Venkata Kishore's Weblog: Venkata Kishore's Weblog

First day of Javaone 2009: First time in Javaone is exiting, to describe javaone in one word "it rocks", apologies, its two words in fact. Keynote session had guests from Ebay, Verizon, Intel and finally surprise guest Larry Ellison. You may watch the full video here. First time I ever felt "Why didn't I bring by bulky canon S3IS".

Unfortunately my limited number of brain cells couldn't store all the data I heard on key notes and the general sessions and my lazy hands are not co-operative enough to blog all the content in my brain cells. So here are some of the highlights

•  JavaFx Demo by Nandini about creating a movie trailer and adding different controls to it is cool, best thing about this is, with one mouse click, same trailer can be generated for different devices like mobiles with different resolutions and sizes.
• Javaapp store demo by James Gosling was very interesting. Its a cool idea to monetize huge java client base. Users gets benefited as they get to know all the available applications through one reliable medium, and the best part is users need not have to install it, to get a feel of an application, they can first run the application (which is made possible by java sandbox), and only if they like it they can install it. Application developers gets benefited as they can now had a wide reach for their applications and Sun gets more $s. Here is the site to get more info.
• Netbeans IDE 6.7 RC1, has some nice cool features, which is well integrated with kenai. Now you can login to kenai from netbeans, get the source code from kenai projects, modify the code check the code back in. Also it has full integration with bugzilla, which allows users to check bugs in the projects and the bugs assigned to the logged-in user all from Netbeans. Check here for more updates on Netbeans 6.7.
• JDK 7, Mark Reinhold talked about whats new in JDK7. Here are complete details about this . One interesting thing he mentioned in the session is that we no longer need to use classpath either in javac or java, and there is a file where the users need to provide the dependent modules the application depends on, and the jar files will be picked up correctly, both at compile time and run-time. 
• J2EE 6 specification, here are more details about it.
• Got a chance to talk to folks in various areas interest. Another good comment I heard a free lance solution provider is that "For its age JavaFX is much better than Flash". 

   Overall its a nice experice to be in javaone.

  Its long time since I played with opensolaris and I recently started playing with it again. Want to blog about the package manager issue, that I faced recently, I installed Opensolaris 08.11 and package manager just exited. After debugging this issue a little it is found to be an issue with catalog.pkl file, which contains the list of all packages the system knows about. 

   Best workaround here is to delete the file and restart the packagemanager which will recreate the file. This may be so trivial but, I leanred it in a hard way...

   Recently for the FOSS.in presentation, I started looking through the source code for BrandZ. There are some interesting things that I found out in the design document that is present on the BrandZ community page in OpenSolaris.org webpage.

  If you follow the flow in the system call emulation diagram you finally end up calling the linux system call again, as the second time when the solaris systemcall is invoked by lx library function it checks the brand data of the proc_t structure and finds it as a linux brand and again goes to the int80_handler of the brand's kernel module. I don't mean that the diagram is wrong, the developers purposfully made it like this as they are finally going to implement that in future releases. So after consulting  Nils Nieuwejaar and Edward Pilatowicz  I came up with the following system call flow diagram for lx brand.

  The numbered arrows shows the exact systemcall flow, arrow heads represent the call direction.

    Its really nice & very interesting to clear the clouds in my mind about different topics. And wanted to share and bookmark it. 
    I started exploiting this after an interesting topic from Chandan, about the security. Though I attended it earlier this is much clearer to me now. He discussed about the "Buffer over flow" exploits. It is a black box for me all these days, so wanted to know more about it.
    Buffer overflow occurs when you have a fixed memory area, and you are trying to put more data than it can really take. Like copying 30 characters into a character array of length 20. This can cause a serious security vulnerability.

   Here is how it can happen. The stack always grows downwards, in both X86 and sparc boxes. When a function is called typically in an X86 machine, the return address will bepushed into the stack and then the caller functions frame pointer. Then all the local variable for the function will be created.
     Now suppose you are allocated an array of size 10 it will allocate a 10 byte array and give you the least address (or) the starting address. If you copy a 20 byte content into the array then the buffer overflows, and this will goes into the return address of the caller function. If the exploiter cleverly puts address inthe return address that points to the "exec bash" source, then after completing the function bash code will be executed and gives the bash shell for the root.
    This is how the hackers will exploit the buffer overflow vulnerability.

 Other interesting points:
 
  - In S9 the stack is executable but in S10 it is not executable so the above exploit can't happen.
  - BOF can also happen with Data section being overflowed to go to stack section.

      

Ever wanted to know about the system management tools in solaris, that are used to partition disks, add new users either to the hosts or to the different naming domains, view logs, system information, Resource controls etc.., then this is for you. This blog briefs about the different products that are used for the system management in solaris10 in simple terminology, for detailed information follow the links given in each tool.

WBEM

This is the acronym for Web Based Enterprise Management, which is an industry defined set of management and Internet standard technologies developed to unify the management of enterprise computing environments. This is the backend for managing the Solaris box.
In WBEM's terminology each and every managed resource like disk, user, projects, printer, network etc.. will be treated as an object called CIM(Common Interface Model), and through CIM schema defines different attributes and the operations that can be performed on the resources. Providers are written for these resources according to the schema. Since the schema is universally accepted and published, the front end tools can be written without bothering about the provider implementation. more...

SMC

This is the acronym for Solaris Management Console. This is a single login place holder for all the management applications in Solaris, so that applications need not worry about the GUI development, login module etc.. With SMC application developers just have to worry about the way of taking inputs from the user & presenting them with the data from the WBEM server. There are tools to compile and register the application with the SMC console. This tool is tightly coupled with WBEM. more...

Java Web Console

This is a newly developed web based console infrastructure tool for all the management applications in solaris. This has much more advanced features compared to SMC and it is not coupled with WBEM.
Till version 2.x this is based on JATO framework and from Java Web Console3.x it is been moved to JSF framework. Also developing User interface is much simpler compared to applications on SMC. more...

If you want to handle a signal in shell script try this

trap "command to be executed" signal

Ex:
1)trap "echo Kishore" INT
2)trap "echo kishore" 2

Sample script:

#!/bin/sh
trap 'echo "Ignoring Control-C..."' 2
for i in 1 2 3 4 5 6 7 8
do
sleep 2
done
echo "program now terminated normally..."
exit 0

This is my first blog message. Trying to find out what to write.... Ok, let me brief about my self, I'm with SUN since one year 5 months & 19 days (Sorry I don't have time to calculate the hours and minutes now). I am very much interested in listening to the music, reading about telugu movies and gossips(Great fan of http://idlebrain.com). Also love to solve puzzle, what ever form it is. Fond of OOAD concepts, design patterns & device drivers. This is for today, I am planning to blog the OOAD design patterns that I read. Try to blog the interview questions.