My last blog in 2012: My 2013 wishes and predictions…

Last year I wrote a wish list and prediction for 2012 and this year I am going to do the same for 2013. So for 2013 in technology realm specially when focused on Java is as follow:

  • Java SE 8 will be an awesome release despite the Jigsaw setback.
  • Java EE 7 will bring more ease of use and clarity into the community.
  • GlassFish 4 will be awesome and and more people will benefit from it’s modular and extensible architecture…
  • In late 2013 NetBeans IDE 8 will rock!
  • IBM will push the idea of how cool Rational set of IDEs are and how good Websphere is and people will believe it until the are caught with no way to return.
  • RIM seems to be pulling it together and it is likely to keep its own operating system rather than adopting Android.
  • Google Chrome will continue eating other browsers marketshare as fast as browserly possible.
  • Some of the new cool boys in the JVM town that are claiming to be the next Java will vanish/start vanishing without any trace
  • I wish for a very thin and edge to edge tablet and cell phone on top of android so I could switch to another phone. This will be something that Google_Moto will do.
  • Maybe I see someone with a Windows Mobile phone somewhere other than advertisements.

What I wish for during 2013, unrelated to technology

  • No more war and instead of that some peace and quiet time around the globe.
  • No disasters like what we had in 2011 and instead some ground breaking scientific discoveries in medicine, energy and space travel.
  • No economy breakdown anywhere in the world.
  • To win more bets against my nemesis.

Other predictions for 2013 which I truly like to be proven wrong for some parts:

  • Iranian government will not go away and will not change to a sane governing body.
  • Pakistan army and ISI will continue supporting /training and harboring  Al Qaeda and Taliban and continue destabilizing Afghanistan southern and central provinces.
  • Iranian government will continue meddling in other countries affair specially in Afghanistan and Arab countries.
  • It is highly likely that Syrian dictatorship loose the battle for capital city and leave the capital but they will remain a player in the country and wreck havoc for the time being.

I wish everyone a happy new year with lots of joys and success.

GlassFish security book contest: Here are the lucky winners

Thank you all who accepted the challenge and took the quiz. Now it is time to see who are the luckier ones winning the prizes which are copies of GlassFish Security book. To give you an statistic about the quiz participants,

GlassFish Security Book

I had 156 participants. though some of them, maybe 20 – 30 are quiz result submitted more than once by some of the participants.

Before we jump to the list of winners, I should explain the questions which I posted in the quiz.  The questions I selected for the quiz are mostly based on chapter 3 of the book which is available for free in packt website.

So the questions, the answers and the explanation about each question are as follow.


1. Which one of the following statements is correct?

A. We can specify which security realm we want our web module to use in the sun-web.xml.
B. We can specify which security realm we want our web module to use in the web.xml.
C. We can use sun-application.xml to specify which security realm we want our enterprise application to use
D. B and C are correct.

We can use both the web.xml and sun-application.xml to specify the security realm. In the web.xml we use the login-conf element as shown below:

<login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>LDAP_Realm</realm-name>
</login-config>

And in the sun-application.xml we can specify the application wide security realm as shown in the following snippet.

<sun-application>
    <realm>LDAP_Realm</realm>
</sun-application>

The realm is an immediate child of the sun-application element.


2. Which one of the following statements shows new security features included in Java EE 6?

A. The programmatic login and logout methods in logout in HttpServletRequest interface.
B. Inclusion of @ServletSecurity Annotation to annotate a Servlet and enforce security.
C. Inclusion of the authenticate method in the HttpServletRequest interface.
D. All of the above.

Yes, all of this new features are included in Java EE 6 to enhance the security APIs and ease their use.


3. Where we should place the login-config element?

A. In web.xml
B. In sun-web.xml
C. In sun-application.xml
D. In A and C

The login-conf element goes to web.xml to specify the security realm and the authentication method. To see an snippet about this look at the explanation of the first question


4. What are j_username and j_password when it come to Java EE security?

A. These are two per-defined filed names which we must use in FORM authentication to pass the username and the password to the container.
B. These are two per-defined filed names which we must use in BASIC authentication type to pass the username and the password to the container.
C. Both of A and B are correct.
D. None of the above items.

To see some snippet about how we can have FORM authentication, you can take a look at the GlassFish security book chapter 3 which is freely available.


5. When we talk about security, which of the following sequences is more accurate?

A. Identification, Authentication, Authorization
B. Authentication, Authorization, Identification
C. Authentication, Identification, Authorization
D. Authorization, Authentication, Identification

‌Before we try to authenticate a credential we should receive a credential showing who the requester is claiming to be. After we received the credentials, we should check the credentials validity and finally after we find that the credentials are valid we can check the access level of the provided credentials.


And now the winners
The paper copy goes to: Bruno Antunes
First ebook copy goes to: Alireza Haghighatkhah
Second ebook copy goes to: Deny Wuysan

I have not received replys from some of the participants about their country of residence so I put them into the second list. I will contact the winners to coordinate the distribution of the copies with them.

I am looking for a way to have more contest about GlassFish security book in the coming month. Specially small 2 question quiz which the winner will receive a e-book copy of the title.

OpenSolaris Governing Board effort on turning some lights on OpenSolaris future

Well, After sometime that Oracle decided to keep complete silence, either on analog radio or via digital mediums, OGB (OpenSolaris Governing Board) which is a body of some experienced community member governing the community took action and called on Oracle publicly to decide about what it is going to do about the project.

Long story short, because of Oracle silence about what is going on behind the curtains community members turned restless of not knowing what will happen next which the piece of software they deployed into some of their customers server rooms. Some are looking to know when they can install the promised upgrade on the customer machines to reduce the disk space usage while other are ballistic not knowing whether they should go with OpenSolaris installations or they should turn to *BSD or Linux variants and give up on OpenSolaris.

These concerns raised many times in the mailing list to the point where “OpenSolaris is dead/ is dying” messages surpass all other technical discussions and Some of thees messages  seemed inappropriate enough for the Oracle staff to threaten that they are prepared to take action  up to “moderation and/or deactivation” of the list.

Jim Grisanzio: warning about mail on this list – [Tue Jun 29 16:43:47 UTC 2010]@ http://mail.opensolaris.org/pipermail/opensolaris-discuss/2010-June/057703.html

Recently there has been mail on this list that violates the website Terms of Use. Individuals are being warned. However, if this trend continues the Website Team is prepared to take action up to and including moderation and/or deactivation of the list. Please do not respond to hostile posts because that only escalates the situation.

Many more messages posted to the list with different comments and analysis of situation with Solaris/ OpenSolaris product and project.  These comments lead to another warning from Oracle staff:

Alan Burlison: Yet another warning about behaviour on this list – [Thu Jul 15 14:41:16 UTC 2010]@http://mail.opensolaris.org/pipermail/opensolaris-discuss/2010-July/058383.html

Despite repeated warnings, some people are continuing to badmouth each other on this list.  As explained previously, this is not acceptable. We’ve been warning people who have overstepped the mark, from this point on we won’t be doing that, we’ll just be immediately closing accounts and unsubscribing people from all of the opensolaris.org  lists.

If that proves ineffective we will consider other measures such as putting the list into moderation or shutting it down entirely.
Be quite clear, this unacceptable behaviour must stop, and now.

Apologies to the vast majority of the list members who clearly aren’t the cause of the problem.

The Oracle silence take long enough and the “OpenSolaris is dead/ going to die…” threads number and messages grow big enough to the point where OGB decided to weigh in and take action, but OGB has almost no control over anything these days and the only thing that they decided to do is calling on Oracle publicly and letting Oracle staff know that they are going to step down and resign from being the OGB if they have no power, official knowledge about what is the faith of the software that they are governing. @ http://wiki.genunix.org:8080/wiki/index.php/2010_07_12_OGB_Agenda

The OGB is keen to promote the uptake and open development of OpenSolaris and to work on behalf of the community with Oracle, as such the OGB needs Oracle to appoint a liaison by August 16, 2010, who has the authority to talk about the future of OpenSolaris and its interaction with the OpenSolaris community. Otherwise the OGB will take action at the August 23 meeting to trigger the clause in the OGB charter that will return control of the community to Oracle.

Now that OGB decided to publicly call on Oracle as a body of members elected by the community, Oracle need to send some response back. But what can be the response from Oracle? I think one of the following will happen:

  • Oracle will appoint a liaison and take part in the governance board, restructure it and assure community about the what is going on.
  • Oracle will act like nothing happened and no message like that has even been published but come forth with some resolutions at a later time after the ultimatum ended.
  • Oracle will come forth with some tanks and carrier class ships filled with Stark industries Iron Men and close down the project axing everyone posted harsh comments 😀

I believe the first alternative is what will happen despite some of the community members believe on some version of the last alternative and demolish of OpenSolaris.

My weblog is now migrated to its new location, kalali.me

I have been blogging for the past 4 years in my java.net blog which is now 301 redirected to its new home at kalali.me. In mid 2006 I joined Netcat 50, NetBeans quality asurance team for netbeans 5.0 release, and it was the starting point for me to get involved with Java community in more open way and lead to filing a request to get a weblog at Java.net.

The main reason and motive behid starting the blog was sharing my experience about NetBeans platform and java development but in years the blog grown up to a point where I post 6 chapters of my unpublished GlassFish book there and post many other long articles discussing Java EE and other topics including security and software architecture among others.

In the past 4 years, I post 74 blog entries and  my weblog served around 200,000 page views and 160,000 visits. Majority of visitors were using Linux and Firefox according to my, now deleted by mistake, google analytics data. The biggest referal site was Java.net itself where my weblog get promoted to the first page and google was the main search engine leading readers to my weblog.

What I will always remember from my Java.net blog is friends I found through the blog and the friendly community and staff behind Java.net and its infrastructure which were and are working around the clock to keep Java.net a professional environment for everyone involved and uses Java.net. Even when I was leaving Java.net they did not stop taking care of my request and kindly applied 301 redirects to all my current blog entries to redirect them to their new location, which in my opinion show how professional they act and think.

But the reason behind moving to my personal domain from the exceptional java.net hosting and community is the flexibility I need to keep all my content in the sam place instead of keeping some content on java.net blog and some other content on my personal website.

In the next few weeks I will include more pages to my new website including a page for my GlassFish security book to have a better communication channel with my readers and a new page for the book I am authoring now. My new website will include my photoblog as anothe part. I am not a professional photographer and I will look for comments and advices from friends and readers whom are more experienced on photography compared to what I know and experienced.

If  you are a reader of my weblog then you can follow me using the new domain and the new feed url. The new domain will serve readers and visitors in a more interactive and easy to find way.

Long live Java.net and its professional team.

Oracle is NOT taking back OpenSolaris, ZDNet Dana Blankenhorn got it wrong.

Once again the FUD around Solaris and OpenSolaris fate started to spread after Dana Blankenhorn misunderstood the licensing terms and used a eye catching and visitor increasing title, Oracle taking back OpenSolaris, for his blog entry. Well, from this article we can get that even the veteran writers can get things wrong and spread incorrect news 🙂

Folks, Solairs is one of the biggest Sun assets that Oracle is now own by taking over Sun . Solaris and OpenSolaris are going to be around in a much better shape than before because Oracle is betting its fight for the market share on this operating system to form a complete stack including storage, hardware, OS, middle-ware, support and so on.

Oracle may change the licensing terms for the Solaris OS, which is the Commercial distribution of OpenSolaris (with some added/ removed components) supported by Sun in old era, but to close the OpenSolaris code-base, no way. Changing the licensing terms can be result of Oracle seeking a higher revenue stream from the product and I bet Oracle will be able to get more out of Solaris than Sun because of its powerful marketing department 😛

Looking at the these FUD from any angel tells you that they are not correct because of at least the following reasons:

  • OpenSolaris has a large community around it which Oracle do not like to send away.
  • The Solaris/ OpenSolaris adoption highly increased after Sun pushed the source codes into OpenSolaris project. The whole Solaris on Z architecture, adoption of OpenSolaris increased so adoption of Solaris itself. Long story short, just take a look at http://www.genunix.org/ and http://hub.opensolaris.org/bin/view/Main/downloads to see how many active distributions are based on OpenSolaris core.
  • Solaris/ OpenSolaris is more important to Oracle to let it fall apart  because it has a lot to offer in Oracle strategy of offering end to end stack of its own.

People are talking about why the 2010.3 release is not released when it is already first days of April, the answer is “A few more weeks of development and testing will gives us a more stable OS” if you want to check the latest features which will be included in the 2010.3, grab the latest build (which is build 134 right now) from http://www.genunix.org/dist/indiana/ and play with it, but keep it in mind the build is not production ready yet. If you want the source code of OpenSolaris, take a look at http://hub.opensolaris.org/bin/view/Main/get to get the source code and build the OS yourself.

I am wondering what these people are getting from spreading wrong words and incorrect news about thins they have no clue about. Folks, Solaris OS is not OpenSolaris. OpenSolaris is CCDL licensed (except for some parts which are not CCDLed (http://hub.opensolaris.org/bin/view/Main/no_source)  while the Solaris distribution contains some of OpenSolaris components and features. some value added components and well along with some license/ distribution fees and first class support from Oracle.

Well, it was my personal feelings about the whole issue of OpenSolaris/ Solaris FUDs flying around.

Competition is good but to what extend and at what expense…

It is always said that competition between different producer and companies producing similar products is good for the end users and consumer of those products because the each company tried to provide better products to satisfy the consumer and finally receive more income.

All of the above are true when we are discussing commercial entities which produce the products, for example ORACLE and IBM competition lead to better database and set of middle-ware. But I believe it is not the case for open source projects and specially for smaller open source projects.

Looking around we can find at least 10 different open source blogging clients, MP3 meta data editing tools, media players, instant messaging clients and so on. Except for the first project, other similar projects started after there was something usable around. Developers working on each of these projects work to implement same set of features without looking for potential income while if they combine the engineering and working hours with each-other they could develop a far better project without waiting the time for developing similar functionalities over and over.

There are tens of good projects abandoned because another similar project gained the momentum, developers left the project and start working on another open source one. The result is waist of a developer time and talent which can make big differences in already established projects. Imagine that all developers working on different instant messaging project combine the effort and work on one of available IM projects, wouldn’t that please everyone in the community?

I think it even make the developers happy because it will result in a better working software which any developer enjoys.

I know that there are architectural differences between projects and developers think that they will do the job better than the previous one, I was there once and I know how does it feel, but believe me, working together on a single project makes much more sense than working on 10 separate projects with similar goals and later on seeing 7 of them abandoned.

Again, I am not referring to well funded projects like Gnome, KDE, Eclipse, NetBeans, GlassFish, etc. But rather I am referring to projects which we start as a hubby or as a thesis or to learn some new technologies. A good portion of our efforts can benefits an already established project instead of being deserted after we satisfied our requirement which is learning something, passing a course and so on.