Miles to go …

March 31, 2008

Slides for St Louis & Kansas City Developer Update Meetings

Filed under: webservices — arungupta @ 12:02 am

I presented on GlassFish and Metro in Developer Update meetings in St Louis & Kansas City. The slides are available here. The demos shown in the talk can be seen at:

  • Secure and Reliable Web service development and deployment using NetBeans IDE

The healthcare scenario explained in the talk can be seen as a demo here and the associated source code can be downloaded here.

The flight out of Kansas City got cancelled because of a hydraulic pump failure and finally reached home around mid night :( I was at least glad to come back home the same night!

The travel calendar so far this year is:

Event City Date
The Server Side Java Symposium Las Vegas Mar 26, 2008
Ajax World East 2008 Day 2, Day 1 New York Mar 18-19, 2008
SD West 2008 Santa Clara Mar 6, 2008
GlassFish Day Hyderabad, India Feb 29, 2008
Sun Tech Days – Day 2, Talent Show, Day 1 Hyderabad, India Feb 27-28, 2008
acts_as conference - Day 2, Day 1 Orlando Feb 8-9, 2008
South Bay Ruby Meetup Mountain View Jan 30, 2008

Next stop, FISL in Brazil.

Technorati: conf glassfish netbeans metro webservices stlouis kansascity

Share and Enjoy:
  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • DZone
  • StumbleUpon
  • Technorati
  • Twitter
  • Slashdot

March 27, 2008

Slides & Demos for Rails/GlassFish/jMaki session at TSS JS

Filed under: web2.0 — arungupta @ 9:00 am

As reported earlier, I presented on “Rails powered by GlassFish and jMaki” yesterday at The Server Side Java Symposium – Las Vegas. The slides are available here. The demos shown in the talk are available at:

  • Rails 2.0 Scaffold on GlassFish v3 Gem
  • JRuby Update Center Module
  • jMaki on Rails

Would you like to know why use GlassFish for Rails deployment ? Rails powered by the GlassFish Application Server provides all the details. All the latest information about JRuby and GlassFish effort can be found at GlassFish JRuby wiki or JRuby wiki.

As announced earlier, Ruby Developer Center is a new page launched earlier today and provides all the resources to get started with Ruby, JRuby, Ruby-on-Rails @ Sun.

Check out some pictures from the event:

Technorati: conf theserverside tssjs lasvegas rubyonrails ruby jruby glassfish netbeans jmaki

Share and Enjoy:
  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • DZone
  • StumbleUpon
  • Technorati
  • Twitter
  • Slashdot

Blue Man @ Venetian, Las Vegas

Filed under: General — arungupta @ 5:00 am

Me & Kohsuke saw Blue Man show @ The Venetian, Las Vegas yesterday night.  It’s a stunning spectacular that is worth every penny. Even though I was sitting in the last row of Upper Balcony but really enjoyed every bit of it.

Check out some of their videos:

And some of our pictures:

I must say the audience participation in 1 hr 45 minutes was quite amazing. And the last few minutes of the show are ecstatic.

In my opinion, a must see show in Vegas!

Technorati: blueman vegas venetian

Share and Enjoy:
  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • DZone
  • StumbleUpon
  • Technorati
  • Twitter
  • Slashdot

March 26, 2008

Pictures from Las Vegas

Filed under: photography — arungupta @ 5:35 pm

Enjoy some pictures from Las Vegas …

Technorati: photography lasvegas tssjs

Share and Enjoy:
  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • DZone
  • StumbleUpon
  • Technorati
  • Twitter
  • Slashdot

Ruby Developer Center @ Sun Developer Network – New Webpage

Filed under: web2.0 — arungupta @ 2:05 pm

Ruby Developer Center is a new page launched today that is a one stop page for any thing & everything about Ruby, JRuby, Rails and all related efforts @ Sun Microsystems. Here are couple of new articles to get you started:

  • NetBeans, Solaris, GlassFish: The Ruby’s Red Slippers Fit
  • Rails powered by the GlassFish Application Server

The site is divided into 4 tabs – Overview, Reference, Community, Download.

The Overview tab provides a pointers to Getting Started and key Ruby events. In the Reference tab, you can find out about documentation about using  Ruby with Solaris, NetBeans, GlassFish, Databases (MySQL, PostgreSQL & JavaDB). The Community tab gives pointers to blogs, forums and participation opportunities. Finally Download tab provides a single page to download all related Tools & Platforms.

Let us know what else would you like to see on the website.
Technorati: ruby jruby rubyonrails netbeans glassfish solaris sun sdn

Share and Enjoy:
  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • DZone
  • StumbleUpon
  • Technorati
  • Twitter
  • Slashdot

Bellagio Musical Showers – Las Vegas

Filed under: General — arungupta @ 5:03 am

Recorded on Mar 25, 2008 night …

Technorati: conf theserverside tssjs lasvegas bellagio musicalfountain fountain

Share and Enjoy:
  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • DZone
  • StumbleUpon
  • Technorati
  • Twitter
  • Slashdot

March 25, 2008

Rails powered by GlassFish & jMaki @ The Server Side Java Symposium, Las Vegas – Mar 26, 2008

Filed under: web2.0 — arungupta @ 8:00 am

If you want to learn more about:

  • How to use GlassFish as development & deployment platform for Rails applications ?
  • How GlassFish v3 Gem provides a “green” alternative to WEBrick & Mongrel ?
  • How to use NetBeans & jMaki plug-in to embed rich widgets in your Rails applications ?

Then you can learn all about it in The Server Side Java Symposium, Las Vegas. Here are the coordinates:

Date: Mar 26, 2008
Time: 2:30 – 3:30pm
Track: Language & Coding
Title: Rails powered by GlassFish & jMaki

A popular statement for Las Vegas is What happens in Vegas, Stays in Vegas! But I promise to share all the slides & demos with you so that you can enjoy at least the technical part of it ;-)

Another interesting session worth attending is How to use the Metro Web services stack to Build Fast, Scalable Services by Kohsuke on Mar 26 (Wed) from 4:10 – 5:15pm.

Technorati: conf theserverside tssjs lasvegas rubyonrails glassfish jmaki netbeans metro webservices

Share and Enjoy:
  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • DZone
  • StumbleUpon
  • Technorati
  • Twitter
  • Slashdot

March 24, 2008

JRuby 1.1 RC3 released – Last chance to file bugs

Filed under: web2.0 — arungupta @ 11:00 pm

JRuby 1.1 RC3 (third and final release candidate) was released last week. The highlights are:

  • 58 issues resolved since JRuby 1.1RC2
  • ri/rdoc w/ documentation included in distribution
  • More IO corner cases fixed (popen, reopen)
  • Several small bottlenecks fixed

This is your last chance to report any issues before JRuby 1.1 goes final. And I encourage you to try out GlassFish v3 Gem (ver 0.1.2) on this JRuby version and file any issues.

Why should you try ? Read in a detailed article – Rails powered by GlassFish Application Server.

The gem can be installed using the following command:

dhcp64-134-213-159:jruby-1.1RC3 arungupta$ bin/jruby -S gem install glassfish
JRuby limited openssl loaded. gem install jruby-openssl for full support.
http://wiki.jruby.org/wiki/JRuby_Builtin_OpenSSL
Updating metadata for 108 gems from http://gems.rubyforge.org
............................................................................................................
complete
Successfully installed glassfish-0.1.2-universal-java
1 gem installed

Previous entries showing code samples are tagged with v3+gem.

All the latest information about the gem can be found at GlassFish JRuby wiki or JRuby wiki.

Please use the gem and send us feedback on GlassFish forums, or gem mailing list.

File issues in JIRA or RubyForge or GlassFish Issue Tracker.

Technorati: rubyonrails jruby ruby glassfish v3 gem

Share and Enjoy:
  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • DZone
  • StumbleUpon
  • Technorati
  • Twitter
  • Slashdot

March 22, 2008

Rails powered by the GlassFish Application Server – New Article

Filed under: web2.0 — arungupta @ 12:02 am
Do you know there are several advantags of deploying Ruby-on-Rails applications on GlassFish instead of traditional Apache/Mongrel ?

Here they are:

  • Identical Development and Deployment Environments
  • Multiple Applications in One Container
  • Multiple Requests by a Single Application
  • Redeploying an Application
  • Clustering, Load Balancing, and High Availability
  • Database Connection Pooling
  • Cohosting Ruby-on-Rails and Java EE Applications

Read all the details about these bullets in a new article that is recently published at Rails powered by the GlassFish Application Server. Thanks to Rick Palkovic for his tireless efforts in pursuing me for the article and making it a success :)

Please send feedback to or leave a comment on the blog.

Technorati: rubyonrails jruby ruby glassfish

Share and Enjoy:
  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • DZone
  • StumbleUpon
  • Technorati
  • Twitter
  • Slashdot

March 21, 2008

Ajax World East 2008 – Day 2 Report

Filed under: web2.0 — arungupta @ 2:49 pm

I delivered my Maki as an Ajax Mashup Framework talk and the slides are available here. Lots of attendees came by afterwards and told me that they enjoyed the demo. The talk showed how jMaki Webtop provides a lightweight mashup framework that runs in the browser. Here is a pictorial representation of the demo shown:

GlassFish jMaki Webtop

jMaki Webtop is basically a jMaki widget that can be embedded in a JSP or PHP page. This widget provides the framework for managing widgets and users, ability to persist the Webtop on client-side using Google Gears or server-side using backend database, layouts and other functionality. In JSP case, the widget uses JPA for performing all the CRUD operations with the back-end MySQL database. The resulting WAR file is deployed on GlassFish (can be any other Servlet container as well). If you are interested in a Java version of Webtop then the recommended path is:

  • Create services & widgets using NetBeans
  • Deploy them on GlassFish
  • jMaki webtop for widget deployment & customization

It really is an evolution of jMaki – using all the infrastructure that has built over 2 years. You can experience it yourself at jmaki.com/webtop which is running a PHP version of the app. See the coverage here. The code will be available soon!

I attended few more talks and took notes in some of them to share:

  • Can we fix the Web ?
  • Accelerate Ajax development with Appcelerator
  • REST & Ajax Reconciled
  • Understanding the Top Web 2.0 Attack Vectors
  • Building Web 2.0 Applications with Project Zero
  • OpenAjax Widgets & Gadgets

See below for notes from some of them.

Can we fix the Web ?

This was an early morning talk (7:30am) and I reached few minutes late. But it was basically talking about JavaScript vulnerabilities such as

  • Script injection
  • No difference between user & guest scripts
  • Scripts exempt from same-origin policy
  • No modularity (global access to everything on the page)

And also DOM vulnerability because every node in the tree has access to every other node. This lacks modularity and causes a potential security risk.
Doug recommended 3-step plan to fix the Web:

  • Safe JavaScript subset
    • JSLint.com provides a safe subset of JavaScript that removes all features that are unsafe or suspect such as no global vars or functions
    • Google Caja & Cajita provide a similar subet but they use transformation instead of validation
  • Minor browser improvements
    • Scripts are exempt from same-origin policy. This allows a dynamic <script> tag to make a GET request from a server. Instead use JSONRequest (part of json.org).
    • ES4 (the upcoming JavaScript standard) is not good enough because it maintains backwards compatibility and adds complexity.
  • Major browser improvements
    • Replace JavaScript & DOM in browsers. The approach is to start with JSLint and add safe features as required.
    • The Object Capability System (where objects are given explicit access to be used) needs to be enforced to make it secure.

In Doug’s opinion, if the Web is not fixed then JavaFX, Silverlight & AIR (all vastly superior but lacking adoption) will displace the web.

The second talk was on Accelerate Ajax development with Appcelerator by Appcelerator CEO.

The talk started with a “not too long back” introduction of the technology space. Well, it started with 1991 and the timeline (and associated technology advances in that year) kept shuffling 1995, 1989, 2001 …. and so on. Jeff talked about how/why Tim Berners Lee invented WWW and covered a myriad of terms after that including but not limited to – Web 1.0, Netscape, Mosaic, marc Andreeeseen (sp?), Java, java Web Start, Applets, W3C, CGI, J2EE, JCP, C#, JBoss, SOA, JavaFX, Silverlight, AIR and many others. For a 50 minute talk, that was quite a long introduction.

After that introduction, he word “Ajax” was mentioned almost 30 minutes (8:51am to be precise) in the talk. And then the word “Appcelerator” was mentioned at 9:06am. Finally, I realized that I’m in the right talk ;)

Appcelerator like to pitch themselves as RIA + SOA company and allows true decoupling of the rich client from it’s services. Their services is very similar to jMaki but they use event handling + Ajax + DHTML to achieve it. They also run on Ruby, PHP, Java and other languages.

All in all, it was a good walk through the memory lane!

The next one was REST & Ajax Reconciled.

The talk explained the basic concepts of REST – Resource, URI, Representation, URL & Methods (GET, PUT, POST & DELETE). It also explained the idempotency and safety of each method type. Overall a good decent introduction.

Then it explained the limitations with current web-based forms:

  • The URIs in the action attribute cannot be changed dynamically
  • Most browsers recognize only GET/POST methods
  • Limited ecodings – for example generating JSON encoding requires extra work.

It provided a REST framework checklist:

  • Does it have resource-based approach ?
  • Acknowledges existing of representation ?
    • need multiple of them
  • Solid engineering & community support ?

The three frameworks discussed in the talk were:

  • Apache Cocoon – based on XML pipelines & URL patterns, powerful but steep learning curve
  • RESTlet – Like Servlet for REST, good for existing model
  • Apache Sling – Based on JCR with server-side scripting support

The talk did not mention anything about Jersey which is turning out to be a great implementation and very well meets all the critieria mentioned above.

The speaker recommended Apache Sling with ┬Ájax for all REST + Ajax needs. But I’d strongly en
courage you to have a look at Jersey. The JSON representation generated out of Jersey can now be directly consumed by jMaki as described here – a true combination of REST & Ajax :)

And then the last talk where I took notes is Understanding the Top Web 2.0 Attack Vectors. I’ll provides notes from the last 5 slides of the talk which essentially captured the essence. These slides talked about fundamental issues with Ajax and described concerns and possible attacks in each issue. I’ll need to understand some of these attacks better myself but at least I have a list to begin with :)

Here you go:

  • Client-side
    • Concerns
      • Transparency
      • Cross-domain communication
      • Exposed business logic (View Source)
      • Local & Offline data storage
    • Attacks
      • Cross-site scripting, DNS Rebinding
      • Business logic bypass
      • Variable tampering
      • Protocol hijacking
      • Function clobbering
      • JavaScript hijacking
  • Protocols
    • Concerns – new protocols on top of HTTP
      • SOAP
      • XML-RPC
      • REST
    • Attacks
      • Traditional
        • Man-in-the-middle
        • Spoofing
      • Recursive Payloads
      • Schema Poisoning
  • Information Sources
    • Concerns
      • Integrity
      • Transient
      • Diverse (RSS, Blogs, Email, …)
    • Attacks
      • Untrusted content
      • Poisoned Cache (HTTP Response Splitting Vulnerability)
      • DNS Issues
  • Information Structure
    • Concerns – Variations of data structure
      • RSS
      • Atom
      • JSON
      • Serialized data
    • Attacks
      • Malicious injection
      • Parser implementations
  • Server-side Issues
    • Concerns
      • Architecture Weaknesses
      • Multiple languages & implementations
      • Increase & fragmented attack surfaces
      • Unknown request origin
      • Authorization & Authentication in complex environment
    • Attacks
      • Traditional
        • Information disclosure, Logical attributes, Denial-of-service
        • Command Injection
          • LDAP, SQL, XPath etc.

OpenAjax Alliance talk about Gadgets & Widgets was nice. The alliance is working on creating standards for widget metadata, communication across widgets and other similar tasks. The goal is to enable successful adoption of open and interoperable Ajax-based Web technologies.

Dave Ferraiolo (from OpenAjax) particularly expressed thanks to jMaki for deriving the first set of Open Ajax Data Model specs from jMaki data models.

That’s it!

Check out some of the pictures:

The complete album is available at:


I had to leave at the end of Day 2 because of unfavorable health condition. But I’m glad at least I could deliver my talks :) Now I need to be back-in-shape before my upcoming trip next Tuesday!

Technorati: conf ajaxworld newyork glassfish netbeans ria sun web2.0 jmaki

Share and Enjoy:
  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • DZone
  • StumbleUpon
  • Technorati
  • Twitter
  • Slashdot
Older Posts »

The views expressed on this blog are my own and do not necessarily reflect the views of Oracle.
Powered by WordPress