If you use a computer, and worry about its security, you should subscribe to the SANS diary, which keeps you up to date with the networks big security issues.

Today the news is Mozilla Firefox bug ID 432406: Virus found in Vietnamese language pack

It looks like

1. The person who builds the language pack's network was compromised with a win32 virus that patches advertisment JS into .xhtml files.
2. The virus patched the help files for the language pack
3. Which was upload in February
4. This was before the virus scanners recognised the malware (always the problem), so the file passed the initial security checks
5. And not found until May, when a rescan of the repository caught it

As it takes Mozilla more than a 1 week to scan the repository, they aren't in a position to detect malware that creeps in ahead of the signatures being updated.

This is pretty scary. It shows that you cant trust .xpi files, even from mozilla.org but I doubt most PC virus scanners look in them. It also shows that the security of OSS products is limited to its weakest link: the security of the computers of the people who make the contributions. Which means that you are pretty vulnerable, as a lot of machines are a mess out there, especially windows ones, where the default low-energy state is 0wned.

When you think that the whole OSS platform is based on an explicit trust of the repositories and the source, that's very scary.

The virus scanning process needs to be improved. A month? Someone needs to copy all the files up to HDFS and then run the scanner as a Hadoop Map/Reduce algorithm...make each signature scan a single map and stream the tasks past the files.

This is an emergency warning to people engaged in outdoor activites. There is a fundamental force, "Gravity", which can cause pain and injury if applied incorrectly.

"Gravity" is a very weak force which attracts subatomic particles, those with "mass". While very weak, it does scale up and in large quantities, "planets" can exert quite a force on smaller objects. Normally it provides a valuable service, holding down an atmosphere, keeping property on the planets surface, and such like. It amplifies the effect of "friction", which for mountain biking can be used to transform pedalling into forward motion. "Gravity" is invaluable.

However, it has a downside. Because of the force it exerts on mass, any object with weight (such as a cylist and their bicycle) are unable to travel in straight object through space once friction fails, which it may do in wet and muddy conditions. Instead of continuing through 3-space in a vector consistent with their existing direction of travel, "gravity" alters the vector of the massed object, pulling it towards other objects with mass, such as rocks. While the direction of travel is altered, the overall momentum of the object is not affected, resulting in large amounts of kinetic energy being dispersed when the massing objects encounter each other. Some objects may disperse such energy by transforming it to heat and noise. Unfortunately, people appear to transform the energy into pain and damage to bodily parts.

To avoid such problems, consider avoiding cycling on low friction surfaces, such as on wet roots after a rain shower. If such activites are planned, consider body protection (knee pads) and practising safely ejecting from cleated pedals.

I have to make a note in my calendar. First weekend in May, get out of town. Because that is the weekend the tree people do their annual parade and pub crawl, dancing round the streets taking turns to wear the tree while their fellow green-painted participants dance and drum their way round the city.

Last year I ended having to follow them, on account of the five year old I own wanted to follow him on the scooter, and I needed to stop him being taken off and sacrificed Wicker-Man style.

This year I completely forgot about them, but we kept on bumping in to them while doing our usual round-Bristol-on-a-Saturday activities.

I am worried that my son is showing too much interest them. Fortunately they only surface once a year. But even so, they must exist somewhere in the city the rest of the year, waiting for their day to paint themselves green and bounce round dressed as a tree. That is just unnatural. No wonder organised religions have been persecuting the wierd-druid-style mythologies that have existed in Northern Europe since before the Romans travelled north. It's nothing to do with moral righteousness of specific religions or edicts from random deities. No, it is that dressing up as a tree is seriously weird and ought to be stopped.

Upgrading to Ubuntu 8.04

I left the home PC upgrading to Ubuntu 8.04 overnight. With hindsight, doing the download+install was the wrong tactic. Better to pull down the install DVD and run from there as (a) I can upgrade other boxes more easily and (b) an overnight upgrade is bound to halt four hours in with a question about whether to replace a cupsd or smb.conf file with a new version. As it did....it was about noon before the system was rebooted in the new OS

Everything seems, so far, OK; the usual troublespots are under control.

1. Java 6: This release includes an OpenJDK 6.0 that comes in the distro. I pulled out the sun JDK to switch this one one; once the Sun one was away the new release got picked up automatically.
2. VMWare. You need these patches. Then everything goes swimmingly

I'm unhappy about FireFox 3. It may be better than before, but without the addons, especially the EC2 and S3 add-ons, I'm rather stick with FF2.0. Yes its memory footprint grows over time, but a daily restart fixes things.

I'm more unhappy about Java GUI support. Something is up with fonting in OpenJDK6. You can see it in Jedit, where the descending characters, like j, g and y are missing their descenders.

It looks like the info about line height coming back to the app is different from the real font value. In IDEA 7, the text area was OK, but all the window titles an unaliased nightmare until I overrode the default settings for the theme, picked up Bitstream Vera Sans, and all looks good. Until I start scrolling by rolling the mouse wheel, where that slight offset between font stated and rendered heights make the bitmaps a mess

This is clearly a scroll artifact; the IDE is moving the bitmap but some relics of lines that it doesn't think are there are being pulled in. Turning off smooth scrolling doesn't help. A bit more work shows that right mouse clicks aren't being picked up in the project view either. This is not a Java Runtime for applications.

Nor am I sure the JDK is up to date; for using typica to talk to EC2 I need JAXB2.1, and by embedding an older version inside the Java6 JDK (mistake) you are in java endorsed library hell the moment you think of using a version not built in to the JDK. Java 6.0upgrade4 runs version 2.1, so problems go away there. I haven't tried the OpenJDK, and, with firefox taking away my EC2 console, not something I want to do.

So there you have it. There is a JDK that causes my Java GUI apps to play up, and a version of firefox I cant switch to as the tools are holding me back. If I can't force firefox back to the 2.x branch I will install a local copy, and as for Java, try either a Sun or BEA SDK.

This is one scary book

From Johan's Announcement

------------------------

August 19th brings the first of many Hadoop User Group meetups in the UK. It will be hosted somewhere in London and we'll have presentations from both developers and users of Apache Hadoop.

The event is free and anyone is welcome. Please help us by adding yourself as attending if you're coming: http://upcoming.yahoo.com/event/506444

If you're interested in presenting please let us know at hug at lists.last.fm

Preliminary speakers:

1. Doug Cutting (Yahoo!) - Hadoop overview
2. Tom White (Lexemetech) - Hadoop on Amazon S3/EC2
3. Steve Loughran and Julio Guijarro (HP) - Smartfrog and Hadoop
4. Martin Dittus and Johan Oskarsson (Last.fm) - Hadoop usage at Last.fm

More details, presenters and venue announced at a later date. Keep an eye on the upcoming event page.

------------------------

This is really exciting, and the fact that I'm signed up to talk about something means I had better move it up my todo list. Committing to talk about things is always a good motivator to finish the code.

A test error from SVN HEAD:

Failed to submit job to hadoop-prj-:54311

SmartFrogLifecycleException:: Failed to submit job to hadoop-prj-1:54311, cause:
java.net.SocketTimeoutException: timed out waiting for rpc response, SmartFrog 3.12.031dev
(2008-04-21 16:43:54 BST), data: Failed object class:
org.smartfrog.services.hadoop.components.submitter.SubmitterImpl, primSFCompleteName: HOST
morzine:rootProcess:testJobSubmission:action:submitter, primContext: included, reference: HOST
morzine:rootProcess:testJobSubmission:action:submitter, primContext: included
at org.smartfrog.sfcore.common.SmartFrogLifecycleException.forward(SmartFrogLifecycleException.java:232)

at org.smartfrog.services.hadoop.components.submitter.SubmitterImpl.sfStart(SubmitterImpl.java:78)
at org.smartfrog.sfcore.compound.CompoundImpl.sfStartChildren(CompoundImpl.java:661)
at org.smartfrog.sfcore.compound.CompoundImpl.sfStart(CompoundImpl.java:634)
at org.smartfrog.services.assertions.TestCompoundImpl.sfStart(TestCompoundImpl.java:249)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:305)
at sun.rmi.transport.Transport$1.run(Transport.java:159)
at sun.rmi.transport.Transport.serviceCall(Transport.java:155)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:535)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:790)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:649)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
at java.lang.Thread.run(Thread.java:619)
at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:255)
at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:233)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:142)
at org.smartfrog.services.assertions.TestCompoundImpl_Stub.sfStart(Unknown Source)
at org.smartfrog.services.assertions.events.TestEventSink.invokeStart(TestEventSink.java:351)
at org.smartfrog.services.assertions.events.TestEventSink.startApplication(TestEventSink.java:369)
at org.smartfrog.services.assertions.events.TestEventSink.runTestsToCompletion(TestEventSink.java:397)
at org.smartfrog.test.DeployingTestBase.runTestDeployment(DeployingTestBase.java:258)
at org.smartfrog.test.DeployingTestBase.completeTestDeployment(DeployingTestBase.java:301)
at org.smartfrog.test.DeployingTestBase.runTestsToCompletion(DeployingTestBase.java:337)
at org.smartfrog.test.DeployingTestBase.expectSuccessfulTestRun(DeployingTestBase.java:419)
at org.smartfrog.services.hadoop.test.system.hplb.HplbJobTest.testJobSubmission(HplbJobTest.java:38)

Caused by: java.net.SocketTimeoutException: timed out waiting for rpc response
at org.apache.hadoop.ipc.Client.call(Client.java:514)
at org.apache.hadoop.ipc.RPC$Invoker.invoke(RPC.java:198)
at $Proxy0.getProtocolVersion(Unknown Source)
at org.apache.hadoop.ipc.RPC.getProxy(RPC.java:291)
at org.apache.hadoop.ipc.RPC.getProxy(RPC.java:278)
at org.apache.hadoop.mapred.JobClient.createProxy(JobClient.java:367)
at org.apache.hadoop.mapred.JobClient.init(JobClient.java:352)
at org.apache.hadoop.mapred.JobClient.(JobClient.java:339)
at org.apache.hadoop.mapred.JobClient.runJob(JobClient.java:788)
at org.smartfrog.services.hadoop.components.submitter.SubmitterImpl.sfStart(SubmitterImpl.java:76)
at org.smartfrog.sfcore.compound.CompoundImpl.sfStartChildren(CompoundImpl.java:661)
at org.smartfrog.sfcore.compound.CompoundImpl.sfStart(CompoundImpl.java:634)
at org.smartfrog.services.assertions.TestCompoundImpl.sfStart(TestCompoundImpl.java:249)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:305)
at sun.rmi.transport.Transport$1.run(Transport.java:159)
at sun.rmi.transport.Transport.serviceCall(Transport.java:155)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:535)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:790)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:649)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
at java.lang.Thread.run(Thread.java:619)

Execution time: 12.191s

This may seem like a failure, but in fact, to me, it represents something better.

1. SmartFrog has a functional test that submits a job to a Hadoop cluster.
2. We have a subclassed version of Hadoop's org.apache.hadoop.mapred.JobConf class, ManagedConfiguration that reads in its configuration from SmartFrog deployment descriptors, rather than the XML format.
3. We have Template SmartFrog Components
4. for describing a Hadoop Job
5. We have a component that can take a job description and submit it, checking on its status and optionally terminating the job when the component itself terminates.

And that's why I view the stack trace as a success, rather than a failure. You have to have done a fair amount of work before your functional tests can start failing due to the absence of remote job trackers.

Now, I suppose I'd better do the components to bring up the namenode, data nodes and job tracker

So the WS/SOA blog community is upset that someone - Jean-Jacques Dubray, apparently- has slagged off Jim Webber in public. over a posting of Jim's.

Personally, I find it JJ's behaviour poignantly, naively funny.

Why? Because Jean-Jacques has just made a strategic error -criticising Jim W without doing his research. Jim and Savas spent years up in Newcastle, not just studying distributed computing, but surviving in a town where the post-pub activities from the locals includes picking knife-fights with strangers. In their last few years in the UK, the pair of them went to all the Grid Forum events not to talk about what they were doing, but to rip into everything that was being proposed -OGSI, WS-RF, the works. They'd let someone present their stuff, sitting quietly at the back of the room, then stand up and tear into it piece by piece. They'd sit at the back, as that way they got to shout their arguments -it made for better delivery.

It was always hilarious to watch. In fact, this is why I supported their work from the outset. It wasn't just that to anyone that had done functional SOAP stuff, most of what they were saying was obviously correct, it was that Savas and Jim were so aggressive about arguing their case that you were better off being on their side than that of the US grid architects, IBM, or any other large organisation. Because having the paper support of such large entities means nothing when you are in the same room as those two.

So far, Savas has responded. From what I recall of Savas, he's being polite. Either his stint at Microsoft has taught him sublety, or he's just warming up. Either way -this is going to be entertaining to watch.