Sun Tech Days At Hyderabad

I represented the Sun Portal Team in the ongoing Suntech Days Mega event taking place at Hyderabad. I presented about the Tooling effort that the Sun Portal Team has undertaken to make portlet development a breeze. The event I think is a mega success. A huge crowd of developers showed up at the beautiful venue for this event by Sun. I myself attended some very good presentations on JPA and EJB3, Web Services Security, Java 6 SE features and Web2.0/AJAX and can only say by first hand experience that the presentations were very well received by the developer community.

It was interesting to see a lot many folks not having experience and knowledge of portal and portlet development show up at my presentation about Portal Pack and the Open Source Portlet Container. A few of these folks met me after the presentation and talked to me about how they find the technology interesting and who knows they might use our tools and get involved in the portal technologies tomorrow!

 A lot of developers working with Portals also met me right after the presentation and they had some interesting issues that they are struggling with the portals they are evaluating. Among the folks who talked to me, there were folks using Jetspeed and Liferay portals and were trying to use JSF and AJAX based portlets in these products. I did try to stress the fact that the Open Source Portlet Container now supports JSF portlets using its JSF bridge and urged them to try it out.

 Also announced the Portlet Contest Challenge during the course of my presentation. Come on folks, get started and start submitting some cool portlets!!


 

GUI Installer for Portlet Container

Just added a new swing GUI installer for the Open Source Portlet Container. Check it out.

It now supports deployment of the portlet container on Glassfish as well as Tomcat. Check out Karthiks blog about the same here.

Autodeploy/AutoUndeploy/AutoRedeploy on Open Source Portlet Container

Recently I added a feature for autodeploying of portlets on the Open Source Portlet Container.

For example when you deploy the portlet container on GlassFish, on any of the configured domain ( domain1) is the default. Under this domain1 directory there should be a directory called "autodeploy".

 To Autodeploy a portlet to the Open Source Portlet Container, drop your portlet WAR file in this autodeploy directory, and it automatically gets deployed to the portlet container.

 If you wish to undeploy this portlet, just delete the portlet WAR file from the autodeploy directory and the portlet gets undeployed.

 If you copy a modified war file over an existing war file in the "autodeploy" directory, the new war file gets redeployed replacing the one that was already deployed, thus achieving auto-redploy.

 Try it out, hope you like it!




 

Sun Java Calendar On Your Desktop - II

Apparently there is a legal issue with Sun, in me giving this away, and I was told to go through the Open Source channel and get this approved for giving it away as open source. I will begin work on this and get this opensourced.

Sun Java Calendar On Your Desktop

Recently I wrote a Java program to fetch my tasks, events and todo's from Sun Java Calendar Server using the WCAP (Web Calendar Access Protocol) API. The complete application on Windows desktop, will be able to display your appointments etc right on your windows desktop as a transparent wallpaper. All your icons and stuff on your desktop works as is, but just that your calendar events are now blended into the desktop. For this I used the Active Destop feature of Windows.

If anyone is interested leave me a note and I can send you the application.

So What Is Public Key Cryptography Anyway

Think you want to send a valuable object to a friend securely. You have a box that is more than large enough to contain the object. You have several locks with keys. The box has a locking ring that is more than large enough to have a lock attached. But your friend does not have the key to any lock that you have. How do you send the object securely?

The answer to this has a direct application in cryptography. Let’s say you want to send a secret message to your friend. Because you don’t trust commercial and freeware encryption methods, you use a secret cipher of your own. Only you know the key to the cipher. Not even your friend knows it. So you send the encrypted message; your friend encrypts it further with his or her favorite secret cipher and sends it back to you. You remove your cipher and send it back to your friend; and he or she removes the second secret cipher and reads the clear text.

So the answer is, put the valuable object into the box, secure it with one of your locks, and send the box to your friend. Your friend should then attach one of his own locks and return it. When you receive it again, remove your lock and send it back. Now your friend unlock his own lock and retrieve the object.

Security is a process, not a product

As Bruce Schneier says : "If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology"

Most of the developers feel that to make an application secure all they have to do is encrypt the data somehow using some cryptographic algorithm in an attempt to prevent prying eyes from 'watching it'. Unfortunately this attitude is exactly wrong when thinking about security.

The problem is simple: developers wrap themselves in the belief that "cryptography is same as security" and that if the crypto key is strong enough, the system will be secure. No one technology such as TLS/SSL can protect the application from harm unless security is built right into the product from start.

Security is not something that we can simply "turn on" as a feature at some point in the system's implementation lifecycle. Concerns about security have to be factored into the analysis, design, implementation, and test phases of every iteration of the system's development, or gaping security holes will result.

So reiterating what Bruce Schneier uses over and over again: "Security is a process, not a product." If you wish to  have any hope in building a hack proof system, then you have to consciously think about this at every stage of the system's development This requires a shift in the way you think. It requires you to think from the hacker's perspective and think how you would attach the target system and then use this knowledge to build your system so you can foil such attempts.

So remember, 'Security is a process, not a product' - Wise words from a wise man!

Dynamic Charts In Portlets

A few weeks ago I wrote a developer article on generating and displaying dynamic charts in portlets using the open source JFreeChart library. If this interests you, have a look at the article here.

Cathedral and the Bazaar

For those of us who are new to the concept of free software, it will help to go through the by now famous paper on Open Source titled "The Cathedral and the Bazaar." Read it here

A Project Needs

An open source project to be successful in my opinion needs to provide the following basic things :

* Web Site - Centralized, one-way conduit of information from the project out to the public.

* Version Control - For Management of source code, patching and reverting etc.

* Mailing Lists - For discussions. Generally ends up being the most effective means of communication

* Bug Tracking - For issue tracking.

* Real Time Chat - Is a good idea to have it for quick lightweight discussions though I haven't seen this in too many projects.

Welcome

Seeing most of my coworkers getting hit by the "blog" bug, I have finally decided to take the plunge myself.

I have been working as the technical lead of Sun Portal Server Secure Remote Access (SRA) for the past two years in Sun and have just settled into my new role as a Portal Server Architect.

So, as the title of my blog suggests, I will try to post things here which are currently going on my head, it may be work related, personal, spiritual or maybe even general rants.