TrueCrypt for Mac OS X: First look

February 6th, 2008 Radim Marek

If you’re not familiar with TrueCrypt, it’s very easy to use software that enables to create encrypted files/partitions on your computer and access them as normal drives – for free and with the source code available for download.

Long expected version 5.0 has been released today, bringing new functionality and – more importantly for me – adding Mac OS X support. Finally the only piece of software I wasn’t able to find alternative to since my switch to Mac is here! Let’s have a look if it meets the expectations.

Installation process is simple enough, consisting of downloading DMG image and running installer package. No surprises there. Once finished, the only thing you have to do is to locate the application icon and launch it.

Main application windows provides list of the slots for your encrypted volumes, and buttons for most important operations with them. If you’ve used the software on Windows, you should be quite familiar with it.

First thing to do is to create new encrypted file and mount it as a volume. By pressing ‘Create Volume’ you start creation wizard. You have option to create standard or hidden volume (providing additional security when you can be forced to reveal password by threat). Unfortunately, second option is not available for Mac and only thing you will get is boring message “The selected feature is currently not supported on your platform”. What a shame!

Pacified by absence of hidden volumes, you have to create the standard one instead – still quite reasonable option. The process is straightforward and you need to supply physical location of the file, it’s size (in KB, MB or GB), encryption options, pass-phrase for protection and the file system type (currently only FAT is available). When the newly created volume is formatted the wizard will start again and you can create new one or exit back to the main window.

To mount your volume just select the file and slot you want to use and by pressing button ‘Mount’ and confirming your password the drive will mount as a new device into your system. From this moment you can work with it as with any other device.

By the time you finish with it, most of the Mac users will simple try to umount the drive by throwing it to the trash or by pressing Eject button in Finder. Although it might seem the drive has been umounted successfully, if you open the TrueCrypt window, you will be able to see volume still attached to original slot. It’s not so difficult to find it in system mounted and with DMG image waiting to be opened.

I can’t say this is major problem with the software, but it’s important to realize how significant security impact this could have. By ejecting volume as usual for Mac OS X, you would expect your data being safely stored and protected. But even after quitting TrueCrypt interface that’s not guaranteed as anybody still can access the encrypted volume (because the background task is still running), unless you will dismount the volume in application itself. This lack of integration with operations system is surprising and I hope it will be fixed in coming weeks.

Compared to the Windows version, the application interface doesn’t have the same consistent design and some controls obviously need some more work. Another important functionality missing from application is ability to map system-wide keyboard shortcuts to mount/umount you favorite drives, flush the cache, etc.

No matter how pessimistic my review sounds, I would like to stress that this is a first release of the application for Mac OS X. And more importantly the main functionality one would expect from it is there – working with encrypted volumes works perfectly! It’s shame the integration hasn’t been finished to the same quality as with Windows version. But let’s hope the update will be there quickly.

To find out more about TrueCrypt, please visit project website.

PS: I’ve uploaded sample video demonstrating TrueCrypt on Mac OS (created using Snapz Pro X)

Posted in Mac | No Comments »

Upgrading to JBoss AS 4.2

December 15th, 2007 Radim Marek

During the opening meeting of JBug UK (JBoss User Group) in London yesterday I delivered presentation about the upgrading of JBoss from 4.0 to 4.2. My original slides are now available for download.

Link:

• Upgrading to JBoss AS 4.2 (PDF)

Posted in jboss | No Comments »

UK JBug meeting on 13th December 2007

November 12th, 2007 Radim Marek

After several weeks of preparation I’m happy to invite you to the next meeting of UK JBoss User Group, which is going to be held on Thursday 13th December 2007 in London. Effort of our team in BSG has resulted in quite exciting line-up.

The keynote presentation is going to be focused on JBoss Rules and will be delivered by the most competent person in the field – Mark Proctor, project lead of this project and founder of Drools Rule Engine. His presentation will focus on the engine in its very aspects as a processor of business rules captured in variety of languages and how they are encoded in the enterprise systems.

The other presentation will be thorough introduction of the award winning IntelliJ IDEA, especially the recently released version 7.0, and how it can improve your development with JBoss products and more. In addition, there will be also license give-away of this excellent IDE for few lucky attendees.

Last but for me personally not least, is my humble technical session focused on the migration to JBoss AS 4.2. Based on the challenges and questions I’ve been facing for last couple of months, I’ll try to provide detailed guide through different aspect of the upgrade process. Particularly migration from branch 4.0 will be discussed. If you have any particular question, please, do not hesitate to contact me and I’ll try to include it.

Does it sound interesting for you? Then check detailed agenda or register (strongly recommended as number of attendees is limited).

Hope to see as many of you as possible in December!

Link: UK JBoss User Group Website

Posted in jboss | 2 Comments »

Problem with EJB3 security in JBoss 4.2.X

November 7th, 2007 Radim Marek

Release of JBoss 4.2.X has been significant because of the integration of important bits from Java EE before release of JBoss AS 5. Sadly important fix to align EJB3 security in this branch, announced for version 4.2.1 (JBAS-4198) does not exist. Duplicate ticket (JBAS-4423) has been reason why this issue has been closed in JIRA as duplicate ticket, unfortunately with fix version assigned – yes, you can guess - to 4.2.1.

Therefore if you’re trying to use @RunAs annotation on MDB in order to call secured session beans, you’ll experience following exception:

java.lang.IllegalStateException: No valid security context for the caller identity

I truly hope this task will be integrated into 4.2 branch and we don’t have to wait for release of JBoss AS 5.

Original topic from JBoss Forums:
Bug in SecurityAssociation(?) - EJB3 MDB Calls

My topic to verify the problem:
@RunAs on MDB and not finished alignation of EJB3 security

Posted in jboss | No Comments »

JBoss Seam 2.0 released

November 6th, 2007 Radim Marek

Finally I can delete all my betas, because JBoss Seam 2.0 has been released today.

Link: Download
Link: Documentation

Don’t miss official post What’s new in JBoss Seam, or check my list published few weeks ago.

Posted in seam | No Comments »

Dev Fu: Bowler Hat strikes back

November 4th, 2007 Radim Marek

World of open source has changed drastically and so has one of the most iconic company behind it – RedHat. Open source reached enterprise. Enterprise reached open source. The share price is becoming more important than latest kernel version.

If there wasn’t the acquisition of JBoss by RedHat last year, I would probably forget about RedHat for once and for all. But things went in the rather different direction. Let’s hope it’s for good in the longer term. Lately the some negative changes emerged. For example in the last couple of months, alterations to the JBoss website made it quite hard to distinguish the open source projects and commercial enterprise middleware. The separation of jboss.com and jboss.org (labs.jboss.com) hasn’t been promoted as much as it would be needed. The constant questions I’m facing related to this topic are bitter evidence of this problem. I have to ask myself, if it is so difficult to separate both domains completely? I don’t think so.

But to switch to positive note, I would like to dedicate this post to RedHat’s new developers’ portal called Dev Fu. Recently it seems to receive the attention and new articles are being published frequently. Hopefully it will help to improve perception of identity of the RedHat’s open source projects and that’s the reason why I’m happy to promote it. The other question is the mixture of Linux and JBoss articles, but we shall see how this rather difficult combination is going to settle down.

Link: Dev Fu [http://developer.redhatmagazine.com/]

Personally I would like to recommend article Continuing the Conversation – Understanding Seam Nested Conversation. Because the conversations are one of the most important parts of JBoss Seam, this article should provide you enough information to understand the concept behind it and therefore understand the framework a little bit more.

Posted in jboss | No Comments »

What’s new in JBoss AS 5

October 28th, 2007 Radim Marek

It’s a long wait for JBoss version 5. If you’re anxious to get more information without digging deep into the beta version or current trunk, there are notes available from Mark Newton’s presentation ‘What’s new’ in JBoss AS 5, published on Christian Bauer’s blog.

Link: JBoss AS 5 Presentation Liveblog

Posted in jboss | No Comments »

IntelliJ IDEA 7.0 released

October 16th, 2007 Radim Marek

As a die hard fan of IntelliJ IDEA , I’m happy to let you know that the guys from JetBrains released version 7.0 aka The Magnificent Seven.

For more information and list of changes, visit official blog.

Updated: as it isn’t mentioned in original announcement, I’m glad IDEA is finally using runtime of Java 6. After my initial surprise caused by anti-aliased fonts in menus and dialogs, the version information (Help/About) confirmed it.

Posted in Java | 1 Comment »

Extending Seam Components

October 14th, 2007 Radim Marek

An important characteristic of every framework is a level of possible extensibility. JBoss Seam scores top marks in this perspective. Reason for it is simple. The main goal, to introduce consistent programming model that will make various frameworks to work together, is not just promoted for application developer, but also used through-out Seam itself. So with knowledge how to use component model and a quick insight behind the scene, you can easily start extending built-in components.

Mechanism you need to understand is component deployment process. Seam application start-up is triggered by the context listener which instantiates the Initialization object responsible for building configuration metadata. That is accomplished by collection of data from standard configuration files (WEB-INF/components.xml and deprecated WEB-INF/events.xml), configuration properties (supplied both from servlet context and file name seam.properties in the root of the classpath) and eventually by scanning archives in the application classpath for classes annotated with @Name which implies the Seam component.

Dependency Manager is then responsible for evaluation of component dependency to determine which components are to be installed.

And that’s the place where Seam utilizes another annotation - @Install. It does not only specify whether or not the component should be installed (this might be overridden by configuration files) and its dependencies, but also specifies precedence of the component. If two components with the same name are present, Dependency Manager will offer for installation only the one with higher precedence.

The precedence is specified integer value and following pre-defined constants are available:

• BUILT_IN [0] used for built-in components
• FRAMEWORK [10] to be used by frameworks which extend Seam
• APPLICATION [20] default precedence, to be used by application components
• DEPLOYMENT [30] used for overriding components for particular deployment
• MOCK [40] for objects used in testing

Further control over the components deployment process is provided by following two annotations:

• @BypassInterceptors which disables all Seam interceptors on particular class or method.
• @Startup to control initialization of component depending of scope its available in
  

With this overview you’re ready to extend any provided component, either Seam built-in or available within 3^rd party framework or application.

Extending Identity object

As example I’ll show you how to extend built-in identity object to support custom JAAS Login Module that requires custom callback handler to be used to obtain/provide further information. This particular implementation adds functionality to support NTLM as other authentication method (together with customized jCIFS library) and NTLM support iself is not part of this code snapshot.

@Name(”org.jboss.seam.security.identity”)
@Scope(SESSION)
@Install(precedence = APPLICATION)
@BypassInterceptors
@Startup
public class NTLMIdentity extends Identity {

  //
  // custom code
  //

  @Override
  public String login() {
    try {
       retrieveNTLMAuthenticationDetails();
    } catch (LoginException le) {
       log.error(”Unable to retrieve NTLM authentication details!”, le);
       return null;
    }
  }

  @Override
  protected CallbackHandler getDefaultCallbackHandler() {
     return new CallbackHandler() {
       public void handle(Callback[] callbacks)
          throws IOException, UnsupportedCallbackException {
          for (int i = 0; i < callbacks.length; i++) {
            if (callbacks[i] instanceof NameCallback) {
              ((NameCallback) callbacks[i]).setName(getUsername());
            } else if (callbacks[i] instanceof PasswordCallback) {
              ((PasswordCallback) callbacks[i]).setPassword(getPassword() != null ?
                  getPassword().toCharArray() : null);
            } else if (callbacks[i] instanceof SFSIdentityCallbackHandler) {
               processSFSCallbackHandler((SFSIdentityCallbackHandler) callbacks[i]);
            } else {
               throw new UnsupportedCallbackException(callbacks[i], “Unsupported callback”);
            }
         }
       }
     };
   }

   //
   // custom code
   //
  }

Where @Name is specified to override Seam built-in Identity component, and precedence set higher than BUILT_IN. If you run application, the result of #{identity} and Identity.instance() will always be NTLMIdentity object.

Posted in seam | 4 Comments »

JBoss Seam 2.0 - What’s new

October 6th, 2007 Radim Marek

Next week I will be doing an in-house JBoss Seam training for client who migrates frontend solution from .NET to Java. Because my personal experiments are mainly based on upcoming version 2.0, the fact second release candidate is available and GA release is just few days away, the whole training is built around the new version. For better understanding I’ve compiled description of some features and changes in Seam 2.0 from documentation and JIRA tickets.

Please note that this description is based only on my personal investigation and isn’t provided from project (RedHat/JBoss) sources.

New features are:

Seam WS allows Seam components to function as Web Service endpoints

Seam components not just can act as Web Service endpoints, but can directly participate in long running conversations. A handler has been provided to manage Seam’s lifecycle during the scope of a web service request. Conversation ID is carried from and to client using SOAP header element and it is client’s responsibility to implement propagation individually.

Although it’s possible to make Seam component a web service endpoint and use bijection fetures, recommended strategy is to use it as a facade to a conversational Seam component.

Seam components may now be written in Groovy

In case you haven’t heard about Groovy, it’s an agile dynamic language build upon the strength of Java with features inspired from Python, Ruby and Smalltalk, and that’s all with almost-zero learning curve.Mixture of Java and Groovy classes is possible, in debug mode with hot-deployment ability.

The Seam core is now independent of JSF

Following to questionable position of JSF on the market there is no hard dependency on JSF in Seam 2.0 core. This should allow exclusive integration with other frameworks (for example GWT or Apache Wicket) that can faster react to latest development (because they are not subject to standardization process).

Experimental support for the Google Web Toolkit

As mentioned above, there is now possibility to integrate different frameworks, so if you prefer GWT to develop dynamic AJAX applications Seam now provides experimental integration.

Integration of Hibernate Search

Seam 2.0 provides injection of FullTextSession or FullTextEntityManager as required when Hibernate Search is used, giving possibility to search specially annotated domain model.

Introduction of JBoss EL, an extension to the Unified EL of Java EE 5

Unified Expression Language of Java EE has been extended by JBoss EL to support following features:

• Parameterized Method Bindings to allow methods with parameters to be used in EL and parameters to be evaluated as separate expressions.
• Parameterized Value Bindings which gives ability to access classes that don’t follow JavaBean naming conventions.
• Limited support of projection list into sub-expression to access elements without need of creating specific methods within the Seam component.

Charting integration in PDF and HTML, using JFreeChart

Free Java chart library

Major enhancements to Seam Asynchronicity, including Quartz integration

Default dispatcher can be now replaced either by EJB timer service or alternative Quartz library by simple configuration statement in components.xml. Additionaly the Quartz dispatcher support three new annotations to control final expiration of the recurring task, UNIX Cron syntax for task scheduling and support for ⁿth business day scenario.

Major enhancements to jBPM integration

Including support for asynchronous calls and scheduling, propagation of business/process key available on annotation level and unified use of JBoss EL, as in jBPM 3.2.1.

Support for pageflow composition

Allows to pause one pageflow while another (as sub-processes) executes.

New transaction abstraction layer with support for non-JTA environments

Seam now provides out-of-box integration with multiple transaction APIs (JPA RESOURCE_LOCAL for not participating in JTA transactions, Hibernate and Spring managed transactions)

Migration to JSF 1.2

Latest specification of JSF is now used

Maven used to manage list of dependencies

More information available in Pete Muir’s post Seam Published To Maven.

Completely reorganized packaging of built-in components

Simplified configuration

Enhancements to the integration testing framework

Enhanced JavaDoc

Two new example applications

Migration to the new Embedded JBoss

Many bugfixes

Posted in seam | 1 Comment »