passwords. I worked at a major German investment bank in London (who shall remain nameless). The application that we inherited was from an outside developer (written in NetDynamics AAARGH!!! Never Again!!!). All the passwords were stored in the clear. A few of them had been changed from their default passwords, while most of them not. So a good %80 of the passwords for a major critical financial application in a major bank, where the same and accessible to us developers. The others were most probably the same as their email passwords and machine passwords.

I implemented a change to a SHA1 based password scheme, quarterly password renewal requirements and several complexity requirements to the password.

So what was the excercise there? Obviously to make the system more secure. Amongst other things it was to hide the clear text passwords from the developers and support people. It is about increasing the security.

If you in addition to using SHA1 also use additional requirements of password complexity. Just having a minimum of 8 characters makes it much more difficult by an order of magnitude to crack. For my own passwords I use APG which is excellent. I cant tell users to use complex passwords, but I can require some level of complexity and allow them to reset their own passwords.

The fact that many people forget is there is no such thing as a secure system. There are only varying levels of security. For example, who cares what you use for password security for your web application, if people can access your oracle server directly with ‘scott’/’tiger’ or your appserver with direct unprotected RMI/CORBA calls. I have seen systems in banks, where SWIFT processing severs were available through unprotected CORBA. Granted, banks generally work on a multi level security system, where that would get caught before an actual transfer would be made. However if you can fake that, then you can maybe fake the other documentation, or cause an internal SWIFT Denial of Service, bringing the bank to a standstill.

While we often laugh at users with their passwords on post it notes, we as developers tend do be the largest security risks. Think about that. Always analyze exactly what you aim to protect with a security policy and think about technical as well as often more importantly non technical solutions.

Carnaval is the best most intense 4 nights in Panama. It starts Friday night and is essentially a huge non stop street party in almost all of the cities an villages of Panama.

Last year I went to the carnaval here in the city, but this year I will be going to the Azuero peninsula in the two cities of Las Tablas and La Villa. Everyone says that La Villa is the best in the day time and Las Tablas the best at night. We shall see. I am definitely looking forward to it.

Carnaval here is a lot more of a street party, than the large parades you see in Trinidad and Rio. Panamanians are normally very well dressed, but for carnaval they find their oldest shorts, most tired tshirs and let loose.

The most popular activity in the day time are the culeco’s, where the crowd gets hosed down with huge amounts of water, while they are going crazy to the latest reggae, salsa and merengue. Just think of it as wet t-shirt country!!!

Friday night we are supposed to see the parades in Las Tablas where the Queens of Calle Arriba and Calle Abajo fight for the crown of Las Tablas.

In the night time Pub Herrerano rules with their open air night clubs at all the major carnaval locations. We’ve got our VIP passes purchased already. Cant wait. I hear they often have promotions down to $5 per bottle of Rum. Cant beat that.

Music wise Reggae, Merengue and a particular Panamanian party version of Salsa rules. Last year the number one song was Kulikitak (see video of last years dance contest here and you’ll know what I mean.)

This year, I’m not sure what will be the anthem, but it looks likely that the banned song La Doña about our president will win the title.

We leave tomorrow morning, so I wont be blogging during Carnaval time. But I will attempt to post pictures, when I get back.

I am amazed that this hasnt happened earlier. Tim Oren writes about an announcement sent to a VC mailing list.

The use of open source software is pervasive today and, when used correctly, is a low-cost alternative to developed code. However, open source software can cause major headaches for companies looking for funding and for investors looking for exits. Today, some acquirers view open source as being no different than fraud on the books.

To help companies and their VCs tackle this complicated issue, we’re bringing together top legal experts from Microsoft and Testa, Hurwitz & Thibeault (boldface in original - ed.) with two preeminent personality (sic) in the open source community for a dynamic 90-minute audio/Web seminar … entitled:

“The Software Wars: How Open Source May Dramatically Affect Your Company’s Funding & Liquidity”

No matter how familiar you are with your company’s technology and its origin, you can’t afford to miss this interactive audio/Web seminar. Not only will you gain a better understanding of how open source can affect your company’s value but you’ll also receive a wealth of easy-to-implement strategies for managing the risk involved with using publicly available software code—or for avoiding it all together. When you join us, you’ll have the rare opportunity to see clearly both sides of the dynamic open source issue….

… other topics… include:

• Which open source licenses are to be avoided and why
• How will the use of open source affect your company’s target value
• What management policies are most effective in regulating the use of open source
• Ways you can minimize the damage of past open source use
• How best to comply with the licenses of open source code
• Who should you turn to for help addressing your open source issues
• Best practices for storing work and assessing compliance with regulations
• Tactics for creating internal systems to review proprietary software

Look how they are scaring people into using commercial software. The fact of the matter is GPL only really has an effect on people distributing software (which includes hardware vendors).

Most service based startups have little if nothing to by using GPL as they dont distribute their software.

In fact I would find it directly irresponsible if I was a VC analyst if a startup spent lots of money on large commercial app servers with heavy license fees and heavier annual support fees.

I’m sorry but this is just sad. It appears that John Kerry has joined the merry group of hard core sex sites that regularly spam my web logs with so called referrer spam .

How this works is that you create generally some sort of spider, that instead of sucking up email addresses hits your site with the http referrer of the offending site. In this case blog.johnkerry.com, who I really wont dignify with a real link.

The end result is a link displayed in my log viewer or if I had one a link displayed in my referrer scroll log on my blog, which is most likely what they were after in the first place.

Now I have no interest in adding to the incredibly boring goings on about the democratic primaries. But this is just plain silly.

I have been steadfastly ignoring the GUI tools in IDEA4 throughout the whole Aurora dev phase. I dont really do much in the way of gui work and have generally found that its best to do it straight in code, when I’ve had to.

I did think it would be an interesting excercise though to try it out. After all this is IDEA. It should be quite good.

Form Designer

The above shows the form designer. I recommend that you go through the live demos on the IntelliJ site. They explained a few things that I wasnt aware of. But its really pretty much the same as is in the online help.

The functionality is very similar to that of QT Designer which should be installed on just about any Linux box. This is good as qt designer is very intuitive tool.

To create a form you go through the following steps:

1. Create new form
2. Drop components on form with rough positioning
3. Group certain related components together using vertical or horizontal layouts
4. Add Spacers to hint at how you want the form formatted
5. Group everything into a grid layout

This is all really very simple and intuitive. You can get a nicely looking form done in no time.

Binding

Binding is the process of linking the gui to code. You simply select the Form object and ad a Class name to the “bind to class” property. If the class doesnt exist a “Create new Class” intent is shown. This is one thing I think they’ve done wrong. It shows the Intent in the object tree next to the Form object. Which isnt wrong, but it doesnt show it in the property box, where your cursor is. This means you have to click up on the intent to select it manually as opposed to - that we normally use.

You then bind the interesting components the same way to the class by writing variable names in the “binding” property of each one.

Really its simple, easy and creates clean code:

package org.talk;

import javax.swing.*;
import java.awt.event.ActionListener;
import java.awt.event.ActionEvent;

public class PassphraseDialog {
     private JPanel panel;
     private JPasswordField password;
     private JLabel user;
     private JButton btnCancel;
     private JButton btnOk;
}

All you need to do now is to instantiate it and create the enabling code.

Enabling code

The main thing you need to do in your class now is to create a JFrame or whatever and add the panel to it, as well as of course add listeners etc.

This simple example instantiates a JFrame adds the contents of the form and a bit of naive form handling.

package org.talk;

import javax.swing.*;
import java.awt.event.ActionListener;
import java.awt.event.ActionEvent;

public class PassphraseDialog {
     private JPanel panel;
     private JPasswordField password;
     private JLabel user;
     private JButton btnCancel;
     private JButton btnOk;
     private JFrame frame;
 
     public PassphraseDialog() {
          frame=new JFrame("Please enter Passphrase...");
          frame.setContentPane(panel);
          btnCancel.addActionListener(new ActionListener() {
               public void actionPerformed(ActionEvent e) {
                    frame.hide();
                    frame.dispose();
                }
           });
          btnOk.addActionListener(new ActionListener(){
               public void actionPerformed(ActionEvent e) {
                    frame.hide();
                    frame.dispose();
                    System.out.println("passphrase is: "+new String(password.getPassword()));
                }
           });
          frame.setDefaultCloseOperation(JFrame.DISPOSE_ON_CLOSE);
      }
 
     public  void  show(String name){
          user.setText(name);
          frame.pack();
          frame.show();
      }
 
     public void dispose(){
          frame.dispose();
      }
 
     public  static void main (String args[]){
          PassphraseDialog dialog=new PassphraseDialog();
          dialog.show("bob");
      }
}

As you can see the code is simple and doesnt have anything strange in it. However that is the strange thing and the thing that I really dont like about IDEA gui designer.

It hides to much from us. To see what is actually going on, go into “Settings…”, click “GUI Designer” and select “Generate GUI into java source code”.

This immediately shows us all the ugly stuff that always ends up in interactive gui designers.

This adds all of this frightfull stuff:

 {
 // GUI initializer generated by IntelliJ IDEA GUI Designer
 // >>> IMPORTANT!! <<<
 // DO NOT EDIT OR ADD ANY CODE HERE!
         $$$setupUI$$$();
     }

    /**
     * Method generated by IntelliJ IDEA GUI Designer
     * >>> IMPORTANT!! <<<
     * DO NOT edit this method OR call it in your code!
     */
    private void $$$setupUI$$$() {
         final JPanel _1;
         _1 = new JPanel();
         panel = _1;
         _1.setLayout(new com.intellij.uiDesigner.core.GridLayoutManager(4, 3, new java.awt.Insets(0, 0, 0, 0), -1, -1));
         final JPanel _2;
         _2 = new JPanel();
         _2.setLayout(new com.intellij.uiDesigner.core.GridLayoutManager(1, 2, new java.awt.Insets(0, 0, 0, 0), -1, -1));
         _1.add(_2, new com.intellij.uiDesigner.core.GridConstraints(3, 1, 1, 2, 0, 3, 3, 3, null, null, null));
         final JButton _3;
         _3 = new JButton();
         btnOk = _3;
         _3.setText("OK");
         _2.add(_3, new com.intellij.uiDesigner.core.GridConstraints(0, 0, 1, 1, 0, 1, 3, 0, null, null, null));
         final JButton _4;
         _4 = new JButton();
         btnCancel = _4;
         _4.setText("Cancel");
         _2.add(_4, new com.intellij.uiDesigner.core.GridConstraints(0, 1, 1, 1, 0, 1, 3, 0, null, null, null));
         final com.intellij.uiDesigner.core.Spacer _5;
         _5 = new com.intellij.uiDesigner.core.Spacer();
         _1.add(_5, new com.intellij.uiDesigner.core.GridConstraints(3, 0, 1, 1, 0, 1, 6, 1, null, null, null));
         final JLabel _6;
         _6 = new JLabel();
         _6.setText("Please enter Passphrase for");
         _1.add(_6, new com.intellij.uiDesigner.core.GridConstraints(0, 0, 1, 2, 8, 0, 0, 0, null, null, null));
         final JLabel _7;
         _7 = new JLabel();
         user = _7;
         _7.setText("name");
         _1.add(_7, new com.intellij.uiDesigner.core.GridConstraints(1, 0, 1, 1, 8, 0, 0, 0, null, null, null));
         final JPanel _8;
         _8 = new JPanel();
         _8.setLayout(new com.intellij.uiDesigner.core.GridLayoutManager(1, 2, new java.awt.Insets(0, 0, 0, 0), -1, -1));
         _1.add(_8, new com.intellij.uiDesigner.core.GridConstraints(2, 0, 1, 3, 0, 3, 3, 3, null, null, null));
         final JLabel _9;
         _9 = new JLabel();
         _9.setText("Passphrase");
         _8.add(_9, new com.intellij.uiDesigner.core.GridConstraints(0, 0, 1, 1, 8, 0, 0, 0, null, null, null));
         final JPasswordField _10;
         _10 = new JPasswordField();
         password = _10;
         _8.add(_10, new com.intellij.uiDesigner.core.GridConstraints(0, 1, 1, 1, 8, 1, 6, 0, null, new java.awt.Dimension(150, -1), null));
         final com.intellij.uiDesigner.core.Spacer _11;
         _11 = new com.intellij.uiDesigner.core.Spacer();
         _1.add(_11, new com.intellij.uiDesigner.core.GridConstraints(0, 2, 1, 1, 0, 1, 6, 1, null, null, null));
         final com.intellij.uiDesigner.core.Spacer _12;
         _12 = new com.intellij.uiDesigner.core.Spacer();
         _1.add(_12, new com.intellij.uiDesigner.core.GridConstraints(1, 2, 1, 1, 0, 1, 6, 1, null, null, null));
     }

Which should be enough to scare the living daylights out of anyone. Besides the ugly code, that really isnt that much of a problem, the big deal for me is that now you need to include the com.intellij.uiDesigner.* stuff in your classpath. Which it automatically does when you build it. But this really makes it pretty much useless for OSS development.

Is there really no other way of doing this than using custom classes? I have no idea, and I supose that I really dont care too much. But howabout serialized forms or something, that you can initialize with one line of standard java?

I’m sorry I missed him but Phil Greenspun was here a few weeks ago on a helicopter training course.

Phil is an excellent photographer and he’s posted some of the most amazing pictures I’ve seen on the internet from Panama:

• Panama Misc
• Panama Canal
• Casco Viejo The old town
• Panama City Aerials
• Embera Tribe Village
• San Blas Islands

The pictures are really of outstanding quality. In particular I like the aerials of the city and the pictures from the Embera village.

Try this for a 30 minute contrast. Punta Paitilla, Panama City and 4 Embera Guys both less than 30 minutes a way by helicopter. Phil writes about it here in Helicopter Anthropology

For more check out my own pictures from my Daytrip to the Caribbean

So I’ve been playing a bit with clump a very cool tiny build tool for C.

Clump analyzes the .c files for #include directives and main() functions. Then builds executables for each file containing a main, linking in the required libraries based on the included headers.

So in otherwords you never have to maintain Makefiles again. Dont expect it to work for complex projects (yet), but if you have a bunch of .c files in a directory all you need to build it is to type: clump

One caveat is that this will only work if you are using a few standard libraries. However it is very easy to add support for just about any type of library using a optional file called clump.ini

This file contains a few simple directives you can use to customize the build that clump performs:

objdir ../obj
bindir ../bin
compile "gcc -c -Wall -Werror -I/usr/include/libxml2 -ansi -O2 $(cfile) -o $(ofile)"
link "gcc $(objects) -o $(efile)"
syshdr libxml/tree.h  -lxml
syshdr libxslt/xslt.h  -lxslt

This example file is all you need for writing c applications using libxml2. The objdir, bindir and link lines are really optional and I’m only including them here to show their use.

In the compile directive I am telling clump to use this commandline for compiling each file. Thus I can include special include paths here, like the one for libxml2.

The syshdr directive is probably the meat of the intelligence. You basically use it to mark various header files to library flags. So, in this is example any .c file that includes libxml/tree.h should be linked with libxml.

It’s really very simple to configure.

Patrick Chkoreff the author of clump tells me about the following shortcomings:

• Unix only at the moment. He is planning a windows version
• Currently only builds executables. He is working on adding support for libraries. He says it should be fairly simple to add.
• Only deals with code files immediately contained in the current directory.
• He wants to implement a -m flag for outputting a Makefile.

All in all very cool. Particular for us occasional c programmers, who arent working on major ground breaking open source programs.

After using it for a few days, I was struck at how the basic philosophy is similar to Maven in the way that it kind of just figures out what to do, if you put it in the right structure.

After a longer hiatus as well as loosing my old Econofist domain name, I feel I have enough rants saved up to reopen my old economics blog. Just now with a new name EconoTrix

Warning I am very much a big old libertarian. I dont suffer well phrases like “There should be a law” or “Someone should do something about this”.

One of the wonders of living in Panama City is that we have the pacific in front of us and the Caribbean about an hour or two away by car. Not that I had ever actually made use of that fact before. Here is the story of my first trip to the Panamanian Caribbean coast.

My wife is studying at the University of Panama, where they are required to do a class in environmental studies regardless of their field of study. The best time to do this is now in the quiet Panamanian summer months. When the professor told them they had to go on a field trip, I decided I would crash the party.

We first visited various sites near Panama and then off to Colon via the Madden Dam. Finally we ended up in historic and very beautiful Portobelo.

Diablo Rojo

First lets introduce our transportation “Angel” the Diablo Rojo. Diablo Rojo’s are the most common forms of public transportation found in Panama. They are converted US school buses, normally with much airbrush art on the outside and heavy sound system on the inside. They are as uncomfortable as you might think, and really if youre driving in Pannama, I would recommend stearing well away from them. However they are a traditional part of the party that is the quintisential Panamanian road trip and it ended up good fun.

We first visited the bay of Panama, off Avenida Balboa. It’s an incredible site in the morning when the sun is shining. However subject matter was about the polution from the raw effluence. They are planning on cleaning it up, but the professor says rightly so, that they really need to look at the rivers upstream before they attempt to clean it up. Ok. enough environmental stuff.

Madden Dam

Madden Dam was built in 1936 by the Americans to help provide better water supply to the canal during the dry months, such as now. It also the source of our excellent drinking water in the city. It is essentially in the middle of a rain forest on the top of the continental divide. The dam is impresive and the lake is also very nice. At the same time of us there were 3 tour busses filled with American tourists, who were clearly more interested in taking pictures of the diablo rojo and the very lovely female students (who were happy to pose).

Colon

After Madden we went to Colon. Colon is the large city on the Caribbean entrance of the canal. It first grew up around the time of the California gold rush, when it was the Atlantic station of the old Panamanian railroad. Later it was a center of both French and US canal digging activities and has as such got an interesting Caribbean feel to it. Colon has always been a sin city, with at its height I’m sure 100+ bordello’s etc. Now a days it has the feel of Kingston, Jamaica, yet even more run down.

Colon is the main center of Panama’s English speaking Caribbean minority, the decendents of Jamaican’s and Bajan’s (Barbadian’s) who came to work first on the rail road and then the French and US canal projects. They traditionally worked for the American’s and after the US Canal Zone was abolished in 1977, Colon gradually fell apart and has become very dilapidated.

An old symbol of the railroad time is the old Hotel Washington, which at its time was one of the swankiest hotel’s in the western hemisphere. Many famous statesmen including I believe Winston Churchil have staid there. We stopped to have a look around. With all the badly maintained buildings surrounding it, Hotel Washington has managed to maintain much of its old splendor.

After this we stopped at Colon 2000 the new cruiseship port, which shows the direction that Colon is trying to take for the future. Very modern and similar to what we have on the Pacific at Fuerte Amador. They are planning on extending it with a beach area and hotels. Hopefully some of these projects will work at redeveloping Colon, but I hope they also attempt to restore some of the wonderful buildings on Front Street, which is likely to attract more tourists.

Note, while we didnt actually stop there. The real money in Colon is in the Colon Free Zone a huge complex for reexportation and transhipment. It is the second largest place in the world for this after Hong Kong. I personally feel Colon would do best if they turn the whole province into a freezone. That would help not only tourism, but also logistics which is really Panama’s most important industry.

Portobelo

Portobelo about 45 minutes east of Colon used to have one of the heaviest concentration of gold and silver in the world. Essentially for a period of 150 years this was the Colon Free Zone of the New World. This was the number one target of all the real pirates of the Caribbean.

An incredibly beautiful deep blue bay bordered by steep green hills, its not hard to imagine why this is a popular stop with yachters touring the Caribbean.

It is also very popular with divers, many who are looking for Sir Francis Drake’s coffin and the treasure supposedly sunk with it.

The most obvious tourist attraction though are the forts. There are two basically in town, but I recommend taking the water taxi’s over to Fuerte San Fernando on the other side of the bay. There are no less than 3 forts there. One on the waterside, a second a bit higher up and a 3rd one at the peak, which is hard to see from the waterfront. We actually thought the professor was kidding us, when he said we were only half way.

The view from both of the higher fortresses are amazing, just beware that the final one isnt in Lonely Planet and it is a very steep hike. Also if you are squirmish about 2 inch long spiders and snakes, maybe you dont really want to go much further than the second one.

When we got to the top most of the students were complaining, that the professor was really pushing what he should be doing. After the group photo, he said the main purpose was to show that you have to struggle to get where you want. Most of the students at this point were talking about throwing him over the cliff, I thought it was hilarious.

After this we returned sweaty and hungry to Portobelo town, where we ate excellent Caribbean food. (Mine with about half a gallon of home made hot sauce). The seafood is famous here, I had the chicken though.

The town is also the location of the famous Black Christ of Portobelo. Which supposedly was fished from the sea by local fishermen. Supposedly this is one of the most important holy sites now in Latin America. They have an annual festival, where people come from all over.

Also interesting is the old customs house, where all the gold and silver from Peru and the Pacific South America was stored before being sent on Galleons to Spain (or intercepted by Piratess).

This site has more about Portobelo, Sir Francis Drake and this exciting part of Panama’s history.

With the food came beer (including for the bus driver) and we had a merry trip back to Panama City, with lots of superb loud Salsa and Reggae. Good stuff.

JDK1.5 contains many cool new features. One part that holds dear to my heart and to the work that I do are all the new enhancements to the Security architecture. There has been alot of major work going on and Sun has to be congratulated.

First I’ll outline the major new features:

• JSSE has several new features:
  • Now supports non blocking SocketChannels, which is good news for the new generation of non blocking servlet engines that are coming up.
  • Kerberos ciphersuites
  • Default trustmanager now uses PKIX
  • Now allows use of 3rd party JSSE Providers
• Support for Hardware encrypton accellerators and smart cards through PKCS#11 (Very Cool!!!)
• Support for Elliptic Curve Cryptography (ECC) (BouncyCastle had that before, must verify that Sun used their conventions). Note though that the included SunJCE provider does not support ECC, so you must look elsewhere
• Better support for both PKCS#8 and PKCS#12 which should be good for interop with say OpenSSL and various browsers.

I’ll now explore in detail some of these features:

PKCS#11

Better Performance

In my opinion this is the single most important new feature of JCE1.5. Why? This allows us to utilize our existing Java code together with much improved speed, often in the order of magnitude. For example with this and the new non blocking support in JSSE, we can create secure web applications far more powerful and faster than other platforms such as .NET, Perl, Python or even Apache Modules in C.

Almost all the crypto api’s for other platforms are based on either OpenSSL or Microsoft’s Crypto API. This meant that applications using crypto written in Perl or Python, where often faster than the equivalent Java applications.

A good example of what is possible is that the Solaris 10 version of JDK1.5 is configured to use the PKCS#11 support of their Solaris Cryptographic Framework by default. This means in worst case you have native code running the crypto and in best case full support of hardware crypto/ssl accellerators, offering orders of magnitued better performance.

Increased Security

Some crypto accellerators support their own secure keystore. Most notable is nCipher as well as the not too fast, yet very secure crypto smartcards. These devices allow you to create PrivateKeys directly using their built in hardware and store the resulting keypair onboard. It never actually leaves the device. Thus they bad boys will have a very hard time getting hold of it. For example you wont be able to scan through memory or disk for the private key. Smartcards are good for personal signing in applications such as my NeuClear framework, while nCipher is particularly good for just about any serverside crypto use.

I implemented a set of interfaces for the same purpose as part of the crypto libraries in NeuClear.org, which I still think is more elegant than the JCE approach. However the new JCE support will make it easier to create implementations using the NeuClear library. My approach is to keep it simple for the application developer. It takes a simple interface Signer which provides 4 simple methods. The most important is sign(String name, byte data[]) which just takes an alias and the data to be signed. The implementation of the Signer figures out how to initialize the Cipher, how to get the passphrase (perhaps by asking for a passphrase) etc. It then returns the signed data:

// Creates a signer, which uses the JCE and a GUI dialog for asking the passphrases.
Signer signer=new JCESigner("mykeys.jks","jks","SUN",new GUIDialogAgent()); 
byte[] raw =signer.sign("My Alias",data);

The JCE approach is a bit more complicated, but not bad:

 // The new KeyStore.Builder class for dynamically getting the keys from the token
KeyStore.Builder builder = new KeyStore.Builder("PKCS11");
 // Add CallBackHandler to handle passphrase requests
builder.setCallbackHandler(new MyGuiCallbackHandler());
KeyStore ks = builder.getKeyStore(); 
// We pass a null passphrase as the CallBackHandler asks us for it
Key key = ks.get(alias, null); 
Signature sig=Signature.getInstance("SHA1withRSA");
sig.initSign(key);
sig.update(data); //Add some data
byte[] raw = sig.sign(); // Creates signature

The interesting thing iabout the JCE PKCS#11 approach is that they PrivateKey’s returned by ks.get() do not necessarily contain the real key data. They may very well just be a reference to the real key on the hardware device.

I designed my above Signer interface with the intent of adding support in the future for hardware devices such as nCipher and Smartcards. It is very cool that this task has been made much easier now.

PKCS#11 Implementations

Physically the PKCS#11 implementations are shared objects .so on Unix and .dll on Windows. I’m not sure if there is a version of pkcs#11 that translates between it and Microsoft Crypto API. If so, windows users should be set. On Linux, the best bet for the moment seems GPKCS11, which unfortunately hasnt been updated for a while. They provide a framework for writing pkcs#11 implementations. The example implementation wraps around OpenSSL. So far so good. I’ve been trying to build it and it coughs up compilation errors with openssl-0.9.7c. The version documented in the README is version 0.9.4, which I shall have to download and try out. I’ll report back on how it goes.

I have an old Java powered iButton lying around which should also work. They provide a PKCS#11 implementation on their site. I’m first trying to connect to it, which isnt quite as simple as it should be on Linux. I’ll report back on that as well.

Non Blocking SSL/TLS in JSSE

For most people writing a secure web application is using SSL. Now this is highly debatable and should really be questioned as SSL/TLS only provide link security and optional (generally pointless) authentication. However if we agree that link security is good, the new Non Blocking SSL support is good news. In JDK1.4 you could only apply SSL to the traditional stream based socket. However JDK1.4 also introduced a new high availability method for creating sockets using the non blocking Socket Channels. Now we can use those for SSL as well. Actually we can use them for many different kinds of situations as Sun have created a very good abstract SSLEngine, which handles the SSL protocol in a transport independent manner.

Most people will continue to use the old SSLSocket’s, however SSLEngine provides a really good interface for use in particular by server writers. You create a new SSLEngine using SSLContext and then use SSLEngine’s wrap() and unwrap() methods to encrypt and decrypt. Easy, peasy. wrap() and unwrap() both take source and destination ByteBuffer’s as arguments. These can be read or written directly using a SocketChannel or other underlying transport.

I’ve been meaning to blog about my hate of xml configuration files, but Technotourette beat me to it.

I just dont understand the fascination for it. XML has its place definitely, but I dont want to have to learn a painful new XML configuration language every time I want to do something.

The good thing is that the new IOC approach brought to by PicoContainer allows us to pick our own configuration method. When writing test code I can simply instantiate classes without even touching Pico. It also allows you to use Groovy, xml, web.xml or whatever to configure if you really need to seperate stuff out.

I have always been a font slut, but now I have gotten even worse.

Dinc! has over 80 fonts all free and almost all of them extremely cool. Most of them are best for use in titles, but some of them are great for web page and ui use as well.

Just going to the site is an experience. Each font has got a montage designed for it and you go through them in a slideshow fashion to view and download each one individually.

I’ve installed them under KDE 3.2 and they work great.

The most annoying bug in the world seems to have been fixed.

IDEA #15198 was a problem as far as us sufferers could see with IDEA Aurora and Linux Kernel 2.6. We werent really sure exactly what was causing it, but IDEA couldnt copy jars or other resources.

Now I am using Kernel 2.6.1 and IDEA 4.0 build 1141. I deleted the contents of ~/.IntelliJ/system/jars and loaded up IDEA. No error messages where shown!! I thought, ha, maybe they are hiding the problem from me. Nope, the above system/jars folder had been dutyfully loaded up with my projects jar files. I am beaming with happyness like a proud grandfather.

The strange thing is that there is no mention of this on the bug page and the good folks at JetBrains havent mentioned it. Or then again maybe it was mentioned in an different bug report somewhere.

I’ve been using OpenOffice for close to two years now, every since I went fulltime on Linux. I have generally been pleased although at times it has been a love/hate relationship.

At the moment I prefer the oo equivalents over MS equivalents in almost all regards, allthough MS Office for Mac looks delicious.

Recently we decided at work to try Sun’s StarOffice which we now have standardized with on all our desktops (both windows and linux). Why? when OO is free?

Well, StarOffice doesnt cost a whole hell of a lot ~$50 per license and it is basically the same, just more polished. I cant quite put my finger on it, but it seems more responsive and slicker than OO. The functionality is basically the same, allthough with StarOffice you receive a large collection of templates, clipart etc. I have generally had fewer problems with it than with OO.

General comments about OO/StarOffice. These are common about the two of them:

StarOffice calc is very advanced, I find the only main thing to let it down is the graphing module, which isnt all that good. The auditing tools are good, you can easily setup very complex spread sheets.

Write is excellent and provides I think more features than word does. In particular its XML support is incredible, with the support of customised XSL you can create your own. (This is true of all the modules) The PDF export is usefull as well.

Draw is one of my favorite applications that is also the least remembered in the suite. Think of it as a cross between a traditional vector drawing program (like Corel Draw or Adobe Illustrator) and diagraming tool like Visio. I love the way that I can group items together, then “enter” and “exit” them. This makes it so easy to create complex documents. Ofcourse all your groups automatically work in a Visio style diagram. My main problem is that it exports SVG very badly and that you cant import SVG. Hint use .svm files if your are saving your diagrams for use in other oo modules. The option to create reusable stylesheets for your graphics is also really cool and usefull.

You can create your own “Gallery” and add your own files to it. This is what I do to create Visio style template palettes.

Impress is very good, I am not a PowerPoint expert, but I think it is at least as good. The exported powerpoints work well as well. As do the exported PDF’s and flash files.

Overall OO/SF is very well integrated. The “Stylist” for creating stylesheets and the “Navigator” for navigating complex documents is available in all apps.

Keep up the good work OpenOffice.org and Sun. The main focus on development as I can see now is on integrating tighter with desktop environments. The windows integration is very good, on par with MS I think. The unix integration is poor at the moment, but Ximian and KDE are both working on integration projects. As are a couple of groups for Mac.

Lars Andersen from Rimfaxe wrote me back in regard to my comments about Rimfaxe Web Server. I am posting his comments here as they provide some good usefull info about a very promissing project:

my question:

My main questions are about the WEB-INF/rws/jars and the WEB-INF/lib directories. I am assuming from my experiments that jars in WEB-INF/lib get ignored for now. If so what is the purpose of the WEB-INF/rws/jars directory. I would have guessed that that would be for .so’s of the compiled jars.

his reply:

‘WEB-INF/classes’ and ‘WEB-INF/lib’ is ignored for now, but it is my
intention that the classic mode operation should use these, as an ordinary servlet container would. Classic mode is available as an option in the configuration file, but is very experimental, and will ignore jars. (For a reason, as will become clear)

‘WEB-INF/rws/jars’ is for jars to be included in the web-app. The idea
is to compile them into libservlets.so alog with the content of ‘WEB-INF/rws/src’. Alas, GCC 3.3.x has a flaw, GCJ will compile the jar, but it ignores resource files, which is crucial to the workings of a great many jars out there. So I’m holding back this part until GCC 3.4 is released with the bug fixed. (and it does work in the GCC3.4 cvs checkout)

Another issue is that GCJ is not that mature yet. Only a few libraries
compile without some tweaking. On www.rimfaxe.com you can find Makefiles
for Gnu JAXP, and JDBC drivers. If you have any specific requests, I’ll be happy to help you out and provide hints. These precompiled .so libraries should go in the ‘/shared’ dir, as you correctly has written.

Thanks Lars! So it looks like once gcc 3.4 comes out we will have a kick ass new platform for j2ee. In the meantime as I said before, it can still be used for specific simpler applications where high availability is of optimum concern.

I’ve been running KDE 3.2 fulltime since the beta 1 release on a laptop and a desktop machine. The beta was pretty much stable except for a few wierd problems, that they have definitely sorted out by now in the current RC1 release.

Having just installed it clean on my new harddrive I have had the opportunity to see it as a new user would. Which is pretty impresive. At the end I will also describe the installation procedure for Gentoo Linux

Updated with KDE 3.2 Final installation instructions

Java Support

As I am a Java coder I was impressed that it autosensed my JDK an added the java plugin, associated jnlp (web start) and added the Java Web Start control panel to Settings.

Kate

Kate the advanced programmers text editor has been improved even further (it was already great). It now sports a IntelliJ IDEA like mode called IDEAL that I have previously seen in KDevelop . The built in Shell (yes I know emacs does this too) is very usefull. For the past year I have been using Kate for all my C projects and I can see that I will continue to do so. Actually I’ve been using it for all of those pesky xml configuration files as well. Its pretty usefull that you can create a project, to contain all of your project wide conf files in one place.

Plastik

Plastik is great. I have been going between Mosfet’s Liquid and Keramik, switching when I got fed up with one. So now I have a new one. It looks good, its simple and it appears fast.

Wallet

Wallet is an encrypted store for storing passwords, formdata and also your own notes etc. While there have been various tools similar to Wallet before, this is completely integrated into your desktop and konqueror. The only real annoyance, which I guess is true for any such tool is that at times if you blindly hit “remember” it remembers a bit too much. I have found that I every now and again need to go in and delete form data manually, but not really very often.

Konqueror

Konqueror supposedly has many new rendering improvements from Apple’s Safari. I am sure it does, but I havent really noticed any real difference yet to be honest.

What I like is the improvements to tab handling. If you go to the “Web Behaviour” tab in the control panel, you can customize it. I’ve got the following:

• Open Links in new Tab instead of new window
• Open new Tabs in the background
• Open as tab in existing Konqueror when URL is called externally

All of this means that I no longer have tons of konqueror windows open, when I open urls sent to me in email or when people create new windows when linking to external sites.

kGPG

kGPG is superb. This used to be a seperate app, but is now a standard feature. What can I say, I love it. It is the single best PGP gui tool for unix that I have seen. It brings just about all the functionality of the Windows PGP applications to X. There are still a few things that you cant do directly in the gui, when editing keys and it brings you to a command line, which might be confusing for new users.

KMail

KMail is as always improving. Besides the obvious such as Evolution like virtual folders and as you type spell checking, there are lots of little improvements that you might never notice. For example the other day I was sending an email to someone where I ment to attach a file, yet I forgot. Kmail noticed I had the word “attached” in the mail and asked me if I meant to attach something. I know its only sugar, but I like it.

My main problem with kmail is still the piped filter support, which essentially freezes the gui until a filter returns. I use SpamAssassin with the spamd daemon option, piping each message through spamc. Particularly this is a pain, when I am in the middle of writing an email.

Other improvements

The power management applet has improved. It looks like KDE is fully ACPI (or whatever) compliant. You can configure things such as what happens when you close the lid. I have to say though that while it does suspend my computer, it doesnt always bring it back. However that is more than likely not KDE’s fault, but probably something in my configuration of my 2.6.1 kernel.

Installing on Gentoo Linux

I use Gentoo the ultimate geek linux distro. It is very easy to install. Just follow the following steps:

• sync your portage tree with emerge sync
• Uncomment/add the following line in /etc/make.conf:
  
  ACCEPT_KEYWORDS=”~x86”
• Edit /usr/portage/profiles/package.mask remove all the lines masking out kde 3.2.0
• run emerge /usr/portage/kde-base/kde/kde-3.2.0.ebuild
• Go to work, bed, Liquid or whatever you do in between long builds.

Then reboot and you should be ready to play.

Update: Right after posting this I just realised that KDE 3.2 final has been released the site is heavily loaded right now, so I havent been able to read the changelog betwen RC1 and final. Anyway cool and congratulations to the KDE team. I will update my gentoo instructions above, the minute I have verified that portage has got the updates.

I have now updated the instructions above to install kde 3.2.0 final. Note at the time of writing it is still masked, so you have to perform the unmasking step mentioned above. This should change in the next day or two.