Monday, September 8, 2008

Annotation Hell

XML Hell, the phenomenon that killed struts, and fear of which launch Seam. Annotations were the savior, so the prophets proclaimed. But have we gone too far? You decide.
* @return related details for this person
@ManyToOne( fetch = FetchType.EAGER, cascade =
{ javax.persistence.CascadeType.PERSIST, javax.persistence.CascadeType.MERGE } )
@JoinColumn( name = "PERSON_DETAIL", nullable = false )
@Where( clause = "ACTV_ID = 'T'" )
@Cascade( { CascadeType.SAVE_UPDATE, CascadeType.MERGE, CascadeType.DELETE } )
@Cache( usage = CacheConcurrencyStrategy.NONSTRICT_READ_WRITE )
@Message( "${msg.invalid.person.detail}" )
@XmlElement( name = "person-detail", required = true )
public PersonDetail getPersonDetail()
return personDetail;
This is a method of a Hibernate ORM object which can be serialized via JAXB. Also utilizes Hibernate validation, an i18n Message manager and EqualsMember, which means this element is a member of the set of fields denoting object equality. Somehow, I'm starting to miss XML...

Wednesday, September 3, 2008

The Organ Grinder: Firewall Tunneling via EC2 Proxy

Teaching monkeys new tricks.

I've been around. Let's get that straight. Sure, I no longer work in a corporate environment yet still, on occasion, feel the ache of an old scar. The wounds of the corporate blade just cut too deep. This world is hell to anyone who doesn't thrive in such artificial environments. This is a new segment for a new year (well, fiscal year) - The Organ Grinder: Teaching (Code)Monkeys New Tricks. Perhaps not new, but useful for those who need to survive in this wilderness. Today's trick: getting around corporate firewalls via tunneling.

I understand why some corporations wish to limit internet access to the common folk: ensuring that the receptionist does his job instead of playing WoW, blocking an old-lady manager from downloading the new forward "cute-kittens.jpg.exe", stopping sales guys from surfing for porn all day. However, when you are a software developer, blocking your access to the wild, wild web is like keeping a goldfish in one of those colored baggies of water they give out at carnivals; sure the fish live - sort of - only to die a day later when you take it home. Get the analogy? The fish is your soul.

1) Set up EC2

Firstly, you must have Java 1.5 or greater installed, and the JAVA_HOME env var set.
in unix
$ export JAVA_HOME=<PATH>
in windows

Create an EC2 account on Amazon (all of these steps can be found in detail here).

Set up the account and grab your X.509 certs.

Download and unzip the EC2 command-line tools - works for *nix, osx and windows (afaik).

Set up your *nix/osx paths:
$ export EC2_HOME=<path-to-tools>
$ export PATH=$PATH:$EC2_HOME/bin
$ export EC2_CERT=~/.ec2/cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem
Or, set up your windows paths:
C:\> set EC2_HOME=<path-to-tools>
C:\> set PATH=%PATH%;%EC2_HOME%\bin

$ ec2-add-keypair my-proxy

This will output a key similar in structure to this:
... blah blah blah, more data ...

copy/paste everything between and including "-----BEGIN RSA PRIVATE KEY-----" to "-----END RSA PRIVATE KEY----- " into a file named:
Then change the permissions of the file
chmod 600 id_rsa-my-proxy

2) EC2 Instance
Use the the Ubuntu 7.1 ami.
ec2-run-instances ami-b111f4d8 -k my-proxy

Which will output a line similar to the following:
INSTANCE        i-10a64379   ami-b111f4d8     pending   my-proxy  0

It will take a few minutes for the instance to launch. To check on its status:

When the instance is finally running, you will see the instance domain as something like the following:

You can ssh in as you wold expect, using the domain. Root has no password.
ssh -i id_rsa-my-proxy 

3) SSH Proxy

If you can connect out through port 443, set up sshd to listen on it. Avoid port 80. Your network may filter encrypted data on that port. If not, you'll have to drop down to port 80 and pray.
ssh -ND 1337
What this does is routes all localhost requests from port 1337 (or whatever port you want) to your EC2 ssh server (over port 22).

4) Important! Shutdown!

Amazon charges you $0.10 for every hour your instance is running. When you are done with your proxy, don't forget to shut it off! Ten cents isn't much money, but it adds up to approx. $72/mo if you leave it running all the time. Pretty expensive for a simple proxy! But in reality, you'll probably only need it a few times a week, costing you maybe $2 per month (20 hours). Use the instance id to terminate, not the domain (ec2-describe-instances if you have forgotten the id). Something like:
ec2-terminate-instances i-10a64379

Of course, if you get caught, don't blame me. Or do blame me, I don't really care.

Monday, September 1, 2008

Code Te Ching - Verse 47

Old technology is old, but not useless.
New technology is new, but does not devalue the old.

The greatest code was work of the ancients.
Subtle. Efficient. Genius.

Like the days of old where the weakest would not survive,
Come the days of today where many weak survive on ancient efforts.

The weak rest blindly on their fathers' graves.
Knowing nothing about what lies beneath the earth.
The wise know what lies beneath, but do not dwell upon it.
Because of this, the ghosts of the past will walk with them in times of need.

He occupies his time:
    Studying the ancient ways.
    Understanding the future direction.
    Cultivating his skill.
    Remaining faithful to the past without resting upon it.
From his gentle actions the world remains powered.

In this way: the ancients are not lost.
In this way: the elite is immortal.