Tuesday, January 25, 2005

Open Source Java App Servers

The world of Java Application servers has been very confusing, so many to choose from. Now more and more open-source versions are popping up. Most of them are based on efforts by the Apache Foundation who have worked hard on creating the base components required by a Java Application and Web server. They started with Tomcat which served as the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. Based on Tomcat a whole plathora of servers were born.

JBoss is probably the most widely used and J2EE compliant Java server around. Its core is based on Tomcat.

A while ago I saw Jetty which is 100% java and is a FAST JSP and Servlet server, 350 kb is size.

Today I found Gluecode JOE, which has an open-source version as well as a FREE Standard version which has clustering support. It also relies heavily on Apache-based open-source software. The Apache Geronimo application server is its core, it uses Jetty as the web/servlet server, uses the Apache Pluto portal framework and Apache Derby as the default database. With the Standard edition you get an Enhanced Management console and optional clustering support.

Apache Geronimo is the J2EE server project of the Apache Software Foundation. Its currently passes Sun's TCK for J2EE 1.4. More on this later.

Monday, January 17, 2005

Snooping on other computers

I just found out about how packet sniffing is done and found some really good packet sniffing software. First of all what it is:

In a shared Ethernet environment, all hosts are connected to the same bus and compete with one another for bandwidth. In such an environment packets meant for one machine are received by all the other machines. Thus when a machine Venus wants to talk to Cupid in such an environment, it sends a packet on the network with the destination MAC address of Cupid along with its own source MAC address. All the computers on the shared ethernet compare frame's destination MAC address with their own. If the two don't match, the frame is quietly discarded. A machine running a sniffer breaks this rule and accepts all frames. Such a macine is said to have been put into promiscous mode and can effectively listen to all the traffic on the network. Sniffing in a Shared Ethernet environment is totally passive and hence extremely difficult to detect.

Taken from Sumit Dhar's Page.

What this means is that anyone on your network has the power to see what you are watching. I wanted to test this so I looked around for programs for Windows and found a good list on Tech FAQ here.

I then downloaded Ethereal and found out that I could read complete images and html files being sent by other users on our network by scanning our Proxy server and our router and even by targeting individual computers. I could see whole html docs. Ethereal also allowed me to save files being downloaded. I tried saving a JPG file and I was able to save it to my desktop and open it.

I always used to think that snooping on other PCs was an art for only very experienced hackers, but now looking at this program it seems like any Tom, Dick and Harry can virtually steal any of my passwords being sent in plain text over the network. This can happen when you sending login info on a webpage not using SSL, or when starting ftp/telnet sessions etc. I did a test run when logging into this blog and Ethereal was able to show me the login and password my browser sent to the Blogsome server as an HTML POST request.

I did notice though that since we are using Smart Switches on our network, and my PC is connected to one of the smaller slave switches on the network, I am not able to recieve all network traffic. But if my PC was connected on one of our Master switches or even better the switch where the ADSL router and proxy server are connected, I could really mess around with other people's data. hmmmm.......

Monday, January 10, 2005

Java Development directly from a CD

I came across the best thing for Java developers while surfing the net last week. A Live CD with Java development tools on it, Pollix. Just boot your computer using this CD and you have J2SDK 1.4.2 + Eclipse + Netbeans + BlueJ + a whole lot of other dev tools with a complete Linux GUI OS.

Plus it already has Java servers like Tomcat and JBoss installed and ready to run as well. No more installation nightmares for newbees who just want to learn.

Who would want to use this. Well if you are a student and:

  • you want to have the best Java dev tools all on one CD

  • you need to show off your Java work in a presentation using someone else's PC

  • your netwrok admin has allowed people to boot PCs from a CD, you can have your whole development environment on a CD and can start working using any PC; you will not care about what is preinstalled on the PC itself.

This is also a great tool for Java teachers to recommend to their students. I have come across a lot of Java newbies who have trouble even setting up environment variables. I think this is a very good resource for teachers and students alike.

I have seen very often that in universities and schools the sysadmin installs Windows on all machines and students do not get a chance to see Linux at all. I think Live CDs is about to change all that. Its all about spreading the word.

Sunday, January 9, 2005

Full Linux OS without Installation

Linux Live CDs have been around for a while now, still I meet so many people who have never heard of them. I just met a friend who has been working on cross-platform C/C++ development for over a year now and is the Linux guru at his office but he had never heard of them.

In short, a Live CD is a bootable CD that brings up a full working operating system without installing anything on the PC’s hard drive. A good list of Live CDs is given here. For me it started with Knoppix which is full Linux OS with the KDE GUI desktop, OpenOffice, plus loads of software all running directly from the CD.

Knoppix is the parent of a lot of other Live CDs, so on a lot of LiveCD websites you will find the words “Knoppix spin-off”. You see what Knoppix achieved over other Live CD distros was its awesome ability to detect hardware automatically without bothering its user. It works great with even laptops. It also has 3GB worth of software compressed into one CD. If you are new to LiveCDs, please start with Knoppix.

So one might ask, why a LiveCD? I have seen different answers to this question on the net. I actually like the idea of carrying around my whole operating system with me on a CD and a USB disk to save my work. I am also a sysadmin. I know how often PCs go down. Norton Ghost has saved my life millions of times, where the same OS image file could be installed on various similar systems without any problems; configure once, install everywhere. With Live CDs I can configure once, run anywhere … without installation.

My intranet PDC server went down last week, filesystem got corrupt. I had my user/group/password, Samba, cups scripts all backed up. I just put in a live STUX Linux CD, booted into the OS, kept the scripts and files in their relative places and viola .. the server was back up again in 10 minutes. A reinstallation would have taken hours.

I plan to post more of my findings in LiveCDs as time goes on. So keep coming back for more …