Tegak Lurus Dengan Langit

Since one of my responsibility at work is being pre-sales for Sun Identity Manager software, I need a demo environment ready in my laptop for proof-of-concept, presentation, demonstration, and testing purposes. Early on I usually use Tomcat Application Server to host the application. But being a Sun partner, wouldn’t it be nice if the apps is deployed on Sun Apps Server as well? :D. With the new Identity Manager version 8.0 coming to the market, I decided to set it up on Sun Apps Server, known as Glassfish.

So here goes.

• Install Sun Java JDK

There are two alternatives for Java in ubuntu, i.e. OpenJDK and Sun Java JDK. In this environment I’m going to use Sun Java JDK.

$sudo apt-get install sun-java6-jdk

Having OpenJDK installed previously, we need to update the system to use the new JDK
$sudo update-alternatives --config java

• Install Glassfish Application Server

$sudo apt-get install glasshfishv2

By default, apt installs the apps server into /usr/share/glasshfishv2/ directory, and the web application folder goes to /var/lib/glassfishv2.

• Start the application server

$/usr/share/glassfishv2/bin/asadmin start-domain
.: 7: Can't open /usr/share/glassfishv2/config/asenv.conf


Now this is weird. I check the /usr/share/glasshfishv2/ and there is no config/ directory in the folder.
For some weird reason, apt seem to forget to configure the application server (or maybe I do something wrong?). After I installed it, i didn’t check the installation, and shutdown my laptop immediately since I need to do something else. Only after I boot my laptop and trying to configure it, I noticed that there are something wrong.

Since this is my first time using Glasshfish, I really don’t know my way around :D. Ask Google, and all references failed. Trying dpkg-reconfigure, failed as well. Being lazy as I am, I took the shortcut, reinstall the damn thing
$sudo apt-get install --reinstall glassfishv2

Finally, there it is. I finally get it right. Fire up my browser and browse to http://localhost:4848/ the admin page appears.

Title : Then We Came To The End

Author : Joshua Ferris

Price : SGD 17.66 (Bookweb Kinokuniya)

We thanked each other. It was customary after every exchange. Our thanks were never disingenous or ironic. We said things for getting things done so quickly, thanks for putting in so much effort. We had a meeting and when a meeting was over, we said thank you to the meeting makers for having made the meeting. Very rarely did we say anything negative or derogatory about meetings. We all knew there was a good deal of pointlessness to nearly all the meetings and in fact one meeting out of every three or four was nearly perferctly without gain or purpose but many meeting revealed the one thing that was necessary and so we attended them and afterward we thanked each other (page 5)

With the decline of the dot-com era, layoffs are on everyone’s door, including a Chicago-based advertising company, where this novel is situated. Capturing the life of the employees in a *probably* typical american(if not all) corporations, bringing gossips, secret romance, stress, frequent breaks in a humorous way. It’s written in such details, if you’re a white collar worker, you’ll probably see yourself here and there, laughing and smiling at the gossips or pranks you probably have witnessed (or even involved in) on your work history.

Joshua Ferris successfully capture how workers think, reason, and feels at the same time. It may be based on an american company, yet I found his description familiar, even dead-on on some parts. There is Karen Woo, who is always ahead on gossip, there is the boss, Lynn Mason who has breast cancer everyone pretends not to talk about (although it’s always be part of coffee-break gossip), there is Joe, that guy who never involve with anyone but surprisingly close to the boss. You have a colleague whose character you hate the most, you name it, this book have it :D.

A real entertainment.

PCWorld released a recap of a recent study showing a stronger ground community-based linux distributions gains in the enterprise market. Quoted from the study :

“Community distributions such as CentOS, Debian, and Gentoo are gaining enterprise respect for quality code, stability, response, and of course, for being “free as in beer” and “free as in freedom”. These community distributions are becoming a more significant market factor with growing enterprise acceptance and use of them”

Apparently more enterprises, especially in Europre, are willing to take chances running community-based distro (as opposed to commercial distro like RHEL or SuSE) using their internally capable resource for system administration, support, as well as application migration, although sometimes they still seek assistance from third-party consultant, which turns out to be cheaper than paying support from commercial-based distro.

Is this the end of commercial-based distro? Well it may be is too early to say so, but commercial distro should start reviewing their business model.

Verizon Business Security Services (formerly Cybertrust) recently released 2008 Data Breach Investigation Report. This report is based on 500 forensic cases handled by Verizon from 2004-2007, which then analyzed, compiled, and published as an overview on how the data breach was actually occured.

Some interesting findings from the report are as follows :

• 87% of the security breaches could have been avoided with basic security measures
• Two-thirds of the cases involved data that the organization did not know was present on the system
• 39% of the breaches involves business partners

Verizon Business has released a white paper about the report here.

Now, what is interesting about the report is the fact that, while information security as a discipline has gone a long way, the real world doesn’t seems to move forward. I mean, attack methodologies has evolved a long way from simple buffer overflow on a code to the latest DNS insecurity flaw, from platform to applications, from macro viruses to phishing, but the real deal is still the same, which is basic security measures has not been applied. Most of the attacks still involve known vulnerabilites that has been published and patches has been provided for months, but still, it’s exploited, and breach occured. How does that happen?

Apparently with all the new technologies the industry provided, there hasn’t been a significant change the way people approaches security. People are still chasing the ghost, spending millions and millions of money on information security year by year, and the bad guys still manages to come in from the same doors. So what, are we doing things wrong?

Maybe we’re not doing things wrong, we’re just putting our efforts at a wrong place. Maybe we’re so busy chasing the new buzz every day, worrying about new methods, new vulnerabilities, new security products, that we forget to do the basics, default deny, least privileges, and essential services.

And if we look back, aren’t all those security hype actually just that? Default deny? Least Privileges? Essential Services?

Beberapa waktu lalu bos saya nanya-nanya tentang arsip e-mail beberapa bulan lalu. Cek mail server, tak ada arsip, bo. Lantas beliau minta saya setup arsip mail server di kantor. Secara mail server di kantor pakai ubuntu, solusinya adalah mail-archive gratisan. sebenarnya (mungkin) bisa simpan seluruh email yang masuk dan keluar dengan postfix, mail-server yang saya pakai, tapi karena lagi pengen utak-atik, saya cari solusi tersendiri. Browsing sana sini, sampailah saya ke mailarchiva. Ada dua versi, enterprise edition dan open-source edition. Karena saya tak mau bayar, ya pakai yang gratisan saja. Saya pun download mailarchiva open-source edition.

Read the rest of this entry »