Planet Sun
July 03, 2009
Information in this entry is taken from my experience since 2001
managing Sun's
SEED Engineering-wide
world-wide mentoring program, and also from the Mentoring@Sun general mentoring
program and new Vice President program managed by
Helen Gracon. This is part of a continuing series on mentoring programs,
answering some of the questions I am most frequently asked. Other entries
in this series:
Mentor Selection Systems
I have seen four kinds of formal mentor selection systems:
- Mentee evaluates potential mentors' Demonstrated Accomplishments, experience, personality, capabilities, and skills, then creates a prioritized list of preferred
mentors (SEED calls this a "Mentor Wish List"). Mentoring program staff approaches
mentors on behalf of mentees.
- Mentor and mentee each use Self-identified Competency lists to indicate strengths
and weaknesses. Mentoring program matches based on list compatibility.
Mentees are given two mentors to contact. Mentoring@Sun uses this system.
- A combination of the two options above.
- Assignment of mentors by management.
This entry will discuss formal systems using Self-identified Competency vesus
those using Demonstrated Accomplishment for mentor selection.
Cognitive Bias
I am going to take a small detour to introduce the concept of
cognitive bias, specifically the
Dunning-Kruger effect
humorously described by Justin Kruger and David Dunning, (then both of Cornell
University) in their much-cited and entertaining paper
"Unskilled and Unaware of It: How Difficulties in Recognizing One's Own.
Incompetence Lead to Inflated Self-Assessments."
(Journal of Personality and Social Psychology, 1999, Vol. 77, No.6.
1121-1134). Two findings from that paper which are pertinent to mentor
selection are:
- "the incompetent will tend to grossly overestimate their skills and abilities"
- "participants in the top quartile tended to underestimate their ability
and test performance relative to their peers"
That is, people are often bad at knowing what they are good at.
Self-identified Competency Systems
Cognitive bias is
important because most mentor selection systems rely on Self-identified
Competency lists. In a Self-identified Competency System, mentors and mentees
are presented with lists of competencies. Each picks competencies that they think
they have. The system then proposes mentor-mentee pairings based on comparing
list selections. Competency lists vary widely depending on the context and
goals of the mentoring program but examples include:
- Negotiation
- Customer Focus
- Building Trust
- Listening Effectively
- Strategic Decision Making
- Selling the Vision
- Building Successful and Effective Dispersed Teams
- Technology Impact Assessment
- Working Across Cultures
- Network Design and Architecture
Those using a Self-identified Competency Selection System should be aware of
cognitive bias as it may get in the way of finding a good match. That is, both
the mentee and potential mentor will probably not be objective in assessing
strengths and weaknesses (competencies), so the match may be based on a
false compatibility evaluation. However, the seemingly-objective way in which
the match was made (how can you go wrong picking from a list?) may mask selection
errors until they are demonstrated in experience, frustrating both mentor and mentee.
|
An inappropriate mentor selection system may mask errors.
|
Competency lists can be used to control the scope of learning in a mentoring program.
So, if a Vice President wants to direct her organization to learn more about
working with virtual or dispersed teams, she could pick a list of
competencies which had to do with that skill area, thus encouraging mentor
and mentee to discuss the desired topic. This may limit the scope of discussions
(which can be good or bad, depending on what the program sponsor and participants
are looking for). Controlling competency scope will also limit which mentors
are considered (or available). Some mentees and mentors will find the
preferred discussion topic too simplistic and may either break off their relationship
or ignore the sponsor-preferred topic limitations.
When the competencies are specific to a particular job or profession,
a Self-identified Competency Selection system works best when the mentor
and mentee share a professional context and interpret the competency lists
similarly. For example, if both mentor and mentee are in Information
Technology Operations, they will understand the competency "Identity Services"
to mean "experience with the design and implementation of a multi-level identity/authorization strategy" but someone in Marketing Communications
would probably interpret "Identity Services" very differently. The professional
context may also be one of seniority. If the mentor and mentee are both
Vice Presidents, they are likely to share an interpretation at a higher
organizational level, which is less likely if the mentor is a Vice President
and the mentee is a junior Engineer. Shared context is less important when
the competencies are soft skills, such as negotiating, public speaking,
conflict management, etc.
Demonstrated Accomplishments and SEED
SEED is one example of a mentoring system which relies on Demonstrated
Accomplishments for mentor selection. About 70% of SEED mentors are executives.
A different mentoring program, run by Helen Gracon out of the Sun Learning
Services group for new Sun Vice Presidents, also uses Demonstrated Accomplishments
for mentor selection. Both programs are regularly given 90% or higher satisfaction
ratings by participants.
The SEED program maintains a list of Potential SEED Mentors (over 450 now). The list
includes the name, job title, division, and city/state/country of each potential
mentor, plus links to biographical information such as SEED mentoring history
and evaluation, personal web pages, blogs, executive profiles,
LinkedIn profiles, resumes, etc.
The SEED program has an open list of potential mentors: any senior Sun Engineer
or executive is eligible. SEED participants are not limited to the choices on
the Potential SEED Mentors list. About a third of the mentors in most terms are new
to SEED and were not originally on the Potential SEED Mentors list. The SEED program
welcomes Mentors from both the business and technical tracks: Distinguished Engineers,
Principal Engineers, Sun Fellows, Senior Staff Engineers, Directors and Vice
Presidents of Engineering, and other senior engineers and executives from any area of
Sun are all welcome as Mentors. Potential mentors must be at least principal level;
the great majority are at executive level (Director or Vice President or equivalent).
SEED Mentors have served from all areas of Engineering worldwide, plus Operations,
Sales, Service, Legal, Information Technology, Finance, Human Resources, and Marketing.
In creating their Mentor Wish List, each SEED participant needs to make two hard decisions:
- What they want to learn
- Who has already accomplished the kind of things they want to do
(that is, who is already down the path that they see themselves walking)
The SEED Engineering mentoring program takes a long-term view and does not have a preference for one kind of learning over another. That is, the mentoring partnership learning does not have to have anything to do with the participant's current job. Some people want to learn to be better technical managers, others want to know how to get their ideas to customers faster. Many want to improve their soft skills: public presentation or speaking, negotiating, conflict management, and coaching. Still others want to improve their work and family balance and still have a great career. It takes time and mature consideration to work through all of this. Creating the Mentor Wish List is probably the hardest part of the SEED program.
Selecting a mentor based on their Demonstrated Accomplishments is more
obviously subjective and time consuming than selection based on Self-identified
Competencies. However, in my experience with SEED, there are fewer mis-matches
and greater diversity in matched pairs using Demonstrated Accomplishments.
Diversity in SEED terms includes demographic, geographic, professional variety.
That is, if the mentee feels free to discuss a very broad range of topics,
and has an open list of mentors from which to select, communication is encouraged
across organizational, professional, geographic, and demographic silos.
|
Mentoring can effectively create bridges between professional silos.
|
Demonstrated Accomplishment vs. Self-identified Competency Selection Systems
Given the disadvantages of a Self-identified Competency Selection System, why would
a mentoring program use this option? In short, such a system is relatively easy
to automate so it is faster and can support a much larger participant group. That
is, it scales: the start-up time is shorter and the administrative overhead is
less. There will be more mis-matches but that risk is acceptable in some mentoring
programs. For example, if the program is being offered to
a large group of junior staff whose potential mentors are just one or two seniority
levels above them, the consequences of a mis-match are relatively low.
Mentoring@Sun has used a Self-identified Competency Selection System for many
successful years.
On the other hand, if the mentees are drawn from a smaller group of high potential,
highly promotable, high value staff who will mostly be matched with executive
mentors (as is the case with SEED), or are solely from the executive ranks
(as is the case in Sun's new Vice President mentoring program),
the consequences from a mis-match are much greater. When the great majority of
the mentors are executives, mis-matches are too expensive in terms of wasted time
and potential damage to staff and program reputation. A Demonstrated Accomplishment
system requires a "high touch" approach consistent with the best way
to work with most executives whose time is both limited and valuable.
Some program aspects can be automated (such as mentee and mentor application, and
match tracking) but the development of each mentee's potential mentor list is research-intensive and most communications are personal.
A Demonstrated Accomplishment system also needs a very senior mentoring program
staff member to act as a broker or matchmaker. The broker needs to be a good communicator to help make a great match. It helps if the broker is
well known and has a good reputation so that potential mentors will respond
promptly and provide an opportunity for the broker to tell them about
the mentee who has requested them. Getting an executive to respond to the first
email or even pick up the phone can sometimes be the greatest challenge in
making a match.
Images Copyright 2009 Katy Dickinson
So, there I was reading a random blog post about Android and the JavaWorld author says something about some awesome, brilliant, insightful Sun Java ME blogger who tends to "slag" on Android. Slag? What's slag? I had to look that up. And, oh, he was a referring to me and had a link to one of my blog posts last year about Android. (Yeah, stop snickering out there) But, of course! :-)
See:
Java ME Blogger Slags on Android
Here's a quote:
In addition, because Harmony is a
tweaked Java SE implementation,
code written for Android doesn't
match up with the Java ME standard
that Sun would like to see be the
default for mobile device
development. It's no wonder Sun's
official Java ME bloggers tend to
slag on it.
It took me some time to find this photo of a heart-shaped slag. It's a good metaphor: slag but behind it there is <3 for Java. :-)
Hinkmond
|
July 02, 2009
Product: Solaris 10 Operating System OpenSolaris
A heap-based buffer overflow security vulnerability in the System Management Agent (SMA) SNMP daemon (snmpd(1M)) that ships with Solaris may allow a local or remote unprivileged user to crash the snmpd daemon via a specially crafted SNMP GETBULK request. This is a type of Denial of Service (DoS).
The issue is as described in the following document:
State: Preliminary
First released: 01-Jul-2009
Product: Sun Enterprise Authentication Mechanism 1.0.1 Solaris 9 Operating System Solaris 10 Operating System OpenSolaris
Multiple security vulnerabilities in the Solaris Kerberos (see kerberos(5)) mech_krb5 library and the mech_spnego(5) library may allow remote unprivileged users to cause certain Kerberos applications and daemons, including the Kerberos administration daemon (kadmind(1M)) to crash. These issues may also lead to unauthorized information disclosure and execution of arbitrary code with the privileges of the root user.
These issues are also described in the following documents:
These issues are also described in the following documents:
State: Workaround
First released: 07-Apr-2009
This note provides a summary of GlassFish adoption statistics updated through May 2009.
The numbers for May 2009 are down a bit from the record-breaking March 2009 but the
overall pattern continues to be of growth.
The drop seems to be mostly due to seasonal variations
(i.e. Spring break) although possibly the
Oracle announcement
may have also caused some disruption.
Download Data
Data for
GlassFish Server
downloads from Jul'05 to May'09 is presented through two data sets, shown aggregated vertically:
pure run-time bundles
(Sun Java System Application Server, Sun GlassFish Enterprise Server, GlassFish Server,
the Java EE SDK and the Java Application Platform SDK, etc)
and tools bundles that include GlassFish
(NetBeans,
the
Eclipse Bundle, etc).
As a reference point, I'm also including the d/l stats for all versions of
JBoss AppServer
as reported by
SourceForge
.
|
|
Downloads during May'09 totaled
172,190 for run-time bundles and
508,171 for tools bundles
for a grand total of 680,361.
Downloads of all versions of JBoss AS totaled 71,986.
The best month for run-time bundles was Mar'09 with 250,756;
that for tools bundles was Apr'08 with 695,550,
and the one for the combined number was Apr '08 with 882,489.
The best month for JBoss 5.0 in this period was Dec '08
with 126,989 downloads.
|
GeoMap Data
|
|
We started aggregating the GlassFish Admin Console pings in January 2007
to create our
GeoMap.
The data is mostly useful to track size and geographic trends
due to several limitations - we will have improved data after GFv3 releases.
Like with the download data, May'09 was a good month but not as good as Mar'09.
Monthly Hits were 529,449 while monthly IPs were 48,666.
Cumulative Hits were 8,659,387 and cumulative IPs reached 687,881.
|
Registration Data
Downloads from Sun have optional registration.
I don't currently have monthly trend but the cumulative data as of this writing is:
• GlassFish v2 - 434,687
• GlassFish v3 - 129,707
Update Center Data
Update Center Pings - N/A at the moment; will update when I get the data.
Caveats and Comments
Although the trends shown here and
elsewhere
have methodological limitations,
I believe they are accurate indicators as they all point in the same direction.
On Downloads:
•
We mostly count completed downloads, but, starting in 2009, some of the tools numbers
are attempted d/ls.
•
We count downloads from Sun.Com, Java.Net and NetBeans.ORG, but not from our
Maven Repositories.
•
GlassFish is freely redistributable and we don't track other distributions like
Ubuntu, Solaris or OpenSolaris
On GeoMaps:
• IP addresses overcount due to dynamic IP allocation.
• IP addresses undercount due to firewalls and offline.
• We can only count activations through the the Admin consoles, in particular IDEs don't count, and more than 50% of the downloads come from tools bundles (see top section).
Overall, I believe these are solid numbers, but if we discover
a problem I will correct it and let you know.
The title about says it; both kinds of purple are flowers.
The little ones are a ground-cover recommended by a professional gardener
for our front yard; since the kids play out back, we don’t want to be
defending a grass lawn from moss and creeping buttercup and dandelions and all
the other enemies. This stuff just spreads out and covers up and you can walk
on it a bit while you’re gardening. Don’t know what it’s called.
Don’t know what the larger purple flowers are either.
We’re working on a fairly substantial revision of the
Sun Cloud API, motivated
by this problem: In a RESTful context, how do you handle state-changing
operations (POST, PUT, DELETE) which have substantial and unpredictable
latency?
What we’ve learned, from work with our own back-end based on the Q-layer
technology and with some other back-ends, is that Cloud operations are by and
large not very fast; and that the latencies show up in weird places. Here’s
an example: in our own implementation, creating a Virtual Machine from a
template or by copying another VM instance is very snappy. But weirdly,
connecting a network (public or private) to a VM can sometimes be
extremely slow. Go check out other implementations like EC2
and you see a similar unpredictable-latency narrative.
The idiom we’d been using so far was along these lines:
As with both AtomPub and Rails, when you want to create something new
you POST it to a collection of some sort and the server comes back with
“201 Created” and the URI of the new object.
When you POST to some controller (for example “boot a machine”) or do a
DELETE, the server comes back with “204 No content” to signal
success.
This is all very well and good; but what happens when some of these
operations take a handful of milliseconds and others (e.g. “boot all the VMs
in this cluster”) could easily go away for several minutes.
The current thinking is evolving in the Project Kenai forums, and was
started up by Craig McLanahan in
PROPOSAL: Handling Asynchronous Operation Requests.
Check it out, and put your oar in if you have something better in mind.
To summarize: For any and all PUT/POST/DELETE operations, we return
“202 In progress” and a new “Status” resource, which contains a 0-to-100
progress indicator, a target_uri for whatever’s
being operated on, an op to identify the operation, and, when
progress reaches 100, status and
message fields to tell how the operation came out. The idea is
that this is designed to give a hook that implementors can make cheap to
poll.
We also thought about a Comet style implementation where we keep the HTTP
channel open, and that can be made clean but support for it in popular
libraries is less than ubiquitous. My personal favorite idea was to use “Web
hooks”, i.e. the client sends a URI along with the request and the server
POSTs back to it when the operation is complete. But every time I started
talking about it I ran into a brick wall because it probably doesn’t work for
a client behind a firewall, which is where most of them will be. Sigh.
There are a few points that are still troubling me, listed here in no
particular order:
When an operation is finished and you want to provide a Status code,
we’re re-using HTTP status codes. Which on the one hand seems a bit outside
their design space, but on the other hand maybe it’s a wheel we don’t have to
re-invent.
Instead of having the “op” field, we could have a different media-type
for each imaginable kind of Status resource. That might be a bit more RESTful
but seems a less convenient to use for client implementors.
This whole notion of the target_uri makes me wonder if
we’re missing a generalization. The most obvious role is
when the Status is that of a create operation, for example Create New VM; then
the target_uri is the new resource’s URI, what would come back in
the Location HTTP header in a synchronous world.
And in a few cases you might want more than one target, for example when
you’re attaching an IP address to a VM.
Hmmm.
Speaking of generalization, I wonder if this whole “Slow REST” thingie
is a pattern that’s going to pop up again often enough in the future that we
should be thinking of a standardized recipe for approaching it; the kind of
thing that has arisen for CRUD operations in the context of AtomPub and Rails.
What do you think?
Gosh, this takes me back:
Message # 00661
**Hacker's section**
From: JONATHAN BARBER
To: ALL
Subject:EUCLID
Date: 6/3/86
Fob all of you who want an easy
hack heres how to get onto the
EUCLID computer.First di!l up'
JANET gn 01 831 6181 for 1200/75
or try 01 388 2333.Type PAD
and RETURN as soon as your connected
Then type HELP ADDRESS.Then type
CALL UCL.EUCLID*If nothing happens
hit RETURN a few times.You should
get a request for your account
number.Type in WMAPB00 W.The
password is PROJECT.
Have fun!
…referencing OS4000 on UCL EUCLID — I remember using those modem numbers at 1200 baud, too; with a huge modem (more than A4-size and 4cm deep) and a soldered-in linedrop switch.
this posting is syndicated from dropsafe
when hackers talked in even parity and were 40 columns wide
The latest version of
Logical Domains (LDoms) software has been released.
LDoms 1.2 adds the following new features:
- Support for CPU power management
- Support for jumbo frames
- Restriction of delayed reconfiguration operations to the control domain
- Support for configuring domain dependencies
- Support for autorecovery of configurations
- Support for physical-to-virtual migration tool
- Support for configuration assistant tools
The LDoms 1.2 download page is
here. Need help getting LDoms set up? Download the
Beginner's Guide to LDoms.
LDoms 1.2 requires running Solaris 10 05/09 or OpenSolaris 2009.06 as the control domain
and is supported on the following systems:
- Sun SPARC Enterprise T5440 Servers
- Sun SPARC Enterprise T5140 and T5240 Servers
- Sun SPARC Enterprise T5120 and T5220 Servers
- Sun Blade T6300, T6320 and T6340 Server Modules
- Netra CP3060 and CP3260 Blades
- Netra T2000,T5220 and T5440 Servers
- Sun Fire or SPARC Enterprise T1000 and T2000 Servers
The latest System Firmware for these systems is also recommended. You can pick up the latest versions of the System Firmware from the
BigAdmin Firmware Download and Release History page. System Firmware 6.7.4 for UltraSPARC T1 systems and 7.2.2 for UltraSPARC T2 and UltraSPARC T2 Plus systems are the latest versions available for the above systems.
| TravelMuse.com
is a Web site dedicated to providing inspiration and end-to-end tools
for planning vacations. Visitors can book reservations and use
collaboration tools to make plans with others. In 2007, looking to
bring their product to market, TravelMuse began the search for a
high-performance IT architecture that was highly available,
affordable and flexible while supporting rapid growth, interacting
with third-party services, and supporting content in multiple
formats. |
|
TravelMuse
wanted to use
open-source
software supported by a third party. The company decided to build
its architecture with Sun technologies which initially included Sun
servers, the Solaris
10 Operating System, GlassFish
Enterprise Server Version 2, MySQL 5.0 Community Server, and Java EE 5. TravelMuse
simplified its IT administration by using products from a single
vendor while also taking advantage of the synergies that exist
between Sun products.
TravelMuse engaged NaviSite to
host its
hardware architecture and set up five virtual servers with Solaris
containers on a Sun
Blade 8000 Modular System with Sun
Blade X8400 server modules. TravelMuse also recently switched
from its initial third-party database administrator to the MySQL
Enterprise Platinum Edition with support services from Sun, a
move that reduced DBA support costs by two-thirds.
TravelMuse's choice of an
open-source
software solution saves the company an estimated $200,000 in
licensing costs each year, and reduces its hosting expenses by 50%
with Solaris Containers. The infrastructure has maintained 99.9%
availability while growing fivefold over the last six months. “The
Solaris 10 OS and GlassFish Enterprise Server are very stable systems
that basically don't go down,” says Cyril Bouteille, vice president
of engineering at TravelMuse. “If any issue does occur, the
Solaris 10 OS provides more troubleshooting tools than its
competitors.”
Check out the complete details here. |
Interesting slidecast with audio from the BBC on the history of computers in the valley. Runs about 5 minutes, so there's not much detail, but some interesting images.
Winer writes:
I predict a return to blogging as people discover the power of being able to finish a thought, and to link to another site without going through an intermediary. Once again people will discover the power of Small Pieces, Loosely Joined.
…and I think I agree that people will return to blogging — as I am doing — rather than Twittering, but for a series of reasons more complex than he avers:

This (above) is how I blog.
There are a variety of routes to navigate this diagram:
- I post a blog entry; this generates a tweet
- I tweet, this generates a blog entry
- Either of the above routes involve tweeting, which updates my Facebook status
- All tweets which were not generated by the blog, are rolled-up in a daily digest blog posting
…those are only four basic rules (for clarity I am leaving out blogs.sun.com, LiveJournal and LinkedIn, which sit under the “Aggregators” node) - but even if I have only two points of insertion (Blog/Twitter) I then have many places which I must “monitor” for comments; Facebook is the worst offender since I cannot (?) get ATOM feeds of status responses, so I must rely upon e-mail alerts, “Referer:” strings, GoogleAlerts / Searches and my memory; and then I anywhere I participate in a “conversation” I must continue to monitor them in order to pass feedback … juggling an ever-increasing number of chainsaws.
Again FB drops off my radar fastest, because I only truly use it as a distribution mechanism for Tweets, alas so many of my friends are there that quite lengthy comment-threads can occur, but not to be seen by anyone other than the permitted.
Friendfeed tried somewhat to address this, but it’s become just another silo. The problem is one of “silos” - data goes into one place but gets replicated everywhere (thank you, Dave) and then I/we lose track of it. A solution (possible the solution) to this is to disintermediate - have all my content on my blog, and have everything else be distributions of references/links back to it; but that risks being boring, think “truncated / partial content RSS feeds” and you’ll know why it’s boring.
I think the dispersion of data is part of the reason I have such a downer on Activity Streams which I see as the technological blogspace trying to ape Facebook’s “Status Updates”, rather than the other way round which is how I currently use Facebook. The specifications of Activity Streams are cute, and possibly even useful; but the direction in which they point implementors — further fragmentation of your digital footprint, the real extent of your “identity” as Adriana has explained — scares me.
So I believe that what you really will need is a Mine! - your own, literally your own personal silo. You decide who gets to see what. You hold the master copy for everything, and replication tends to wither away. No, it’s not going to replace Facebook or Twitter for everybody - if you’re reading this and thinking “this will never apply to me / I don’t have cascaded blogs / feeds / replication / what’s an aggregator / how will I back this up?” then you’re probably not my target market, and that’s OK.
But then, how recently did you get a blog? In the future, things might change…
More, later…
this posting is syndicated from dropsafe
Why, in the future, everyone will be blogging (again), and it’s not just what Winer said.
For this year's
Balisage in
Montreal, we (R. Dingwell, A. Gregorowicz, H. Sleeper, and myself) have been accepted
as a late-breaking proposal for our work on hData, which addresses some problems that
are currently plaguing electronic health records. Our session is scheduled on Thursday
at 11:00am. This is the abstract:
Title: hData - A Simplified Approach to Health Data Exchange
Interoperability issues have limited the expected benefits of Electronic Health Record
(EHR) systems. Ideally, the medical history of a patient is recorded in a set of digital
continuity of care documents which are securely available to the patient and their
care providers on demand. The history of continuity of care standards includes multiple
standards organizations, differing goals, and ongoing efforts to reconcile the various
specifications. Existing standards define a format that is too complex for exchanging
continuity of care information effectively. We propose hData, a simplified XML framework
to describe health information. hData addresses the challenges of the current HL7
Continuity of Care Document format and is explicitly designed for extensibility to
address health information exchange needs, in general. hData applies established best
practices for XML document architectures to the vertical health domain, which has
experienced significant XML-based interoperability issues.
As you might imagine, we will have to say a few things about identity, access, and
privacy management for electronic health records, as well. Looking forward to seeing
you there.
tags:
balisageConference09EHRHIThealth
carehealth recordshData
tinyarro.ws:
http://➡.ws/榾 (wood chip)
A summary of my more interesting recent twittering.
- Open Source kit to put Jesus on your toast
[link]
(via HackADay).
As kaj comments: The Father, the Son, and the Holy Toast.
- In case of fire, do not Twitter
[link]
(via Popurls).
- Twitter Users Heckle Hoekstra En Masse
[link]
Wild prediction here, but I bet @petehoekstra won't twit'ter
so much from now on.
- Pete Hoekstra's twitter gives Jon Stewart comedy fodder
[link]
(via Rebecca)
- Tried turning my blog into a Zine with zinepal
[link]
Needs work. Didn't include the images with each entry.
- The spawn of Twitter
[link]
Now an interactive version of the chart would be really impressive
(via Nat Torkington's blog).
- Mythbuster's Adam Savage's Maker Faire Saturday talk on Colossal
Failures which we missed
[link]
- 20 Creative and Unique Typefaces
[link]
Everybody will comment on #2, so why should I be different? Ouch!
(via @neilhimself)
- The Twitter Book
[link]
Lots of ideas for a great Twitter experience.
- Potential nominee for Parent of the Year award:
[link]
No idea if it's true.
(via PopUrls).
- Caffeine and your kid Three useful resources
[link 1]
[link 2]
[link 3]
[Technorati Tag: Links]
A summary of my more interesting recent twittering.
- The President of Brazil holding an OpenSolaris T-shirt
[link]
(via Kelly Nishimura)
- A Paper Craft Castle On the Ocean
[link]
(via @lbkwrm)
- Favorite Scrubs Episode (#100)
[part 1]
[part 2]
[part 3]
- Kid swaps his iPod touch with Sony Walkman
[link]
"It took me 3 days to figure out the tape had a 2nd side"
(via Alex Muffett)
- Miss Ellie - world's most ugly pedigree dog
[link]
I'm so glad we have a cute looking mutt.
- Dunking Devils (Basketball trick shots)
[link]
- Getting my iPod working with my Ubuntu desktop.
1st, fix the read-only problem
[link]
2nd, use Amorok to easily transfer music to the iPod
[link]
- Humor: Owls on drugs
[link]
(via @lbkwrm)
- An alarm clock for really heavy sleepers
[link]
Would hate to wake up in that with a hangover.
(via HackADay)
[Technorati Tag: Links]
The OpenSolaris community team had a very busy but productive time at CommunityOne in June. We organized four speaker tracks on OpenSolaris that I wanted to share with you all. Here are the sessions with links to some great OpenSolaris presentations with the latest OpenSolaris 2009.06 content. Enjoy!
Monday, June 1
- view the live video streams
Developing ON OpenSolaris |
Speaker |
Managing OpenSolaris |
Speaker |
General Operating System/Platform Track |
Speaker |
|
S304128 Developing on OpenSolaris
[ODP] [video]
|
Dave Miner, Nick SolterOpenSolaris Bible
- authors of
|
S308358 - What's New in the OpenSolaris™ 2009.06 Operating System [ODP] [video]
|
Pete Dennis
|
S311837 Becoming a ZFS™ File System Ninja, Part 1
|
Ben Rockwood
|
|
S303999 Measuring Performance with Sun™ Studio Tools
[PDF] [video]
|
Marty Itzkowitz
|
S304129 - Becoming an OpenSolaris™ Operating System Power User [ODP] [video]
|
Dave Miner, Nick Solter
|
S305066 Moving Forward: High-Performance Application Development in a Multicore World
|
Tracy Carver, Jim Falgout, Brian Goetz,Don Kretsch,Patrick Leonard, David Maples
|
|
S303951 Testing Applications with VirtualBox
[video]
|
Brian Leonard
|
S308359 - Built-in Virtualization for the OpenSolaris™ Operating System: Containers, Sun™ Logical Domains (LDOMs), and xen [PDF] [video]
|
Jerry Jelinek, author of OpenSolaris Bible
|
S304985 OpenSolaris™ Operating System and Intel: Innovation Unleashed
|
Bob Kasten
|
|
S308357 Observing Applications with DTrace
[PDF] [video]
|
Angelo Rajadurai
|
S304607 - Open Networking with Crossbow[video]
[ODP]
|
Sunay Tripathi
|
S304087 Leveraging the ZFS™ File System for Blazing-Fast Backups of the OpenSolaris™ Operating System and MySQL™ Database
|
Paddy Sreenivasan
|
|
Afternoon Break
|
|
|
|
|
|
|
S308356 Probing Database Applications with DTrace Probes
[PDF] [video]
|
Robert Lor, Martin MC Brown
|
S304261 - OpenSolaris™ Secure Deployment: Role-Based Access Control and The Cryptographic Framework
[PDF] [ODP][video]
|
Christoph Schuba
|
S311742
Lightning Talks, Part 5
|
|
S304147 Porting Applications with the OpenSolaris SourceJuicer
Diving into the SourceJuicer
[PDF]
Porting Using SourceJuicer
[PDF]
[video]
|
Jim Walker, Christian Kelly, Dermot McCluskey
|
S304013 - Open Storage with the Solaris ZFS™ File System and COMSTAR[video]
[PDF]
|
Scott Tracy, Dan Maslowski
|
S304289 Building C/C++/Fortran Applications on the OpenSolaris™ Operating System and Linux
|
Don Kretsch
|
Tuesday, June 2
Developing IN OpenSolaris
|
Speaker |
Deploying OpenSolaris in Your Datacenter |
Speaker |
| Inside OpenSolaris: The Developer View |
Mark Nelson, Sun |
|
|
| Secure Programming |
Scott Rotondo, Sun |
|
|
| Secure Programming, cont. |
Scott Rotondo |
Deploying OpenSolaris in your Datacenter |
Chris Armes, Sun |
| Device Driver Overview |
Max Bruning, Bruning Systems |
Becoming a ZFS Ninja |
Ben Rockwood, Joyent |
| Porting Linux USB Drivers to OpenSolaris |
Max Bruning |
Becoming a ZFS Ninja, cont. |
Ben Rockwood |
| OpenSolaris Kernel Debugging |
Max Bruning |
High Availability with OpenSolaris |
Nick Solter, Sun |
| Diving into the OpenSolaris Source Juicer |
Jim Walker, Christian Kelly, Dermot McCluskey, Barry Cheshire, Sun |
Application consolidation with OpenSolaris Containers |
Jerry Jelinek, Sun |
|
|
Crossbow BoF Networking in the Cloud [PDF], Ben Rockwood |
|
More details at the OpenSolaris@CommunityOne Schedule website.
Been mucking around with the ipodtouch having rescued it from the family for the last week. I
have been subject to the "can't find your location" feature while at home. Google
points me at Skyhook Wireless' site at GetSatisfaction and I discover that like
Plazes, it uses a database solution, in this case run by
Skyhook, who explain
how it works on their site. This means
that you need to be connected to the net to discover your location, but since
that's true of the map application, its not too onerous a constraint.
For a 'touch, I need to find out my router's MAC address, which is harder than I'd
like; it doesn't seem to display in the control panel. I was pointed at
NetStumbler, but it has to run on an
operating system it supports with wireless. NB this seems to exclude Vista 64
and obviously in retrospect my desktops, so on my third install I finally
discover the address and use it to
update SkyHook's
database. I need my Longtitude and Latitude for this, which I have never
bothered to record, so I used
http://www.streetmap.co.uk
to get this because its easy.
I had to wait ten days, but its working now.
tags: technology ipodtouch apple
network skyhook maps
location
I really should have posted this quite some time ago, but between getting the OpenSolaris 2009.06 release out, speaking at CommunityOne, speaking at the OpenSolaris user group in New York, and trying to sleep once in a while, it's been a little tough to keep up. Anyway,
Nick and I are giving a three-hour
OpenSolaris tutorial at
OSCON 2009 on July 21. Looking at the content draft, we've probably got more like five hours of material, but we'll figure out how to cram most of it in. Even if you've read
OpenSolaris Bible you're likely to learn a lot, as a fair amount of the material is on technology that's not covered in the book, such as
Crossbow and the
Automated Installer. I'm also expecting to spend some time wandering around at the conference, so hope to see you there!

The reson for upgrading my Virtual BOx config is to install a Red Hat Centos image. I chose 4.7 because this seems jolly popular within the hosting community and I need a new host for my web servers. Two pieces of advice
- Download the x86 DVD image, I couldn't see how to use the multiple disk images with Virtual Box.
- It installs an SMP and uniprocessor version and grub is configured to start the SMP version as default. This thread, entitled CentOS 4.7 guest won't start, suggests that one should configure PAE/NX=on for the SMP image. This is not the default. Anyway works for me.
Now I need a manual to help through all those little differences between it and Ubuntu. Is been a couple of years since I played with Red Hat's Linux.
tags: technology virtualbox linux centos guest install
The presentations that Adriana and I did for The Mine! Project’s Google Tech Talk at the Google Campus earlier this year are now posted on the blog; I apologise that the audio on the first video is not original and had to be re-recorded, this was due to hardware issues* on the day.
In the first video, Adriana deals with the user perspective of the Mine, and why it is being created; the second video is me reviewing the technical goals and talking about the implementation.
Each video is about 20 minutes. Bon appetit.
–
*i forgot to turn the camera on until way too late. mea culpa.
this posting is syndicated from dropsafe
The Mine! Project - Google Tech Talk Videos #themineproject #vrm
Here are some quotes about running Rails applications on
GlassFish from
user@jruby
mailing list:
I find the glassfish gem
to be the most performant of all -- and I don't need to war-up my app.
I also have some mongrel
cluster stuff, but glassfish is simpler and just works.
Voila...blazing speed,
can handle lots of traffic. Note that I am also cominging into apache
from a dyndns name. So, whatever IP I have, I can go straight to
execution on the glassfish gem and NO warring up! What could be easier
deployment, or a faster execution?
It's running fantasticly
and performing like nothing I've seen before :) Completely stable
memory, no wirings or anything bad for 5 days now.. (with several
ab/htperf stresstests).
It's always exciting to get good endorsements of our efforts in the
GlassFish team :)
Other similar stories for using Rails/GlassFish in production are
described at
rubyonrails+stories.
Technorati: glassfish
v3 gem rubyonrails
stories
jruby
I have reduced the number of tags available in the banner. You can still use Google, or the Yesterdays Words page here which has a number of search tools for this blog.
And with one might bound he was free..................
I downloaded Virtual Box 2.2.4 a couple of days ago, but when I tried to install it on my XP SP/3, the install process failed and rolled back. This trouble ticket, #3701 details how to fix the windows registry which was damaged at v2.2.0.
Thanks to those who helped me find it.
tags: technology virtualbox windows "xp sp3" windowsxp install
I've just heard that the deadline for submitting proposals of presentations for the LDAPCon has been extended by a week.
if you're involved with LDAP in interesting project and you want to share your experiences, your innovative concepts... please check the "Call for Papers" and submit a proposal. Don't wait, a week is not much and it's better to do it now than realize the deadline is already over ;-)
The second edition of the International Conference on LDAP (LDAPCon) will be held on September 20th and 21st, 2009 in Portland, Oregon, USA, just before and at the same location as LinuxCon 2009.
Technorati Tags: conference, ldap, ldapcon
Another book arrived for the input stack this morning: “The New School of Information Security” by Adam Shostack (hi, Adam) and Andy Stewart.
First impressions: for the price I paid, I was thinking it would be somewhat larger - sort of “Security Engineering, Second Edition”-size. Instead it’s closer to a “this slim volume…” size.
It looks like it’s a two-day read, but there’s a lot in the queue before it, so check back in a couple of weeks - I also have “Masterminds of Programming”, “Perennial Vegetables” and a swath of Python documentation to plough through first, as well as a refresher of the aforementioned Anderson book.
this posting is syndicated from dropsafe
New Book: The New School of Information Security
This has been interesting to follow on Twitter from the point of view of the instigator.
Wales has a legacy of a sizable subset of politicians who
- Don't use technology more advanced than a hand driven egg whisk
- Don't understand why other people might find technology more advanced than an early 1990's tractor (and nothing wrong with early 1990's tractors, but electrics rather than electronics) useful or necessary
A position which persists at all levels to this day. I can demonstrate the above in the evening of any 3rd tuesday of the month which will leave you in no doubt a lack of technology awareness is inhibiting economic and social progress in Wales.
So it is really nice to see a politician enthusiastic about demonstrating the utility of technology to engage with the wider population. Engaging with the wider community who are not paid up Plaid Cymru members is still a bridge the party has to cross, but appear to be a few pages further forward than the big 3 in the UK.
Got the Wrangler back with a new clutch assembly today. Not bad - 137,800Kms on one clutch, with lots of heavy offroading use.
It's due another service on 1,000Kms and it looks like I'll need a new water pump, two new engine mounts and possibly a fix to stop coolant leaking from somewhere. That's going to be another 2,000Dhs or so.
Still, it's definitely worth keeping it running for now. I'm hoping these fixes will mean another couple of years of trouble (and cost) free driving. It's been a while since I did anything other than service the Wrangler, so I suppose I should be grateful. As long as it doesn't leave me stranded, it still makes sense to pay for servicing and the odd fix, as opposed to buying a newer car, something I can't afford to do right now. Plus, I don't want to swap this Wrangler for a newer one - more comfy, but this one is clearly a better desert performer.
When I was picking the Jeep up from Triple AAA Garage today, I noticed these cool photos on the wall (and snapped them via my phone, so apologies for poor quality).
How do you get a London bus into the desert, for a Dr Who episode?

You use a large rescue truck from Triple AAA -


Pretty cool!
Triple AAA appear to have everything you need for when you get stuck in the desert. This Hitachi caterpillar thing looks quite cool. I just hope I never have to use it.

One final picture.
This is Zighy Bay, which now hosts a 5 star spa and is no longer publicly accessible. It used to be one of the scariest drives in the area. I used to love driving up and down - very steep and very rough. Although I gave myself a fright several times, I'm glad to say I came nowhere near this sort of a situation -

In order to help developers and engineers meet the challenges posed by parallel programming, Sun Microsystems is offering a series of seminars called "An Introduction to Parallel Programming" discussing parallel programming as a fundamental of application development. In this episode, Sun's Ruud van der Pas kicks things off with a presentation on performance tuning.
For more information on HPC Application Development, check out this helpful Developer Resource page.
It all started today by a conversation with a colleague on our long experience with LDAP and Directory Services...
I told him that I've started my carrier as a developer in the X.400 domain. In my first job, for a French startup called E3X, between 1991 and 1995, I've wrote 3 different versions of a P7 Message Store for the UCOM.X400 product line. Along the same dates, I've also been involved a little bit with X.500. One of the things that I've done, was using our UCOM.X500 product to store information about some restaurants in the Sophia-Antipolis area, so that we could search and choose one whenever we had visitors coming. The data included beside the usual address and phone number, the type of food, opening hours, whether reservation was necessary and so on...
The schema defined eventually got cleaned up and published as an internet draft by my manager at that time, Dr. Alain Zahm. You can find a summary of this internet draft at the very end of this page: http://choices.cs.uiuc.edu/uChoices/Papers/Proposals/92.MobileComputing/INDEX.
Minutes of IETF OSI-DS meeting in November 1992 also shows that the schema was discussed.
Now that all public and research X.500 servers have been stopped and decommissioned, there is no trace of this anymore. Google is too young to have references to this, and so is Yahoo. But I do remember that in the mid 90ies, whenever I was searching for my name, most of the results coming back were associated with some little known restaurants on the French Riviera !
In 1995, I joined Sun to work on the Solstice X.400 product and a year later, with I've started working on University of Michigan slapd code to produce Sun Directory Services 1.0, released in September 1997... the rest is history :-)
Technorati Tags: directory-server, ldap, Sun
Another great release of NetBeans IDE is available and as usually you can download it for free from netbeans.org. Since I was working on Kenai integration parts of this release I would like to highlight this functionality. Users can create projects hosted at Kenai on the top of the NetBeans 6.7 IDE and work with projects in NetBeans directly.
I have one notice related to the opening kenai projects (or searching projects) that might help you in case you are trying to look up some project available at kenai.com site: It is possible to use wildcards in the search string as you can see at the screenshot below.
|
Další skvělý release NetBeans IDE je na světě a jako obvykle jej zdarma můžete stáhnout na netbeans.org. Jelikož jsem pracoval Kenai integraci tohoto releasu, chtěl bych zdůraznit tuto funkcionalitu. Uživatelé mohou vytvářet projekty hostované na kenai.com rovnou z NetBeans 6.7 IDE a pracovat s nimi v přímo v NetBeans.
Mám jednu poznámku vztahující se k otevírání kenai projektů (jejich vyhledávání), která by mohla pomoci v případě že potřebujete najít nejaký projekt dostupný na kenai.com:
Při hledání je možné používat wildcards, jak je vidět na screenshotu nahoře.
|
I recently learned about a company that's been around for a couple of years called
spigit, and a fascinating piece of software they produce. If you're familiar with the term "
decision market" or with the book "
The Wisdom of Crowds" then you have a great headstart understanding what they do. If you haven't encountered the term or read the book, I'd explain it like this: the problem they solve is how to harness the brainpower any large company or community has in solving problems. I'll use an example to try to explain what they do.
Suppose you are running a record company and you want to pick next year's musical artists to produce. There are thousands of musical acts you could go with but you want to make the best few choices you can, because you can only fund a relatively small number out of those thousands. In your record company, you've got all kinds of people who know a lot about their piece of the music industry. So what you do is to use spigit to create a sort of a game: anybody can suggest an artist for the company to produce. The person who suggests an artist posts to the spigit collaboration site with whatever info she wants to post that will get people to vote yes on that artist. Other people can vote yes or no on that artist; they can post additional information about that artist (maybe a reason why to support or not support that artist). Anybody can participate; you end up getting a wide variety of opinions from all around the company, ultimately ending up in a ranked list of artists that the company can produce.
In the meantime, people are voting on artists but also on the opinions and suggestions of other employees, so that employees build up a reputation within spigit. The higher your reputation, the more your votes tend to count. Reputation can go up or down; you can build up your reputation but you can also ruin it.
There's a lot more to spigit, but this is the basic idea. The application does a nice job of combining current web 2.0 kinds of technologies and adding the concept of prediction / decision markets. It's worth checking out if you want to make the best use of the collective intelligence of a community of people.
It looks like there are some
open source prediction market packages as well; I'll have to check those out and see what they can do compared with spigit.
Powered by ScribeFire.
I was editing some pictures (which I organize per-month) and realized that
there were a ton in the June folder that I’d been meaning to run, and now it’s
not June. So let’s populate the first few days of July with some of ’em.
First, musical faces of
Car-Free Vancouver Day.
The first is self-explanatory.
The second is a few blocks north;
DRMHLLR,
a spacey sort of jam band, was playing really loud. I was
pushing my little toddlergirl and she’s usually pretty sensitive, always
telling me to turn down the rock & roll in the car. But as we rolled up
she seemed fascinated, so I bashed a couple of bystanders with
the stroller to get a front-row spot. She just leaned back and went with the
groove; I have high hopes for the girl.
That Car-Free day, it’s OK by me. This is on Main
and there were thousands and thousands of people
there; interesting shopping, good eats, cool beats, and fun people to look
at.
The glass on
that parchment had
broken in transit, so I’d dropped it off at a framing shop on Main for
repairs. I wheeled my ice-cream-stained daughter out of the
crowd into the shop, and he told me he’d done a huge amount of walk-in
business and spent the rest of the day enjoying the show. What’s not to like?
Can we do this every month in the summer?
this posting is syndicated from dropsafe
Twitter Updates for 2009-07-02
Product: Solaris 10 Operating System OpenSolaris
A patch regression in Solaris kernel udp(7p) may cause certain Solaris Trusted Extensions
configurations to panic at boot time, making the system unavailable.
This issue may also allow remote or local unprivileged users to panic
the system, thereby causing a Denial of Service (DoS) to the system as a whole.
State: Resolved
First released: 30-Jun-2009
Product: Solaris 10 Operating System OpenSolaris
A security vulnerability in the Solaris NFSv4 Server Kernel Module 'nfs_portmon' tunable may allow certain remote unprivileged users to gain unauthorized network access to share resources, thereby allowing those users to access (read and write) arbitrary files.
Sun acknowledges with thanks, Anton Lundin for bringing this issue to our attention
State: Resolved
First released: 30-Jun-2009
It's my birthday today, got a of calls/emails/twitters/sms's (the variety of technologies seem to be increasing every year) today. Many thanks to all of you, who wished me. Its been fruitful year, both professionally and personally !! I am looking forward to this year, lots of momentous changes (hint: the Sun-Oracle thing) seem to be in store this year.
I could not resist commenting on one thing. I go to a restaurant, which is part of a chain of restaurants. On my birthday, I get no less than 10-12 emails from the same group, and the same email from them.
The email format is like this:
From: feedback@abcgroup.in
reply-to:babitaxxx@abcgroup.in
to manixxxxx@gmail.com
date Thu, Jun 25, 2009 at 3:17 PM
subject Happy Birthday!
Dear Mani,
We at the ABC Group would like to wish you in advance a very Happy Birthday!
To make this day more special for you, we invite you to celebrate your Birthday at
any of the ABC outlets listed below...
Do call to make your booking with our customer relations executive on 4111xxxx/4111xxxx.
(Office hours - 10am to 5pm), who will arrange your table at any of the ABC outlets.
Thanks,
xxxx
Vice President (Operations)
My email id is the same, the names are a little different. Its sometimes, mani, manikandan, mani chandra etc etc. This is precisely, one of things, where a product like Project Mural , can be a good fit, with its Master data management and ETL capabilities. I hope to send an unsolicited solution document to them shortly
If you are considering building an experimental apparatus filled with liquid hydrogen, you might want to keep the following incident in mind:
Deep within the bubble chamber, the inner beryllium window had shattered along a microscopic imperfection in its surface. Splintering outward, the inner window fragments blasted open the outer beryllium window accompanied by the pressure wave of the expanding hydrogen. Within half a second, the laboratory floor was bathed with some 400 liters of turbulent, burning hydrogen. Ignited when the outer window failed, the fire burned wherever the hydrogen and air were mixed. Seconds later, a fierce explosion ripped through the laboratory, strong enough to blow the 31,000 square foot laboratory roof 10 feet into the air. As it crashed back down, roof material cascaded onto the floor and began to burn, raining down hot tar. Now other areas erupted in flames as the soft soldered joints melted in the tubes that linked large quantities of liquid petroleum gas, as well as other combustibles. (Galison, Image & Logic, pp. 356–357.)
Fortunately, it was shortly after 3am, so not many people were around, and only one person died. The most dramatic survival:
One graduate student had managed to crawl into a space between the bubble chamber electronics room and the south wall. Unable to escape further because of his injuries, he remained there until the fire seemed to be closing in. Radioing an ambulance to the east exit, the deputy fire chief, an engineer, a cryogenics expert, and some firemen hacked their way to him and brought him out on a stretcher. (p. 359)
And the end of one eyewitness report:
“I did not consider 80 PSI as extremely serious at that instant since all the peripheral systems are capable of easily handling such a pressure. At this point I turned to check the pressure in the Bubble Chamber to make sure that it was not rising excessively. I never did see the Bubble Chamber pressure gauge.” (p. 356)
If a certificate is issued with a authority information access extension which indicates the OCSP access method and location, one can enable the default implementation of OCSP checker during building or validating a certification path.
Maybe you need to check your certificate firstly, in the purpose of making sure it includes a OCSP authority information access extension:
#${JAVA_HOME}/bin/keytool -printcert -v -file target.cert
You are expected to see similar lines in the output:
#3: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://onsite-ocsp.verisign.com]
]
In the above output, "http://onsite-ocsp.verisign.com" indicates the location of the OCSP service.
If you find one of similar authority information access extension in your certificate path, you need to enable OCSP checker.
For Sun PKIX implementation, OCSP checking is not enabled by default for compatibility, note that enabling OCSP checking only has an effect if revocation checking has also been enabled. So, in order to enable OCSP checker, first of all, you need to active certificate revocation checking; then active OCSP checking. It is simple and straightforward, only needs a few lines.
PKIXParameters params = new PKIXParameters(anchors);
// Activate certificate revocation checking
params.setRevocationEnabled(true);
// Activate OCSP
Security.setProperty("ocsp.enable", "true");
After that above two configurations, the default Sun PKIX implementation will try to get certificate status from the OCSP service indicated in the authority information access extension. For the above example, "http://onsite-ocsp.verisign.com" is the OCSP service. The enabled Sun OCSP checker will send certificate status request to the service, get response, and analysis the status from the response, if the status is revoked or unknown, the target certificate would be rejected.
Here is a sample code I wrote help you test your certificates and OCSP service, hope it helps.
/**
* @author Xuelei Fan
*/
import java.io.*;
import java.net.SocketException;
import java.util.*;
import java.security.Security;
import java.security.cert.*;
public class AuthorizedResponderNoCheck {
static String selfSignedCertStr =
"-----BEGIN CERTIFICATE-----\n" +
// copy your trust anchor certificate here, in PEM format.
"-----END CERTIFICATE-----";
static String trusedCertStr =
"-----BEGIN CERTIFICATE-----\n" +
// copy your trusted enterprise certificate here, in PEM format.
"-----END CERTIFICATE-----";
static String issuerCertStr =
"-----BEGIN CERTIFICATE-----\n" +
// copy the intermediate CA certificate here, in PEM format.
"-----END CERTIFICATE-----";
static String targetCertStr =
"-----BEGIN CERTIFICATE-----\n" +
// copy the target certificate here, in PEM format.
"-----END CERTIFICATE-----";
private static CertPath generateCertificatePath()
throws CertificateException {
// generate certificate from cert strings
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream is =
new ByteArrayInputStream(issuerCertStr.getBytes());
Certificate issuerCert = cf.generateCertificate(is);
is = new ByteArrayInputStream(targetCertStr.getBytes());
Certificate targetCert = cf.generateCertificate(is);
is = new ByteArrayInputStream(trusedCertStr.getBytes());
Certificate trusedCert = cf.generateCertificate(is);
is.close();
// generate certification path
List list = Arrays.asList(new Certificate[] {
targetCert, issuerCert, trusedCert});
return cf.generateCertPath(list);
}
private static Set generateTrustAnchors()
throws CertificateException {
// generate certificate from cert string
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream is =
new ByteArrayInputStream(selfSignedCertStr.getBytes());
Certificate selfSignedCert = cf.generateCertificate(is);
is.close();
// generate a trust anchor
TrustAnchor anchor =
new TrustAnchor((X509Certificate)selfSignedCert, null);
return Collections.singleton(anchor);
}
public static void main(String args[]) throws Exception {
// if you work behind proxy, configure the proxy.
System.setProperty("http.proxyHost", "proxyhost");
System.setProperty("http.proxyPort", "proxyport");
CertPath path = generateCertificatePath();
Set anchors = generateTrustAnchors();
PKIXParameters params = new PKIXParameters(anchors);
// Activate certificate revocation checking
params.setRevocationEnabled(true);
// Activate OCSP
Security.setProperty("ocsp.enable", "true");
// Activate CRLDP
System.setProperty("com.sun.security.enableCRLDP", "true");
// Ensure that the ocsp.responderURL property is not set.
if (Security.getProperty("ocsp.responderURL") != null) {
throw new
Exception("The ocsp.responderURL property must not be set");
}
CertPathValidator validator = CertPathValidator.getInstance("PKIX");
validator.validate(path, params);
}
}
NetBeans 6.7 is here for you.
NetBeans 6.7 is here for all kinds of developers to download and use.
http://www.netbeans.org/downloads/index.html
It is easy to start build application from simple Java SE IDE 47MB to the All bundle 259MB download size.
Netbeans IDE Download Bundles for all bundles include Java SE,Java Web and EE, Java ME, Ruby, C/ C++, Groovy, PHP and it even included the Sun GlassFish Enterprise Server which based on the Open Source GlassFish.
Java SE
Essential tools for programming in Java, including an editor, debugger, profiler, refactoring support, and award winning drag-and-drop GUI design tool.
Java Web and EE
Tools for creating Java web and enterprise applications compatible with J2EE 1.4, and Java EE 5 specifications. Includes support for servlets, JSPs, tag libraries, Spring, Struts, Java Persistence API, Enterprise Java Beans, JAX-WS and RESTful web services, and Java Server Faces. Provides visual drag-and-drop application development environment.
Java ME
Comprehensive tool set for creating Java Micro Edition applications for cell phones and portable devices. Includes visual designer, web services connection wizard, and tools for handling device fragmentation problems.
Ruby
Complete tool set for creating Ruby and Ruby on Rails applications. Includes JRuby interpreter, Ruby on Rails framework, powerful editor, debugger, gem manager, and interactive Ruby shell. Supports easily creating, modifying, and running Ruby on Rails applications.
C/C++
Tools for developing C and C++ applications. Includes project templates, support for existing projects, advanced editor, debug support, and makefile wizard for configuration management.
Groovy
Provides support for the Groovy language and the Grails framework.
PHP
Tools for developing PHP applications, including PHP editor and debugger, project management, integration with Apache server, support for MySQL and other databases, FTP upload and download, JavaScript support and other features.
Sun GlassFish Enterprise Server v2.1
The Sun GlassFish Enterprise Server v2.1 is a Java EE 5 platform-compatible server for the development and deployment of Java EE applications and Java technology-based web services in large-scale production environments.
Sun GlassFish Enterprise Server v3 Prelude
Sun GlassFish Enterprise Server v3 Prelude is a commercially supported offering for GlassFish v3 Prelude, an open-source, lightweight Web 2.0 development and deployment platform. GlassFish Enterprise Server v3 Prelude is ideal for deploying rich Internet applications backed by Java or dynamic languages such as JRuby.
Apache Tomcat 6.0.18
Open source web container for Java Servlet and JSP specifications.
For JavaFX - Available only with NetBeans 6.5.1Start developing with NetBeans IDE and JavaFX technology for building,previewing, and debugging JavaFX applications.

もう7月ですね。前回
6月4日からのアップデートです。mixi や twitter している方は是非参加してください!
twitter は
金内さんが NetBeans 6.7 の正式リリースで描いてくれたのを背景画像に使わせてもらいました。ありがとー!うきゃー!
July 01, 2009
July 1st 1999 was a day that forever changed my life. It was the day I joined Sun. So today this is exactly 10 years ago... I thought it would be nice to share some thoughts because of this.
I joined when the "dot com boom" was at its highest. I remember Sun NL alone welcomed 20-30 new employees each month for several months in a row! (I also remember I was too late at my second interview because my oldest son was born between my first and second interview and I overslept... my manager-to-be at the time grinned, left me with the account manager of the team I was to join and returned a few minutes later with a teddybear wearing a Sun T-shirt. So much for a first impression!
)
Two years later, the dot com bubble had imploded and many people were made redundant (this is one of the best understatements in the English language I know of). I must have done something right because I could stay... which made me a Happy Camper because I already had become sort of addicted to Sun.
In the years following I had the change to develop myself towards a more in-depth, specialized pre-sales consultant. I did a lot of different things: HA specialist, being responsible for part of our local lab, Solaris,... this was also the time where two major things happened. First I was given the opportunity to join the "Datacenter Practice" (that has now sort-of evolved into the Systems LOB). And second, I was asked to become Operating Systems Ambassador for Sun NL -- a role I still have and love.
Looking at the more softer skills I learned to present and became to love that too. Maybe it's because my father is a teacher, but the combination of understanding complex technical issues, mapping those towards the meaning for a particular customer, and explaining that combination to people is what I like best. And the many sales trainings I got do help here too! 
So here I am today: 10 years older but (as I feel it) at least 25 years wiser. And all this because of the fine people that work at Sun, the many opportunities I got, the challanges I had to overcome and most of all: because I feel valued at Sun, with the freedom to be who I am.
There will not be another 10 years at Sun for me. The main reason being that I expect Sun to become (part of) Oracle ... Real Soon Now. I sincerely hope I can ride this new wave as well. I will do the best I can. And at the same time I do hope that somehow the "Sun spirit" and "Sun way of things" will survive and continue to exist within Oracle. Ideas like the Sun Microsystems Online Tribute surely help here!
One last paragraph. I do want to say a big Thank You to everybody at Sun that I've ever met, worked with, disagreed with, helped, trained, learned from and argued with. Together we make Sun what it is. You're all in my heart.
What tomorrow brings? I don't know. For me, it will be another working day at Sun, with new challenges, new customers, new experiences. I'll keep you posted!
While the need for security and integrity is well-recognized, it is less often
well-implemented. Security assessments and industry reports regularly show
how sporadic and inconsistent security configurations become for organizations
both large and small. Published recommended security practices and settings
remain unused in many environments and existing, once secured, deployments
suffer from atrophy due to neglect.
Why is this? There is no one answer. Some organizations are simply unaware of
the security recommendations, tools, and techniques available to them. Others
lack the necessary skill and experience to implement the guidance and maintain
secured configurations. It is not uncommon for these organizations to feel
overwhelmed by the sheer number of recommendations, settings and options. Still
others may feel that security is not an issue in their environment. The list goes
on and on, yet the need for security and integrity has never been more important.
Interestingly, the evolution and convergence of technology is
cultivating new ideas and solutions to help organizations better protect their
services and data. One such idea is being demonstrated by the Immutable Service Container
(ISC) project. Immutable Service Containers are an architectural deployment pattern
used to describe a platform for highly secure service delivery. Building upon concepts
and functionality enabled by operating systems, hypervisors, virtualization, and
networking, ISCs provide a secured container into which a service or set of
services is deployed. Each ISC embodies at its core the key principles inherent
in the Sun Systemic
Security framework including: self-preservation, defense in d