Spring, JPA and Hibernate: “Session Closed”

Posted on January 3, 2012 by Maik Hassel

In a recent project, using Spring, JPA and Hibernate, I came across the not-so-uncommon

javax.persistence.PersistenceException: org.hibernate.SessionException: Session is closed!

… exception when accessing an injected Hibernate EntityManager directly. This is usually caused by performing operations outside of a transaction scope, e.g. due to missing @Transactional annotations, failing to manually starting a transaction, etc.

However, everything looked perfectly ok. For all intents and purposes, the code should have worked and even master Google didn’t turn up anything new and useful.

The problem, as it turns out, was related to the way the code was invoked. The developer decided to invoke a startup routine over the spring configuration as follows.

<bean id="foo" class="a.b.StartupSequence" init-method="start"/>
While the code does indeed get invoked, it appears that Spring does not create a transactional environment. Looking up the bean over the bean factory and invoking the start method programmatically solved the issue.

Posted in Software Development | Tagged , , , | Leave a comment

Storing Images – Really? Again?

Posted on November 9, 2011 by Maik Hassel
I always amazes me how some subjects come up over and over again, wasting precious time. One of those subjects is the question of where to store images in your application: The database or the file system.
It’s funny: Very few people ever seriously consider storing video files in a database, but images… different story. The discussion is usually triggered by a technical manager or lesser experienced developer asking “can’t we just store this in the database”…

The simple answer, 99% of the time: NO. The politically correct version is: “Yes we can, but we are not going to –  just because you can do something doesn’t mean you should”.

At this point of the conversation, common retorts are:
  • I have stored images in a database in the the past – it’s easy and it works.
  • What do Facebook and Google do?
  • Why not? It heard of project XYZ doing it also
I swear, if I got a dollar for every time I heard these, I would be writing this block post from a warm Caribbean island – or not at all.
So here the right thing to do (again: in 99% of all cases): Store the file on the filesystem and a reference in the database.
Here is why:
  • Dollars: Database storage is usually more expensive than file system storage
  • File system access can be optimized and accelerated. For example, many web servers use the operating system’s sendfile() system call to asynchronously send a file directly from the file system to the network interface. Images stored in a database don’t benefit from this optimization.
  • Web servers, etc, need no special coding or processing to access images in the file system
  • If there is any chance that you will migrate to a different database platform, your current BLOB format might be incompatible with, or at least a pain to convert to, the new format.
  • When your database really goes south, you still have the files on the filesystem. Admittedly: The usefulness may be questionable.

The remaining 1%
There are, in fact, good reasons on why you would want to suck it up and store your images in a database:
  • You require complex transactional integrity between  image and metadata: It is more complex to manage integrity between db metadata and file system data. Note: This is rare! More often than not,  transactional integrity can still be achieved by sending the file to the file system.
  • Backup: Images stored in a database do not require a different backup strategy. Images stored on filesystem do.
  • Access control: It is sometimes easier to control access to the images if they are in a database.
About Speed:
It is a common argument that file system access is faster than database access. This is, however, not necessarily correct. If we are talking about raw access speed, “many” databases beat “many” files systems. Having said that, the additional coding often times required to process the data once retrieved voids this advantage easily.
Please note, access speed is no clear argument for either side of the “database versus file system” debate. It depends…
To answer the question “What does Facebook do?”: http://perspectives.mvdirona.com/2008/06/30/FacebookNeedleInAHaystackEfficientStorageOfBillionsOfPhotos.aspx

 

Posted in Computer Software, Software Development | Tagged , , , | Leave a comment

You have done it before – so what???

Posted on November 8, 2011 by Maik Hassel
Sitting in meetings with both developers and clients, they often pitch their perception of the right way of tackling the problem at hand. One common argument for someones opinion being “the right one” is experience: “I have done this before in other projects, it works!”

Guess what: Just because you made a wrong decision in the past doesn’t make it right all over sudden.

You rarely hear someone say “I did this before, turned out to be a huge mistake, lets please not do this again!”, even though I would give this argument a lot more credibility…
Posted in Project Management, Software Development | Tagged , | Leave a comment

Social Viruses

Posted on October 14, 2011 by Maik Hassel

Social networking sites like Facebook, Twitter, LinkedIn, etc are becoming more and more the target of organized malware attacks, the majority of which lead back to organized crime creating billion dollar/year “revenues”.

Identity theft, credit card fraud, spamming, etc are lucrative business, worth disrupting your business and your online life. More than 1.2 million people filed a complaint of fraud, identity theft or a related act to law enforcement or regulatory agencies in 2008, up 16% from a year ago, according to the Consumer Sentinel Network, a branch of the Federal Trade Commission. Financial losses came to $1.8 billion, or about $3,400 per victim reporting a financial loss. Losses of $1 million or more were reported by 257 people.

And that was three years ago.

Lets take for example “Koobface”, an old but famous variant of social networking virus. Koobface, an anagram of Facebook, spreads by sending messages like, “you look funny in this video” or “you look so stupid in this pic”, to persuade someone to click on the link attached. Once the user clicks on them it takes you to a video which doesn’t play and they ask you to download certain codecs which can be a ‘flash_player.exe’ file.
If the file is downloaded your computer becomes open to Koobface malware. It downloads a file ‘tinyproxy.exe’ which hijacks your PC. It can even alter search results from google,yahoo etc and redirect you to websites selling malicious softwares.

The worm is able to perform the following functions:

  • Spread through social networks
  • Steal confidential information
  • Inject advertising into web browsers
  • Redirect web browsing to malicious sites
  • Intercept Internet traffic
  • Block access to certain Internet sites
  • Start a web server to serve as a command and control server for other Koobface infections
  • Download additional files, such as updates to itself and other pay-per-install software that includes fake security products
  • Steal software license keys
  • Break CAPTCHAs
  • Determine if a link is blocked by Facebook
  • Create new Blogspot accounts and pages
  • Modify the Hosts file

It remains to note that these visuses use forms of social engineering and do not necessarily exploit weaknesses of the various social media plpatforms. The weak link is the end user who blindly clicks on every link or installs unknown software on their computer without thinking twice. It’s an educational problem, and one that gets exploited by organized crime on a large scale…

Posted in Security | Tagged , , , , , | Leave a comment

Cracking a Computer Virus

Posted on April 12, 2011 by Maik Hassel

In Ralph Langner’s talk “Cracking Stuxnet, a 21st-century cyber weapon”, he provides a fascinating look into cyber-forensics and how his team helped crack the code of this digital warhead’s final target.

http://www.ted.com/talks/ralph_langner_cracking_stuxnet_a_21st_century_cyberweapon.html

Posted in News, Security | Tagged , , | Leave a comment

Happy 40th Birthday, “Creeper”

Posted on March 15, 2011 by Maik Hassel

While theories on self-replicating automatas were developed by mathematician Von Neumann in the early 50s, the first real computer virus – “Creeper” – was released “in lab” in 1971 by an employee of a company working on building ARPANET, the Internet’s ancestor, and is thus celebrating it’s 40th birthday this year.

The last four decades have seen the number of viruses, worms, bot nets and other malware instances boom – from 1,300 in 1990, to 50,000 in 2000, to over 200 million in 2010.

They involved from simple academic proof of concepts into geek pranks and now into full fledged cyber-criminal tools: By 2005, the virus scene had been monetized, and virtually all viruses were developed with the sole purpose of making money via more or less complex business models.

Example: The original “Creeper” looked for a machine on the network, transferred to it, displayed the message “I’m the creeper, catch me if you can!” and started over, thereby hoping from system to system – a pure proof of concept, just to show that “it can be done”.

Over the years, infamous milestones in malware development were set by variants such as “Jerusalem” (1987), “Michelangelo” (1992), “Melissa” (1999), “I love you” (2000), “Code Red” (2001) and “Sasser” (2004), all of which have – despite the cutesy names and interesting stories behind them – racked up increasing and considerable monetary damage world wide.

MyTob (2005) marked the turning point and the entry in the area of Botnets and organized cybercrime. It was one of the first worms to combine the features of a Bot (the infamous “Zombies”, controlled by a remote “Botmaster”) and a mass-mailer. Business models designed to “monetize” the many botnets appeared (some of which will count more than 20 million machines): installation of spyware, diffusion of spam, illegal content hosting, interception of banking credentials, blackmail, etc. The revenue generated from these new botnets quickly reached several billion dollars per year; a figure that is growing today.

Today, things are being taken up another notch – say hi to full fledged Cyber War. Case in point: “Stuxnet” (2010), to which – according to most threat researchers today – only governments have the necessary resources to design and implement a virus of such complexity.
To spread, Stuxnet exploited several critical vulnerabilities in Windows, which, until then, were unknown, including one guaranteeing its execution when inserting an infected USB key into the target system, even if a systems autorun capabilities were disabled. From the infected system, “Stuxnet” was then able to spread into an internal network, until it reached its target: A supervisory control and data acquisition (SCADA) and human-machine interface (HMI) system: WinCC as well as the Distributed Control System SIMATIC PCS 7, both manufactured by Siemens.
In this particular instance, Stuxnet knew the weak point with a specific controller – perhaps a cooling system – and most likely intended to destroy or neutralize the industrial system. This marks the first (known) time that the target of a virus is the destruction of an industrial system (in this specific instance, according to research, very probably a nuclear power plant in Iran).

Posted in Computer Software, News, Security | Leave a comment

IPv4 – we used it all up. Well… almost.

Posted on February 3, 2011 by Maik Hassel

Fossil fuels and IPV4 addresses have one thing in common: They are only limited amounts available:

When in the early days engineers developed the first IP addresses, they never thought they’d need more than 4.3 billion of them. Remember, initially the internet was mostly a network for academic use, but now the internet has formally outgrown the scale of its original design.

The term IPv4 address exhaustion (or depletion) describes the decreasing supply of unallocated Internet Protocol Version 4 (IPv4) addresses available at the Internet Assigned Numbers Authority (IANA) and the regional Internet registries (RIRs). They in turn assign for assignment to end users and local Internet registries, such as Internet service providers.

Due to the spectacular growth of internet connections in Asia in recent years and the growing need for multiple internet-connected devices in the West, have led to the dry up, but the depletion of the IPv4 allocation pool has already been a concern since the late 1980s, when the Internet started to experience dramatic growth. The Internet Engineering Task Force (IETF) created the Routing and Addressing Group (ROAD) in November 1991 to respond to the scalability problem caused by the classful network allocation system in place at the time.

IANA’s primary address pool exhaustion became an imminent formality on February 1, 2011 when two of the remaining seven blocks were allocated to APNIC, the regional Internet registry for the Asia-Pacific region. As per ICANN policy, the last five blocks must be assigned by IANA, one to each Regional Internet Registry, exhausting IANA’s available IPv4 address space.

The anticipated shortage has been the driving factor in creating and adopting several new technologies, including classful networks in the 1980s, Classless Inter-Domain Routing (CIDR) methods in 1993, network address translation (NAT) and a new version of the Internet Protocol, IPv6, in 1998.

Today, on Thurday, Feb 8th, the Internet Assigned Numbers Authority (IANA) will allocate the last five batches of IP addresses.

Internet Protocol version 6 or IPv6 will be the successor for IPv4. With 340,282,366,920,938,463,463,374,607,431,768,211,456 new IP addresses, the world is unlikely to run out of IP’s any time soon, but the transition to the new system promises to be difficult.

IPv4 and IPv6 addresses will almost certainly run alongside one another for a number of years to come, but they aren’t compatible with one another. IPv4 and IPv6 aren’t the same language.

The other challenge is that most of the internet isn’t ready for IPv6. Only 2 percent of all websites are currently supporting it and ISP’s have been slow to adopt the new system.

IPv6 stacks on most operating systems are more often than not buggy and cause issues in existing network structures, so they are often found disabled.

Posted in IT Service, News | Tagged , , , | 1 Comment

Xmarks Ceases Operation

Posted on September 28, 2010 by Maik Hassel

Our favorite bookmark syncing tool, Xmarks (formerly Foxmarks), is ceasing operations according to their own blog post from September 27: http://blog.xmarks.com/

We are sad to see them go, and at this point are still evaluating viable alternatives that can sync bookmarks across multiple browsers and platforms as well as provide web access.

Stay tuned

Posted in Computer Software, News | Tagged , | 1 Comment

Home Router – Combination of Commodity Hardware and Open-Source Firmware

Posted on September 28, 2010 by Maik Hassel

Today, routers are found – in various form factors and quality – in almost every household and office. Most people are not away that open source firmware exists for most routers, and that the advantages of changing your model’s firmware can be immense: Read this article

Posted in IT Service | Tagged , , , | Leave a comment

What’s new at Google?

Posted on September 23, 2010 by Maik Hassel

Lets face it, most of use use at least one Google product every day. Until recently, it was very difficult to keep up-to-date with what’s new at Google, as every product maintained their own blog.
Not anymore: Find a summary of what’s new at Google at http://www.google.com/newproducts/

Posted in Uncategorized | Leave a comment