Scrum becomes a worldwide trend – jump to agile

Scrum is used worldwide. You make software projects in US, Europa, Asia, South-America ?
Forget the old-fashioned Word, Excel and MS Project driven software projects with lost deadlines and regular missing transparency.

Let’s join the agile methodologies!!!

Nice presentation from Brazil:

Update: Found the way to embed slideshare doc, click on wordpress button below the presentation on slideshare and copy the [...] “link”.

intellij 8.0 memory settings

Just installed the new version 8.0 of Intellij Idea.

With default memory settings i got permanent OutOfMemory with nothing else as created a default webapp with one jsp (using Sun JDK 1.6.0_10).

Exception occurred during event dispatching:
java.lang.OutOfMemoryError: PermGen space

So, i modified the memory settings a little bit more aggressive than recommended on IntelliJ Blog:

edit idea-9013/bin/idea.vmoptions (no -server, no -Xms to let the VM decide min settings)
-Xmx512m
-XX:MaxPermSize=140m
-ea


It runs now quite well.

Netbeans 6.5 RC2 released

This week the Netbeans team published the RC2 of Netbeans 6.5.

It is a quite stable release and much better than the first beta version.
I’ve been using it with minor reservations for some days.

It is helpful for Java and Maven, PHP and Firefox extension development with the Foxbeans plugin.
They solved the subversion User Interface much better than Eclipse.

Good work!

netbeans 6.5 installer issue

on my second Ubuntu Hardy (64-bit) i got an issue with installing netbeans 6.5beta:

~/Desktop$ ./netbeans-6.5beta-linux.sh
bash: ./netbeans-6.5beta-linux.sh: /bin/sh: bad interpreter: Text file busy

googled a litte bit and found a tip from morris 007:

my file permission were corret, yet, but starting installer with sh solved above error message:

~/Desktop$ sh netbeans-6.5beta-linux.sh
Configuring the installer...
Searching for JVM on the system...
Extracting installation data...
Running the installer wizard...


Interesting is also, that there seems to be differences between the MacOS and Linux distribution of Netbeans 6.5beta.
On MacOS i didn’t got the “select pack” screen during installation procedure:

netbeans installer select packs

Updated: Netbeans 6.5 beta now available

Today it is official: The beta release of Netbeans 6.5 is available.

Download here.

After some internal confusing last days at Amit Sahas’ blog at Sun Lukas Haslik (NetBeans Platform & Core QA team lead) replied, that this “internal” link was not created for public users.

Rohan Ranade replied as every other software development team should care:

@Amit: I agree completely with Lukas. It’s common sense. NetBeans is a product, not just another open source part time project. There are dedicated teams which manage the lifecycle of NetBeans. Such journalistic activism has happened earlier too (earlier too a Sun India guy had done it). It does not do any good to NetBeans image when people download and use untested beta versions. Worse, it creates a headache for QA and Dev when spurious bug reports come in. That’s a definite loss IMO. And remember, you are a SUN employee. What you say on the blog will be taken as official. It’s a double edged sword.

I can agree with him, it is very important for any product to assure a clear and transparent communication strategy to customers. In our world of information overflow it is more important than ever.

Today Netbeans published the official beta link, looking forward to test it developing Java and indeed (for some internal applications) PHP code.

NetBeans IDE 6.5 Beta Highlights:

PHP
o Code Completion
o Quick Fixes and Semantic Checks
o FTP Support
o Debugging with Xdebug
o Support for popular Web Services
Ajax/JavaScript
o Debugging support for Firefox and IE
o HTTP client monitoring
o Bundled popular JavaScript libraries
Java
o Groovy/Grails support
o Compile/Deploy on Save
o Eclipse project import and synchronization
o Built-in Hibernate support
o JSF CRUD Generator now Ajax-enabled
Database
o Editor Improvements
C/C++
o Improved code completion and error highlighting
o Remote Development
Ruby
o Support for Ruby Tests
o Improved support for Rake build tool
GlassFish v3 “Prelude”
o Small footprint, fast startup and deployment
o Support for scripting, including jRuby

Testing Netbeans 6.5 beta!

persistence ioexceptions during tomcat confluence startup

i just upgraded my wiki to the new confluence 2.9 from Atlassian.

Great software!

i got several runtime exception with confluence at tomcat startup:

first tomcat restart


INFO: Starting Servlet Engine: Apache Tomcat/6.0.18
Aug 14, 2008 10:58:32 AM org.apache.catalina.session.StandardManager doLoad
SEVERE: ClassNotFoundException while loading persisted sessions: java.lang.ClassNotFoundException: com.atlassian.plugin.repository.model.TransferStatus
java.lang.ClassNotFoundException: com.atlassian.plugin.repository.model.TransferStatus
at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:247)
at java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:604)
at org.apache.catalina.util.CustomObjectInputStream.resolveClass(CustomObjectInputStream.java:78)
at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1575)
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1496)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1732)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:351)
at org.apache.catalina.session.StandardSession.readObject(StandardSession.java:1441)


second tomcat restart


INFO: Starting Servlet Engine: Apache Tomcat/6.0.18
Aug 14, 2008 11:31:31 AM org.apache.catalina.session.StandardManager doLoad
SEVERE: IOException while loading persisted sessions: java.io.WriteAbortedException: writing aborted; java.io.NotSerializableException: com.atlassian.bonnie.search.SearchWordsLister
java.io.WriteAbortedException: writing aborted; java.io.NotSerializableException: com.atlassian.bonnie.search.SearchWordsLister
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1333)
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1947)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1871)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1753)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:351)
at org.apache.catalina.session.StandardSession.readObject(StandardSession.java:1441)


Found a note in confluence documentation to prevent session persistance:

Set org.apache.catalina.session.PersistentManager to false between Context tomcat server.xml:


Manager className="org.apache.catalina.session.PersistentManager" saveOnRestart="false"


Now startup exception are gone.

monitoring at last.fm with cacti and nagios

At last.fm, they use my favorite monitoring tools as well:

* Cacti
* Nagios
* JMX

And what a great instrument:

Netbeans 6.5beta is released.

Found a link to the next Netbeans 6.5beta: release 6.5beta.

*Update:* My mistake, this blog post was too early. I didn’t wait until the official Netbeans team post about the next beta.

After playing around with 6.5M1 and multiple nightly development snaphots i’m glad to use this next beta.
Developing in a Java and PHP environment makes fun with Netbeans

.

*IMPORTANT UPDATE:*

no, we have to wait some days to 6.5M2 (or beta?).
It was an internal mistake that they post a link to an unofficial beta on a blog at sun.com.

Something is strange at Netbeans! On their official netbeans development plan page everybody can read the schedule:

Milestone	Code Freeze Date
Milestone 1	June 15
Feature Complete	July 21
Milestone 2 BETA	Aug 11
UI Frozen	Aug 25
Code Freeze / High Resistance	Sep 15
FCS	Oct 15

.

Today is August, 11, but their is no 6.5M2 (beta) available.

symfony upgrade to 1.1.1 failed

As Nicolas Perriault published on symfony’s blog the bugfix version 1.1.1 was released-

I tried this upgrade procedure, but it failed:

pear upgrade symfony/symfony-1.1.1
downloading symfony-1.1.1.tgz ...
Starting to download symfony-1.1.1.tgz (2,131,490 bytes)
.................................................................................................................................................................................................................................................................................................................................................................done: 2,131,490 bytes

Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 82 bytes) in /usr/share/php/PEAR/Registry.php on line 1061

environment: Ubuntu
Linux 2.6.24-19-generic #1 SMP Fri Jul 11 21:01:46 UTC 2008 x86_64 GNU/Linux

*Update:*

fixed by setting memory_limit from default 32M to 128M in php.ini:
grep memory_limit /etc/php5/cli/php.ini
memory_limit = 128M ; Maximum amount of memory a script may consume (32MB)

Securing php with mod_security

Learning from Facebook: Preventing PHP Leakage

There was in 2007 the Facebook code leak. PHP has always been notorious for sometimes not processing requests poorly and sending back the source code for pages to the client. Because of the way mod_php works with apache, if mod_php fails in intercepting and processing the request, then apache will just serve it back to the client as an ordinary text file. Lets touch on a few solutions to preventing PHP code from leaking:

Use mod_security to filter output and prevent leakage

mod_security is so damn good that it should be included in apache by default (and there should be some default rules in the default conf files). You can write mod_security rules that will detect if the output is PHP source code, and then prevent it from hitting the wire, instead giving the user an error page. You can also detect other information leakage, and prevent it from escaping. When writing a rule to detect if there is PHP in the output, you can do a regexp against the PHP header tags (eg. ‘< ?php’ and ‘?>‘) or include a special token in your PHP that identifies it as source code (eg. have the comment /* THIS_IS_PHP_SOURCE */ at the top of each PHP page, and if mod_security sees that in the output, kill the response). Here is a simple sample mod_security rule that will filter output:


SecFilterOutput On
SecFilterSelective OUTPUT "<?php" log,deny


For more on mod_security (essential!), see this onlamp article (old but a good intro)

Code should live outside of the web root

You should keep all logic and sensitive code outside of the web root. You can then include the logic files using the include() function. You should already be doing this with any files that store database information or passwords, but you could take this to an extreme and have only a single index.php inside your webroot, which will include a fileoutside of the webroot where everything actually happens, eg:


index.php:

<?php
include(‘../realroot/index.php’);
?>

Change the default file type

By default, Apache will treat files as text/plain – meaning that if the extension of a file doesn’t match a handler (eg. .php files processed by mod_php), then it will send it back as plain text. If you accidently change the extension of a file type, or if an attacker somehow forces an alternate extension, they can retrieve the plain text content. To prevent this, with PHP apps you may want all files to be treated as PHP (and then have certain types handled as plain text). Modify the following directive in http.conf:


httpd.conf:

DefaultType application/x-httpd-php

Deny all outside of the webroot

Assuming your webroot is ‘www’, you want every other directory and file to note be served. Common sense:

http.conf: (or .htaccess)

<directory />
Order Deny,Allow
Deny from all
Options None
AllowOverride None

<directory /www>
Order Allow,Deny
Allow from all
</directory>