Java dumps


I recently had to debug a problem with the MDM Workbench where exporting a tailoring project for Information Server didn’t do anything. In fact it didn’t even report any problems!

Unfortunately the code in question likes to put a brave face on things and just reports that everything was OK, even when something goes wrong. This was the perfect opportunity to try out some of the diagnostic tools available for the IBM Java runtime, which I’ve been meaning to try for ages. I had an idea where the problem was likely to be but to find out for sure I started the workbench using the following command line:

eclipsec -vmargs -Xdump:system:events=catch,filter=java/lang/AbstractMethodError#com/ibm/mdm/tools/export/infoserver/job/MDMDatabaseDAO.queryDatabaseWithoutFilter

Sure enough the failing export produced a dump which I could check using the Memory Analyzer tool. You can get the IBM version via IBM Support Assistant but it’s probably easier to get the standard Eclipse Memory Analyzer and add the required IBM plugins from the DTFJ update site.

I’m fortunate enough to work in Hursley so I could pester someone who works on IBM Java runtime diagnostics, but there’s also a helpful article on developerWorks with details of how to trigger dumps, and how to run queries using OQL:

Debugging from dumps: Diagnose more than memory leaks with Memory Analyzer

So mystery solved- if you have an Oracle database and want to exporting tailoring projects for Information Server, make sure you set up the database connection with a more recent JDBC driver than the defaults.

Parent friendly holiday


OLYMPUS DIGITAL CAMERA

Well it’s already two weeks since we got back from our first family holiday, and I did promise to report back, so while Buzz Light-toddler appears to be sound asleep here’s a very quick review of our stay in Dorset.

The plan was to find somewhere close to home in case things didn’t go too well. There was also a slight danger that we’d need two cars/trips to get everything there, so we wanted to find somewhere already equipped for babies. We found Hastings Farm Cottages on the Child Friendly Cottages website, and it had all the big stuff (cot, highchair, pushchair, etc.) provided, giving us a fighting chance of packing everything else for our four month night stay into a relatively small car!

I have no idea if all the Child Friendly Cottages are the same standard but Cowslip Cottage was excellent and came with everything we needed. Well, except for electricity for a bit but we were looked after with some hot water for an emergency cup of tea! (Entertainingly there was a small field of solar PV panels nearby but those were no use when the main supply is off, to protect the inverter- luckily they also had a generator to plug the kettle in to!)

It may not be far from home but Dorset has plenty of things to keep a toddler entertained, and Hastings Farm was a fabulous spot. We arrived with a baby, who decided it was a perfect place to start walking, so we had our own entertainment- chasing a new toddler!

Fortunately everyone survived and we now know that we can manage holidays, and we probably don’t need a bigger car. (They need less stuff when they get older, right?) So, any suggestions for where to go next?

Certifiable


I recently switched to a new ISP, who have so far been excellent, however they use certificates signed by CAcert. While I generally agree with the principle behind that decision, it does make life difficult. They cheerfully say, “You can check the certificate is signed by CAcert, if you like, before accepting it.” But how?

Warning: the following approach to checking the certificate is signed by CAcert is quite likely to be rubbish, so it’s probably not a good idea to follow it! In my defense, it seemed like a reasonable balance between just accepting some random certificate and complete paranoia but if you know a better way, please let me know.

They aren’t on Windows but the CAcert root certificates are already included in various places, so it turns out that the simple answer might be to grab the certificate from a suitable Linux distribution. Just to be on the safe side, I wanted to find a distribution I could download securely. The best option I found was Tails, which has a secure download and, for extra peace of mind, can be verified with OpenPGP.

My chosen method for trusting the tails signing key was a tad more interesting on Windows due to the lack of an sha256sum command. Luckily it seems you can do anything in PowerShell, so with a little help from Brian Hartsock’s blog, this did the trick instead:

$ha = [System.Security.Cryptography.HashAlgorithm]::Create(“SHA256″)
$stream = New-Object System.IO.FileStream(“tails-signing.key”, [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read)
$sb = New-Object System.Text.StringBuilder
$ha.ComputeHash($stream) | % { [void] $sb.Append($_.ToString(“x2″)) }
$sb.ToString()

 

All good, certificate verified. I would still rather Andrews & Arnold just used a proper certificate though: there are clearly problems with trusting all the certificate authorities that are included in browsers/operating systems by default but CAcert doesn’t exactly look like a fantastic example either, and normal users really don’t have any chance of making a more informed choice.

Spy on them?


Apparently today is the day we fight back, with the launch of Don’t Spy On Us in the UK.

lynsey_wells83-slow-down

It’s puzzling why digital interactions are somehow viewed differently to other aspects of everyday life. I suspect the economics of getting away with mass surveillance online vs. offline has a lot to do with it. Whatever the reason, making it explicit that our offline rights extend online is well overdue. The six proposed principles don’t seem all that unreasonable:

1. No surveillance without suspicion
Mass surveillance must end. Surveillance is only legitimate when it is targeted, authorised by a warrant, and is necessary and proportionate.

2. Transparent laws, not secret laws
The Government is using secret agreements and abusing archaic laws. We need a clear legal framework governing surveillance to protect our rights.

3. Judicial not political authorisation
Ministers should not have the power to authorise surveillance. All surveillance should be sanctioned by an independent judge on a case-by-case basis.

4. Effective democratic oversight
Parliament has failed to hold the intelligence agencies to account. Parliamentary oversight must be independent, properly resourced, and able to command public confidence through regular reporting and public sessions.

5. The right to redress
Innocent people have had their rights violated. Everyone should have the right to challenge surveillance in an open court.

6. A secure web for all
Weakening the general security and privacy of communications systems erodes protections for everyone, and undermines trust in digital services. Secret operations by government agencies should be targeted, and not attack widely used technologies, protocols and standards.

If we miss this opportunity, there’s a real risk to democracy. How is oversight possible if the people you’re overseeing know things about you that you’d rather keep private. My last MP, a candidate for the Lib Dem leadership, certainly had things to hide. Perhaps we need to know more about MPs. A lot more.

Photo © Veronica Aguilar (CC BY-NC-ND 2.0)

Unfiltered


According to BT its parental controls are ‘completely customisable’ and apparently it is possible to add specific sites to allow or block which, unless you’re Claire Perry, is obviously essential. Even so I’ve experienced just how pointless internet filters are before, so I’m keen to avoid ‘porn’ filters on my home broadband connection for as long as possible.

CoffeeGeek-filter

I don’t know how filtering works on other ISPs but these are just a few of the problems with BT’s implementation which contributed to an upcoming switch to a completely unfiltered broadband provider:

  • Applies same filtering to every device… hopefully there aren’t actually any homes without adults around. Apparently they do allow you to schedule when the filter is active but that seems like a solution from the last century.
  • There’s no way for me to find out if a site would be blocked by the filter. There are sites I might want to make certain are blocked but I obviously wouldn’t want to have to visit them to find out!
  • There’s no way for site owners to find out if their own site would be blocked by the filter.
  • The standard filtering has a couple of glaring omissions which I would be interested in: I want to block adverts targeted at children, and I want to block any form of tracking.

There are more details of BT’s filtering in the Open Rights Group blog post, BT answers our questions about parental controls.

Photo © Mark (CC BY-NC-ND 2.0)

2013 in review


[Cheating, just in case I don't finish a real post in January!]

The WordPress.com stats helper monkeys prepared a 2013 annual report for this blog.

Here’s an excerpt:

The concert hall at the Sydney Opera House holds 2,700 people. This blog was viewed about 25,000 times in 2013. If it were a concert at Sydney Opera House, it would take about 9 sold-out performances for that many people to see it.

Click here to see the complete report.