FLOSS Project Planets

Colm O hEigeartaigh: Testing Kerberos with Web Services using Apache Kerby

Planet Apache - Wed, 2015-11-11 07:13
The previous blog post described how to use Apache Directory to easily create a KDC via Java annotations for kerberos integration testing. In this post, we will look at an alternative way of setting up a KDC for integration testing using Apache Kerby.

Apache Kerby is a new subproject of Apache Directory that aims to provide a complete Kerberos solution in Java. Version 1.0.0-RC1 has recently been released and is available for testing. Apache Kerby consists of both a KDC as well as a client API, that is completely independent of the GSS API that comes with Java. A key selling point of Apache Kerby is that it is very easy and fast to setup and deploy a KDC. It is possible to set up a KDC completely in code, without having to edit any configuration files or configure any system properties.

Let's see how this is done by looking at a project I created on github:
  • cxf-kerberos-kerby: This project contains a number of tests that show how to use Kerberos with Apache CXF, where the KDC used in the tests is based on Apache Kerby.
The KDC is launched in the test-code, and is pretty much as straightfoward as the following code snippet:

The first block of code configures the host, realm, transports and ports, while the second creates the client, service and TGT principals that are used in the tests. No configuration files required! As well as showing how to use Apache CXF to authenticate using both Kerberos and Spnego for a JAX-WS service, the AuthenticationTest also includes unit tests for getting a service ticket from the Kerby KDC using the Java GSS API as well as the Kerby client API. Using the Kerby client API is as simple as this:

Have fun playing around with Apache Kerby and please join and contribute to the project if you are interested!
Categories: FLOSS Project Planets

Claus Ibsen: I am presenting Apache Camel in Copenhagen next week

Planet Apache - Wed, 2015-11-11 04:03
Next week I am going home to Denmark, to present Apache Camel in general and then a 2nd part that is focused around developing micro services with Camel, and running those in Docker containers in a Kubernetes platform. And all of that becomes easier for developers with the help from the tools and services we provide in the fabric8 project.

The event takes place on tuesday 17th november in the afternoon. There is three sessions, where Jakob Bendsen and Christian Damsgaard will talk about APIs and RESTful services with Camel.

The agenda, location, and how to register is all provided by Javagruppen, whom is organizing the event.

You can find the details here.

After all the talks there is pizza and beverages. Hope you have the time to stay, as I loved to hear war stories from the fields, and potentially news about where Camel's are in use. I have also some great stories about where Camel are in use you may not know or realize how a prominent role it plays in so many companies and public sections around the globe

The location was initially in Glostrup, but the event was quickly sold out (its free to attend for Javagruppen members) in less than 12 hours. So Region Hovedstaden was quick to save the day and provide a bigger location.

PS: The event takes place at Region Hovedstaden, Center for It, Medico og Telefoni, where I in the past had worked as a consultant. It's great to be back for a day. Hope to see familiar faces at the event. Region Hovedstaden is a long time Apache Camel user.

Categories: FLOSS Project Planets

Bryan Pendleton: New York City, Fall 2015

Planet Apache - Tue, 2015-11-10 21:36

It came to pass that we had the opportunity to spend 48 hours in Manhattan, wandering around and enjoying ourselves.

And so we did.

Manhattan is so big and complex that it would take months, years, perhaps your entire life, in order to really understand it.

But we didn't have that; we just had 48 hours.

So we had to concentrate, and pick a few things.

It so happened that we arrived in New York fairly late in the afternoon. By the time we had checked in to our hotel, it was already dinner time, so we went down to a nice (although quite busy) little restaurant in the East Village (just off St Mark's Place) for a nice meal.

After dinner we got back to the hotel, but we weren't quite ready to call it quits, so we went up to the 48th floor, where the revolving rooftop bar made a delightful location to have a drink before bed. It's a great experience; a fun touch is that the cocktail napkins are printed with a circular "skyline map" identifying all the buildings that you see, so that as you rotate around you can make sense of what you're looking at.

Assuming you're brave enough to actually look out the window, that is, and aren't just clutching your table and chair as tightly as possible (really? did I do that?)

Originally, we were planning to take a boating cruise in the morning; there are several of them which circumnavigate Manhattan, and it seemed like a relaxing way to see a lot of New York City (from the water). But the cruise was cancelled and so we didn't go; in retrospect, this was probably to our benefit, as the weather that day was misty and with very low clouds, so much of the city would have been hidden in the haze.

Instead, we made our way down to Battery Park and Castle Clinton and took the ferry to Liberty Island and on to Ellis Island. Although the weather was indeed gray and misty, in a way this rather enhanced the trip, as Liberty Island emerged from the clouds to our great delight.

We didn't have the fancy tickets to climb up into the statue itself, so we contented ourselves with walking around the island and looking at the statue from ground level, which was quite enjoyable.

Then we returned to the ferry and proceeded on to Ellis Island. Although it doesn't have the Statue of Liberty on it, Ellis Island is in many ways a much more interesting place.

Over the last few decades, the Ellis Island facilities have been converted to an immense and extremely well-organized museum, telling the story of immigration and how it built the United States of America.

The main building is 3 massive stories tall, and nearly all of it is museum. Even though many of the exhibits are straightforward, and we made an effort to move through in a lively fashion, it was well over an hour to see what we saw, and I think we saw barely half of what there was to see.

The ferry returned us to Battery Park, and after some wandering around, and some lunch, the weather had cleared nicely, and we made our way up to Central Park.

I was very interested to see the John Lennon memorial in Central Park, and I wasn't disappointed. It is quite nice, and it was filled with people like myself, stopping to look and think a bit before moving on, all of us quietly part of a shared experience.

The weather was glorious, so we walked around Central Park for several hours. We moseyed across from Central Park West to Central Park East, stopping at places like the Bethesda Fountain, the Hans Christian Anderson statue, the Model Boat pond, and the Alice in Wonderland statue.

Every so often we would wander out of the park, but the surrounding areas weren't as nice, so we just kept wandering back into the park, walking up and down the tree-lined paths, marveling at all the different things to see.

After a while we were tired, so we found a nice spot on the Upper West Side to sit for a while and rest and talk; when we were restored it was already getting on to dusk, so we made our way down to Lincoln Center to see the fancy theaters.

Later we made our way out to Rockefeller Center, which was already all lit up for the holidays. We tarried for a while, watching the ice skaters in the ice rink, and wandering through the enormous Lego Store.

It was dinner time, and my plan had been to find one of the up-and-coming Indian restaurants in the so-called "Curry Hill" neighborhood near 28th and Lexington, but instead we ended up at a very nice spot a little bit farther north in Murray Hill, where we had a fine meal.

The next morning, we popped out of bed again and headed back downtown to the 9/11 Memorial. Although we were both well-acquainted with the events of 14 years ago, neither of us had been to Manhattan since, so we wanted to make a visit to the memorial part of our trip.

This is an extremely dramatic and moving place, obviously, and the memorial accomplishes its task(s) well, I thought. The overall presentation is quite remarkable: from the street-level entrance you make your way down, down, down. The farther you go, the more dramatic and powerful the experience becomes, until you reach the very bottom, where the bulk of the exhibits and memorial materials are located.

I was pleased to see that, for the most part, the memorial lets the facts speak for themselves, and focuses its attention on the people who were most directly affected: those in the towers, on the planes, and at the Pentagon, as well as the emergency personnel who responded to the events.

The displays are physical and immediate, incorporating objects from the buildings themselves (the stairs, the foundation columns, the slurry wall, the steel girders, etc.) as well as objects from the people involved (equipment, personal effects, etc.)

The memorial uses multi-media EXTREMELY effectively, playing actual clips from television broadcasts, 911 recordings, cell phone messages, interviews with witnesses and survivors, etc. A particularly dramatic and moving exhibit tells the remarkable (if by now quite well-known) story of Flight 93, moving back and forth between air traffic control recordings, voice mail messages, and other information to let the actual participants in the story tell it, speaking from the grave as it were in some cases. I glanced into that room for just a moment but was instantly captivated, and 10 minutes passed before I could breathe.

We hadn't expected to spend long at the memorial, but before we knew it we'd been there more than 2 hours, and had to drag ourselves away and on. Although upon leaving I felt like I hadn't really learned anything I didn't already know, I still felt like my visit was valuable and I don't regret going for an instant.

We both really enjoyed wandering around the various Manhattan neighborhoods, and I think we could have done much more of this if we'd had time. Some are rather straightforward, like walking through the Financial District or down the canyons of skyscrapers mid-town.

Others are still full of personality and character, like Greenwich Village, SoHo, the East Village, Murray Hill, or Chelsea. We got just ridiculously lost wandering around Greenwich Village: one of my personal goals had been to visit the Village Vanguard, but we ended up abandoning that quest and moving on; later, looking on the map, I realized that we had stopped in a falafel shop that was, quite literally, across the street from the Village Vanguard, and hadn't even known it.

New York is definitely quite expensive, and eating and drinking there was not cheap by any stretch. However, the food was remarkably good, much better than either of us had expected, full of fresh and good ingredients, well-prepared, well-presented, well-delivered. If I could afford it, I could easily spend all my time just wandering around Manhattan, eating and drinking and looking about...

Another very nice surprise was how successful we were at taking the subway all over the island, even with very little advance preparation and zero experience with the things that it often turns out you need to know about a city's transit system.

The hardest part of using the subway turned out to be finding the stations from above-ground. Once you were in the station, though, everything was well-marked and easy to find and in remarkably good condition given the astonishingly heavy use that the New York City subways receive.

Trains ran regularly, loudspeaker announcements and display signs were clear and accurate, the system as a whole seemed to be basically clean and safe, and all in all it was much better than I had anticipated.

That said, the subway was certainly not as nice as Seoul's subway, which is perhaps no surprise because Seoul's subway is brand new by comparison. As compared to the London Underground, though, I thought that the New York City subway system was at least as good, and certainly not as complex.

If you find yourself in La Guardia Airport, and want to get into midtown, the NYC Airporter is just fine, and certainly a bargain compared to airport-to-downtown options I've used elsewhere.

If you want a place to stay, and are looking to be part of everything, the Marriott Marquis is right smack in Times Square, in the middle of the action, but once you duck into your room and close the door, it's peaceful and welcoming as can be. And boy is it convenient to get to anywhere else in Manhattan from that location!

Oh, and my wife got to go see Kinky Boots at the Hirschfeld on Saturday night, but you'll have to ask her about that (I was in Port Chester at the time, as we've already discussed).

Categories: FLOSS Project Planets

Justin Mason: Links for 2015-11-10

Planet Apache - Tue, 2015-11-10 18:58
  • No Harm, No Fowl: Chicken Farm Inappropriate Choice for Data Disposal

    That’s a lesson that Spruce Manor Special Care Home in Saskatchewan had to learn the hard way (as surprising as that might sound). As a trustee with custody of personal health information, Spruce Manor was required under section 17(2) of the Saskatchewan Health Information Protection Act to dispose of its patient records in a way that protected patient privacy. So, when Spruce Manor chose a chicken farm for the job, it found itself the subject of an investigation by the Saskatchewan Information and Privacy Commissioner.  In what is probably one of the least surprising findings ever, the commissioner wrote in his final report that “I recommend that Spruce Manor […] no longer use [a] chicken farm to destroy records”, and then for good measure added “I find using a chicken farm to destroy records unacceptable.”

    (tags: data law privacy funny chickens farming via:pinboard data-protection health medical-records)

Categories: FLOSS Project Planets

Edward J. Yoon: Cut&Paste from quora

Planet Apache - Mon, 2015-11-09 23:07
텐서플로우라는 오픈소스가 핫하다. 내실이 부족하니 더더욱 외부 뉴스에 흔들흔들.

차마 내가 못한 얘기를 Microsoft 직원이 시원하게 싸질러주었네. 요약하면, 잃는건 적고 얻는게 크다는 것. 우리도 쓰게 마음껏 재주부려봐라.

The open field of deep learning frameworks is already a crowded and hyper competitive. Google doesn't gain much by keeping its technology, which may be the best but not far superior than other similar state-of-the-art frameworks such as Theano/Torch/CNTK/minerva/etc., behind a closed door. If you read their white paper and other tutorials/comparisons of Theano/Torch/CNTK/minerva, you would easily develop a headache of reading the same concepts over and over again. All are open source and are quick to copy/implement the greatest from each other. Google got the most descriptive name but all these software are about expressing a tensor graph in a high-level language, which gets translated to high performance code which can be run on (multi) CPUs/GPUs. 

Google's direct competitors in the AI space are already leading other deep learning frameworks. So even if TF is superior, it will be very slow painful experience if these competitors decide to jump ship.

So let's keep in mind that their loss for publishing yet-another-deep-learning-framework is small. However, the benefits are tremendous.

  • Due to the competitive nature of deep learning frameworks, owning yet-another-state-of-the-art framework doesn't set AI companies apart. What make a company outstanding are services built on top of this framework and the people. On the software aspect, I believe that Google Brain still has secret weapons built on top of TF. On the people aspect, by releasing this software, Google excites not just the research community but also their own army and the potential hires.
  • At Google size, you cannot take for granted that other teams/individuals would automatically use your product. You need to shout out very loud (and to the public) that your system is the best to gain other team's confidence, which helps create synergy and increases the company productivity.
  • Obviously, by open sourcing, they get the benefits from contributors outside the core team.
  • Once TF gets popular, many new research ideas would be implemented in TF first, which makes it more efficient for Google to productize those ideas and have advantages over competitors.
  • TF helps increase the credibility of future Google's research paper. Google research is notorious for not publishing their code.
  • And last but not least, open sourcing is fun and rewarding. It increases the morale of the core team too.
Categories: FLOSS Project Planets

Justin Mason: Links for 2015-11-09

Planet Apache - Mon, 2015-11-09 18:58
  • Caffeine cache adopts Window TinyLfu eviction policy

    ‘Caffeine is a Java 8 rewrite of Guava’s cache. In this version we focused on improving the hit rate by evaluating alternatives to the classic least-recenty-used (LRU) eviction policy. In collaboration with researchers at Israel’s Technion, we developed a new algorithm that matches or exceeds the hit rate of the best alternatives (ARC, LIRS). A paper of our work is being prepared for publication.’ Specifically:

    W-TinyLfu uses a small admission LRU that evicts to a large Segmented LRU if accepted by the TinyLfu admission policy. TinyLfu relies on a frequency sketch to probabilistically estimate the historic usage of an entry. The window allows the policy to have a high hit rate when entries exhibit a high temporal / low frequency access pattern which would otherwise be rejected. The configuration enables the cache to estimate the frequency and recency of an entry with low overhead. This implementation uses a 4-bit CountMinSketch, growing at 8 bytes per cache entry to be accurate. Unlike ARC and LIRS, this policy does not retain non-resident keys.

    (tags: tinylfu caches caching cache-eviction java8 guava caffeine lru count-min sketching algorithms)

  • What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability.

    The ever-shitty Java serialization creates a security hole

    (tags: java serialization security exploits jenkins)

  • Gallery – Steffen Dam

    Danish glassware artist making wonderful Wunderkammers — cabinets of curiosities — entirely from glass. Seeing as one of his works sold for UKP50,000 last year, I suspect these are a bit out of my league, sadly

    (tags: art glassware steffen-dam wunderkammers museums)

  • London garden bridge users to have mobile phone signals tracked

    If it goes ahead, people’s progress across the structure would be tracked by monitors detecting the Wi-Fi signals from their phones, which show up the device’s Mac address, or unique identifying code. The Garden Bridge Trust says it will not store any of this data and is only tracking phones to count numbers and prevent overcrowding.

    (tags: london surveillance mobile-phones mac-trackers tracking)

  • Red lines and no-go zones – the coming surveillance debate

    The Anderson Report to the House of Lords in the UK on RIPA introduces a concept of a “red line”:

    “Firm limits must also be written into the law: not merely safeguards, but red lines that may not be crossed.” …    “Some might find comfort in a world in which our every interaction and movement could be recorded, viewed in real time and indefinitely retained for possible future use by the authorities. Crime fighting, security, safety or public health justifications are never hard to find.” [13.19]  The Report then gives examples, such as a perpetual video feed from every room in every house, the police undertaking to view the record only on receipt of a complaint; blanket drone-based surveillance; licensed service providers, required as a condition of the licence to retain within the jurisdiction a complete plain-text version of every communication to be made available to the authorities on request; a constant data feed from vehicles, domestic appliances and health-monitoring personal devices; fitting of facial recognition software to every CCTV camera and the insertion of a location-tracking chip under every individual’s skin. It goes on: “The impact of such powers on the innocent could be mitigated by the usual apparatus of safeguards, regulators and Codes of Practice. But a country constructed on such a basis would surely be intolerable to many of its inhabitants. A state that enjoyed all those powers would be truly totalitarian, even if the authorities had the best interests of its people at heart.” [13.20] …   “The crucial objection is that of principle. Such a society would have gone beyond Bentham’s Panopticon (whose inmates did not know they were being watched) into a world where constant surveillance was a certainty and quiescence the inevitable result. There must surely come a point (though it comes at different places for different people) where the escalation of intrusive powers becomes too high a price to pay for a safer and more law abiding environment.” [13.21]

    (tags: panopticon jeremy-bentham law uk dripa ripa surveillance spying police drones facial-recognition future tracking cctv crime)

  • Dublin is a medium-density city

    Comparable to Copenhagen or Amsterdam, albeit without sufficient cycling/public-transport infrastructural investment

    (tags: infrastructure density housing dublin ireland cities travel commuting cycling)

Categories: FLOSS Project Planets
Syndicate content