Monday, June 27, 2011

Preparing for Apache Karaf 2.2.2

The second maintenance release of the Apache Karaf 2.2.x branch has entered the planning phase, as such I'm preparing for the release management role.
Preparing for the Apache Karaf 2.2.2 release.
To prepare I've selected a bottle of Terre Dei Volsci Velletri Rosso Riserva 2004 to decant while listening to Wintersleep's albums New Inheritors, Welcome to the Night Sky, and untitled. It's been rain, drizzle, and fog for a long time now while waiting for summer to kick in, so I think the intellectual, macabre sounds fits in well with dark days outside. Please do not worry about the dreary theme I have going here, for there is an upbeat attitude coming for the 3.0.0 release. Seriously, how many projects do you know of where the release manager talks mostly about wine & music before a release? Apache Karaf is awesome that way ;)

The wine will of course only be sampled after being gave proper time to breath in its container, after the first release candidate has be up loaded for voting (see our release guide for more details on our process).

Unfortunately I can't share the wine with you, but I can share a few links to Wintersleep videos.

I'm looking forward to starting the 2.2.2 release process. I'll be posting updates to our Twitter stream (#karaf) and on our IRC channel ( #karaf).

Sunday, June 26, 2011

Preparing for Apache Karaf 3.0.0

The first release of Apache Karaf 3.0.x branch will be coming soon, as such I'm preparing for the release management role.
Preparing for the Apache Karaf 3.0.0 release.
To prepare I've selected a bottle of Stella Bella Cabernet Sauvignon Merlot 2007 to decant while listening to a pair The Idlers albums; CornerKeep Out. It's summer here in Newfoundland, so I thought some up beat reggae from the island would be fitting for this release.

The wine will of course only be sampled after being gave proper time to breath in its container, after the first release candidate has be up loaded for voting (see our release guide for more details on our process).

Unfortunately I can't share the wine with you, but I can share few links to Idlers videos.

I'm looking forward to starting the 3.0.0 release process. I'll be posting updates to our Twitter stream (#karaf) and on our IRC channel ( #karaf).


Summer has come and gone (debatable in Newfoundland, but I digress), and we're now heading towards Winter. The Karaf 3.0 line is almost there now though. Expect to hear more as the RC approaches.

Thursday, June 23, 2011

Preparing for Apache Karaf 3.0.0 and 2.2.2 releases

I'm spending some time today at my server co-location host preparing the Apache Karaf release machines for the upcoming 3.0.0 (currently trunk) and 2.2.2 releases.

Traditionally when I visit the server colo I try to make a nice lunch, so here are some pics from today, and a shot of the current infra setup I have for Karaf (thanks Dwayne for setting up and maintaining all the machines!).
This is pretty healthy by my standards.
Perhaps a little ghetto, but it's safe & secure with backups :)
I'll be posting on the 3.0.0 and 2.2.2 releases as they approach, so expect more updates to come!

Thursday, June 16, 2011

Newfoundland's game development industry is growing!

The International Game Developer Association - Newfoundland Chapter is holding their first official meeting this weekend in St John's. While a portion of the event is private, members only, there will be a portion that is open to the general community (when details are available I'll update this post).

Over the last few years I've been posting articles surrounding the growth of the Newfoundland game development industry, and have had the opportunity to sit down with some of our local game companies to discuss their views on the industry, and on their successes in the market. So I'm looking forward to this weekend's meeting to find out more about how the industry is growing here, and where it's going in the years to come.


Time: June 19, 20:00 - 21:00.
Place: Yellow Belly Brewery, 288 Water Street, St John's.

Meeting is upstairs in the public house level.

Wednesday, June 15, 2011

Apache Karaf: Year one in review.

On June 16th, 2010 Apache Karaf became a top level project at the Apache Software Foundation. During it’s first year the Apache Karaf team has enjoyed the process of creating a new Apache community, welcoming new contributors, producing many releases, accepting it’s first sub project, and planning for a bright future.

As it’s first birthday approaches we, the Karaf team, would like to look back at the year that was, and thank all of our users and contributors for making Apache Karaf’s inaugural year so exciting. For those interested in reading more about Karaf’s past, please see the article "A brief history of Apache Karaf".

Before we start our review of Apache Karaf’s first year, I’ve asked Guillaume Nodet (project founder) to share a few thoughts on were the project has been:

"Karaf is one year old as a top level project but the original code is more than 3 years old and I've spent a big chunk of that time working on Karaf's code base. The project is really great, but what I'm the most proud of is certainly having helped creating such an amazing and thriving community as this is definitely one of the best I've worked with.   

Happy birthday Karaf !"

Year in review:

There are so many highlights over the last twelve months to talk about, new features, improvements, releases, new contributors & users, projects selecting Karaf as their platform to build upon - the list goes on and on. To start the review I'd like to look at some of the raw statistics surrounding Karaf.

Karaf by the numbers:

Over the last year Apache Karaf has seen a steady increase in interest from its user base and the development community at large. In fact, the average monthly download volume has increased 10 fold from 500 to 5000 kits/month during this time. These numbers of course are collected from our nine releases!
source: Nexus Central Statistics, reproduced here with permission of Karaf PMC.
Breaking down the volume of Apache Karaf downloads by release version we observe that Karaf 2.0.0, 2.1.0, 2.1.3, and 2.2.0 have garnered interest from a large portion of our user base. We also can also see that our minor or “patch” releases have a steady following.
source: Nexus Central Statistics, reproduced here with permission of Karaf PMC.
Release VersionTotal DownloadsPercent of Total DownloadsIssues Resolved
When reviewing these numbers please bare in mind that higher version numbers have been available for a shorter period of time.

Welcoming new Contributors, Committers, and PMC!

The raw data surrounding Apache Karaf downloads doesn’t tell the whole story of the project. The real numbers we’re happy to boast about is all of the new members of our community. Our new users and contributors have been and continues to be one of the most dynamic and growing aspects of Karaf. Starting with a group of ten initial committers we now have just about doubled our team - no small feat for a new project. We’re always looking for more contributors though, so please visit our JIRA, read our email lists, and say ‘hi’ on irc.

Karaf’s first subproject “Apache Karaf Cellar”!

In the spring of 2011 Apache Karaf accepted its first externally donated sub-project. Apache Karaf Cellar provides Karaf with a clustering engine powered by Hazelcast. The developer behind this sub-project, Ioannis Canellos, along with the community have been steadily helping to integrate the technology deeper into Karaf, while extending its features.

A word from Jean-Baptiste:

As Apache Karaf’s first year as a top level project comes to an end I asked Jean-Baptiste Onofré, Karaf PMC, to share his thoughts on where the project will be heading in year two and beyond.

"Karaf is a highly strategic project in the OSGi eco-system. We built it as container/kernel, and Karaf aims to be the foundation of a lot of other projects, with different business requirements and implementations. The Karaf team works on major enhancements and new features to provide an enterprise OSGi application server. Karaf will become the premium container to all applications and projects that want to enter in the OSGi world with a ready to use environment. But more than a technical project, Karaf is an amazing community. The team is very eclectic: we discuss and share a lot to create a very active and interesting community. I'm very proud to be part of Karaf. I would like to address a huge thanks to Guillaume, Karaf founder and first PMC chair: he made an awesome work. I have a deep respect for this guy. 

Long life to Karaf and happy birthday !!"

The road ahead:

Now that we're entering our second year there are many new goals that we want to achieve. First and foremost will be our up coming 3.0.0 release, and our many planned patch releases for our currently supported branches. We hope to expand our community, and extend a warm welcome to everyone interested in contributing to Karaf's future success. So as we celebrate our achievements to date, please stay tuned for there is more to come :)

Monday, June 13, 2011

Security BSides St John's Recap!

Did you miss Security BSides St John's? If you did then you'll probably want to read my in-depth recap of all the events : An in-depth look back on Newfoundland's first ever Security BSides conference.

Afterwards, you may want to check out the conference photos.

I'd like to take this opportunity again to thank Norbert Griffin, Travis Barlow, Victoria Vuong, the presenters, and all of the sponsors for all of their hard work and support putting together this great event. Hope to see you all again next year for another BSides!

Still coding by the sea

It's been a while since I've posted anything on living by the sea, so I thought I'd post some photos from a recent walk along the East Coast Trail Blackhead path. The fog that had been holding on to the island the last few days has finally lifted so there was scenery to take in.

Looking out from Blackhead across to the Narrows (St John's).

A rarity - no macbook open, editing files ;)
Looking towards Cape Spear Lighthouse. 
Rocky, cold shores.
Standing cliff side, its a good 50 ft drop over that edge.
One almost expects to see Bob Ross painting the scenery.
When the weather improves I'll try to get some more time by the sea with my Mac - its the best place for having some source code fun.

Sunday, June 12, 2011

Security BSides St John's 2011 in photos

I'll be writing up a more detailed recap of the events surrounding the Security BSides St John's 2011 conference, but thought I'd share some of the moments with you as a photo essay.
Before the conference could begin conference attendees arriving from out of province were made honorary Newfoundlanders.
The conference attendees arriving early Friday morning.
The stage is set, and the conference is ready to start!
Nobert Griffin welcomes the near 140 conference attendees and delivers the keynote address.
Travis Barlow started the talks by telling the audience some of his experiences in penetration testing (see "Chasing Turkeys").
Mark Nunnikhoven then provided his in depth analysis of the security issues involved with iOS devices on your network (see "iPads: Love'm, Hate'em, You're going to have to deal with'em"). 
Ajay Sood brought the attendees up to date on the latest trends in malware (see "Modern Malware Exposed!").
Jean-Pier Talbot provided a hands on example of cross site scripting vulnerabilities.
After this hands on talk the conference braked for lunch on site at ClubOne. This gave all of the audience a chance to meet up with the presenters one on one to further discuss the issues they presented during the morning session.
Jon Anstey delivered a talk aimed towards application developers using Apache Camel. To anyone familiar with implementing EIPs this was a great introduction to handling data in a secure manner (see "How to secure your Apache Camel Deployment").  
Kellman Meghu was in the right city to talk about the cloud, seeing that St John's likes to keep the clouds firmly at ground level ;) (see "Virtually Safe?") 
Tim Newell provided a nuanced discussion on the challenges we face providing remote access to our system users (see "Having your cake and eating it - Remote Access Security").
Adam Mosher ended the talks with his review of Anti-forensics (see "Evasion with anti-forensics").
After all of the talks had been delivered the attendees were invited over to Dusk Lounge to continue discussing the presented talks, network, and enjoy getting to know our peers. 

I'd like to take a moment to thank Norbert Griffin, Travis Barlow, and Victoria Vuong for all of their hard work to make this BSides possible. I hope that next year the organizers of this BSides conference will be willing to put together another event - this whole event was so much fun! 

Tuesday, June 7, 2011

Security B-Sides St John's Schedule!

Friday June 10th, 2011 Track 1
8:30 AM - 9:00 AM Coffee and Muffins Served
9:00 AM - 9:10 AM Opening Remarks Early Bird Prize Give away
(Arrive before 9:00 AM to be entered for a chance
to win a Netbook)
9:10 AM- 9:50 AM Name: Travis Barlow
Talk: Chasing Turkeys
10:00 AM - 10:20 AM Name: Mark Nunnikhoven
Talk: iPads: Love’em, Hate’em, You’re Going to Have
to Deal With’em
10:30 AM - 11:20 AM Name: Ajay Sood
Talk: Modern Malware Exposed!
11:30 AM - 12:20 AM Name: Jean-Pier Talbot
Talk: The Web is a Battlefield
12:30 PM - 1:30 PM LUNCH
1:30 PM - 2:20 PM Name: Jon Anstey
Talk: How to Secure your Apache Camel Deployment
2:30 PM - 3:20 PM Name: Kellman Meghu
Talk: Virtually Safe?
3:30 PM - 4:20 PM Name: Tim Newell
Talk: Having Your Cake and Eating it - Remote Access
4:30 PM - 5:20 PM Name: Adam W. Mosher
Talk: Evasion with anti-forensics
5:30 PM - 6:00 PM Grand Prize (TBD) Give Away
6:00 PM - Onwards Finger Foods\Drinks and Social Gathering

Monday, June 6, 2011

Reasons to attend Security BSides St John's 2011 (part 8)

So you've heard about the Security BSides St John's 2011 event and wonder if you'll sign up to attend? Well if you do you'll be able to take in a variety of information security talks from leaders in the field, while  having the opportunity to meet other information security practitioners, and researchers. In this week's 'Reasons to attend Security BSides St John's 2011' I'm highlighting Mark Nunnikhoven's talk entitled "iPads: Love’em, Hate’em, You’re Going to Have to Deal With’em":

iPads: Love’em, Hate’em, You’re Going to Have to Deal With’em
Mark Nunnikhoven, Security Architect

It’s shiny.

All the other executives have them!

But...I want it.

The iPad currently owns the tablet market. Because of that dominance—and whatever your organizations motivation—sooner or later you’re going to have to figure out how to secure iPads (and iPhones) within your environment.

From connectivity, to data storage, to apps, to support, to media management, and beyond there’s a mountain of issues to deal with. You’re going to have to figure out how to address these issues, and the sooner the better.

This talk will help get you started. Together we’ll walk through some of the pitfalls, problems, and challenges associated with these (and similar) devices.

With the right approach is it possible to minimize the risks these devices pose without significantly altering the great user experience they provide.