Last post

I decided to no longer post on my blog due to a serious lack of motivation, time and inspiring topics ;-). Of course, comments will now be closed. As a side note here are the titles of drafts that never turned into posts:

  • Difficulty of choosing a Java web framework
  • Seam managed persistence context and Spring
  • Bye Bye computer book shelf
  • Drools flow or jBPM4 ?
  • Ejb3 on JBoss with Maven
  • Creating a Spring based library (with its own context)
  • Au revoir Windows vista

Update January 4th 2012 : Migrated blog to, revamped it. It is now powered by octopress and statically generated (it used to be fueled by Wordpress)

Acquisition de Sun par Oracle

Pas sûr que Java soit gagnant dans l’histoire. Les incertitudes sur le devenir des produits Java n’est pas fait pour inciter les décideurs à opter pour cette technologie. Quelles sont les futures cibles : SpringSource, Redhat ? Sachant que SpringSource a été largement financé par des VC, à mon avis c’est un bon candidat. Bref, je me mets à la place d’un DSI aujourd’hui; si je ne veux pas prendre de risques j’opte pour .Net et les produits Microsoft : ligne de produits complète, cohérente et intégrée qui ne va pas disparaître d’ici 6 mois (j’exagère un peu…).

Je pense aussi que la période de flottement qui va suivre accentuée en + par une baisse d’investissements liée à la conjoncture va freiner grandement l’innovation autour de la plateforme Java et laisser le champ libre à d’autres technologies. Java n’est pas prêt de combler le retard sur C#.

Bref, sans doute quelques mois difficiles en perspective pour la plateforme Java avant d’y voir + clair.

Use your VOIP softphone @work

Some VOIP softphones like X-lite rely on SIP (connection) and RTP (voice) protocols which both work on top of UDP.

In previous posts (1 and 2), I explained how to create a tunnel between a machine in a corporate networkand an external machine (like your home machine). The solution was based on SOCKS capabilities of a ssh tunnel which can behave like a Socks proxy server (-D optionof openssh).

With recent versions of openSSH, SOCKSv5 is even supported and therefore it becomespossible to tunnel UDP. Unfortunately, I haven’t found any Socksv5 compliant VOIP softphone.

To tunnel UDP over a TCP tunnel (a SSH tunnel) a combination of netcat and named pipescan be used (like explained here). The main disadvantage of this solution is that youhave to create a UDP to TCP pipe on one side of the tunnel and a TCP to UDP pipe on the other side for each remote port you have to access (5060 for SIPand 8000 for RTP by default).

Another solution is to create a VPN over your SSH tunnel.I chose vtun for its ease of you use but you could use other VPN over SSL solutions like openvpn.Note that there aren’t any Windows client for vtun. Openvpn can have Windows client and can create ethernet bridges (bridging the 2 virtual interfaces of your VPN tunnel.

Anyway with vtun you’ll be able to tunnel udp over a SSH tunnel. Beware that creating a VPN on top of a SSH tcp tunnel you expose your corporate network to attacks coming from your home network…I won’t detail here all the steps to create the solutions but only give an overviewof each step and refer to links:

  • 1) Configure your SSH daemon on your home machine. Use xinetd possiblyto forward connections on port 443 to port 22.
  • 2) Use corkscrew and ssh to establish a tunnel between your workstation at workand your home machine through your office proxy and firewall (on local and remote port 5000 in the following example).

    ssh -F ~/.bin/config -g -N -L 5000:localhost:5000 foo@home
  • 2bis) If your corporate proxy requires NTLM authentication you can use NTLM maps and connect corkscrew to the listen port of NTML maps.

  • 3) Configure and run vtun server on your home machine (See this).
  • 4) Also, configure and run vtun client on a Linux machine inside your corporate network.
  • 5) Configure routes properly to access the SIP proxy through your VPN (asterisk server at homeor Internet SIP server).
  • 6) Just configure your SIP phone as if you had direct access to the server (if you don’t nat).

Leverage Ant XML nature

I have been responsible at my current job position of the build of our JavaEE application. We had to build 3 different flavours of the same application. When I decided which build tool to use, I chose Ant since only Maven 1.0 had been released and I disliked writing logic in Jelly. If I had to choose today I’d probably go with Maven 2 because it becomes a standard for industrializing builds on Java and I have just found a decent documentation on it…

Our main application is built as an EAR file and I had to support packaging for different application servers. We decided to externalize dependencies (<dependencies> element), compilation (<javalibs> element) and packaging information (<application> element) in an XML description file. Then with the help of a XSL file, we generate dynamically an Ant build file and execute it. We reused Ant <fileset> and <zipfileset> to describe location of files or directories.

In the generation of the EAR, we used sensitive default behaviours to minimize configuration. Here are a few:

  • include dependencies (see element below) in the EAR unless scope is set to compile and add them to the MANIFEST.MF of each Java module.
  • add dependencies to the global CLASSPATH (there’s a compilation CLASSPATH for each targeted application server also)
  • include generated libraries in the EAR unless distinclude is set to false and add them to the MANIFEST.MF of each Java module. If generated libraries are scoped to a given Java EE module they are added in the WEB-INF/lib for a web module or are overlaid with the final EJB jar for EJB modules. Generated global libraries are also added to the global CLASSPATH for compilation.

The general strategy was to compile and build global (use by multiple Java EE modules) Jar files with the global Classpath and specific ones with the application server’s CLASSPATH and global CLASSPATH. This way global Jar files were compiled once for all the application servers.

It had some limitations:

  • We only supported Java EE modules of type web or ejb.
  • Global compiled Jar files could not depend on a specifig Jar files.
  • Compilation Classpath are not totally isolated for each Web module.

I like our approach since with a light XML description file we can now generate an EAR for many application servers. application.xml for the EAR and MANIFEST.MF for each Java modules are generated dynamically. Configuration is far less important than for a Maven’s Pom.xml. Ok we lack transitive dependencies, web site generations, synchronization with Eclipse but we didn’t really need them.Here’s how a build description file could look like:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE project [
<!ENTITY LIBDIR "../lib">
<!ENTITY LIBDIR "../src">
<project name="myapp" compilation="shared">
<fileset dir="&amp;LIBDIR;/log4j/" includes="log4j-1.2.8.jar"/>
<fileset dir="&amp;LIBDIR;/xml" includes="jdom.jar"/>
<fileset dir="&amp;LIBDIR;/weblogic/8.1" includes="webservices.jar" scope="compile" target="weblogic"/>
<javalibs source="1.4">
<javaproject dir="&amp;SRCDIR;/infra/" includes="core/**" name="infra"/>
<javaproject dir="&amp;SRCDIR;/ws" name="presentationws" module="presentationweb" target="weblogic"/>
<javaproject dir="&amp;SRCDIR;/wsaxis" name="presentationwsaxis" module="presentationweb" target="websphere"/>
<javaproject dir="&amp;SRCDIR;/wsclient" name="wsclient" distinclude="false">
<fileset dir="&amp;SRCDIR;/wsclient/config" includes="client-config.wsdd"/>
<javaproject dir="&amp;SRCDIR;/Application/WebClient/src" name="wsclient" distinclude="false" sign="true">
<attribute name="Main-Class" value="wsclient.Main"/>
<attribute name="Class-Path" value="commons-httpclient-3.0.jar commons-logging.jar jaxrpc.jar mail.jar saaj.jar wsdl4j.jar"/>
<application target="weblogic" format="ear">
<zipfileset prefix="sql" dir="&amp;SRCDIR;/db" includes="*.sql"/>
<module name="presentationws" type="web" context="PresentationWeb">
<zipfileset prefix="WEB-INF" dir="&amp;SRCDIR;/config/PresentationWeb" includes="web.xml,weblogic.xml"/>
<application target="websphere" format="ear">
<zipfileset prefix="sql" dir="&amp;SRCDIR;/db" includes="*.sql"/>
<module name="presentationws" type="web" context="PresentationWeb">
<zipfileset prefix="WEB-INF" dir="&amp;SRCDIR;/config/PresentationWeb" includes="web.xml,ibm*.xml"/>

Is Ruby ready for enterprise ?

I have been attracted by the horns and whistles of Ruby (and Rails) and recently I decided to jump on the bandwagon.

I had to code a script that polls SNMP agents. Since there’s a decent ruby SNMP library on the net, I decided to code it in Ruby and also because it’s easy to create a Windows executable with ruby2exe.rb ruby script.

But here’s why I have been disappointed by some aspects of “ruby the platform” during this coding session:

  • Ruby doesn’t support Unicode strings yet. Try to do: a=\’café\’b=a[0,3] and you’ll get an error (not the proper character). A character is today encoded in a single byte. Well there are some workarounds explained here but no perfect solutions until the support of multilinguism in the language itself.
  • No XML validation. The REXML library included in Ruby distribution does not support validation of an XML document on a XML schema. Some third-party libraries like libxml seem to support it but they are partially coded in C
  • The ruby interactive interpreter does not support French keyboard on Windows and i can’t type the [ character.

If I appreciate the language syntax, I don’t understand how can some bloggers encourage Java coders to move to Ruby and Rails. ruby “the platform” doesn’t seem really mature.

Passing through corporate Firewall (Part2)

Last time I have used the combination of proxytunnel and SSH to connect tomy home machine from a corporate network behind a firewall and proxy. But it seems that proxytunnel is unable to pass through Microsoft ISA Proxy server. At least, I have tried with the -u and -p arguments of proxytunnels and it didn’t work (even with a username following this pattern domain\username or username@domain) The Microsoft ISA proxy server requires NTLM authenticationand there’s another combination that worked successfully to be able to connect through it to an external machine on SSL :Ntlmaps, Corkscrew which tunnels ssh through HTTPS and of courseSSH.

Ntlmaps is a Python program that acts as a proxy software that allows you to authenticate via an MS Proxy Server using the proprietary NTLM protocol. Once downloaded, all you need is to configure the hostname/port of your corporateproxy and your Windows domain username/password (I left other options with their default values).

Corscrew can be compiled with Cygwin tools under Windows. Once compiled and installed configure SSH to use it. In order to do so, edit your ~/.ssh/config file and use the following command:

 ProxyCommand /usr/local/bin/corkscrew 5865 %h %p

Corkscrew will use your local ntlmaps proxy server which in turn is authenticated on Microsoft proxy server. Then use SSH (openSSH) like this :

# ssh -C -N -D 1080 -p 443 root@myhomemachine

-D to use the SSH daemon at the other side of the tunnel as a Socksv5 proxy server. It will listen locally on port 1080

  • -C for compression
  • -D to not start a shell

Then you can configure your software to use the Socks proxy server on localhost port 1080