12 abril 2014

Had Heartbleed showed us a new business model for Open Source?

This is what I wrote on my Twitter the day I heard about Heartbleed:

Some say this bug is the worse bug ever found, affecting the Internet as a whole, since most servers have OpenSSL. With paid and closed source software, it is easy to blame someone. At some point, there are companies who prefer paid and closed source just because of that. But what about a Free and Open Source? Who is to be blamed about the issue? I would say there are three entities to be blamed for the Heartbleed bug, each with different weights:
  1. The developer who introduced the bug is the least to be blamed. Developers make mistakes, some big, some small. This one just happened to be a small bug but with a big consequence.
  2. The QA developer who didn't see the bug is the least to be blamed. A developer reviewing code. In the end, continues to be a developer mistake like in (1).
  3. The whole IT industry (companies and developers of all kind; FOSS or not) who uses OpenSSL for free but does not pay anything for it, and although being Open Source, don't look at it, don't review commits. Just expect it to work without bugs. These are the most to be blamed. (including myself)
As the article in my tweet above says:
Jackson also says a lesson to be drawn from the Heartbleed Bug is that "we as an industry have dramatically underinvested in software integrity and generally ignored, for a security perspective, the open source building blocks on which the Internet functions. Open source is everywhere. It is the foundation of all modern software applications."
So my question to you now is: if we, the IT industry, had put more investment into the OpenSSL development team, would the chances had been higher for the Heartbleed bug to be found? Being Open Source helps, of course, but if there is no incentive (or obligation) for people to look at it, to review the code, then most people won't look at it and instead, just use it for free. This is what happened. All companies and developers are to be blamed.

Should we consider  a different business model for Open Source software? What about a model where a company (not individual) willing to use an Open Source software has to either:

  • pay for a license and/or subscription support;
  • provide resources (developers and/or QA) dedicated to the software itself;
  • discount on license/support based on contributions;
Is it time for a new business model for Open Source?
What are your thoughts?

UPDATE #1 13/04/2014
A headline on Slashdot shows that Apple is far from supporting Open Source. The news says:

Apple bundles software from the Apache Software Foundation with its OS X operating system, but does not financially support the Apache Software Foundation (ASF) in any way.

Isn't time for Open Source foundations such as Apache or Eclipse, charge for the use of their Open Source projects by companies who profit from these projects? Consider "charge" as either through money, contribution, or developers paid by these companies to work on these Open Source projects.

UPDATE #2 13/04/2014
Here is another blog post titled "Heartbleed, an ASL business model failure?" by Bruno Lowagie, original author of iText, covering similar ideas I wrote above.

UPDATE #3 14/04/2014
Interesting article aobut the weakenesses of Open Source: "Heartbleed and the misconceptions about Open Source". Here's a quote:

As Heartbleed showed, even mission critical software used by a large portion of the Internet does not necessarily have the resources to be professionally maintained. The OpenSSL team receives only about $2000 yearly in donations.

08 abril 2014

JavaOne 2014 na faixa, 0800, grátis!

Existem muitas coisas interessantes sobre o JavaOne, a maior conferência de Java deste planeta. Talvez a oportunidade de ficar sabendo em primeira mão sobre grandes lançamentos, ou ouvir sobre novas formas de utilizar a tecnologia, ou ainda conversar com desenvolvedores de todo o mundo, ou melhor: conhecer pessoalmente aqueles com quem conversamos somente por redes sociais e mailing lists. E é claro, a oportunidade de conhecer San Francisco, e o Vale do Silício: os escritórios da Oracle, do Google, da Apple, ou até da Microsoft. :D



Se você nunca foi ao JavaOne, mas tem muito interesse, curiosidade, e muita disposição (são várias sessões, e muitos eventos pós-sessões como happy hours, shows musicais, hackathons, etc!), e quer uma ajudinha para ir no evento, um bom patrocínio, existem duas formas de você fazer isso. A melhor opção é participar do JavaOne 2014 IoT Developer Challenge!.

O que você precisa fazer para concorrer no IoT Developer Challenge?
Tudo o que você precisa fazer é criar um projeto, bolar um vídeo e publicar o código-fonte deste projeto utilizando a tecnologia Java Embedded da Oracle, com foco em IoT: Internet of Things, com placas de embarcados como Raspberry Pi e similares, dispositivos, sensores, etc.

Quais os prêmios?
Na categoria profissional:
3 times ganharão uma viagem para o JavaOne. Três membros de cada time vencedor ganhará a entrada para o JavaOne 2014, e mais US$ 2.000,00 para custear até 4 noites de hotel e também as passagens de avião. (outras despesas como alimentação e transporte não serão custeadas).
Na categoria estudante: 

  • 1º lugar: 3 membros do time vencedor ganharão cada, a entrada para o JavaOne e mais US$ 2.000,00 para custear passagens e (até) 4 noites em hotel.
  • 2º lugar: 3 membros do time vencedor ganharão cada, um laptop e um voucher para certificação Oracle com valor total de até US$ 1.500,00
  • 3º lugar: 3 membros do time vencedor ganharão cada, um laptop e um voucher para certificação Oracle com valor total de até US$ 1.300,00



Data Limite para Enviar
O período para enviar a sua criação termina no dia 30 de Maio de 2014.

Quer saber mais?
Se você quiser saber mais, não deixe de ler o FAQ do IoT Developer Challenge.

Precisa de ajuda?
Se precisar de uma ajudinha para criar um projeto legal, confira a página do IoT Developer Challenge. Vários webinars foram publicados. E tem até alguns exemplos de códigos!

JavaOne 2014 de graça? Com viagem e hotel pagos! :-D
Assim fica fácil ir no JavaOne e curtir toda a experiência desta grande conferência! Se você precisar de ajuda, seguem alguns videos e tutoriais para ajudar neste desafio!


Outra forma de gastar menos para ir ao JavaOne: seja um palestrante!
E se você achar que dá muito trabalho criar um projeto tão maneiro, com tecnologias tão recentes, sobre um tópico tão quente como Internet of Things, tudo bem! Outra forma de economizar, pelo menos no preço da entrada para o JavaOne 2014, é sendo um palestrante. Estes seres iguais a nós desenvolvedores, que apenas querem apresentar algo interessante e legal, e que pode ser muito útil para muitos outros desenvolvedores, ganham acesso para a conferência (passagem e hotel não incluídos).

Você tem exatamente uma semana para enviar uma palestra, pois o Call for Papers encerra no dia 15 de Abril. Bola rápido um tema bacana, e proponha sua palestra!

31 março 2014

JavaFX version of the 2048 game

I've been "busy" this weekend doing several things. But nothing more important than playing the addictive game 2048 (web javascript version). After several hours few minutes playing with it on my phone, I decided to write a JavaFX version called Fx2048. Gabriele Cirulli has published the source code on GitHub in his repository, so you can learn how to code a game like this in any platform!



Now why a JavaFX version? Well, why not? But I will give you a few reasons for you to look into Fx2048:

  • opportunity to learn Java SE 8
  • learn Lambda expressions
  • learn Stream API
  • learn JavaFX 8
  • learn JavaFX CSS basics
  • learn JavaFX animations
There you go! A simple project that will teach you all that :-)

Have fun!

PS: a few bugs to solve and features to implement, but feel free to pull request!

29 março 2014

Get all countries using Java SE 8 Locale

I saw this blog post "Get all the country using Java Locale List" and then I thought about posting something similar, but using Lambda and the Stream API of Java SE 8. Here's my "fork", including a call to sort the locales based on "display country" property.



And if you want to collect all that to a list instead of printing to standard output, replace the last forEach call with collect(Collectors.toList()); and assign a variable.

26 março 2014

Migrating JDBC Resources from GlassFish to WebLogic

Following up with my series of articles about Migrating from GlassFish to WebLogic, this time I want to cover the migration of a very common resource used by every Java EE developer: JDBC resources, or simply, DataSources. And in case you haven't read yet the first article, here it is: Migrating a Java EE App from GlassFish to WebLogic. That one will walk you through redeploying a simple yet almost complete Java EE 6 application on WebLogic, without any code change nor specific deployment descriptors, and still taking advantage of the enhanced Maven Plugin in WebLogic 12c.

It is easy to migrate resources by using the Web consoles of both WebLogic and GlassFish. Just open one browser window for each server, put them side-by-side, and follow the UI menus. Most of the properties are the same. But if you walkthrough the full article below, you will not only learn the concepts and what is required to migrate JDBC resources, but also how to migrate things using Command-line Interface (asadmin from GlassFish; wlst from WebLogic). So in order to understand what I'm doing here, I strongly recommend you to read, at least the introduction of, these two docs below in case you are not familiar with asadmin or wlst:


Oracle WebLogic Types of JDBC Data Sources

WebLogic offers three types of DataSources. For this migration, the type we will use will be "Generic". To know more about each type, click on the links below:

  • Generic Data Source
    • the type you are most familiar with; we will focus on this one
  • GridLink Data Source
    • in case you have an Oracle RAC Database, this is an optimal data source with HA and Failover features
  • Multi Data Source
    • abstracts two or more Generic Data Sources; works like a 'pool of data sources' so you can use it for either failover or load balancing


JDBC Resources: DataSources and Connection Pools

In the first article this was sort of covered from a Java EE Standard point of view. I simply took advantage of the @DataSourceDefinition annotation type, which allows developers to define JDBC DataSources directly from the Java source code, and requires no vendor-specific deployment descriptors nor manual previous configuration of the application server.

Now in case you have a legacy application or you are not using @DataSourceDefinition, you will be required to migrate these resources by hand. This will require three (plus one optional) simple steps:

  1. List JDBC resources from a GlassFish domain
  2. (optional; see below) Install 3rd-party JDBC drivers in WebLogic
  3. Extract and convert relevant and required information by WebLogic
  4. Create datasources inside WebLogic
Oracle WebLogic 12c already comes with JDBC drivers for Oracle DB 11g, MySQL 5.1.x, and Derby DB, so you won't need to do anything for these databases. For more information, read the docs JDBC Drivers Installed with WebLogic Server. In this doc you will also learn how to update the versions already provided by WebLogic, for example if you want to take advantage of the new features in Oracle DB 12c

If you are using Microsoft SQL Server, PostgreSQL, or any other database, check the Setting the Environment for a Thirdy-Party JDBC Driver for more information on how to install these drivers.

Concepts of JDBC Resources

We should also learn one difference between the concept of JDBC Resources in GlassFish 3 versus WebLogic 12c. In GlassFish, there are two types of JDBC Resources:
  • JDBC Connection Pools
  • JDBC Resources (aka DataSources)
On the other hand, WebLogic treats JDBC Resources as one single thing: Data Sources. The connection pool is part of the data source definition where in GlassFish, the Data Source is a separate artifact, which allows enabling/disabling the object, and also provides the JNDI name to a specific Connection Pool. In few words, when migrating a data source from GlassFish to WebLogic, you will only care about the JDBC Connection Pool and the JNDI name given at the JDBC Resource item.

Listing JDBC Resources from a GlassFish domain

First, let's list all JDBC Resources (datasources) in our GlassFish server. Connect with asadmin and execute the list-jdbc-resources command:

asadmin> list-jdbc-resources
jdbc/__TimerPool
jdbc/__default
jdbc/gf2wls
Command list-jdbc-resources executed successfully.

Let's focus on our example: the jdbc/gf2wls datasource. This will be the DataSource we will migrate from GlassFish to WebLogic. Now let's list all Connection Pools in this GlassFish domain by using asadmin list-jdbc-connection-pools:

asadmin> list-jdbc-connection-pools
__TimerPool
DerbyPool
mysql_gf2wls_gf2wlsPool
Command list-jdbc-connection-pools executed successfully.

Now of course in case you have dozens of connection pools created in your GlassFish domain, it would be easier to issue a command that shows you which connection pool is associated to the Data Source you want to migrate. To do this, let's use the asadmin get command:

asadmin> get resources.jdbc-resource.jdbc/gf2wls.*
resources.jdbc-resource.jdbc/gf2wls.enabled=true
resources.jdbc-resource.jdbc/gf2wls.jndi-name=jdbc/gf2wls
resources.jdbc-resource.jdbc/gf2wls.object-type=user
resources.jdbc-resource.jdbc/gf2wls.pool-name=mysql_gf2wls_gf2wlsPool

We not only got which connection pool is associated to this data source but also its JNDI name, because the name of the resource may not be exactly the same as the JNDI name. 

Extracting GlassFish's JDBC Connection Pool data

Next step is to get all properties of your Connection Pool. Let's issue the asadmin get command again:

asadmin> get resources.jdbc-connection-pool.mysql_gf2wls_gf2wlsPool.*
resources.jdbc-connection-pool.mysql_gf2wls_gf2wlsPool.property.portNumber=3306
resources.jdbc-connection-pool.mysql_gf2wls_gf2wlsPool.property.serverName=localhost
resources.jdbc-connection-pool.mysql_gf2wls_gf2wlsPool.property.databaseName=gf2wls
resources.jdbc-connection-pool.mysql_gf2wls_gf2wlsPool.property.User=gf2wls
resources.jdbc-connection-pool.mysql_gf2wls_gf2wlsPool.property.URL=jdbc:mysql://localhost:3306/gf2wls?zeroDateTimeBehavior=convertToNull
resources.jdbc-connection-pool.mysql_gf2wls_gf2wlsPool.property.driverClass=com.mysql.jdbc.Driver
resources.jdbc-connection-pool.mysql_gf2wls_gf2wlsPool.property.Password=gf2wls
Command get executed successfully.

Easy, isn't? Now, let's focus on the minimum required properties we need to create this DataSource in WebLogic 12c. They are under resources.jdbc-connection-pool.mysql_gf2wls_gf2wlsPool.property.* , so if you want to list only these, change the asadmin method above to the following: asadmin get resources.jdbc-connection-pool.mysql_gf2wls_gf2wlsPool.property.*

Create the Data Source in WebLogic using WLST

To help you witht he final step, I've created a sample WLST script to create a Data Source in WebLogic. In this script, there are a few variables you must define. To call this script, go to your WebLogic installation directory and, if you are on Linux, call $ source setDomainEnv.sh (or the proper script for your environment). Then execute the WLST script: $ java weblogic.WLST ds_gf2wls.py

You should see the following output:

$ java weblogic.WLST ds_gf2wls.py
Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Connecting to t3://localhost:7001 with userid weblogic ...
...
Starting an edit session ...
Started edit session, please be sure to save and activate your 
changes once you are done.
Saving all your changes ...
Saved all your changes successfully.
Activating all your changes, this may take a while ... 
The edit lock associated with this edit session is released 
once the activation is completed.
Activation completed

That's it. Check your WebLogic Console, by going to the Data Sources page.

Extending and improving the migration process

Now you may be wondering how to improve the process by automating everything, right? Yes you can do that! Since we have been using CLI commands, it all depends now on you by tweaking and coding some bash scripts. For example, you can use asadmin to get the information of all Data Sources, generate a bunch of files, use sed to, you know, hack the output files, then loop through them and call a more dynamic WLST script. If you want to read files from WLST, here's a fragment you can use:

from java.io import FileInputStream

propIS = FileInputStream("MyGFDS.properties")
configDS = Properties()
configDS.load(propIS)

dsName=configDS.get("dsName")
dsFileName=configDS.get("dsFileName")
dsDatabaseName=configDS.get("dsDataBaseName")
datasourceTarget=configDS.get("datasourceTarget")
dsJNDIName=configDS.get("dsJNDIName")
dsDriverName=configDS.get("dsDriverName")
dsURL=configDS.get("dsURL")
dsUserName=configDS.get("dsUserName")
dsPassword=configDS.get("dsPassword")
dsTestQuery=configDS.get("dsTestQuery")

Migrating Advanced Settings

If you want to migrate advanced settings of the Connection Pool, take a look at the full list of properties I extracted from GlassFish in my sample Data Source. To change for example the Max Pool Size, tweak the WLST script and add the following:

dsMaxPoolSize=25

cd('/JDBCSystemResources/' + dsName + '/JDBCResource/' + dsName + '/JDBCConnectionPoolParams/' + dsName)
cmo.setMaxCapacity(dsMaxPoolSize)

Again, you can do whatever you want in WLST.

There you go! If you come up with a super awesome script to automate the whole process, let me know!
Contato

Email:bruno.borges(at)gmail.com

LinkedIn: www.linkedin.com/in/brunocborges
Twitter: www.twitter.com/brunoborges
Comprei e Não Vou
Rio de Janeiro, RJ Brasil
Oracle
São Paulo, SP Brasil