Wednesday, July 25, 2012

Preparing for Apache Karaf 2.2.9

The ninth maintenance release of the Apache Karaf 2.2.x branch will be soon entering the planning phase, as such I'm preparing for the release management role.

To prepare I've selected a bottle of Groom Bush Block Zinfandel 2008 to decant while listening to some Arkells albums.

Current high lights of this patch include a multitude of updates to Maven plugins, Felix Framework 3.2.2, and a planned patch for a null pointer exception that only occurs when using Java 1.6.0 update 33 or Java 1.7.0 update 5. A complete change log will be created for the Release Candidate once the community is ready to put it to vote.

The wine will of course only be sampled after being gave proper time to breath in its container, after the first release candidate has be up loaded for voting (see our release guide for more details on our process).

Unfortunately I can't share the wine with you, but I can share a few links to some Arkells videos. I'm looking forward to starting the 2.2.9 release process soon.

I'll be posting updates to our Twitter stream (#karaf) and on our IRC channel ( #karaf).

Thursday, July 19, 2012

Apache Karaf 2.2.8 on Windows Server 2012

Installing in VirtualBox VM.
I tend to like trying out Karaf on platforms I usually do not use on a daily basis. Today I tried out Windows Server 2012 (DataCenter Edition RC).

The Windows Server 2012 RC is available as tech preview at TechNet preview centre. Just sign up for the trial version, download the ISO, and you're ready to test out the server OS.

To validate that Apache Karaf would function on the platform I downloaded Oracle Java 1.6.0, Apache Maven 2.2.1, and Karaf 2.2.8 from our project website.
First boot!

Before testing Karaf, I added JAVA_HOME and MVN_HOME variables to my environment then I opened a fresh shell.

Executing the KARAF_HOME\bin\karaf.bat script brought Karaf to life on the console. I tried out several commands, tab completion, and other features to verify that my console session was truly interactive.

Seeing that basic functionality appeared to be stable, I then tested out native OS integration by installing the service wrapper.
Testing Native OS Integration.

The installation and test procedure is simple:

  1. Start Karaf console
  2. invoke 'features:install wrapper'
  3. invoke 'wrapper:install'
  4. exit Karaf console
  5. execute karaf-service.bat install
  6. use 'net start "karaf"' to run Karaf as a service
  7. use 'net stop "karaf"' to stop Karaf.
 Seeing that Windows Server 2012 is still in its early access beta program it was nice to see Karaf's service integration work right out of the box.

I'll be playing around with my evaluation copy of Windows Server 2012 for next while, so expect to see a few more posts as I try out various Apache projects on the platform.

Tuesday, July 3, 2012

Anatomy of an Apache vulnerability report, and Secure Release Management

Last year I volunteered with the local St John's Security BSides conference by providing blog coverage, and other help behind the scenes. This year I've submitted a talk covering the anatomy of an Apache vulnerability report and secure release management. UPDATE: My talk has been accepted!

If you're not familiar with the BSides conference series, here is a quote from their website: "Security BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening."

In my talk we'll discuss the procedure for reporting a security vulnerability to an Apache project, and what you as a reporter should expect to see happen as the project community validates the issue, and proceeds towards a resolution. After we have discussed the process we'll take a look at the content of a Common Vulnerabilities and Exposures (CVE) report.

We'll then switch gears to talk about how users can validate that their Apache project downloads are in fact legitimate. This is one of the more important safety practices that I tend to show users - all Apache projects provide safety measures on their releases, here I'll show the audience how they too can verify that they have release artifacts from the project community.

NLWebDevs: An Overview of Zend Framework 2 and ZendSkeletonApplication

This wednesday night (July 4th), the Newfoundland Web Developers group will be hosting a meeting on Zend Framework 2 (ZF2) and ZendSkeletonApplication.

Time: 7pm, July 4, 2012
Location: Computer Science Seminar room (EN-2022), Engineering building, Memorial University, St John's.

Speaker: Adam Lundrigan

"I'll be giving a brief rundown of the current state of Zend Framework 2 (ZF2) and it's associated skeleton application, ZendSkeletonApplication. I will be focusing primarily on the new MVC layer of ZF2 as well as practical examples of using and extending ZendSkeletonApplication, as our current website ( is based on it. All are welcome!"

For more information, please visit the event page: