Monthly Archives: July 2009
Sun Glassfish Webstack 1.5
Sun Glassfish Web Stack 1.5 is out this week, for Solaris and Linux platforms.
This is the latest update to the webstack, and like previous versions is available both as a free download and commercially as a supported product in a choice of bundles, to meet the needs of everyone from enterprise clients, through small and medium size business and startups, to students and hobbyists. The most striking change for most users will probably be the shiny new Enterprise Manager dashboard.
Open sourcers will note the updates to the constituent open-source components of the webstack. In this context, and in view of my recent blog entry, I should perhaps mention that while the Apache HTTPD version bundled is 2.2.11, it does include local patches, most importantly the security fixes in this week’s 2.2.12 release from Apache. Other components are similarly upgraded.
Apache new releases
Version 2.2.12 of the Apache webserver is officially released today. Thanks to Jim for managing the release.
This is a minor release, but is a recommended upgrade for most users. In addition to a number of bugfixes and minor enhancements, it contains several security fixes. So if you run Apache, this is an upgrade you should not ignore, at least until you’ve checked the change log and decided whether any of the security fixes might affect you.
The good news is that you’re backed by Apache’s API/ABI promise. Which means that if you’re running an older 2.2.x version (i.e. one that is fixed by 2.2.12), you can safely switch to 2.2.12 and your applications will continue to work. If you got your Apache from a third-party, obviously check their documentation for any differences you should be aware of.
There’s one notable enhancement that meets a common need and is frequently requested: Server Name Indication (SNI) in mod_ssl means that SSL virtual hosts are now fully supported – for users whose browsers implement SNI.
Also newly released is Apache APR 1.3.7. This is a very minor update, and is motivated by the need for a couple of fixes affecting the web server.
‘urtz
Yesterday we went up the moors to pick that sweetest of local fruits, the blueberry. As John points out, our local blueberries are a variety called whortleberries (pronounced ‘urtz) which are tiny but very delicious. We went as a group: four adults, one child, two dogs, one of whom didn’t want to let me get on with picking anything.
We got a reasonable quantity of the precious berries. In fact, a reasonable quantity each, which is just as well given that we aren’t combining them in a communal kitchen. But I found it unexpectedly hard: it only took about a minute of picking before my elbow started giving trouble, so I had to pick left-handed. The right arm seemed OK carrying the container I was filling, but today it hurts 😦 I shall just have to hope to be better in time for the blackberry season.
Just eaten the first of mine, as a spot of dessert after lunch. Yum!
Taking advantage of a recession
Brentor Church appears to be clad in a huge amount of scaffolding.
This church has long been a local curiosity. It’s tiny, and it’s perched atop a tor above the village of Brentor (which also has a ‘normal’ village church). I don’t think it serves any purpose other than as a tourist spot, and an equally pleasant spot for locals to visit. In fact it is a tourist spot, to the extent that it even has a car park at the base of the tor! But I think it still belongs to the church. Some of my readers have better local knowledge than I, and will no doubt correct me if I’m wildly wrong!
Anyway, the point is, it’s not a regular church with a congregation and services on a Sunday. It’s a bit of a luxury that they keep it open so you can wander inside. So it’s not somewhere you’d expect to be at the top of their priorities for maintenance. I can only infer the ever-wealthy church is taking advantage of building contractors being short of regular work to get something done at a favourable price.
I guess if I had a house and needed works done, I’d be doing the same 🙂
Whirlpool
With June’s heat giving way to a much cooler and rather wet July, the river has got lively again. Nothing like the excitement of last year’s exceptionally wet weather, but enough to be fun.
In my regular swim-spot yesterday was a hint of a whirlpool: a circle about one meter in diameter, smoother than the surrounding turbulence, and with something of a dip in the middle. It was rotating clockwise, between the vigorous current on the left side of the river and calmer waters on the right.
Heading downstream in the current, I didn’t really notice anything strange. But coming back upstream, I found it sucking me in. Not to the extent of being scary, but it was strange indeed to feel my left and right sides pulled in different directions! The easy way out was into the current, and shoot back downstream again. Third time upstream I approached a little further to the left, away from the whirlpool, and instead of pulling me in it tended to push me away.
If there’s this much fun to be had in one little spot in the Tavy, I must find more swimming spots in our local rivers!
Left-hand mouse
With my right elbow still painful and aggravated by using a mouse, I’ve moved the mouse over to the left of the computer. I’m trying very hard to get used to using it left-handed, but it’s making for more slightly-bitter laughs than productive work. Mouse actions you’d take for granted have become a conscious effort, at best slower than usual, and at worst it becomes quite an effort to click on the right icon or link, or cut&paste. I’m sure that’ll improve with time.
Meanwhile, I also catch myself reverting to my natural state: subconsciously moving the mouse back to its normal place, and once even reaching over with the right hand to use the mouse while the left hand remained on the keyboard, before correcting myself.
Yesterday morning I also went to NHS Direct and used their online self-diagnosis tool. It told me to go and see my GP, so I went and asked for an appointment. To my surprise, they gave me one that very afternoon! The quack diagnosed tennis elbow which came as no surprise. He also said it’s a very common affliction, and that most sufferers are not tennis players 😮 . He gave me an exercise to help improve it, and suggested it might take about six weeks to go away.
I guess that’s time to become ambidextrous with the mouse. Could be a useful skill for the future!
Mobile phone as modem
After my recent scare, I’ve decided I definitely want to enable myself to connect through the ‘phone, and I’ve been playing with using the mobile phone as modem. That, I assumed, should be straightforward from home while I have my normal connectivity: first go online with the phone via my home wifi, then connect the phone to a computer by USB.
I’ve been through each of those steps before now. When I plug in the USB cable, the phone offers a choice of four connection modes. So this time, instead of my customary “mass storage” I selected “Connect PC to Web”. Unfortunately neither OpenSolaris nor MacOS responded by finding a network device, so I guess I have to look for drivers. So much for never having to look “under the hood” in a modern OS 😦
Moving to Bluetooth (only the Mac has the hardware for that), I hit a different snag. The Mac doesn’t want to use the ‘net connection I’ve set up on the ‘phone. Instead, it prompts for my credentials from a GPRS provider. Seems it’ll only use the phone as a dumb modem 😦
Guess I still have some RTFM to do before forking out to subscribe to a service.
Google Book Search
A couple of months ago, I received slightly-suspect email about the google book search settlement.
Now I’ve got it on paper, from someone called Rust Consulting, and referencing www.googlebooksettlement.com. This one makes sense, and looks credible, though I’ll still have to google these folks to check for any suspicion of a scam.
Seems I have the choice to accept the settlement and possibly become eligible for some google-money in return for waiving any right to sue them over copyright, or opt out and retain my rights. Well, the latter would obviously be nonsense for me as an individual, even if I wanted to sue. My publisher (a $8-billion company) would have the resources to sue, but that’s not going to happen, nor would I want to get involved if it did.
So I guess that just leaves the question: do I get some google-gold? The settlement provides for google to make money from books, and pay 63% of that to rightsholders. But this begs the question: how is that allocated between the author and the publisher? Our contract obviously doesn’t cover revenues from google, and I’m not sure what general/catchall clauses might apply here. Other things being equal, it would probably be best if google pays the publisher, and my share gets added to my royalty cheques, to avoid the high cost of cashing a separate dollar-cheque from google.
Whether the same reaction would apply to a professional author – one for whom writing was their main occupation – is a different question. I’ll leave that to them.
Limbo
Yesterday late morning, I suddenly found myself unable to connect to the ‘net. This was sudden death: I’d been on earlier, and just had a break of maybe 15 minutes. After a couple of tests for “usual suspects”, I logged in to the router, and found it had indeed lost the connection.
I have the ‘phone number for my ISP, so I tried it. But the ‘phone wasn’t working either: it wouldn’t even give me a dialtone. That’ll no doubt be another symptom of the same underlying problem.
But how to contact BT to complain? My mobile phone is working fine, but doesn’t give me the standard operator numbers I’m accustomed to: 150 is invalid on it, and 100 gives me O2’s operator, who has no idea how to contact BT’s. Neither can I look it up without ‘net access. The joys of a single point-of-failure!
Trying to think who I can ask to borrow a BT line, and is likely to be around at this hour, I wander down into town. There in the centre is still an old-fashioned red call-box. Miraculously it’s working, and doesn’t even stink of smoke – how things have changed since those phoneboxes were something we had to use regularly! I successfully phoned BT: not a human, but a long series of menus that actually worked(!)
The system promised a next-day response, so I just had to hope it would happen in time not to miss a couple of meetings, including crucially the ASF board and new-member elections (online voting, and online access required for research prior to voting). The board election was interesting, with a much higher number of (strong) candidates than ever before. I was back online in time to vote for the board, but not to research the new member candidates, so I confined myself to voting for nominees with whom I’m already familiar.
The worst thing about this little episode wasn’t so much the sudden and unexpected loss of contact, but the uncertainty over it. First having to figure out how to contact BT, then just hoping they’d fix it in a reasonable time. I think they’re not bad at that these days, but when you rely as much as I do on it, it’s always a worry.
So whilst in town I also went in to Carphone Warehouse and asked about contracts for mobile broadband connectivity. The man there recommended that since I have a mobile phone on monthly contract, I should ask my provider to upgrade that. Which means, slightly painfully, having to use the phone as a modem anytime I want to use the connection to get online from a computer. There’s still no deal available that gives me connectivity both from the phone and from a USB stick for a single subscription 😦
mod_noloris: defending against DoS
The slowloris script kicked off a lot of discussion, including my own recent blog piece. A range of defences have been discussed, and deployed by individual users. But I think this discussion highlights the need for a proper response from the apache community. Not just in the future, but now: something users of at least our current stable releases (2.2.x) can deploy.
So today I committed a new module mod_noloris to svn. mod_noloris works by taking snapshots of the total number of connections in READ state per-client, and denying new connections to clients having already too many such connections. Configurable parameters are the interval between snapshots (default: 10 seconds), the number of connections permitted per client (default 50), and a “whitelist” of trusted clients that will be allowed unlimited connections so you don’t, for example, lock out users of your company’s proxy on your company site.
This is work in progress, and far from perfect. One issue is that an attack won’t be detected until the next snapshot, and that still leaves an attacker scope to DoS a small server with a small number of slowloris clients. But having it in the repository should attract eyes to it, and help it mature.
niq's soapbox 
