Werx Limited

We make IT work.

Governments calling citizens to ditch Internet Explorer

Jan 28

Posted by wes in hosting, it industry, security | No Comments

Google was recently hit by an exploit McAfee has named “Aurora”. This exploit involves all versions of Internet Explorer (though version 6 is getting most of the attention) which has prompted the governments of France and Germany to warn it’s citizens not to use Internet Explorer at all.

Microsoft initially tried to claim that this exploit was trivial but has since issued an out-of-cycle emergency patch for all versions of Internet Explorer.

Looks like now is the perfect time to switch to one of the more superior browsers like Chrome or Firefox.

Here’s a video detailing how this hack works in action in case you are like me and interested in the juicy technical details:

  • Share/Bookmark

Tags: , , , ,

Passwords revisited

Jan 26

Posted by wes in hosting, it industry, security | No Comments

An analysis of 32million leaked passwords provided some interesting insights into the password selection practices of users. Among the key findings are:

  • The shortness and simplicity of passwords means many users select credentials that will make them susceptible to basic forms of cyber attacks known as “brute force attacks.”
  • Nearly 50% of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on). The most common password is “123456”.
  • Recommendations for users and administrators for choosing strong passwords.

Also, here are the top 10 most commonly used passwords they found:

1. 123456
2. 12345
3. 123456789
4. Password
5. iloveyou
6. princess
7. rockyou
8. 1234567
9. 12345678
10. abc123

I’ve said it before, the first step in computer security is having a strong password policy.

  • Share/Bookmark

Tags: ,

Simple JSON-RPC updated to 0.9.5

Jan 12

Posted by wes in java, software development | No Comments

The simple JSON-RPC package has been updated to 0.9.5 It has undergone some extensive refactoring and now includes documentation, and an example project. The source to this package is also available here.

For more information (and for future updates), visit the new project page here.

If you are interested in using, contributing to, or reporting bugs for this project, contact us!

  • Share/Bookmark

Tags: , , ,

Password policy: Creating and remembering strong passwords

Jan 12

Posted by wes in hosting, security | 1 Comment

Passwords are often the weakest part of any security system, partly because we don’t take the time to make them strong enough, change them very often, or use the same one all over the place.

Strong passwords which include a combination of upper and lowercase letters, numbers, punctuation, and are not based on a dictionary word are often not very easy to remember. And if it’s not easy to remember, chances are we’ll either end up writing it down (bad idea!) or we’ll choose a simpler password. Additionally, since we are often faced with a myriad of sites which all require separate accounts (and passwords), using different passwords for each site we use tends to fall by the way side in favor of convenience.

It doesn’t have to be like this.

Here’s a technique I’ve found helpful for creating strong, easy-to-remember passwords. It involves coming up with a unique method of transforming a simple word into a strong password using a few simple rules. The beauty of this system is that, unlike a strong password generator, the passwords you come up with using a system like this are easy to remember and can be unique to each site you use them with.

Here are a few other strong-password-generating ideas:

No matter what you choose to use to help you generate strong passwords. It’s always a good idea to check your password’s strength to gauge how hard it would be for an attacker to guess your password.

  • Share/Bookmark

Tags: , , ,

Topic survey

Jan 8

Posted by wes in general, hosting | No Comments

What topics are you most interested in knowing more about? Take a minute to fill out the following short survey and let us know!

  • Share/Bookmark

Tags: ,

Taming the blogosphere with Google Reader

Jan 5

Posted by wes in general, hosting, it industry | 1 Comment

What are blogs?

Many of you are wondering what the big deal is with blogs. Well here is a short video on blogs and why they are important/useful:

What’s so great about blogs?

Aside from being able to access specialized information put out on a regular basis, there is one other reason I enjoy reading blogs and consider them to be an essential element in our modern forms of communication.

Blogs help you connect with people.

You learn a lot about someone’s character, thoughts, and passions if you follow what they say on their blog. The trouble is that since blogs are generally authored by one person on individual website it can become time consuming and cumbersome to visit each blog you’re interested in to check for and read any new posts.

How can I keep up with blogs?

The easiest tool I’ve found to help bring a variety of different blogs together into one place is by utilizing the RSS feed offered by most blogs.

Google Reader is a web-based RSS reader which requires a Google account and a little bit of setup, but once you get it going its pretty much automated and will allow you to check a number of blogs without having to spend time visiting each and every website to get updates.

Here is a short video to help you get started with Google Reader:

  • Share/Bookmark

Tags: , ,

New Year’s Resolutions

Jan 1

Posted by wes in general | No Comments

According to surveys, only 12% of new-year’s resolutions are actually kept. So I’m not going to try and beat the odds by offering another list of items here.

However as someone who loves getting things done, I figured I would switch gears a bit and offer some productivity tools/methods I’ve found to be particularly helpful.

Inbox Zero

I went to lunch once with a well known speaker, Mike Licona, who lamented that he had almost 2,000 undread and unprocessed emails in his inbox.

While I don’t get nearly that many emails, I have been using a simple email management system known as Inbox Zero that helps me quickly process, sort, and manage my digital communications. Since telling Mike about Inbox Zero, he has managed (after some initial effort) to keep the number of unread messages in his inbox close to zero (hey, it improves your chances of getting a response from him).

Here is a video of Inbox Zero’s creator, Merlin Mann, giving a Google Tech Talks presentation about it:

Getting things done

Getting things done is a pretty simple program aimed at helping you optimize your workflow to help you get more things done.

I like this system because it works with any personality type and accounts for both short-term and long-range planning. It also has a very low learning curve, overhead, and since it does not focus on any single set of utilities or tools it is very adaptable.

Here is an excellent presentation of getting things done by it’s creator, David Allen:

Six sigma

A very popular system among large businesses is Six Sigma. Originally developed as a manufacturing process designed to eliminate manufacturing defects, it has since been adapted to a more general set of principles which can help you have a lot more consistency when it comes to the work you produce.

Six sigma can get pretty complicated, job boards are filled with management requirements of the various “levels” of six sigma experience. However here is a simple introductory video by Kaj Ahlmann of Six Sigma Ranch and Winery. In this video Kaj, one of the founders of Six Sigma, uses his hobby of wine making as an example of six sigma principles:

Hope these methods help you become productive in the new year!

  • Share/Bookmark

Tags: , , , ,

Simple Java implementation of JSON-RPC

Dec 29

Posted by wes in java, software development | No Comments

Preamble

Explanation of standard formats and protocols:

  • JSON (JavaScript Object Notation) is a lightweight1 data-interchange format with language bindings for C, C++, C#, Java, JavaScript, Perl, TCL and many others.
  • JSON-RPC is a simple remote procedure call protocol similar to XML-RPC although it uses the lightweight JSON format instead of XML.

What is it?

I love the simplicity of JSON-RPC when it comes to rapidly devloping cutting-edge web applications.

I recently decided to start writing more server-side code in Java servlets in order to take advantage of cloud-based infrastructures such as the Google App Engine. Until now I have written my web applications using PHP as the server-side language. Specifically using frameworks such as Symfony or Kohana, which makes writing simple JSON-RPC services relatively trivial.

So I started looking for a simple JSON-RPC system I could use in Java to abstract my business logic classes from the mundane tasks associated with handling web requests. I found several packages which all claimed to implement the JSON-RPC protocol via Java servlets, however they seemed to require far more by way of setup than I wanted and they all seemed to require the developer to write applications to their specific implementation’s standards.2

So I decided to write yet another Java implementation of the JSON-RPC specification myself with the following goals in mind:

  • Easy to implement. Setup for this package should be kept at a minimum. This includes both development as well as production setup.
  • Easy to code in. Application developers using this class should not need to know much about JSON-RPC beyond exposing methods in their code that can be called remotely from other applications via the web.
  • Non-invasive. Developers using this implementation should be able to reuse plain old Java object (POJO) classes as much as possible, making the transport layer of JSON-RPC as transparent as possible.

With these goals in mind I set off to develop the package com.werxltd.jsonrpc to be a simple wrapper designed to be used inside of a standard .war project.

Setting it up

You can either download the .jar file here to include in your project manually or (and this is my preferred method) you can import the com.werxltd.jsonrpc package as a dependency in your Maven-managed project by specifying the following in your project’s pom.xml configuration file:

<repositories>
    <repository>
        <id>werxltd</id>
        <url>http://maven.werxltd.com </url>
        <snapshots>
            <enabled>true</enabled>
        </snapshots>
        <releases>
           <enabled>true</enabled>
       </releases>
    </repository>
</repositories>

<dependencies>
    <dependency>
        <groupId>com.werxltd</groupId>
        <artifactId>jsonrpc</artifactId>
        <version>0.9</version>
    </dependency>
</dependencies>

Next, you’ll need to specify endpoints in your .war file’s web.xml configuration file. Here’s an example:

<web-app>
    <servlet>
        <servlet-name>example</servlet-name>
        <servlet-class>com.werxltd.jsonrpc.RPC</servlet-class>
        <init-param>
            <param-name>rpcclasses</param-name>
            <param-value>YourClass</param-value>
        </init-param>
    </servlet>

    <servlet-mapping>
        <servlet-name>example</servlet-name>
        <url-pattern>/example</url-pattern>
    </servlet-mapping>
</web-app>

That’s it! Now your project is configured to filter all requests sent to /example through the JSON-RPC class which examines the class name you passed in (in this case, YourClass) for public methods it can expose. An instance of your class is created internally if your class is not static and it will remain in memory throughout the life of the servlet. Any exceptions your class generates are gracefully wrapped inside a JSON-RPC error message for proper handling upstream.

Using it

While the setup is pretty much straightforward, due to the loose typing found in JavaScript (and, as a result, JSON) there are some caveats in how methods are called. Specifically in how arguments are passed to those methods.

Scanned methods are stored internally with a signature consisting of the method name and how many arguements that method accepts. When a JSON-RPC request is made, the servlet determines how many parameters were included and attempts to match the method requested with a corresponding internal method which has the same number of parameters/arguements.

Because parameters are passed in via the web, only Java primitive data types along with three others, JSONObject, JSONArray and java.lang.String are accepted as valid parameter data types.

If a match of method name and number of parameters is found, an attempt is made to parse the passed-in data into the method’s required type. Any methods which accept as their first parameter a parameter of the JSONObject type, this method automatically takes prescience over all other parameters.

To use the JSON-RPC interface from another application, you must pass a valid JSON-RPC object to your final servlet as a parameter named “json” via either GET or POST. Here is an example of the valid JSON-RPC object you need to pass:

{
    "method":"add",
    "params":[1 2 3]
}

This JSON-RPC implementation accepts either named parameters or positional parameters like the ones shown above. Here is a named parameters example:

{
    "method":"echo",
    "params":{
        "text":"testing"
    }
}

The road ahead

Future development of this class will include more formalized access between the JSON-RPC layer and the underlying classes.

I’m also planning to post the Javadocs and the source to an example project that utilizes the JSON-RPC transport package.

Hope this helps someone else. I’m looking forward to using this class as a central component in many rich web projects I have planned.

  1. Lightweight in both size and resources required to process data encoded in JSON vs. XML. []
  2. I did find this project after finishing the first revision of my class. It looks great and like it would do much of what I wanted, however the code is proprietary. After I finish documenting my classes I plan on releasing them under an OSI-approved licence. If you are interested in helping me with this project, feel free to let me know! []
  • Share/Bookmark

Tags: , , , , , , , , , ,

Getting Maven and Eclipse to play together

Dec 24

Posted by wes in java, software development | No Comments

I love using Maven for dependency management and code portability, and I love Eclipse as an enviroment to develop in. However, for the longest time I had trouble getting the two to play well together until I discovered the following commands that made combining the two much easier.

To add Maven repositories to your Eclipse workspace (for code completion and syntax verification) run the following command:

mvn -Declipse.workspace=/path/to/workspace eclipse:add-maven-repo

To add an Eclipse .project file to your project run the following command:

mvn eclipse:eclipse

That’s it! You should now be able to import the project into Eclispe. I haven’t figured out how to build Maven projects in Eclipse yet1 so building and testing your code still requires you to use Maven via the command line.

You’ll also need to re-create the Eclipse project file if you add any dependencies in order for them to be picked up properly in Eclipse.

Need more? Check out this site for more on Maven integration in Eclipse

  1. I’ve seen the plugins but haven’t gotten any to work well enough to rely on. []
  • Share/Bookmark

Tags: , , , ,

Global warming, greatest myth of this generation

Dec 3

Posted by wes in general | No Comments

At the outset I must admit that I’ve long been skeptical about the relatively recent claims of global warming. Mostly because I’m old enough to still remember the chicken-little stories about global cooling and how we were all heading for the next ice age as depicted in this TV show circa 1978:

My skepticism regarding global warming, however, was rather mild until I came across Michael Chreighton’s excellent (albiet rather preachy) work, “State of Fear“. Until reading Chreighton’s career-crippling (if not ending) work, I had assumed (or had been lead to assume) that the only people actively fighting global warming were religious zealots and conspiracy theorists. I had bought into the “inconvenient truth” that, as Al Gore (the leading proponent of global warming) puts it, “it’s a settled science”.

Regardless of other observable facts we’re constantly told that we are in imminent danger of catastrophic climate shift due to the “accepted fact” of the earth’s temperature rising. Facts such as: there are 5 times as many polar bears today as there were 50 years ago (despite what global warming advocates try to say to the contrary in order to continue using images of them to promote global warming) or that the oceans are actually cooling, not warming, or that glaciers such as those on Mt Kilimanjaro are not rapidly receding, or

No, all we’ve been given are data sources of tempatures collected around the world and we’re told these numbers paint a grim picture for the future of the earth’s climate, and that we (humans) are to blame!

Unfortunately (for global warming advocates at least) this single point of failure has recently come under direct fire following the release (either via hack or leak) of a large number of emails1 from the Climate Research Unit. The CRU is largely responsible for fueling the global warming hysteria through data and charts, including “the hockey stick” chart which seemed to indicate a sharp rise in temperature from 1980 to 2000.

The emails contained regrets of lack of warming data, mentions of cooking the data to show warming trends, and mentions of suppressing any and all opposition. These emails are quite damaging to the cause of global warming, forcing the head of the CRU, Phil Jones, to step down pending an investigation.

As damaging as the emails are, the source code, leaked along with the emails, looks to be a lot more damning because it shows artificial (VERY ARTIFICIAL in the words of the programmer via comments) limits placed on the data used to generate graphs along with blatant data cooking. Statistician and founder of the free software/open source movement, Eric S. Raymond, writes:

This, people, is blatant data-cooking, with no pretense otherwise. It flattens a period of warm temperatures in the 1940s 1930s — see those negative coefficients? Then, later on, it applies a positive multiplier so you get a nice dramatic hockey stick at the end of the century.

All you apologists weakly protesting that this is research business as usual and there are plausible explanations for everything in the emails? Sackcloth and ashes time for you. This isn’t just a smoking gun, it’s a siege cannon with the barrel still hot.

Incidentally, following the backlash generated by the leaked emails we’ve learned that the original data used to generate these graphs has been erased. Not that we should be overly surprised, it seems that modifying and massaging global warming data has been going on for quite some time and is not limited to the CRU, it’s happened at NASA and New Zeleand’s National Institute of Water and Atmospheric Research (NiWA).

No wonder John Coleman, the founder of The Weather Channel calls Global Warming “the greatest scam in human history“.

At a minimum, the unraveling of the myth of global warming reveals a gross violation of the trust placed in the “unbiased” nature of the scientific community. It calls into question the value of the peer-review process when scientists at the top get to determine what gets peer-reviewed and accepted (which, in turn, allows them to suppress anything they don’t like). At worst, the leaked CRU data and subsequent unraveling of man-made global warming2 are evidence that scientists are humans who have agendas just like everyone else. This incident tends to highlight the notion that “just the facts ma’am” is a bit spurious as facts don’t interpret themselves.

With the explosion caused by climategate it seems inescapable to conclude along with columnist Christopher Brooker that this is the worst scientific scandal of our generation.

  1. You can search through and view the emails here. []
  2. Known formally as anthropogenic global warming. []
  • Share/Bookmark

Tags: , , , ,