AdSense Mobile Ad

Thursday, October 29, 2009

Sun xVM VirtualBox 3.0.10 has been released

Today, October 29th, Sun released a minor update for its flagship desktop virtualization solution, xVM VirtualBox. The changelog of VirtualBox 3.0.10 is the following:
  • VMM: guest SMP stability fixes
  • VMM: fixed guru meditation with nested paging and SMP guests (bug #5222)
  • VMM: changed VT-x/AMD-V usage to detect other active
    hypervisors; necessary for e.g. Windows 7 XP compatibility mode
    (Windows & Mac OS X hosts only; bug #4239)
  • VMM: guru meditation during SCO OpenServer installation and reboot (VT-x only; bug #5164)
  • VMM: fixed accessed bit handling in certain cases (bug #5248)
  • VMM: fixed VPID flushing (VT-x only)
  • VMM: fixed broken nested paging for 64 bits guests on 32 bits hosts (AMD-V only; bug #5285)
  • VMM: fixed loading of old saved states/snapshots (bug #3984)
  • Mac OS X hosts: fixed memory leaks (bug #5084)
  • Mac OS X hosts (Snow Leopard): fixed redraw problem in a dual screen setup (bug #4942)
  • Windows hosts: installer updates for Windows 7
  • Solaris hosts: out of memory handled incorrectly (bug #5241)
  • Solaris hosts: the previous fix for #5077 broke the DVD host support on Solaris 10 (VBox 3.0.8 regression)
  • Linux hosts: fixed module compilation against Linux 2.6.32rc4 and later
  • Guest Additions: fixed possible guest OS kernel memory exhaustion
  • Guest Additions: fixed stability issues with SMP guests
  • Windows Additions: fixed color depth issue with low resolution hosts, netbooks, etc. (bug #4935)
  • Windows Additions: fixed NO_MORE_FILES error when saving to shared folders (bug #4106)
  • Windows Additions: fixed subdirectory creation on shared folders (bug #4299)
  • Linux Additions: sendfile() returned -EOVERFLOW when executed on a shared folder (bug #2921)
  • Linux Additions: fixed incorrect disk usage value (non-Windows hosts only)
  • Linux installer: register the module sources at DKMS even if the package provides proper modules for the current running kernel
  • 3D support: removed invalid OpenGL assertion (bug #5158)
  • Network: fixed the Am79C973 PCNet emulation for QNX (and probably other) guests (bug #3206)
  • VMDK: fix handling of split image variants
  • VHD: do not delay updating the footer when expanding the image to prevent image inconsistency
  • USB: stability fix for some USB 2.0 devices
  • GUI: added a search index to the .chm help file
  • GUI/Windows hosts: fixed CapsLock handling on French keyboards (bug #2025)
  • Shared clipboard/X11 hosts: fixed a crash when clipboard initialisation failed (bug #4987)

If you want to give VirtualBox a try, you can go and download the package for your platform of choice.

Sunday, October 25, 2009

A Tribute to a Nine-Time World Champion!

Valentino Rossi, Il Dottore (The Doctor), is MotoGP 2009 World Champion. 9-times World Champion, 7th as MotoGP driver, more than 200 contented race, more than 100 won races, more than 150 podiums and more than 150 pole positions. Valentino Rossi is a MotoGP legend and, possibly, the best driver in motorcycling history.

Congratulations, Valentino.

Saturday, October 24, 2009

Apple Discontinues Mac OS/X ZFS Project

One of the reasons I really love Solaris 10 (and OpenSolaris) is ZFS. I'm also running Solaris at home because of ZFS. I'd also thought about buying an Apple machine some day or the other but was waiting about ZFS being integrated into Mac OS/X. Well, it seems that the game is over:

Apple has posted a note on its ZFS project web page informing the users that the project is being discontinued. Apparently, there's a ZFS MacOS refugee camp (in their own words) on Google Groups.

I'm really sorry about that. ZFS is a great technology and it would have fitted very well on Mac OS/X, although it's (mainly) a consumer oriented Operating System. I was wondering about a ZFS-enabled Time Machine (sort of OpenSolaris Time Slider). Real cool, but it'll never be: rumors suggest that it was a political, rather than technical choice.

Nonetheless I think Mac lovers have lost the opportunity of running ZFS as their file system. As far as it concerns myself, a real argument about switching (at least the laptop) has just faded away and I think I'll keep on sticking with Sun Desktops and with some compatible laptop here at home.

Friday, October 23, 2009

Cookies best practices: Cookies, WebSphere, LTPA, Single Sign-On

Yesterday I had to debug a strange problem that was affecting our security infrastructure. It seemed as though, despite being transmitting a Single Sign-On token as a cookie to web applications, they couldn't gain access to some protected resources any more. We're using an IBM DataPower SOA Appliance to implement the user registry and the LTPA (Lightweight Third Party Authentication) token generation and the IBM WebSphere Application Server is configured to accept a Single Sign-on LTPA token. Nothing in the WebSphere Application Server configuration had changed and very little diffs were applied to our DataPower appliance in the testing environment. Despite the changed code was easy to double check, we immediately thought about a cookie-related problem and troubleshooting was straightforward, luckily.

I think it's worth describing what was going on because I often felt common misconceptions, or simply not enough knowledge, about cookies.

What a cookie is

Cookies were invented by venerable Netscape Corporation as a very first mean of providing some sort of state to an otherwise stateless protocol, such as HTTP is. Nowadays we're used to interacting with stateful web applications. That illusion is brought to us by some sort of an user session implementation in web and application server where such applications are run: as far as it concerns the web server, each one of the HTTP requests originating from our web browser isn't distinguishable to previous ones we might have done. The correlation is done on the server side by means of the information our browser (usually a session ID) sends along with the HTTP requests. Cookies were invented to solve this problem, although nowadays some application server may rely on other techniques: a piece of information our browser attaches on the HTTP request (in the form of a header). Cookies structure and behavior is described in RFC-2965.

Cookie behavior is pretty simple: they're simple text structure, they have a name, they might have an expiration date, they might specify whether they're meant to be sent on an encrypted connection only, they have a domain and a path and an arbitrary bucket of name-value pairs.

When the browser sends a cookie

Cookies, obviously, aren't indiscriminately attached to every HTTP requests originating from your browser. If a cookie is valid (has not expired) the browser send a cookie back with an HTTP request if the request is directed to the cookie domain to a resource contained in the cookie path. If a cookie's domain is, it won't be sent back with a request to because the domains differ. Nor will a cookie be sent to if the cookie path is /protected.

Pros and cons

Cookie domain and path are a powerful mechanism to isolate your cookie and avoid useless server resources' consumption analyzing cookie that are not used by specific applications. Setting a path correctly can help you avoid cookie attribute clashes (same name, domain and path) and restrict cookie usage only in the application that generates them. In the Java EE world, for example, an application could set a cookie's path to the context path of the Java EE web module so that the cookie is never sent to any other application. You might also decide to use a sub-path inside your own application to lower the request size, avoid processing of unnecessary information and lower the chances that cookies might be used in circumstances they weren't designed for. On the other hand, to implement basic inter-application communication, you might decide to just use the / path so that a cookie may be shared by more than one application in the same domain.

In any case, although this article is not about cookies security practices, I'll warn you against using cookies to store sensitive information, unless you implement the necessary precautions (for example, by using them on encrypted connections only).

The solution

The solution of our problem was trivial: because of a glitch, an LTPA token was being transmitted on a cookie whose path wasn't /. Being a Single Sign-On token in a Java EE environment deployed upon instances of IBM WebSphere Application Server, it was essential that the LTPA cookie was received by the application server when accessing protected resources of every application in the same realm. Setting the path to any other subdirectory was defying the Single Sign-On token purpose. WebSphere was correctly redirecting us to our corporate login page just because the cookie wasn't included in the request when jumping from one application to another.

Wednesday, October 21, 2009

HP Solution Center doesn't work in Windows 7

That's the only bad news after a flawless upgrade of a virtualized instance of Windows Vista Ultimate SP2 to Windows 7 Ultimate. The solution center refuses to start claiming that the device is not correctly set up.

I just checked HP website to see if HP Solution Center was available for HP OfficeJet 6500 on Windows 7 and, unfortunately, just a laconic one megabyte USERHPNDU_2017.exe file is present.

Users on HP Website report that reinstalling the Vista software on Windows 7 running setup.exe in Vista compatibility mode should suffice. I'll report on it. Meanwhile I tried to run the already installed software setting the appropriate compatibility flags but it keeps on complaining about an incomplete configuration.

Luckily, that's just a testing Virtual Machine. I wouldn't like to pay-so-much for a Windows upgrade just to discover, once more, that some of my hardware is not compatible.

Wednesday, October 14, 2009

Boot Configuration Data: removing boot options in Windows Vista

If you tweaked boot options in Windows versions earlier than Vista, you're probably familiar with boot.ini and friends. Today I wanted to give Windows 7 a try and launched the upgrade from Windows Vista Ultimate to Windows 7 Ultimate. Despite the compatibility check performed by the installer did not complain about anything, the installation failed: system restarts always ended with a BSOD. Fortunately, the system upgrade process left Windows Vista untouched and I could boot into it and remove stale installation files.

The last thing I had to remove were the boot options corresponding to the Windows Setup program. Windows Vista introduced a new boot loader architecture and a set of commands to interact with the storage system which holds the boot loader configuration: bcdedit. bcdedit is the Windows Vista equivalent of Solaris' beadm. This is good news: no more tweaking ini files.

To view the current configuration you can issue the following command (beware that you must run the bcdedit command in a command prompt run as Administrator):

bcdedit /enum

Windows Setup
identifier              {cbd971bf-b7b8-4885-951a-fa03044f5d71}
device                  partition=C:
path                    \$WINDOWS.~BT\Windows\system32\winload.exe
description             Windows Setup
locale                  en-US
inherit                 {bootloadersettings}
osdevice                partition=C:
systemroot              \$WINDOWS.~BT\Windows
nx                      OptOut
detecthal               Yes
winpe                   Yes

To remove the Windows Setup boot menu entry I issued the following command:

bcdedit /delete {cbd971bf-b7b8-4885-951a-fa03044f5d71}

and the job was done.

Sunday, October 11, 2009

Sun xVM VirtualBox v. 3.0.8 has been released

On October, 6th 2009 Sun Microsystems announced the release of a minor update to its flagship desktop virtualization solution, Sun xVM VirtualBox v. 3.0.8. As usual, you can check the changelog out at this address.

  • VMM: fixed 64 bits guest on 32 bits host regression in 3.0.6 (VT-x only; bug #4947)
  • VMM: fixed a recompiler triple fault guru meditation (VT-x & AMD-V only; bug #5058)
  • VMM: fixed hang after guest state restore (AMD-V, 32 bits Windows guest and IO-APIC enabled only; bug #5059)
  • VMM: fixed paging issue with OS/2 guests
  • VMM: fixed guru meditation in rare cases (2.0 regression; software virtualization only)
  • VMM: fixed release assertion during state restore when using the Sound Blaster 16 emulation (bug #5042)
  • Security: fixed vulnerability that allowed to execute commands with root privileges
  • Linux hosts: fixed runtime assertion in semaphore implementation which was triggered under certain conditions (bug #616)
  • Linux hosts: change the default USB access mode on certain distributions (bugs #3394 and #4291)
  • Linux hosts: on hardened Gentoo, the VBoxSVC daemon crashed by opening the VM network settings (bug #3732)
  • Linux hosts, Solaris hosts: pass the XAUTHORITY variable along
    the DISPLAY variable when starting a VM from VBoxManage or from the VM
    selector (bug #5063)
  • Linux hosts: use sysfs to enumerate host drives if hal is not available
  • Solaris hosts: fixed a bug which would hang the host sporadically as interrupts were not re-enabled everytime
  • Solaris hosts: fixed a kernel panic with bridged and host-only networking (bug #4775)
  • Solaris hosts: fixed incorrectly persistent CD/DVD-ROMs when changing them (bug #5077)
  • X11-based hosts: support additional function keys on Sun keyboards (bug #4907)
  • Mac OS X hosts (Snow Leopard): fixed problem starting headless VMs without a graphical session (bug #5002)
  • Mac OS X hosts: fixed problem listing host-only adapter names with trailing garbage (attached VMs won't start)
  • Windows Additions: now work with Vista 64-bit Home editions (bug #3865)
  • Windows Additions: fixed screen corruption with ZoomText Magnifier
  • Windows Additions: fixed NPGetUniversalName failure (bug #4853)
  • Windows Additions: fixed Windows NT regression (bug #4946)
  • Windows Additions: fixed VBoxService not running if no Shared Folders are installed
  • Linux Additions: implemented ftrunctate (bug #4771)
  • VRDP: start VM even if configured VRDP port is in use
  • Networking: the PCnet network device stopped receiving under rare conditions (bug #4870)
  • VBoxManage: implemented controlvm vrdpport command
  • iSCSI: fixed issue with NetApp targets (#5072)
  • SCSI: add support for virtual disks larger than 2TB
  • USB: fixed potential crash when unplugging USB2 devices (bug #5089)
  • NAT: IPSEC did not properly work with Linux guests (bug #4801)

Thursday, October 8, 2009

The iPhone as a gaming platform: the App. Store business model is the killer factor

I've been reading many articles about iPhone capabilities as a gaming platform: the last one I read, Wall Street Journal's Apple to Sony, Nintendo: Game Over man!, was quite clear.

Curiosity is a powerful driver and in a matter of minutes I found myself digging into the App. Store to choose a game to drive a quick test with. I chose Need For Speed Undercover. The quality of the game seems impressive to me. Rendering, music, responsiveness of the iPhone (it's a game whose user interface uses the built-in accelerometer): despite the size of the display, it seems like I'm running it with a last generation game console. No doubt. At the end of this articles Here are some NFSU screenshots, if you're wondering about its quality.

But the great news for me as an user, as Wall Street Journal pointed out, is not the fact that I'm handling a mobile device which, incidentally, is a great gaming platform too. This is just a technological accomplishment I could expect any other producer to achieve. The news is that I, who never owned a gaming console nor am planning to, bought a game. Let aside the initial investment to buy, for example, an XBox. Console games are traditionally priced at much higher a level than I paid for NFSU, yesterday. Moreover, you have to go and buy it. Even if you downloaded it, you should still need to burn it. Apple's App. Store model is the winner and killer here. Yesterday night I was laying in my bed with my iPhone, wondering whether I would keep on reading a book with Stanza. I thought about the WSJ article, I opened the App. Store, chose a game, clicked on it and... started to play! Right ahead, just after waiting just a couple of minute for the download to complete. I did not moved from there and was charged less than 4 Euros.

Game addicts may well say that the gaming experience is not nearly as equal as it is when using another platform. I have to agree, but that's out of topic. What strikes me most is the iPhone gaming experience as an end user, from the initial purchase. Easy, comfortable, handy, cheap! The App. Store, moreover, is a growing library of applications here at hand: sometimes, what's most difficult is not buying but choosing.

Developing Java EE applications for WebSphere AS with NetBeans

Chances are that if you're developing a Java EE application for IBM WebSphere Application Server, sometimes you'll need to use some IBM APIs to get the job done. If you're not using IBM's integrated development environment, you will have to add to your compilation classpath all the required libraries.

I'm a NetBeans fan and unless the customer explicitly prohibits this IDE, I always try to evangelize the developers working with me and switch to NetBeans. Lately, we've been developing a custom user registry and some login modules to plug into WebSphere Application Server: I definitely needed to link to WebSphere libraries.

To ease the switch to NetBeans from Rational Software Architect, I defined the library in my NetBeans and then distributed the definition of the NetBeans library, which simply is an XML file.

As you can see in this screenshot, the required libraries to work with WAS 6.1 are a good number and find themselves in a bunch of different WAS installation directories. In this case, I'm using the libraries of the WebSphere Application Server which is bundled with Rational Software Architect v. 7.0.

To distribute this definition to your fellow developers, you can just give them the library definition which you can find in the following directory (modulo NetBeans version number):


Since this library has been labeled WAS-6.1, the file name is WAS-6.1.xml.

The structure of such file is pretty intuitive, as you can see from this excerpt:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE library PUBLIC "-//NetBeans//DTD Library Declaration 1.0//EN" "">
<library version="1.0">

Should you need it, you can process it with a program, or even with grep and sed, and batch-apply any change you'd need. For example, since my development platform of choice is Solaris whilst my client's is Windows, I frequently have to modify such files to adjust the library paths.

I'm now developing flawlessly in NetBeans and deploying our applications, or even our plugin modules, on WebSphere Application Server. NetBeans hasn't any plugin, as far as I know, to produce IBM-specific deployment descriptors but we're not experiencing any problems: we just apply deployment customization using WAS' excellent administration console.

Wednesday, October 7, 2009

Why I manually manage my iPhone's music

The problem

I own a pretty large music library which is hosted on a dedicated ZFS file system. Access to UNIX clients is provided via NFS and access to Windows clients is provided via CIFS. So far, so good. The problem is that the library is huge, very huge: not only the number of files is high, but some files themselves are huge. Whenever I buy a new CD, I rip it and encode it with a lossless codec in order to store the sufficient information in the case I need to burn another copy of the CD. On the Solaris Operating System, I'm using FLAC to encode such files. Alongside these lossless-encoded files, I use to encode another copy of the files in an easier to handle format, more suitable to use with portable devices. In this case, I use to re-encode FLAC files with an MP3 encoder.

Keeping organized such a library isn't difficult and the only problem I had so far is expanding storage according to my needs and backing it up: since I'm using ZFS, I'm an happier (and a wiser) man.

The problem with iTunes and such kind of programs is that they don't fit very well in the big library and networked storage scenario. Starting iTunes would take long to complete and, moreover, network would be the bottleneck. I never liked such a waste of resources and this is one of the reasons I never, ever, used a program to keep "organized" my music library.

But, what's the matter with the iPhone? Well, the iPhone is a glorified iPod and we all know that Apple is so kind to not allow us to read or write files on our phone but using iTunes.

iTunes synchronization

The iTunes way is very simple and idiot-proof: the iPhone is kept in sync with your iTunes-managed libraries: music, videos but also contacts, application and so forth. Kept I all of my music in just one laptop, that would (probably) be great but as I told you that's not (fortunately) the case.

The first times I synchronized my iPhone I used to:
  • Adding files to my library.
  • Synchronizing the iPhone.
Unfortunately, if my laptop cannot access the CIFS shares where the music is, iTunes just sees missing files and your iPhone will be empty after the next synchronization. Not so good.

The following times I thought I'd better copy files locally, first, and then synchronize. Good! Well, no. Because, unless you leave those files there (forever!), you'd hit the same behavior I described earlier. Replicating seldom is a good idea. Replicating such a library, definitely is not.

That's the kind of idiosyncrasy I hate in an end user program. Or it isn't an idiosyncrasy at all and it's me who's a strange user. Anyway, that's why I switched to manually manage my iPhone files. No library synchronization. I just copy files from the CIFS share directly into the iPhone. Just as if it was a plain old phone. No stale files on my laptop to keep iTunes happy.

Sunday, October 4, 2009

(Poor man's) Web redirection using a servlet filter

A couple of months ago I bought another domain because we're just in the middle of a re-branding and, obviously, the domain name was one of the first things to choose. We will keep the old domain in order to ease the migration of the systems we're running. Migrating the web was easy but, nowadays, there's some people who's resisting the re-branding process and who's still using our old name and our old domain.

After consulting the company that hosts our old domain, they answered this: 2.5 Eur/Month for web and email redirection. Since we don't need mail redirection, paying a couple of bucks just to send a couple of HTTP headers seemed much to me, that's why I decided to do it myself.

Setting up Sun Java System Application Server on Solaris 10

First of all, I set up a new sparse and shared-IP zone. At the end of the installation I checked the startup script for the Sun Java System Application Server that ships with Solaris 10. If you need a Java application server, you'd better go and install the latest version. As I'm going to run just one servlet filter, using the bundled server seemed like fine to me.

The bundled server is installed in /usr/appserver and isn't either SMF-managed:

$ svcs S84appserv
STATE          STIME    FMRI
legacy_run     Mar_13   lrc:/etc/rc3_d/S84appserv

If you examine the startup script, you'll notice that it looks for domains installed in the /var/appserver/domains directory. Of such domains, this scripts starts those who configured the autostart feature, which is simply an empty file named [domain-dir]/config/autostart.

Creating a domain

To create a domain you need to use the /usr/sbin/asadmin command. In my case, I used the following command:

/usr/sbin/asadmin create-domain --domaindir /var/appserver/domains --adminport 4848 --adminuser admin --instanceport 8080 --savemasterpassword=true my-web

  • --domaindir /var/appserver/domains is necessary to create the domain in the directory searched by the legacy startup script.
  • --adminport and --instanceport are used to configure the ports used respectively by the admin console and the applications you'll deploy in this domain.
  • --savemasterpassword, or an equivalent technique, is necessary because the startup script is non interactive and cannot ask you about the master password.

Once the domain was done, I touched the autostart file to trigger the startup of the domain:

$ touch /var/appserver/domains/my-web/config/autostart

You can now start your domain by using the startup script:

# /etc/rc3.d/S84appserv start

To test your installation you can use your favorite browser to connect to the admin console on the port you specified (in this case, 4848) or to view the welcome file (on port 8080).

Creating a redirecting servlet filter

To redirect clients' HTTP requests to the new domains we just need to send a HTTP 301 status code (moved permanently) and the new location in the Location HTTP header. Omitting the boiler plate code of a standard Java Servlet filter, the code is just a two liners:

response.setHeader("Location", "");

Please note that the setHeader and the setStatus method aren't methods of the ServletResponse class: they're included into the HttpServletResponse class.

The last thing to do is mapping the filter in the web module deployment descriptor:

$ cat WEB-INF/web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4" xmlns="" xmlns:xsi="" xsi:schemaLocation="">

The application server bundled with Solaris 10 will complain with an not so intuitive "Unsupported minor.major 49.0 error" if you don't compile your application with a Java 1.4 compiler. Once this was done, you just have to deploy the web module into your server in the root (/) context path.

Setting up the network

The last part of the job was setting up the network. First of all, I removed the DNS A record identifying the www machine (which pointed to our hosting company web server) and substituted with a CNAME pointing to the machine of ours where I deployed the Java web module and then I configured our border router to map port 80 to the port where the Sun Java System Application Server is listening.

Manipulating URIs before redirecting

The filter described so far redirects a request to the root of an application to another URL. The basic problem with this example is that, if a client requests an URI beneath the root of an application, unless such URI is mapped to a valid resource into the application, the application server will return an HTTP 404 status code (not found). The filter semantics is such, indeed: they're executed before the request is handled by its target and, if it does not exist, they're not triggered at all.

To avoid such problems, if you want a catch-all redirection, or if you prefer to process the request before redirecting it, you can deploy a servlet and map it to the URIs you want to catch. And if you want to catch them all, mapping /* is all you need.

The final version of the web.xml of the web module I deployed is the following:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4" xmlns="" xmlns:xsi="" xsi:schemaLocation="">

A Virtual Hosts based solution

As I described in another post, if you're an Apache HTTP Server user, there's an out-of-the-box, more flexible and easier solution: Virtual Hosts.