Quick Security Alerts for the Week Ending 10/10/2010

feeds | grep links > Newton on an iPad, More Softening of Apple Policies, PostgrSQL 9.0 Released, and More

  • Newton on an iPad
    Ht @stephenjayl. The link, which I also saw on Hacker News, is to a write up on the latest fun with a pre-existing project, Einstein, that runs Newton OS on modern hardware via emulation. Earlier this month, the code was ported to iOS and the poster has embedded a video of it running on his iPad. I only ever had one on loan and enjoyed using it. My enjoyment of nostalgic computing and specifically the MessagePad overrides my current irritation with Apple enough that if I had a compatible device, I might try running this.
  • Google Voice app approved in Apple’s app store
    As Slashdot explains, it isn’t the first app that was infamously approved, rejected, and then removed from the store. However, Google Voice Mobile is apparently in the process of being re-submitted and re-considered. As with the changes in Apple’s developer agreement, this signals a softening of policies, most likely because of complaints resulting in FTC scrutiny.
  • Modders bring emulation, homebrew games to PS3, Slashdot
  • Swedish Pirate Party fails to retain seat in parliament, The Register
  • Return to Castle Wolfenstein source code released, Slashdot
  • iPhone app piracy tool, source code up for sale, ReadWriteWeb
  • PostgreSQL 9.0 released
    The H has the new features in this release that has been backing for a while. One of the most interesting is replication. It answers my questions, as a long time user of the database server, on how the feature works. It is targeted at hot standby, easing the replication of the write ahead log, so it is distinct from the kind of replication performed by newer, post-relational databases.
  • Europe proposes international internet treaty, Slashdot

feeds | grep links > ZFS Linux Port Stalls, FroYo on iPhone 3G, Broadband Internet Technical Advisory Group, and More

  • Adoption of Linux ZFS port hampered by license issues
    There has been a lot of interest in ZFS, including rumors of Apple offering it as a choice for OS X. The feature list is impressive, including a staggering 128-bit address space, snapshotting to provide native support for rolling back the state of the disk, and some novel concepts around managing disks and volumes. Unfortunately Sun’s license choice, as Ryan Paul at Ars Technica explains, prevents the merging upstream of the recent Linux port or distribution of the file system in binary form. My understanding is that license compatible alternatives already available for Linux are catching up, if not already comparable.
  • Android 2.2, FroYou, hacked to run on iPhone 3G
    Wired has details of another early stage port, again targeting an older model iPhone. I am pleased the hacking community undertaking these ports is bringing the latest Android features but wonder when they’ll get around to a port, stable or like this one unstable, for 1G iPod Touches.
  • Chrome Frame beta brings welcome improvements
  • Broadband technical advisory group set to launch
  • More on broadband advisory group
    The emphasis of this group’s efforts will be on trying to define what constitutes reasonable network management, Nate Anderson at Ars Technica explains. The problem with that, as he points out, is users are left out of the cold. At least one public interest group, the Open Internet Coalition, is already speaking up though more over concerns that the proposed BITAG could sap the FCC’s “third way” plan. This certainly echoes earlier concerns about the first suggestions of a loophole for reasonable network management.
  • What’s new in PostgreSQL 9.0
    Via Slashdot
  • Eye sight control for smart phones

Open Source Neural Networking Tool, Behavioral Ads without Tracking, and More

  • Pirate software moving from bit torrent to commercial hosting services
    This is hardly surprising news and will probably continue as long as there are newer services to which pirates can move. Or rights holders are able to vastly change the contours of the current notice and takedown regime, like through their efforts to enlist ISPs to actively filter for infringing material.
  • Lessons from a more ambitious vision for the web
    Atwood describes the Xandu project, a bit of perpetual vaporware that predates the web but shares many similarities when considered at a very high level of abstraction. His point really is to use it as an example that illustrates one of my favorite quotes from Ward Cunningham–“write the simplest thing that could possibly work”.
  • Open source release of framework for artificial neural networks
    Despite the framework being written in Java which will no doubt turn off some readers, this looks like a worthwhile release for any arm chair hackers in machine intelligence. It is nice to see some accessible documentation made available alongside the source release, too.
  • Quick history on P3P and theory on why it failed
    The Register recaps an episode of OUT-LAW Radio. I think there is more to the story than just browser adoption, at least according to folks I talked to who participated in the development of P3P. It certainly is a large part of the spec’s failure, to be sure.
  • 100 years of big content’s objections
    When you start down the rabbit hole that is this question of copyright reform, there are stories you hear over and over. At Ars, Nate Anderson has an excellent survey of these cases where the incumbent rights holders have raised very similar rhetoric repeatedly over the past century in their attempts to veto innovation in order to preserve their existence business interests.
  • Without free software, open source would lost its meaning
    Thanks to PJ at Groklaw for pointing this out. It is actually a response by Glyn Moody, of whom I am also a fan, to another piece to which I linked recently, Matt Asay’s problematic assertion about the death of free software. Glyn articulates what I think is the key point incredibly well, that the free software movement pegs one end of the spectrum without which, our choices and rhetoric would be much, much narrower.
  • Recommending Postgres for the enterprise
    I am very glad to see Matt Asay make a strong case for Postgres which is often overlooked in the open source world for reasons I don’t entirely understand. Unfortunately, I think he really mischaracterizes the driving issue. I would never describe Postgres as a “Java database”, though I get the point he is trying to make about its suitability in the enterprise. I think it would be fair to state that Postgres’ support for Java is much more reliable than MySQL’s support for the same.
  • Behavioral advertising without tracking
    Professor Felten points out a paper that proposes a system which may provide the best of both worlds. He summarizes the work as the user’s browser building and protecting the behavioral model locally and negotiating with the ad service to select ads from a portfolio without revealing any personal info. Felten’s conclusion is also well worth noting, that if this research can be implemented, it will merely erode the rational for tracking, not necessarily the desire.

Getting XA Transactions Working in Glassfish 2.1

In the spirit of following my own advice, I am writing up the blog post I wished I could have found today to help me with a nasty, obscure problem I encountered working on the day job.

The original error that was reported and that I was asked to investigate was this:

java.lang.RuntimeException: Cannot export transaction having non-XA resource: 2-phase commit not possible.

The code in our application that raised this exception was trying to do a remote JNDI lookup and a call to the remote Session bean reference returned from that lookup. We do this in the cluster to centralize a few critical operations to a single node in the cluster. Otherwise, everything in a JEE cluster, especially in Glassfish 2.1, basically just occurs either locally or in a random node. This is not acceptable for managing external resources like a Lucene search index.

A bit of digging hinted that the problem was that our JDBC DataSource was not an XA capable one. We are using PostgreSQL 8.3 and the 603 build of the JDBC 3 drivers for that database. I tried just changing the Datasource Classname for our connection pool in Glassfish’s console to “org.postgresql.xa.PGXADAtaSource” but on restarted and re-deploying got the following error:

java.lang.AbstractMethodError: org.postgresql.jdbc3.Jdbc3Connection.getClientInfo()Ljava/util/Properties;

I had no idea what this meant. Looking up Sun’s API docs for AbstractMethodError, it claims this should be caught at compilation, it refers to a call to a purely virtual, or abstract, method. It’s one of those “this should never happen” errors. I suspected it was a difference in the interfaces bundled in Glassfish 2.1’s database support and the actual concrete classes from the PostgreSQL JDBC driver jar.

I first tried upgrading that jar to build 604, still using the JDBC 3 drivers. Same error occurred at deployment. On a whim, I tried upgrading the driver to JDBC 4. When I did so, bounced the cluster, and re-deployed our application, then the error did not occur.

Nowhere did I find a simple bit of documentation that suggested if you are trying to use XA, or distributed transactions, in a Glassfish 2.1 cluster that you need to use JDBC 4 capable drivers. Seems like a pretty basic requirement. I also could not find any simple documentation that made it clear that making a remote call from one node to another physical node in a cluster requires XA transactions to use transactions at all. That latter point is pretty self evident in retrospect but it is the kind of rule that can stand being repeated and clarified at every opportunity.

Hopefully this is a clear enough description of this weird little problem with enough specifics to save the next person encountering this problem the hassle I had to go through to get it working without error.