Blogging Techstacks

Forever Alone? Check Out F5's Valentine's Day "iRule Love" Event!

2012-02-08T09:30:00-05:00

If there is a better way to celebrate Valentine's Day than sitting at your desk watching a live, streaming webinar about F5 BigIP iRule development tips and tricks, I challenge you to place them in the comments below!

The event runs for 90 minutes starting at 10AM Pacific/1PM Eastern on February 14, 2012.

If you want to fall in love with Tcl (a Top 50 programming language!) all over again, register for F5's iRule Love live stream. According to the invite, early registrants who attend the event are also eligible to win some DevCentral swag, so you may be able to tell your cats, "We got lucky on Valentine's Day! Thanks DevCentral!!"

Apache HTTP Server 2.2.22 Released

2012-02-01T17:55:04-05:00

The Apache HTTP Server project released version 2.2.22 and it's an important release, addressing 6 "significant" security vulnerabilities:

CVE-2011-3368 (cve.mitre.org) - Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations.
CVE-2011-3607 (cve.mitre.org) - Fix integer overflow in ap_pregsub() which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file.
CVE-2011-4317 (cve.mitre.org) - Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations.
CVE-2012-0021 (cve.mitre.org) - mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format string is in use and a client sends a nameless, valueless cookie, causing a denial of service. The issue existed since version 2.2.17.
CVE-2012-0031 (cve.mitre.org) - Fix scoreboard issue which could allow an unprivileged child process could cause the parent to crash at shutdown rather than terminate cleanly.
CVE-2012-0053 (cve.mitre.org) - Fixed an issue in error responses that could expose "httpOnly" cookies when no custom ErrorDocument is specified for status code 400.

There are also some bugs fixed in this release as well—see the changelog for the full list and, like always, you can download a copy from a mirror near you.

Apache Tomcat 7.0.25 Released

2012-01-23T11:18:29-05:00

The Apache Tomcat team announced the release of Tomcat 7.0.25. There are quite a few new features and bug fixes in this release, including alignment of the Servlet 3.0 specification with the revision A maintenance release, updates to the Eclipse JDT compiler, Commons Pool, and Commons Daemon, and more. See the changelog for more information and download it from a mirror near you.

Working Around the Firefox "Confirm Security Exception Button Disabled" Problem

2012-01-19T09:30:00-05:00

Here's an interesting workaround to a problem I had been having that has been causing me ssl connection headaches in Firefox for years. Here is a description of the problem:

I try to connect to an SSL encrypted page in Firefox and that page generates a certificate warning. What should normally occur (and it used to work) is that you'd get greeted with the "Untrusted Connection" page where you have various buttons to view the certificate, confirm the security exception, or cancel. The problem I've been experiencing is that the Confirm Security Exception button remains disabled and would also show an error message: sec_error_expired_issuer_certificate. There was nothing I could do to get Firefox to accept the cert—not even importing the certificate manually.

I'm not going to claim that this is the fix for all instances but in my case, the ssl warning for the BigIP Admin Console I was failing to connect to was generated for three separate reasons:

The ssl certificate was self-signed
The ssl certificate was expired
I was connecting to the host using its IP address instead of the hostname—the hostname being the common name of the certificate.

However, this wasn't the only set of circumstances where I was having the problem as I was also experiencing it simply connecting to a site using a self-signed cert, (valid date, valid common name).

So, if this happens to be happening to you, the first thing to try is Restart with Add-Ons Disabled, if you can, then try connecting again. Assuming you are then able to successfully connect and the Confirm Security Exception button works, the problem seems to be related to one of your installed Add-Ons.

In my case, the problem was the HTTPFox add-on option labeled "Automatically start watching when browser starts". During a recent round of the testing of various cache-control headers on a new site we were putting up, I enabled this option to save me a few steps in the testing process. As soon as I cleared this Autostart option, I was able to connect to ssl sites that generate warnings.

If you are viewing your Firefox about:config settings page, filter on "httpfox". If set to start automatically when firefox starts, you will find the following configuration setting: user_pref("extensions.httpfox.StartAtBrowserStart", true);. Setting the value to "false" has the same effect as clearing the checkbox but once you restart the browser, user_pref("extensions.httpfox.StartAtBrowserStart", false); will no longer appear in your about:config.

Apache Tomcat 5.5.35 Released

2012-01-16T12:28:02-05:00

The Apache Tomcat team released Tomcat 5.5.35 today. The changelog lists 18 fixes and improvements including fixes for folks running Tomcat on Windows. You can download a copy from a mirror near you.

Red Hat Releases WebLogic to JBoss Migration Guide

2012-01-13T12:22:31-05:00

Red Hat Consulting has released a migration guide for folks interested in moving off of WebLogic and onto JBoss. Nice to see the app server wars are heating up again.

PlayBook: What's in the Box?

2012-01-04T14:39:43-05:00

It may only be mildly helpul news but it was difficult for me to find anywhere online what was included in the box with the BlackBerry PlayBook. Both the iPad and Kindle Fire product pages display what's included with the purchase but all I could find regarding the PlayBook box contents was what was printed on the actual box. So, if anyone's interested in knowing what you won't need to purchase along with your new PlayBook, here's what is in the box (excepting warranty, startup, and safety guides):

The PlayBook (obviously)
AC Adapter - Over 6' long (2m) cable!
USB Cable to connect the playbook to a computer
A neoprene sleeve to carry it in
A cleaning cloth

I do have to say that, from a usability standpoint, the very first thing that impressed me with the PlayBook occurred before I had even powered it on. The length of the included AC Adapter is over 6'—twice as long as the one included with my iPad. I know, it seems silly, but when you want to engage in some aimless surfing but also need to recharge the battery, it's nice knowing that one does not need to sit so close to a power outlet in order to do so, (or daisy-chain to an extension cord).

The neoprene sleeve is ok but it is just large enough to cover the PlayBook and that's it. It is clear that, although functional, it's intention is to get you to want to buy something a little more utilitarian.

Picked Up a PlayBook

2012-01-03T11:00:00-05:00

I read a lot. I have owned a first generation Apple iPad for a while now and although I love it, reading while laying down in bed or on the sofa can be tough. After an hour or so, I really start to feel the size and weight of the iPad digging into my chest or stomach. I find myself wishing that it was just a little bit smaller. I had been interested in the BlackBerry PlayBook for a long time, primarily due to its smaller form factor but the $499 US starting price tag was hard for me to justify to myself. It's smaller—it cannot cost the same as the iPad. It wouldn't matter if it were covered in gold, it is a 7" screen vs. the 10" iPad screen, so it can't cost as much. That may seem over-simplistic but that's what kept me from purchasing it in the past.

Besides reading, I use my iPad for general web browsing, email, watching videos and listening to music. Due to the popularity of the iPad and AppStore as an application development and delivery platform, I often found myself having to share the iPad with every member of my family and began contemplating purchasing a second one for home but around this same time, retailers began heavily discounting the PlayBook.

Like a lot of people, I've read many of the other blogs and news articles deriding Blackberry as a "dying platform" but I don't believe it yet. Many of the negatives posted for why the playbook is supposedly a terrible tablet were actually positives for me. Yes, there are not that many apps for the playbook as there are for the iPad but, for me, that means my wife and kids won't be borrowing it! It is all mine! I work from home so the lack of 3G support wasn't an issue. Presumably, I can tether it to my blackberry curve when traveling and make use of the phone's data connection then.

On December 3o, 2011, the day before the discounts were to end, I managed to find a 16GB model at an OfficeDepot not too far from home. All other retailers in my area were sold out and I was just about to give up and settle* on a Samsung Galaxy Player 5 from BestBuy when I lucked out and managed to grab the last 16GB PlayBook in the store.

Periodically, I'll post impressions and opinions on my experiences as a PlayBook user. I have no intentions of rooting the playbook as I prefer to experience what the device has to offer us "regular" users. I have not jail-broken my iPad or other iDevices for the same reasons. At some point in time, I hope that some of the folks at RIM will stumble across some of these posts and consider any potential criticisms or concerns constructively. I have no financial stake in RIM and I am not being compensated by RIM in any way. I like their products though and would like to continue seeing the company succeed.

* I say "settle" on a Galaxy Player 5 not because I believe that it is inferior hardware but because I am not too interested in Android due to some hard feelings I have with Google regarding my AdSense banishment. Hopefully, no one will flame me for being anti-Android. I'm not. I'm just not interested in supporting Google right now.

Apache Tomcat 6.0.35 Released

2011-12-06T09:03:58-05:00

The Apache Tomcat team announced the release of Tomcat 6.0.35 earlier today. The changelog lists only 1 fix but 6.0.35 also incorporates the fixes and improvements from the unreleased 6.0.34 version. Many of the fixes and improvements appear to be in the area of memory leak prevention and there is a security related fix in this release as well. The security fix is for the recently announced Apache Tomcat Authentication Bypass and Information Disclosure vulnerability.

Downloads are available from the usual tomcat 6 mirror sites.