DDevelopment & Design

Geecon 2011 – day 2

And now for part 2 of my visit to Geecon 2011!

1. Jim Webber “Revisiting SOA for the 21st century”

Now this was awesome! Jim Webber, a former ThoughtWorks employee, now Neo4j evangelist (in Neotechnology) described his views on how SOA should look – according to him. This was presented previously, on other occasions as his “Guerilla SOA” talk – generally he advocated for REST based services, loose contracts (stating that WSDLs are too verbose and code generation is evil).

Jim mentioned Martin Fowler’s article on integration databases but I couldn’t find it anywhere – thou the topic looks interesting. He also recommended BDD and exposing tests on the web for the end user to use them as early as possible.

One big point he made his case with was not relying on enterprise software. Simple tools can do much better job. He compared implementing Web Services security (Secured SOAP over HTTP over TCP IP) to REST based service accessed through HTTPS – basic and easily testable with tools like curl.

Great talk. One of the best!

2. Staffan Noteberg “Regex – the future programming”

I must confess, that this did not go too well. The whole talk was well prepared and laid out but it lacked depth. It was pretty basic introduction to regex. From the presentation’s subject I was rather prepared for some novel uses of regex – like for example: showing how to filter big volume of data with simple regex or sth.

But the talk was fun, Staffan is a good speaker. He is also an author of pomodoro technique book – I intend to read sth abut this technique and this may be a nice start

3. Bartosz Kowalewski “Is OSGI ready for wide adoption?”

If it comes to titles I tend to rely on them pretty heavily, however strange it may seem. This time I also did – and the whole talk did not give me a definitive answer to the stated question.

Sure, the presentation was informative, but it described some OSGI specific, quite low level stuff. Of course, if you want to use OSGI – even by leveraging application server with OSGI under the hood – you should know a fair bit about the technology itself. Even thou the AS does a good job of hiding OSGI container specifics from the developer, in case of problems it’s better to be well informed. All in all – the talk gave too little information for me.

4. Vaclav Pech “Pick low hanging fruit”

“Parallelism is not hard, multithreading is” – this was the key sentence of the presentation. The speaker showed how to introduce concurrency into normal java/groovy code by sprinkling it with concurrency powder. Easy enough! With GPars library he showed:

  • running processing tasks with thread pools
  • testing concurrent code
  • Fork/join Thread Pool – multiple thread queues (note to self: fork/join is good for hierarchical problems)
  • low-hanging fruits:
    • async calculations
    • fork/join
    • dataflow
    • parallel collection processing
  • Actors are great – use GPars or Akka, is sufficient to use @ActiveMethod and @ActiveObject annotations and Actors are usable in OO-world

Good talk, well received!

5. Anton Arhipov “Bytecode for discriminating developers”

Technical introduction to the world of bytecode, jvm specification details. I’ve drifted away to some other topics – really – can’t recall what this was all about.

6. Andreas Almiray “Polyglot Programming”

This was a nice talk covering Groovy, Scala and Closure. The whole point of it was to show how cool it is to play with emerging JVM languages. They are not only fun but also useful. What’s more, they bring freshness to java world, injecting it with some new paradigms and methodologies. It is easier to incorporate new ideas into younger JVM languages than to the mature Java.

7. Jim Webber “A pragmatic introduction to Neo4j”

And Jim Webber again, this time with some Neo4j evangelism. First came some taxonomy information on NoSQL databases (Not Only SQL) as a whole – than some specific examples of problems solvable with graph databases – and Neo4j is a graph database.

Main points of Jim’s talk were:

  • sharding a database is important for scalability
  • series data – should be OK to use Neo4j as their storage

Conclusion

These were all the sessions I attended. On Saturday there was a Hacker-garden, but neither I had time nor will to stay – the topics were very interesting and I’d definitely like to experience such an event, but after 2 days of continuous talks I was rather tired.

To sum up, 2011’s Geecon was a great experience, with lots of interesting talks and lots of new inspirations. Keep up the good work guys!

— Previous article

Geecon 2011 - day 1

Next article —

Czworo stażystów poszukiwanych! Ucz się od praktyków.

You May Also Like
DDevelopment & Design

Spring Security by example: securing methods

This is a part of a simple Spring Security tutorial:

1. Set up and form authentication
2. User in the backend (getting logged user, authentication, testing)
3. Securing web resources
4. Securing methods
5. OpenID (login via gmail)
6. OAuth2 (login via Facebook)
7. Writing on Facebook wall with Spring Social

Securing web resources is all nice and cool, but in a well designed application it's more natural to secure methods (for example on backend facade or even domain objects). While we may get away with role-based authorization in many intranet business applications, nobody will ever handle assigning roles to users in a public, free to use Internet service. We need authorization based on rules described in our domain.

For example: there is a service AlterStory, that allows cooperative writing of stories, where one user is a director (like a movie director), deciding which chapter proposed by other authors should make it to the final story.

The method for accepting chapters, looks like this:

Read more »
DDevelopment & Design

Recently at storm-users

I've been reading through storm-users Google Group recently. This resolution was heavily inspired by Adam Kawa's post "Football zero, Apache Pig hero". Since I've encountered a lot of insightful and very interesting information I've decided to describe some of those in this post.

  • nimbus will work in HA mode - There's a pull request open for it already... but some recent work (distributing topology files via Bittorrent) will greatly simplify the implementation. Once the Bittorrent work is done we'll look at reworking the HA pull request. (storm’s pull request)

  • pig on storm - Pig on Trident would be a cool and welcome project. Join and groupBy have very clear semantics there, as those concepts exist directly in Trident. The extensions needed to Pig are the concept of incremental, persistent state across batches (mirroring those concepts in Trident). You can read a complete proposal.

  • implementing topologies in pure python with petrel looks like this:

class Bolt(storm.BasicBolt):
    def initialize(self, conf, context):
       ''' This method executed only once '''
        storm.log('initializing bolt')

    def process(self, tup):
       ''' This method executed every time a new tuple arrived '''       
       msg = tup.values[0]
       storm.log('Got tuple %s' %msg)

if __name__ == "__main__":
    Bolt().run()

  • Fliptop is happy with storm - see their presentation here

  • topology metrics in 0.9.0: The new metrics feature allows you to collect arbitrarily custom metrics over fixed windows. Those metrics are exported to a metrics stream that you can consume by implementing IMetricsConsumer and configure with Config.java#L473. Use TopologyContext#registerMetric to register new metrics.

  • storm vs flume - some users' point of view: I use Storm and Flume and find that they are better at different things - it really depends on your use case as to which one is better suited. First and foremost, they were originally designed to do different things: Flume is a reliable service for collecting, aggregating, and moving large amounts of data from source to destination (e.g. log data from many web servers to HDFS). Storm is more for real-time computation (e.g. streaming analytics) where you analyse data in flight and don't necessarily land it anywhere. Having said that, Storm is also fault-tolerant and can write to external data stores (e.g. HBase) and you can do real-time computation in Flume (using interceptors)

That's all for this day - however, I'll keep on reading through storm-users, so watch this space for more info on storm development.

I've been reading through storm-users Google Group recently. This resolution was heavily inspired by Adam Kawa's post "Football zero, Apache Pig hero". Since I've encountered a lot of insightful and very interesting information I've decided to describe some of those in this post.

  • nimbus will work in HA mode - There's a pull request open for it already... but some recent work (distributing topology files via Bittorrent) will greatly simplify the implementation. Once the Bittorrent work is done we'll look at reworking the HA pull request. (storm’s pull request)

  • pig on storm - Pig on Trident would be a cool and welcome project. Join and groupBy have very clear semantics there, as those concepts exist directly in Trident. The extensions needed to Pig are the concept of incremental, persistent state across batches (mirroring those concepts in Trident). You can read a complete proposal.

  • implementing topologies in pure python with petrel looks like this:

class Bolt(storm.BasicBolt):
    def initialize(self, conf, context):
       ''' This method executed only once '''
        storm.log('initializing bolt')

    def process(self, tup):
       ''' This method executed every time a new tuple arrived '''       
       msg = tup.values[0]
       storm.log('Got tuple %s' %msg)

if __name__ == "__main__":
    Bolt().run()

  • Fliptop is happy with storm - see their presentation here

  • topology metrics in 0.9.0: The new metrics feature allows you to collect arbitrarily custom metrics over fixed windows. Those metrics are exported to a metrics stream that you can consume by implementing IMetricsConsumer and configure with Config.java#L473. Use TopologyContext#registerMetric to register new metrics.

  • storm vs flume - some users' point of view: I use Storm and Flume and find that they are better at different things - it really depends on your use case as to which one is better suited. First and foremost, they were originally designed to do different things: Flume is a reliable service for collecting, aggregating, and moving large amounts of data from source to destination (e.g. log data from many web servers to HDFS). Storm is more for real-time computation (e.g. streaming analytics) where you analyse data in flight and don't necessarily land it anywhere. Having said that, Storm is also fault-tolerant and can write to external data stores (e.g. HBase) and you can do real-time computation in Flume (using interceptors)

That's all for this day - however, I'll keep on reading through storm-users, so watch this space for more info on storm development.

DDevelopment & Design

Phonegap / Cordova and cross domain ssl request problem on android.

In one app I have participated, there was a use case:
  • User fill up a form.
  • User submit the form.
  • System send data via https to server and show a response.
During development there wasn’t any problem, but when we were going to release production version then some unsuspected situation occurred. I prepare the production version accordingly with standard flow for Android environment:
  • ant release
  • align
  • signing
During conduct tests on that version, every time I try to submit the form, a connection error appear. In that situation, at the first you should check whitelist in cordova settings. Every URL you want to connect to, must be explicit type in: 
res/xml/cordova.xml
If whitelist looks fine, the error is most likely caused by inner implementation of Android System. The Android WebView does not allow by default self-signed SSL certs. When app is debug-signed the SSL error is ignored, but if app is release-signed connection to untrusted services is blocked.



Workaround


You have to remember that secure connection to service with self-signed certificate is risky and unrecommended. But if you know what you are doing there is some workaround of the security problem. Behavior of method 
CordovaWebViewClient.onReceivedSslError
must be changed.


Thus add new class extended CordovaWebViewClient and override ‘onReceivedSslError’. I strongly suggest to implement custom onReceiveSslError as secure as possible. I know that the problem occours when app try connect to example.domain.com and in spite of self signed certificate the domain is trusted, so only for that case the SslError is ignored. 

public class MyWebViewClient extends CordovaWebViewClient {

   private static final String TAG = MyWebViewClient.class.getName();
   private static final String AVAILABLE_SLL_CN 
                               = "example.domain.com";

   public MyWebViewClient(DroidGap ctx) {
       super(ctx);
   }

   @Override
   public void onReceivedSslError(WebView view, 
                                  SslErrorHandler handler, 
                                  android.net.http.SslError error) {

       String errorSourceCName = error.getCertificate().
                                  getIssuedTo().getCName();

       if( AVAILABLE_SLL_CN.equals(errorSourceCName) ) {
           Log.i(TAG, "Detect ssl connection error: " + 
                       error.toString() + 
                       „ so the error is ignored”);

           handler.proceed();
           return;
       }

       super.onReceivedSslError(view, handler, error);
   }
}
Next step is forcing yours app to  use custom implementation of WebViewClient. 

public class Start extends DroidGap
{
   private static final String TAG = Start.class.getName();

   @Override
   public void onCreate(Bundle savedInstanceState)
   {
       super.onCreate(savedInstanceState);
       super.setIntegerProperty("splashscreen", R.drawable.splash);
       super.init();

       MyWebViewClient myWebViewClient = new MyWebViewClient(this);
       myWebViewClient.setWebView(this.appView);

       this.appView.setWebViewClient(myWebViewClient);
       
       // yours code

   }
}
That is all ypu have to do if minSdk of yours app is greater or equals 8. In older version of Android there is no class 
android.net.http.SslError
So in class MyCordovaWebViewClient class there are errors because compliator doesn’t see SslError class. Fortunately Android is(was) open source, so it is easy to find source of the class. There is no inpediments to ‘upgrade’ app and just add the file to project. I suggest to keep original packages. Thus after all operations the source tree looks like:

Class SslError placed in source tree. 
 Now the app created in release mode can connect via https to services with self-signed SSl certificates.