OSCON 2007

May 31, 2007

I’m packing my bags and heading to OSCON: the open source conference sponsored by O’Reilly. The conference is held July 23rd – 27th in Portland, OR.

OSCON

This will be my first time going to OSCON. It was a tough decision because there were some other conferences I wouldn’t have mind going to.

The first two days of the conferences, Monday and Tuesday, are tutorial days. They cost extra, but you get 3-1/2 hours of exposure. I’ve decided I’m going to the following tutorials:

There are a couple others that sound interesting, I have decided to focus on content that is applicable to the direction CB1 is heading.

Early bird discounts end Monday, June 4th, so you’d better register today.


There are circumstances where you may need to have more than one version of Java installed, but how do you switch between them?

Execute the following command to list the installed JVMs:

sudo update-alternatives --config java

Which will output something similar to the following:

There are 3 alternatives which provide `java'.

  Selection    Alternative
-----------------------------------------------
          1    /usr/bin/gij-wrapper-4.1
*         2    /usr/lib/jvm/java-1.5.0-sun/jre/bin/java
 +        3    /usr/lib/j2se/1.4/bin/java

Press enter to keep the default[*], or type selection number:

Simply enter the number for the JVM to use. The * shows the current selected JVM.


Java Anonymous Inner Classes

May 26, 2007

Just the other day I stumbled across some weird syntax in some Java code that I’ve never seen or read about. I started to research it and discovered it’s called an anonymous inner class. Basically, it’s defining a one-time use object.

The code I was looking at is used to establish a connection to an SSL website. It just so happens that in my scenario, the website was using a self-signed certificate and in order for the HttpsURLConnection to connect, I needed to define a HostnameVerifier to force the hostname to be valid. Here’s the static function:

public static void setDefaultHostnameVerifier(HostnameVerifier v)

Now I need to create an object that implements the HostnameVerifier interface who’s definition looks like this:

public interface HostnameVerifier {
    boolean verify(String hostname, SSLSession session)
};

So, if I were to do this the old way, I would need to do this:

public class MyHostnameVerifier implements HostnameVerifier {
    public boolean verify(String hostname, SSLSession session) {
        return true;
    }
};

And then in my code call:

MyHostnameVerifier mhv = new MyHostnameVerifier();
HttpsURLConnection.setDefaultHostnameVerifier(mhv);

Yuck! Why would I want to create MyHostnameVerifier if I’m only going to be using it once? That’s where anonymous inner classes come in.

HttpsURLConnection.setDefaultHostnameVerifier(
    new HostnameVerifier() {
        public boolean verify(String urlHostName, SSLSession session) {
            return true;
        }
    }
);

This is much cleaner. What if we wanted our verifier to check a Hashtable to see if a specific host is blocked. In order for our anonymous inner class to be able to access variables outside its scope, the variables must be final.

final Hashtable<String,String> blockedHosts = new Hashtable<String,String>();
blockedHosts.put("10.0.0.1", "10.0.0.1");
blockedHosts.put("10.0.0.2", "10.0.0.2");
blockedHosts.put("10.0.0.3", "10.0.0.3");

HttpsURLConnection.setDefaultHostnameVerifier(
    new HostnameVerifier() {
        public boolean verify(String urlHostName, SSLSession session) {
            return !blockedHosts.containsKey(urlHostName);
        }
    }
);

You need to be careful when you final your outer variables. The classic example is a outer variable used to keep track of a count. If you simple do final int count = 0;, you will not be able to update the count. However, if count was an array, the array is final, but the elements within are not:

final int[] count = new int[1];

Then you would just access count[0] every time you wanted to change its value.

As you can see, Java anonymous inner classes are fun!


Minnesota MySQL User Group

May 14, 2007

I know this is short notice, but tonight, Monday, May 14th, I will be giving a talk at the Minnesota MySQL User Group about the 2007 MySQL Conference.

The festivities start at 7:00pm in room 2100 at the Metro State University Management Education Center in downtown Minneapolis. The address is 13th Street & Harmon Place, Minneapolis, MN.

I’ll be talking the tutorials, sessions, keynotes, vendors, and people I met. I hope you can make it!


Security is a always a big concern and there’s no reason your website should go unsecure. You can secure your Apache website with a self-signed SSL certificate. This post describes the process using Apache 2.2 and OpenSSL on a Ubuntu Linux server.

Begin by generating a private key:

$ openssl genrsa -out mycert.key 1024

Next, generating a certificate request and enter the information:

$ openssl req -new -key mycert.key -out mycert.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Next, generate the self-signed certificate. You can specify the number of days the cert is valid for.

$ openssl x509 -req -days 365 -in mycert.csr -signkey mycert.key -out mycert.cert
Signature ok
subject=/C=/ST=/L=/O=/CN=
Getting Private key

You no longer need the .csr request file. Create a folder and move the .key and .cert files into it:

$ sudo mkdir /etc/apache2/ssl
$ sudo mv *.cert /etc/apache2/ssl
$ sudo mv *.key /etc/apache2/ssl
$ sudo chmod 400 /etc/apache2/ssl/*.key

If the cert is protected with a password, by default Apache will prompt for the password when it starts. This can be a problem since you will need to enter the password each time Apache is restarted. We can fix this by having Apache call a program that returns the password.

Create the shell script /etc/apache2/ssl/password.sh and enter the following:

#!/bin/bash
echo “password”;

Next we need to tell Apache to run the script. Apache’s SSL settings are stored in:

/etc/apache2/mods-enabled/ssl.conf

Edit the file and change the SSLPassPhraseDialog to:

SSLPassPhraseDialog exec:/etc/apache2/ssl/password.sh

The last step is to assign the certificate to your Apache site by editing the sites file:

/etc/apache2/sites-enabled/000-default

You’ll need to configure the SSL settings for the site:

<VirtualHost 192.168.1.100:443>
        ...
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/mycert.cert
        SSLCertificateKeyFile /etc/apache2/ssl/mycert.key
        ...
</VirtualHost>

Don’t forget to tell Apache to listen on port 443 in the /etc/apache2/ports.conf file. Restart Apache with sudo apache2ctl restart and you should be a little closer to being secure.


Recently I needed to generate a self-signed SSL cert for Apache Tomcat 5.5 on my Ubuntu Linux server. The basic process is to create a Java keystore with the self-signed cert, change Tomcat’s configuration file, and restart the server. Here’s how I did it:

$ keytool -genkey -alias tomcat -keyalg RSA -keystore mycert.jks
Enter keystore password:  changeit
What is your first and last name?
  [Unknown]:  Chris Barber
What is the name of your organizational unit?
  [Unknown]:  
What is the name of your organization?
  [Unknown]:  CB1, INC.
What is the name of your City or Locality?
  [Unknown]:  Minneapolis
What is the name of your State or Province?
  [Unknown]:  MN
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=Chris Barber, OU=Unknown, O="CB1, INC.", L=Minneapolis, ST=MN, C=US correct?
  [no]:  yes

Enter key password for <tomcat>
        (RETURN if same as keystore password):

By default, Tomcat will assume the password as “changeit”. You can change the password, but then you need to set the keystorePass in Tomcat’s configuration file. Regardless, the password for both the keystore and the cert MUST be the same. Store the keystore in a safe place such as Tomcat’s configuration folder:

/etc/tomcat5.5

Next edit Tomcat’s server configuration file:

/etc/tomcat5.5/server.xml

Locate the SSL connector declaration, uncomment it, and add the keystoreFile path:

<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<Connector port="8443" maxHttpHeaderSize="8192"
        maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
        enableLookups="false" disableUploadTimeout="true"
        acceptCount="100" scheme="https" secure="true"
        keystoreFile="/etc/tomcat5.5/mycert.jks"
        clientAuth="false" sslProtocol="TLS" />

Save the changes and restart Tomcat:

$ sudo /etc/init.d/tomcat5.5 restart

You should be good to go at this point. Launch your favorite web browser and go to https://localhost:8443.

SSL dialog

Now you are secure and ready to rock.


I just got back the other day from the Dojo Developer Day in New York on May 4th-5th and needless to say, it was great! The event is broken into 2 days: one for Dojo contributors and one for the Dojo community.

For me, the big talk of the first day was Dojo 0.9 which includes the new Core and Dijit systems. From the sounds of things, Dojo’s new core is much, much smaller and faster. Dijit is the new widget system that also improves size and speed, but also much improved skinning capabilities.

On Saturday, I did a short presentation on the Dojo Module and talked briefly about some of the other Dojo enhanced Drupal modules in the pipe. I spent a lot of time in smaller discussion groups talking about Drupal and Dojo development.

Both days were filled with great talks and great demos. Seeing and learning about all the code side of things is great, but the best part is meeting and hanging out with the Dojo gang!


Recently, this site ran into some problems with comment spammers. In order to stop this, I needed to block their IP address to prevent them from posting bogus comments.

Begin by logging into Drupal and navigating to:

Administer > User management > Access rules

Click “Add Rule” and enter the following information:

  • Access type: Deny
  • Rule type: Host
  • Mask: <IP address to block>

Add the rule and the user should be blocked. If you want to block entire class of IP addresses, you can use a ‘%’ such as “xxx.xxx.xxx.%”.