Friday, June 27, 2008

New Project: svntask

I just created a new super simple project on the super nice code.google.com project hosting called SvnTask in order to have a nice stable codebase that does what I need which is to get the Subversion revision number for a checked out working copy for a project. At work, we don't have release numbers because we aren't really shipping a product. Instead, we just use the Subversion revision number to track changes. Simple concept except...

SvnAnt seems to be unmaintained. There is some other problems like the requirement to pass in a password to do a checkin (ant doesn't have an easy non-cleartext way to do that) and I'd rather just have it use my saved password. It has also always bugged me that they got svn info and svn status reversed.

The recently released Eclipse 3.4 also uses the latest Subclipse plugin which upgrades your working copy to Subversion 1.5 and thus breaks the SvnAnt task with one of those nice classic subversion 'your working copy is too new' messages.

I also don't care about and don't want to mess with javahl. I just want a 100% java solution that uses the nice svnkit library.

Thursday, June 26, 2008

Eclipse 3.x and Java 1.6 on OSX

Eclipse 3.x can't run using Java 1.6 on OSX. It is a known issue and probably won't be resolved for a while thanks to the fact that Apple has only shipped a 64bit 1.6 JVM. Thus, in order to get Eclipse 3.x to run with Java 1.6 set as command line default on OSX, you need to do the following:
  1. In /System/Library/Frameworks/JavaVM.framework/Versions, symlink CurrentJDK -> 1.6. Leave Current -> A
  2. I also changed the location of the java binary to: /usr/bin/java -> /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Commands/java
  3. Right/Ctrl click on the Eclipse icon, Show Package Contents, edit the Info.plist file and uncomment the line that says: <string>-vm</string><string>/System/Library/Frameworks/JavaVM.framework/Versions/1.5.0/Commands/java</string>
Now, you will have the best of both worlds as things stand today. Java 1.6 on the command line and Eclipse running under 1.5. Oh, by the way, if you haven't noticed yet, Eclipse 3.4 is out.

Bill Gates Usability Rant

Gizmodo has a funny email from Bill Gates about not being able to find a piece of software to download. A couple of the quotes from the story:
"So they told me that using the download page to download something was not something they anticipated.
They told me to go to the main page search button and type movie maker (not moviemaker!).

I tried that. The site was pathetically slow but after 6 seconds of waiting up it came."
So, for humors sake, I went to Microsoft's thorn, Google and did a search for "movie maker". The funny part is that the first link that came up is the Movie Maker 2.1 Download link:


It is a good thing that Microsoft didn't succeed in their hostile takeover of Yahoo because it is the third link on their search engine and took .29 seconds the first time I tried it.

Wednesday, June 25, 2008

Vuze Friend Sharing Feature

From the Vuze blog:
What is “Friends”?
In case you haven’t already discovered “Friends”, it is a new feature that makes it really easy to share your favorite torrents with friends. All you have to do is to become “Friends” on Vuze and then you can share any torrent with them, without ever leaving the application.
This is probably one of the most important features that has been added to Vuze. Add your friends and now you have your own private tracker without actually having to run a tracker. In addition, your friends automatically get higher priority over other people who are leeching off of you. I've wanted to see a feature like this for a while now because I generally trust my friends taste and the social networking aspects of a BT network is too hard to ignore. I'm 'lookfirst' if you would like to add me.

Corporate Responsibility

I recently complained back to the headquarters about their nasty ass Jason Sea Fresh Toothpaste and they sent me a nice letter and some coupons for more products. Their Sea Fresh mouthwash is excellent though. I applaud corporate responsibility.

Tuesday, June 24, 2008

Red Listing

At work we found that hackers were trying to brute force our login page. In other words, they were trying every combination of username/password that they could find to gain access to the site. You will often see lists of u&p's on random forums and they were using these lists to hit our login page many times a second. This creates an unnecessary load on the servers which can impact performance for our paying customers. Not a good position to be in.

There is several ways to defend against this attack and the most common one is to display a kaptcha for each login or registration. Sadly, this is a real pain for members because they have to try to type out the kaptcha and often end up failing. Why should paying customers suffer because of a few hackers? In the end, this causes more support requests or people just give up and go away. A far better solution is one that I just implemented that I'm proud of (so I'll talk about it here. heh). I'm sure I'm not not the first person to do this, but the implementation seems pretty rare because I haven't seen many websites doing it this way.

The solution involved creating a simple @Session bean to store state in memory on each of the servers in the cluster. I could use the clustered cache, but so far I haven't seen a need for the overhead of doing that. Using a ConcurrentHashMap, I store the zone the IP address was seen in (optional), IP address, first access time, last access time and a counter. Then, I apply some fairly simple logic to the stored information:
  • if someone fails more than 3 times, they are shown the kaptcha.
  • if someone fails for more than 1 minute, they are shown the kaptcha.
  • if someone fails because they aren't doing things correctly, they are shown the kaptcha.
The first two options have the benefit of allowing people to screw up a couple times before they are required to pay the kaptcha tax. The third option is more like an immediate red listing. I use that when someone tries to send clearly invalid data to our servers.

Right now, I'm watching the logs and things are pretty promising. I'm a bit surprised at how many IP addresses are being red listed, but I think it will decrease with time as the 'hackers' realize that their tricks won't work with us.

Wednesday, June 18, 2008

Congrats LinkedIn


LinkedIn plans to grow after $53 million deal. Congrats. Now, maybe you can convince someone up high to make the "Who’s Viewed My Profile" section report useful data with or without having to pay an absurd $20/month. Oh and your site is running pretty slowly these days, now maybe you can afford to buy a few more servers. =)

p.s. I still think your social site is one of the most useful on the net and pretty much the only one I use regularly other than yelp.

Monday, June 16, 2008

Rack and Bags

For my new bike, I just bought the Tour Master Cortech Saddlebag and the Turbo City Denali Rack. Those two links are the cheapest I could find on the net.

The racks came silver colored, so I spray painted them flat black in the basement of the armory. =)





The racks seem really sturdy and putting them on was pretty easy. Although, the instructions were pretty much worthless and I ended up with a bunch of extra bolts cause I was able to use some of the ones that were on the bike already. I think that if I did a really long trip, I'd need larger bags, but this will do just fine for around town. With the gf on the back and all our climbing gear on the rack and in the bags, I can finally flat foot the bike. =)

Wednesday, June 11, 2008