Friday, February 25, 2005

Blind as Blind Can Be

I have just spent a couple of days trying to make my JAR builder work.

The resulting JAR file failed to be readable by anything. So I unzip it(using WinZip) and change the manifest to something nice, re zip it and it works.

Back to the code, fix the manifest builder, re-run the code.

The resulting JAR file still fails to be readable by anything. So I unzip it, compare the new manifest with the manifest in jdom.jar, make changes, re zip it and it works.

Back to the code, fix the manifest builder, re-run the code.

The resulting JAR file still fails to be readable by anything. So I unzip it, do nothing, re zip it and it works.

So it's some setting or other.

Look for available settings in JarEntry, JarOutputStream et al.

Nothing helps me.

Open pre and post winzip jar files in ultra edit.

Notice extra character in zip entry at the beginning of the file name.

Fix code, re-run, still fails.

By this time I am annoyed, angry, looking for info about bugs in JarOutputStream etc.

Deep breath, try again. Open both pre and post winzip jar files, stare for about ten minutes. Sees it

Fix code, it works.

Note to self, remember which slash works.

Code was :

String act = file.getPath().substring( top.getPath().length() + 1 );

Code is :

String act = file.getPath().substring( top.getPath().length() + 1 ).replace( File.separatorChar, '/');

Two days of frustration. I blame C/CPM and Microsoft.

Wednesday, February 23, 2005

Ingres, oh ingres!

Another posting as to the insanity that is ingres.

Check out these sql statements:

select date('now');

2005-02-23 11:45:00.0

select date('today');

2005-02-22 00:00:00.0

select date_trunc('day', date('now'));

2005-02-22 00:00:00.0

and more importantly:

select *
from receipt
where receipt_date between date('today')
and date('today') + date('1 day');

128 rows affected

Did the above statement retrieve the correct rows?


When dates are stored in Ingres they are stored in Universal time (GMT), this allows us to share a database across time zones and still sort on correct order. The client side code converts all incoming and out going dates to GMT, by adding/subtracting the appropriate amout, however, internally it fails to do this.

The above query in South Australia returns all rows from 22nd Feb 2005 09:30:00 to 23rd Feb 2005 09:30:00, as we are nine and a half hours in front of GMT. To make it work as required we use:

select *
from receipt
where receipt_date between date('today') + date('14 hour') + date('30 minute')
and date('today') + date('1 day') + date('14 hour') + date('30 minute');

149 rows affected

PROVIDED you run this query before 9:30 in the morning. After 9:30am it needs to read:

select *
from receipt
where receipt_date between (date('today') - date('1 day')) + date('14 hour') + date('30 minute')
and (date('today') - date('1 day')) + date('1 day') + date('14 hour') + date('30 minute');

149 rows affected

The 14:30 addition counters the GMT storage, as the dates are stored as GMT, so a transaction at midnight will be stamped 14:30 the previous day.

Now, you could use the system date to figure out which query to use, but you can't. You could always query the datebase to find out the time, but that's affected the same way, and you cannot retrieve that into a local variable.

Friday, February 18, 2005

Ingres Ingres Ingres

I've just had the displeasure of writting a REPORT in Ingres using the REPORT WRITER.

It is complete crap!

No, ok I have to admit it has it's place - the mid 80's.

Thursday, February 17, 2005

Windows Security Seminar 2005

My boss is in Poland on a personal matter, so I was volunteered to go the the Windows Security Seminar 2005 in his place.

Before I went my wife made me promise I'd keep my mouth shut.

Before I went my work collegues made me promise to keep my mouth shut.

Gad, what a reputation!

There were two parts to this, firstly there was the security thing and secondly they had a bit of a preview of SQLServer 2005.


I spent a long time listening to adverts for Windows Server 2003 service pack 1 and Windows XP service pack 2, which when used together with proper firewalls set up will help protect your systems. I watched intently as the presenters showed us how to configure you fire wall with only thirty or so clicks of the mouse and a full knowledge of port numbers and hosting. I sat a watched them add extra ports to servers and enabled and disabled services through smart wizards that know what you are running on your server(Really, Windows can detect what software is currently running, smart huh?). All this to enhance the out of the box customer security experience (Not making that last phrase up by the way).

At the end of the day what did I find; Microsoft has placed a complex user interface to produce their equivalent of iptables. I could edit the settings in Notepad (like I would with iptables) but, as it is all in the windows registry, I can't. I need to use the wizards. Wizard training comes at a cost though (Hogwarts anyone?). Install XP SP2 and you don't need to be a network expert to secure your system, but if you want it to do anything nice and still be secure, you do still need a security expert.

I have broadband at home with one Linux box and two windows boxes. The XP box is running the XP firewall, the windows 2000 box is currently turned off as I have no desk to put it on and the linux box is running nothing. I use a hardware firewall. Originally I had dial up through a windows box, number of attacks - too many to mention. Via the hardware firewall to the same unprotected windows box - NONE. I counted them, twice!

To be fair, it looks like they have made major improvements to the security of their systems, but you need to upgrade everything to Windows Server 2003 SP1 and Windows XP SP2 to use them. Not all hardware can handle it, and it brings windows to the security level Unix users have enjoyed for a long time.

The worst attacks against any computer network is through social engineering. Try it, ring up some one in you organisation, tell them you are the help desk and need to install a patch for them and you need their password. Most of the time they will tell you! Ask them thier credit card details while you are at it.

To combat this you need to use social engineering as well, training and common sense rules.

A quick check list:

  • DO NOT open an attachment EVER, unless you are expecting it.

  • Never tell anyone your password. Any system admins who need to access you machine remotly will use their own account, it has a larger number of priviledges than yours.

  • Use strong passwords. IE if everybody knows you are a WWE fan, TheRock is not a good password.

  • Never write down a password, EVER!

  • Keep virus software up to date.

  • Use a anti-spybot tool.Spybot - search and destroy is pretty good.

  • Don't use compromised software (like outlook and IE). Instead Thunderbird and Firefox.

  • Ideally use Linux or Mac OSX or another Unix based operating system.

  • Use a good hardware firewall (if you have a network to protect, Cisco et al).

  • Just be a little bit careful, don't download everything a site tells you you need.

  • Never be afraid to ask.

  • Show hidden and system files in windows explorer (They are just flags and you can flag any file as a system file and viruses often do, as a very simple way of hiding them

  • Do not hide extensions for known file types. In outlook the I-Love-You attachment is shown as a text file if you hide the known extensions (i-love-you.txt), but as it really is if you unhide the extensions (i-love-you.txt.exe) which is a program.

  • In Outlook, turn off the preview window, as this automatically loads up IE for HTML e-mails and IE will automatically run VBScripts on a web page, so that old idea that you cannot get a virus simple downloading e-mail becomes invalid.

There are pricks out there who get off on how clever they are in "hacking" your computer. Most of them are "script kiddies" who compare to the true crackers of legend the way that a thug with a gun in a service station compares to a real cat burglar. Both do evil anti-social things, but at least one is an artist. Once the Windows security issues are solved properly the internet will speed up again and cracking will once again be the realm of the geeks in trench coats with no social life producing code that has to be (grudgingly admittedly) admired.

SQLServer 2005

The new version, has more bells and whistles than you can point a stick at. It does the same core stuff just as well and SQLServer 2000 and SQLServer 7.0, but now to administor the server you need Visual Studio! Am I missing something here? To me a database server should be a database server, nothing more, nothing less, definately not everything to everyone.

"You do not need the white coat brigade to get your reports anymore, just use our simple interface." says one presenter.

But you need to be trained to use that simple interface, management will then start coming back to the white coats to write their reports again. Why all this "increase you business" functionality bullshit? Mysql, that's why. It is simple, fast, easily maintained and free. A database server that serves data and nothing else, add a free web server (tomcat, apache) and maybe JBoss(Application server) if you really need it, throw in OpenOffice and, bingo, no more Microsoft products. You are free!(pun intended).

Wednesday, February 16, 2005

Will Windows and IE 7 be like Windows and IE6(I'd put money on it being so)

What is the basic underlying problem with running IE on windows?

This is how real operating systems run an application:

KernelNetworkGUI (Windows)Application (Firefox)

If you attack the Applications security holes(which tend to be minimal as it is fully self contained), you can crash it. If you get the application to take up too much memory they system will slow down. You cannot attack the application and get access to the Kernel or Network level. The most common holes are buffer overruns. IE I tell you I am sending you 1MB of data and then send you 2MB of data. In that extra 1MB I have a program to run. Firefox doesn't run programmes so it might crash, but nothing else happens.

You are right that Firefox does run programmes, will it gets helper files and plugins to run them( Flash, Real Player, Shockwave(unless you are on Linux) etc ) it also runs java applets(via the installed java runtime). The helper files might have security holes, but they will exist under IE too. java applets can only access its own sandpit, ie it will not be able to touch the your machine.

This is how Microsoft runs applications (This might change in longhorn, but I doubt it)

KeNetrnwoeGrkUIlApplication (Firefox)

This is how Microsoft runs Internet Explorer (This also might change in longhorn, but I doubt it)


If you attack an Internet Explorer security hole, which are numerous as it is relying on large parts of the kernel to protect it and to interpret the incoming information, you then have access to the kernel and Network layers. Imagine I have done the buffer overrun thing mentioned above, I have now placed the programme in the kernel memory space. The kernels job is to run programmes, so it will happily run my code.

On top of all this we have the .NET principle, in which Internet Explorer will download programmes and run them. Oh it asks you if you trust the sender, but you might need to trust the sender to get your free iPod, so you say yes, and down comes the free iPod .NET application and the free "I'll format you hard disk" .NET application. Nicely set up so that whenever you visit a certain site it formats your hard drive. If someone wrote a Java Applet to format a hard drive, whenever you visited their site you would format their hard drive, yours would still be intact.

I doubt if Microsoft will change this practice, as it is part of their core ideal where everything is integrated into the kernel, so it runs seamlessly and fast. Microsoft are attempting to deliver and entire computer based solution for everyone which is easy to use. It might be a fine goal, but it is impossible, particularly with the speed of innovation in the computer industry and the large range of hardware available.

There is really only two choices in this environment:

  1. Deliver discrete independent packages that can be bundled together in any way.(linux)

  2. Restrict the environment, integrate a lot, offer a minimal series of APIs (access to the kernel)that run the rest. The application needs to be pretty independent.(Apple)

Tuesday, February 15, 2005

Ingres again shows us it's true colors

Report writer.

A nice, powerful reporting tool for ingres.


  • Documentation is vitually non-existent(hard to find)

  • Local variables are hard to use

  • You cannot retrieve a variable in a select statement

Not a long list, but the third point makes it next to useless, if they introduced the idea that you can do this:

select date_from = date_trunc('day', date('now') - date('1 day') );
select date_to = date_trunc('day', date('now') );

It would be a very nice tool indeed, as it stands it lacks this very important functionality. If you try to do this it tells you you cannot retrieve anything in the setup area, which you are not.

It would be nice if CA cleaned up the report writer so that the query syntax was the same as it is everywhere else.

Also, if a session table needs to have the "on commit preserve rows;" flag then automatically apply it, don't error out and tell me to do it, I don't care!

Tuesday, February 08, 2005

A joke, right?

This site : Rice In 2008 is a joke, right?
It has to be, but I cannot see anything on it that implies it is a joke.

Of course it won't happen. Is Rice the best qualified for the job she's in? No idea, haven't seen the full list of candidates. If she was in the democrats, the answer would be, "Yes she is.". But as a republican it could simply be a token appointment to appease swinging white voters and convince the world that the GOP is not a racist party. They will never let her run for president. The argument they would put forward is that they are not reverse racists* either. No Rice will never be a republican president, she is both the wrong gender and color.

I hope she won't become president, because, based on her current performance re Iraq and WMD's I think she would be worse than W. Ditto goes for Cheney and any other republican.

*Reverse Racism: Racism that promotes a race as being all good. It is, perhaps, more insidious than normal racial vilification as a lot of people don't see it as racism. A black person is not, by default, a good, kind, intelligent and caring person, nor are they a bad, evil, dumb and callous person, they are just a person. The same can be said for anyone regardless of race, gender or sexual orientation.

Monday, February 07, 2005

Events From Recent Times

The pope is unwell.

In the past the vatican has always claimed that the pope is recovering right up to the time they admit that he is dead.

No opinions on the current health of the current pope, just saying is all.

The G7 summit has concluded that they might as well right off the third worlds debt.
No shit Sherlock!
It's about time. They are now figuring out how to pay for it. How about, don't. Maybe your banks will then be worth on paper what they are actually worth!

It is interesting to note that there was one dissenting voice; from Washington.
No shit Sherlock.

Condoleezza Rice has suggested to Israel that they need to do some more towards the peace process
No shit Sherlock!

Condoleezza Rice has also told Russia that they need to do something to improve their democratic process if they are to remain friends with the US

Hang on girl, you haven't invaded Iran or North Korea yet!

So Rice has now listed the next set of wars (in order):

  1. Iran

  2. North Korea

  3. Syria

  4. Israel

  5. Russia

In Iraq we have Shiites proclaiming that they will implement good muslim law. How about implementing fair law that allows freedom of religion. Pass laws that protect individuals from harm and prosecution yet allows them the freedom to choose thier own path in life. Complete and true seperation of Church and State. Then you can point you finger at the US Administration and say "shape up or else." as there is no real seperation of church and state in the US.

Preemptive counter point:

Yeah, right. Try running for US president on and Athiest/Muslim/Jewish ticket, see how far you get.

Thursday, February 03, 2005

Bill O'Reilly

I have just seen Outfoxed. Well worth the look if you can.

Bill O'Reilly

  • is a right wing bigot.

  • is a liar.

  • is ignorant.

  • has opinions that are based on nothing at all.

  • is a complete moron.

  • is a racist.

  • is prejudice against every minority there is.

  • hates every country that isn't the US.

  • will hate the US as soon as you elect a democrat.

  • refuses to think.

  • forms an idea and will never let it go even if you present him with the truth.

  • has the most narrow view of anyone I've seen talk.

  • has an agenda to keep people ignorant.

This list can go on and on.

I could contratulate him on the increased chocolate rations he has managed, but he wouldn't get it; that would mean reading something other than the bible, or Bush administration propaganda, and that is never going to happen (1984 - Another book well worth the read).

One wonders why Rupert Murdock allows him to continue...

Oh, right, yeah. It's Rupert!