<< October 2008 | Home | December 2008 >>

About

Links

Twitter

StefanReuter: Modular Java is a good introduction for writing applications on the OSGi platform: http://t.reucon.com/yv
StefanReuter: Received online and phone banking PINS today. Account number masked for security 1234567XXX (online) and XXXX567890 (phone) #postbank #fail
StefanReuter: Nice AGI Proxy for #Asterisk based on #Asterisk-Java to bring webservices to the phone: http://t.reucon.com/xr
StefanReuter: SpringSource tc Server Developer Edition: http://t.reucon.com/wn Analyze request statistics and drill down to method and SQL executions
StefanReuter: Asterisk-Java 1.0.0.M3 has been released: http://t.reucon.com/wd AJ is now OSGi compliant and supports SLF4J #asterisk

RSS | Atom | E-mail

Navigate

Tags | Advanced Search

Tags

Recent Blog Entries

Book Review: Modular Java
Modular Java by Craig Walls is a book on building modular Java applications on OSGi platforms. Published in the Pragmatic Bookshelf series it keeps up to the standards of that great series by presenting content that matters in a format that makes you ...
Code Style: Final Arguments
Java allows you to make arguments final by declaring them as final in the argument list of the method declaration: public void doSomething(final String foo) { ... } This means that inside the method you cannot change what the argument reference points ...
SSO for RoundCube Webmail with Atlassian Crowd
Atlassian Crowd is a single sign-on and identity management tool by Atlassian that integrates well with their suite of software engineering and collaboration tools like JIRA, Confluence and Crucible. It offers a SOAP API that allows integration into ...
Nexus vs. Artifactory
Until now we didn't use a repository manager for Maven. Our repos were a plain directory structure on the file system served by Apache. Uploading was done using Apache's WebDAV capabilities with a simple authentication against our LDAP directory: ...
Maven Release with Subversion 1.5 and 1.6
There is a problem with the maven-release-plugin when used with recent versions of Subversion. It stared at version 1.5.1 of Subversion and made the release:prepare command fail because Maven was no longer able to tag the release. You may have ...
Security Issues Caused By External Hosting
Thomas has a nice example of how Deutsche Lufthansa has leaked personal data through an entertainment site operated by an external agency. Most companies have strict rules for handling personal data and installed security policies for secure handling of ...
Nokia E63
As DECT is mostly broken it was time for some new mobile handsets. We are already using Asterisk for our communication so the new mobile handsets are required to work well with it. Communication should be secure and ideally the handset would also be a ...
JBoss Admin Console
JBoss AS 5.1.0-CR1 is out and finally includes a brand new admin console: After installing JBoss AS 5.1.0 you can access it at http://localhost:808...
The Ideal Development Workspace
After my old chair was more and more broken I decided to buy a new one. After some research I chose the Embody by Herman Miller. The chair was delivered yesterday and it is just great. Its covering is like skin and lets the air flow through. The chair ...
Open Archive 1.0.5 for Openfire 3.6.2 released
I've updated Open Archive for the latest version of Openfire and fixed a few bugs. Dele is about to add support for it to the Red5 SparkWeb client. Open Archive is a XEP-0136 compliant server side message archive for Openfire. It is available as a ...

Recent Responses

Re: Spring MVC: Null or an Empty String?
thanks a lot mate..this post saved my couple of hours!! cheers mate..
Re: Nexus vs. Artifactory
If you're still looking for LDAP support, we just recently moved our official Pro LDAP plugin to Open Source: http://www.sonatype....
Re: java.lang.OutOfMemoryError: PermGen space
I am getting the permgen error while using tomcat6. The java code given above to clean-up the unused objects.Could you please tell me where to write this code in tomcat6. Thank you in advance.
Re: Nexus vs. Artifactory
a bit of rambling follows: i'm going thru the process of validating an existing artifactory deployment. in doing this, i setup the settings.xml to paramertize the repository settings so i could switch between artifactory, nexus and a standard scp repo. ...
Re: Maven vs Buildr
pre This is a typical issue with maven, embedding policy and inconsistency, from the online documentation: i Now that we've talked about where to specify profiles, and how to activate them, it will be useful to talk about what you can specify in a ...

Summary of blogs

reucon blogs

Stefan Reuter - My personal blog

Asterisk-Java - The free Java library for Asterisk PBX integration.

Christian Kienle

Real World Browser Performance

Chrome three times faster than Firefox and six times faster than IE6

We are currently building a web application for the financial services sector that is highly depending on client side JavaScript and DOM manipulation. Each time the user changes an input parameter the following steps are executed:

the data is collected from the user interface,
sent to the server,
processed there,
sent back to the browser
where the user interface is finally updated with the results.

The application is based on DWR for Ajax communication, Drools as a rule engine running on the server and some custom Java code. Server side execution is rather fast, in the range of 100-200ms. On the client side things are different. Collecting the data is quite fast, too, below 100ms in every browser. Updating the UI is where most of the time is spent.

The user interface contains a bunch of tables to show the results. Rows are created and removed dynamically depending on the returned data and populated with the corresponding properties. This is done using jQuery for heavy DOM manipulation.

The current version of the tool has been tested with different browsers showing some significant differences:

Browser	Time (ms)
MSIE 6.0	3281
Firefox 3.0.4 (Linux)	1492
Firefox 3.0.4 (Windows)	1357
Safari 535.20 (Mac)	632
Google Chrome Beta 2	515

These are just the numbers from our current development version (IE 6 matches the production environment, that's why we didn't test with IE 7 or IE 8 beta).

What is interesting is that Google Chrome with the WebKit HTML and V8 JavaScript engine outperforms Firefox by a factor of three and IE 6 by a factor of six. As Safari is also quite fast this seems to result mostly from the WebKit rendering engine.

Responses[1]

Posted by Stefan Reuter on November 29, 2008 4:21:00 AM CET #

IntelliJ IDEA 8.0

JetBrains has released IDEA 8.0

JetBrains has released IDEA 8.0. It has support for a few new frameworks like JBoss Seam, Struts 2, GWT 1.5, RESTful webservices and updated support for Spring like Spring 2.5, Spring Webflow, Spring MVC and Spring Dynamic Modules. Templates languages like FreeMarker and Velocity are now supported as well as improved support for XPath and XSLT.
In version 7.0 JetBrains introduced support for Maven which has been further enhanced in 8.0:

Creating new projects from Maven archetypes.
Resource filtering with built-in Make.
Manually added libraries and modules dependencies support.
Completion of artifacts' groupId, artifactId, version, exclusions, based on downloadable repository indices.
Code completion for plugin configuration.
Parent and dependencies generation in pom files with Alt+Insert.
Add Maven Dependency Quick Fix for unresolved classes in java code.
Support for Web Overlays.

This makes IDEA 8 the best choise for the development of mavenized projects.

Additionally the built-in Subversion connector has been updated for Subversion 1.5 and has support for merge-tracking.

References

Tags : idea java

Add a comment

Posted by Stefan Reuter on November 10, 2008 2:35:44 PM CET #

Openfire Server Multiple Vulnerabilities

Six months without action by the vendor?

Andreas Kurtz has published a security advisory regarding multiple critical security vulnerabilities in Openfire's admin console. There is also a posting to full-disclosure.
The issues allow a remote attacker to circumvent authentication and run arbitray code with the permissions of the user running Openfire. It affacts all versions up to and including 3.6.0a.

Andreas claims to have notified the vendor Jive Software six months ago. Up to now no security advisory has been issued by Jive and no patch has been published. I am really interested to hear Jive's version of this story. If it is true that Jive was aware of the issues for so long and no action has been taken to inform the community or to fix the problem this will probably result in a loss of trust in Openfire's development model.

For now the only solution is to limit access to the admin console by firewall rules. With regard to security issues in the admin console in the past this is recommended anyway. The XMPP interface is not accected by the vulnerabilities discovered by Andreas.

Update 2008-11-14

Openfire 3.6.1 has been released that fixes the security issues.

References

Tags : openfire security

Add a comment

Posted by Stefan Reuter on November 10, 2008 1:31:00 PM CET #

November 2008
Sun	Mon	Tue	Wed	Thu	Fri	Sat
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30
Oct \| Today \| Dec

2010 March (0) February (0) January (0)	2009 December (0) November (1) October (0) September (1) August (0) July (0) June (2) May (3) April (1) March (1) February (0) January (0)
2008 December (2) November (3) October (0) September (1) August (5) July (1) June (0) May (1) April (2) March (1) February (2) January (7)	2007 December (3) November (8) October (1) September (1) August (2) July (7) June (1) May (2) April (7) March (0) February (3)

Username
Password