codeghost

RDMS entering it’s final days?

I’ve worked in technology for fifteen years, largely in the finance sector and over the years it became more and more apparent that traditional RDMS style databases were the biggest obstacle we had to providing scalable, performant and reliable applications at speed.

As someone who has been responsible for designing and implementing several trading applications during my career, I have taken the effort to relegate the DB to a mere backup component, an absolute necessity for the speed required in trading environments and where realtime data analysis is key however, even using them just for that requires a lot of effort and design when you need to ensure zero data loss.

Over the last year I’ve been fortunate enough to gain considerable exposure to cloud based IAAS including various NoSQL offerings and the difference in speed with which I have been able to turn ideas into working applications has been incredible.

Today I came across Orchestrate, a new startup aiming to take things a step further and literally abstract data management behind an API, leaving developers and designers to focus on what makes their application valuable and cut out wasted time spent building out what should effectively be a utility to the application we’re actually looking to build.

I’ll be following this with interest.

1 day ago
Permalink

Arrested Development season four: the return of the greatest sitcom ever

Seven years after being cancelled, the show has been resurrected by Netflix. But why has it retained such a vast army of fans? Jeffrey Tambor, Michael Cera, Tony Hale and other cast members explain why

UNABLE TO DEBUG FLEX FOR ANDROID 4.2.2

My Nexus 7 recently got upgraded to Android 4.2.2 and immediately Flash Builder started reporting that the device was not connected and that the Air runtime was not installed on the device.

The problem has been caused by the introduction of a gatekeeper on the phone, where when debugging a native Android app you have to accept an RSA fingerprint associated with your computer, presented on the device before your session will connect.

Adobe are looking into releasing a fix according to their forums, but in the mean time you can fix this yourself.

Download the latest version of the Android SDK and associated tools. You can use the Android SDK Manager to do this for you.
Navigate to “~/Flash Builder 4.x/sdks/4.x.x/lib/android/bin” updating the path according to the Flash Builder and SDK version you are referencing.
Replace aapt / adb / dx.jar with the versions from the latest SDK, which will be in ~/android-sdk/platform-tools and it’s lib subdirectory.

Now when you launch you Flex app on your device you will be presented with the RSA fingerprint confirmation dialog. Upon accepting the fingerprint Flash Builder will launch your app as usual.

MULTIPLE IOS TARGETS FROM A SINGLE XCODE PROJECT

It’s quite common for me to see a an XCode app that has been developed with multiple deployment versions, which have been built as two (or more) separate projects, with the required code simply copied between the two.

This is obviously error prone and a pain to manage, so I thought I would quickly highlight how you can produce multiple versions of an app from a single project, as a reference for those that don’t realise it can be done.

To be clear, I am not talking about producing an iPhone and iPad specific version of the same application. For that you can use a single Univeral target with device specific interfaces specified in the single target.

I am referring to the production of different variants of an app, such as producing a “lite” version of an app as an enticement to the full version.

1.Select the project in the Project Navigator to display the project details. Under TARGETS select the target that already exists, right click and select Duplicate. Rename the target as desired.

2. In the Project Navigator, select the Info.plist file (it will be under “Supporting Files”) and “Show in Finder”.

3. Duplicate both the Info.plist and the Prefix.pch files in finder and rename them appropriately for your new target.

4. Back in XCode, right click “Supporting Files” and select “Add Files to …”. Select the Info.plist and Prefix.pch you have just created.

5. Select “Build Settings” and search for “info.plist”, change the name of the “Info.plist File” entry to the name of the plist you created.

6. Change the search text to “pch” and again update as appropriate.

7. Under “Build Phases” add the main files, storyboards and data models required for this deployment target and link the appropriate binaries.

8. Finally, go back to Summary and select the Main Storyboard / Interface. Only those you have specified as associated in “Build Phases” will be selectable here.

That’s it, you can now produce multiple separate apps from a single project. Keep in mind when adding frameworks or files (including auto-generating managed objects from a data model) that you must add them to each target that will need them, otherwise you may see yourself getting some compilation errors you weren’t expecting.

AUTHENTICATING AGAINST AWS WITH STS

If you have been using, or are looking to use Amazon Web Services with your iOS applications, especially to back Core Data onto DynamoDB you may well have walked through the UserPreferences example which implements a Token Vending Machine (TVM) to allow your applications to request temporary user credentials to access your backend services.

Amazon have done a good job at implementing a sample TVM both for the phone side (which is still included in the SDK sample code as of SDK version 1.4.4) as well as providing TVM Java Applications that can be deployed to Elastic Beanstalk for it to talk to and all of their online documentation points you in that direction.

However, what they fail to mention unless you read through the SDK release notes, is that direct access to the Security Token Service (STS) has been available since SDK version 1.2.0 which was released way back in February 2012 and means you don’t need to bother either deploying a TVM to Elastic Beanstalk (which costs you money) or implementing the TVM code in your iOS app.

The great thing about STS is there is no additional cost over what resources you’re already using and the amount of code required is vastly less, but there appears to be extremely little documentation about how to use it, so I will run through theUsing the AWS Persistence Framework for Core Data tutorial briefly, showing what you need to do to use STS rather than TVM.

I’m going to assume you are starting with a standard Core Data application which will include managedObjectModel, managedObjectContext and persistentStoreCoordinator method implementations in you AppDelegate.

First, link the AWSIOSDK and AWSPersistence frameworks to your XCode project (1.4.4 is the current version as I write this).

The tutorial explains that you need to implement AWSPersistenceDynamoDBIncrementalStoreDelegate which requires the implementation of

- (AmazonCredentials *)credentials {


}

but which the tutorial refers you to implement a TVM for, which involves at the very least deploying a web app for and copying a lot of code from the UserPreferences example into your own project. Instead you can implement the method as follows:

- (AmazonCredentials *)credentials
  {
    if(credentials==nil) {
        SecurityTokenServiceGetSessionTokenRequest *request = 
            [[SecurityTokenServiceGetSessionTokenRequest alloc] init];

        AmazonSecurityTokenServiceClient *client = 
            [[AmazonSecurityTokenServiceClient alloc] 
                initWithAccessKey:@"ACCESS_KEY"
                withSecretKey:@"SECRET_KEY"];
          SecurityTokenServiceGetSessionTokenResponse *response = 
              [client getSessionToken:request];
          credentials = [[AmazonCredentials alloc]
              initWithAccessKey:response.credentials.accessKeyId
               withSecretKey:response.credentials.secretAccessKey
             withSecurityToken:response.credentials.sessionToken];
    }
    return credentials;
}

For the above, I have declared an AmazonCredentials property in the header file to track the credentials between calls and include the following imports:

#import <AWSiOSSDK/STS/AmazonSecurityTokenServiceClient.h>
#import <AWSiOSSDK/STS/SecurityTokenServiceGetSessionTokenRequest.h>
#import <AWSiOSSDK/STS/SecurityTokenServiceGetSessionTokenResponse.h>

Now if you complete the remainder of the tutorial you will be able to access DynamoDB using the temportary credentials, without any TVM code.

One thing to bear in mind is to ensure that the IAM user you setup to provide the credentials above should have he bare minimum of permissions required to maximise the security of your environment.

One final note, if you want to specify the region that your DynamoDB instance is running in for Core Data, rather than connecting to the default, which was made possible in SDK 1.4.3 you can include the AWSPersistenceDynamoDBEndpoint key/value pair in your configuration options as such:

NSDictionary *options = 
    [NSDictionary dictionaryWithObjectsAndKeys:
        hashKeys, AWSPersistenceDynamoDBHashKey,
        versions, AWSPersistenceDynamoDBVersionKey,
        self, AWSPersistenceDynamoDBDelegate,
        @"http://dynamodb.eu-west-1.amazonaws.com", AWSPersistenceDynamoDBEndpoint,
        nil];

AVD CRASHES ON LAUNCH (EMULATOR64-ARM QUIT UNEXPECTEDLY)

If you’ve seen the error message “emulator64-arm quit unexpectedly” recently whilst doing Android development on a Mac, you may well have stumbled across another rather bizarre Android dev tools bug.

If you are using a second monitor connected to your computer (I do via a Kensington adapter for my MBP) and have shut down the emulator whilst it was positioned on your second monitor, it appears to cause an invalid address exception in the emulator.

The bug has been filed http://code.google.com/p/android/issues/detail?id=38371 but to get around it in the mean time you will need to edit the emulator-user.ini for each VM you have broken. You will find the file at ~/.android/avd/<emulator-name>.avd/emulator-user.ini. Open it and set window.x=0.

ENVIRONMENT AGNOSTIC NON-PUBLIC MAVEN LIBRARY REFERENCES

Sorry if the title is a bit confusing, I’m trying to make it concise. Anyway, the issue I’m going to address is how you can reference libraries which are not in a public repository. Obviously, the normal approach is to just install them in your local repository, or if you’re in an organisation to setup an in house Nexus that you can manage these non-public dependencies in.

That’s all well and good, but there can be a couple of draw backs. If you go with the local repository installation and you’re working in a team then everyone is going to have to perform the manual installation. If you install into a shared Nexus you are now tied to the physical environment you’re currently operating in, which can be a pain if you’re operating in a global organisation without a suitably global network, or if you’re moving your compute to a cloud provider such as AWS where they may not be connected to your network and therefore can’t see your repository. This issue is compounded if you’re using auto-provisioned cloud compute where the machine gets terminated and discarded after a pre-determined idle time such as when you’re using a service such as Elastic Bamboo.

To get around this you can configure a project local repository:

In your modules project, create a folder called “repo” at the top level of your project (the name doesn’t matter, but that’s what I’ll be referencing it as).
Inside repo create the necessary folder structure to replicate a maven repo, e.g. repo > uk > co > codeghost > mylib > 1.0. You should end up with a different folder at the same level as mylib in this example for each library you need to reference.
Copy the corresponding jar into the appropriate folder, so in mylib > 1.0 you will put a copy of mylib.jar.
Rename the library to match the maven naming convention, e.g. mylib.jar becomes mylib-1.0.jar if you’re referencing version 1.0.
Add a new repository reference in your pom.xml e.g.

<repository>
<id>project.local</id>
<name>project</name>
<url>file:${project.basedir}/repo</url>
</repository>

The id and name can be whatever you like as long as they don’t conflict with a repository you already have setup. The url is simply a relative path reference to the top level folder you created in your project.

Check in your libraries into your source control along with the rest of the project and whichever build tool you’re using to run the maven build will reference the libraries from within your project.

HTTPS WITH JAVA 6 WEB SERVICES

Recently following a security review, a project I was working on needed to switch to use SSL for it’s web services. All well and good when you’re in app server land however, I was surprised at how difficult this seemed to be using the Java 6 in process web service exporter, particularly when used in conjuntion with Spring.

Given that I couldn’t find anywhere on the web that someone had published that they had managed this I thought I would share it with you.

I’m going to assume you already have a Javax web service defined, if not take a look here. Now exporting the web service using Spring couldn’t be simpler, you simply need to define an instance of your web service bean:

    <bean class='codeghost.sample.WebService"/>

and also define an instance of SimpleJaxWsServiceExport:

    <bean class="org.springframework.remoting.jaxws.SimpleJaxWsServiceExporter">
        <property name="baseAddress" value="http://localhost:8080/" />
    </bean>

The SimpleJaxWsServiceExporter will automatically find all declared @WebService annotated beans and expose them with the service name specified in the annotation.

Unfortunately, moving from there to using HTTPS takes a little investigation. Whilst not hard, it’s just not particularly well documented. You can’t just change your baseAddress to use HTTPS as that will cause an exception when you load you application context. Instead change the exporter definition to use the SimpleHttpServerJaxWsServiceExporter. This class requires a little more configuration but crucially allows you to specify a pre-configured web server.

    <bean class="org.springframework.remoting.jaxws.SimpleHttpServerJaxWsServiceExporter">
        <property name="server" ref="myServer" />
    </bean>

As you can see we are no longer specifying a baseAddress, but instead injecting the server property. We therefore need to configure the server we want to use.

First declare a HttpsServer:

    <bean id="myServer" class="com.sun.net.httpserver.HttpsServer" factory-method="create" init-method="start" autowire="byName">
      <constructor-arg ref="socket" />
      <constructor-arg value="0"/>
    </bean>

We have now called a factory method on the HttpsServer class and passed in a reference to the InetSocketAddress we want to bind to and the queue length we want the server to maintain. Crucially we have also told the bean to autowire any other properties it requires based on name.

We therefore need to specify our socket:

    <bean id="socket" class="java.net.InetSocketAddress">
      <constructor-arg value="localhost"/>
      <constructor-arg value="8080"/>
    </bean>

We also need to configure a HttpsConfigurator which is the object delegated to for provision of the HTTPS connection configuration (the name below is important as it is being autowired):

    <bean id="httpsConfigurator" class="com.sun.net.httpserver.HttpsConfigurator">
      <constructor-arg ref="sslContext"/>
    </bean>

Finally we need to create a SSLContext to be used by the configurator above. This is where it get’s slightly tricky as to be any use the SSLContext must be initialised with a KeyManager and because of the way the class specifies this be done, it cannot be done purely in config. At this point I implemented a new ConfiguredSSLContext class with a static method that I could use to create, initialise and return the SSLContext I need to finish. The crucial method looks like this (excluding error handling):

    public static SSLContext getSSLContext(String keyStoreName, String keyStorePassword, String cryptStorePassword) {
      KeyStore ks = Keystore.getInstance("JKS");
      ks.load(new FileInputStream(keyStoreName), keyStorePassword.toCharArray());
      KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
      kmf.init(ks, cryptStorePassword.toCharArray());
      SSLContext sslContext = SSLContext.getInstance("TLS");
      sslContext.init(kmf.getKeyManagers(), null, null);
      return sslContext;
    }

You can then configure Spring to be able to get a SSLContext like so:

    <bean id="sslContext" class="codeghost.sample.ConfiguredSSLContext" factory-method="getSSLContext">
      <constructor-arg value="/path/to/your/keystore/file"/>
      <constructor-arg value="keyStorePassword"/>
      <constructor-arg value="cryptStorePassword" />
    </bean>

A point to note is that the path to your keystore must be absolute, which can be a pain to manage through environments. You may therefore want to look at setting up environment filters in your build tool of choice to make this as simple as possible.

To generate a keystore, specifically for this server to load against you should use the keytool that ships with the Java SDK. On which another note of caution, if you do setup filters using Maven make sure that your keystore files are not filtered as it will corrupt them and you’ll spend hours trying to figure out why they don’t work.

Obviously, if you’re generating your own key you need to either be in a position where you can install the certificate as trusted on the client machines that will be connecting to your secure web service, or ensure that untrusted certificates are accepted in your client code. The latter wouldn’t normally be acceptable, but in the situation that all users are internal to a network you can obviously be implicit about the fact your certificate is trusted (as you generated it) without needing to install it on all target machines. Alternatively, get a certificate from a commonly trusted source certificate publishing authority, but you will have to pay for that.