Tuesday Jul 22, 2008

FREE Hosting for Facebook & OpenSocial Developers - Social App Program

Are you developing Facebook and/or OpenSocial applications ?

Would you like to deploy them and monetize before spending any money on infrastructure ?

Social App Program is a new collaborative offering from Sun Microsystems and Joyent that allows you to do exactly that! It allows you to leverage Scalability and Cost-effectiveness of Joyent's cloud powered by OpenSolaris on Sun's renowned reliable servers and storage for deploying critical applications. And all this completely FREE for 12 months.

This program is also accompanied with FREE Sun-Joyent Social Developer Days planned for 8 cities (San Francisco, Los Angeles, Seattle, Vancouver, Chicago, Boston, New York and Austin/Dallas) in the US later this year to learn and get hands-on experience on writing applications which can scale to million of users. Learn how to architect, develop and deploy web-scale applications on Cloud infrastructure.

All details are available here. Also read the official press release.

FREE infrastructure with FREE training for YOU to write Facebook/OpenSocial apps - cool!

Is yours a startup company and under-equipped on infrastructure ? Join Startup Essentials today for FREE and discounted enterprise-class software, discounted partner hosting & storage and much more - apply online and membership FREE! Very minimal eligibility requirements and you can join inside the US or outside the US.

Technorati: sun joyent facebook opensocial social web2.0 cloud opensolaris startup startupessentials

Saturday Apr 05, 2008

GlassFish Metro Web Services Training Course

Interested in understanding the nitty gritty details of how Metro in GlassFish provides Secure, Reliable, Transactional and .NET 3.0 interoperable Web services ? You can certainly read all about it in Metro Users Guide, post questions to Metro Forum, subscribe to Metro Blogs or The Aquarium.
But now there is a new 5 hours Web-based course, WTMB-SAS-1500, from Sun Training. The course content is organized in 5 different modules:
  • WMT-SAS-1543:Adding Quality of Service and .NET Interoperability to Web Services
  • WMT-SAS-2544: Creating Reliable and Secure Interoperable Web Services
  • WMT-SAS-2545: Creating Transactional Web Services
  • WMT-SAS-2546: Working With the Web Services Policy
  • WMT-SAS-2547: Brokered Trust
Each module explains What/Why/How of each technology and then shows a complete demo using NetBeans on how to use that feature. The course can be taken within 365 days after the purchase. Read more details here.

Here are some other related courses:
Technorati: sun training course metro webservices glassfish netbeans

Tuesday Apr 01, 2008

April Fool Pranks 2008 @ Sun

Read more about the April Fool pranks played at Sun over past years.

Technorati: aprilfool mysql jonathan sun

Wednesday Mar 26, 2008

Ruby Developer Center @ Sun Developer Network - New Webpage

Ruby Developer Center is a new page launched today that is a one stop page for any thing & everything about Ruby, JRuby, Rails and all related efforts @ Sun Microsystems. Here are couple of new articles to get you started:
The site is divided into 4 tabs - Overview, Reference, Community, Download.

The Overview tab provides a pointers to Getting Started and key Ruby events. In the Reference tab, you can find out about documentation about using  Ruby with Solaris, NetBeans, GlassFish, Databases (MySQL, PostgreSQL & JavaDB). The Community tab gives pointers to blogs, forums and participation opportunities. Finally Download tab provides a single page to download all related Tools & Platforms.

Let us know what else would you like to see on the website.
Technorati: ruby jruby rubyonrails netbeans glassfish solaris sun sdn

Friday Mar 21, 2008

Ajax World East 2008 - Day 2 Report

I delivered my Maki as an Ajax Mashup Framework talk and the slides are available here. Lots of attendees came by afterwards and told me that they enjoyed the demo. The talk showed how jMaki Webtop provides a lightweight mashup framework that runs in the browser. Here is a pictorial representation of the demo shown:

GlassFish jMaki Webtop

jMaki Webtop is basically a jMaki widget that can be embedded in a JSP or PHP page. This widget provides the framework for managing widgets and users, ability to persist the Webtop on client-side using Google Gears or server-side using backend database, layouts and other functionality. In JSP case, the widget uses JPA for performing all the CRUD operations with the back-end MySQL database. The resulting WAR file is deployed on GlassFish (can be any other Servlet container as well). If you are interested in a Java version of Webtop then the recommended path is:
  • Create services & widgets using NetBeans
  • Deploy them on GlassFish
  • jMaki webtop for widget deployment & customization
It really is an evolution of jMaki - using all the infrastructure that has built over 2 years. You can experience it yourself at jmaki.com/webtop which is running a PHP version of the app. See the coverage here. The code will be available soon!

I attended few more talks and took notes in some of them to share:
See below for notes from some of them.

Can we fix the Web ?

This was an early morning talk (7:30am) and I reached few minutes late. But it was basically talking about JavaScript vulnerabilities such as
  • Script injection
  • No difference between user & guest scripts
  • Scripts exempt from same-origin policy
  • No modularity (global access to everything on the page)
And also DOM vulnerability because every node in the tree has access to every other node. This lacks modularity and causes a potential security risk.
Doug recommended 3-step plan to fix the Web:
  • Safe JavaScript subset
    • JSLint.com provides a safe subset of JavaScript that removes all features that are unsafe or suspect such as no global vars or functions
    • Google Caja & Cajita provide a similar subet but they use transformation instead of validation
  • Minor browser improvements
    • Scripts are exempt from same-origin policy. This allows a dynamic <script> tag to make a GET request from a server. Instead use JSONRequest (part of json.org).
    • ES4 (the upcoming JavaScript standard) is not good enough because it maintains backwards compatibility and adds complexity.
  • Major browser improvements
    • Replace JavaScript & DOM in browsers. The approach is to start with JSLint and add safe features as required.
    • The Object Capability System (where objects are given explicit access to be used) needs to be enforced to make it secure.
In Doug's opinion, if the Web is not fixed then JavaFX, Silverlight & AIR (all vastly superior but lacking adoption) will displace the web.

The second talk was on Accelerate Ajax development with Appcelerator by Appcelerator CEO.

The talk started with a "not too long back" introduction of the technology space. Well, it started with 1991 and the timeline (and associated technology advances in that year) kept shuffling 1995, 1989, 2001 .... and so on. Jeff talked about how/why Tim Berners Lee invented WWW and covered a myriad of terms after that including but not limited to - Web 1.0, Netscape, Mosaic, marc Andreeeseen (sp?), Java, java Web Start, Applets, W3C, CGI, J2EE, JCP, C#, JBoss, SOA, JavaFX, Silverlight, AIR and many others. For a 50 minute talk, that was quite a long introduction.

After that introduction, he word "Ajax" was mentioned almost 30 minutes (8:51am to be precise) in the talk. And then the word "Appcelerator" was mentioned at 9:06am. Finally, I realized that I'm in the right talk ;)

Appcelerator like to pitch themselves as RIA + SOA company and allows true decoupling of the rich client from it's services. Their services is very similar to jMaki but they use event handling + Ajax + DHTML to achieve it. They also run on Ruby, PHP, Java and other languages.

All in all, it was a good walk through the memory lane!

The next one was REST & Ajax Reconciled.

The talk explained the basic concepts of REST - Resource, URI, Representation, URL & Methods (GET, PUT, POST & DELETE). It also explained the idempotency and safety of each method type. Overall a good decent introduction.

Then it explained the limitations with current web-based forms:
  • The URIs in the action attribute cannot be changed dynamically
  • Most browsers recognize only GET/POST methods
  • Limited ecodings - for example generating JSON encoding requires extra work.
It provided a REST framework checklist:
  • Does it have resource-based approach ?
  • Acknowledges existing of representation ?
    • need multiple of them
  • Solid engineering & community support ?
The three frameworks discussed in the talk were:
  • Apache Cocoon - based on XML pipelines & URL patterns, powerful but steep learning curve
  • RESTlet - Like Servlet for REST, good for existing model
  • Apache Sling - Based on JCR with server-side scripting support
The talk did not mention anything about Jersey which is turning out to be a great implementation and very well meets all the critieria mentioned above.

The speaker recommended Apache Sling with ┬Ájax for all REST + Ajax needs. But I'd strongly encourage you to have a look at Jersey. The JSON representation generated out of Jersey can now be directly consumed by jMaki as described here - a true combination of REST & Ajax :)

And then the last talk where I took notes is Understanding the Top Web 2.0 Attack Vectors. I'll provides notes from the last 5 slides of the talk which essentially captured the essence. These slides talked about fundamental issues with Ajax and described concerns and possible attacks in each issue. I'll need to understand some of these attacks better myself but at least I have a list to begin with :)

Here you go:
  • Client-side
    • Concerns
      • Transparency
      • Cross-domain communication
      • Exposed business logic (View Source)
      • Local & Offline data storage
    • Attacks
      • Cross-site scripting, DNS Rebinding
      • Business logic bypass
      • Variable tampering
      • Protocol hijacking
      • Function clobbering
      • JavaScript hijacking
  • Protocols
    • Concerns - new protocols on top of HTTP
      • SOAP
      • XML-RPC
      • REST
    • Attacks
      • Traditional
        • Man-in-the-middle
        • Spoofing
      • Recursive Payloads
      • Schema Poisoning
  • Information Sources
    • Concerns
      • Integrity
      • Transient
      • Diverse (RSS, Blogs, Email, ...)
    • Attacks
      • Untrusted content
      • Poisoned Cache (HTTP Response Splitting Vulnerability)
      • DNS Issues
  • Information Structure
    • Concerns - Variations of data structure
      • RSS
      • Atom
      • JSON
      • Serialized data
    • Attacks
      • Malicious injection
      • Parser implementations
  • Server-side Issues
    • Concerns
      • Architecture Weaknesses
      • Multiple languages & implementations
      • Increase & fragmented attack surfaces
      • Unknown request origin
      • Authorization & Authentication in complex environment
    • Attacks
      • Traditional
        • Information disclosure, Logical attributes, Denial-of-service
        • Command Injection
          • LDAP, SQL, XPath etc.

OpenAjax Alliance talk about Gadgets & Widgets was nice. The alliance is working on creating standards for widget metadata, communication across widgets and other similar tasks. The goal is to enable successful adoption of open and interoperable Ajax-based Web technologies.

Dave Ferraiolo (from OpenAjax) particularly expressed thanks to jMaki for deriving the first set of Open Ajax Data Model specs from jMaki data models.

That's it!

Check out some of the pictures:

The complete album is available at:

I had to leave at the end of Day 2 because of unfavorable health condition. But I'm glad at least I could deliver my talks :) Now I need to be back-in-shape before my upcoming trip next Tuesday!

Technorati: conf ajaxworld newyork glassfish netbeans ria sun web2.0 jmaki

Tuesday Mar 18, 2008

Ajax World East 2008 - Day 1 Report

Ajax World East 2008
started earlier today.

I delievered my "Web 2.0 Application development using jMaki" and the slides are available here. There were several demos shown in the talk (using NetBeans and GlassFish) and they are all accessible at the links mentiond below:
Several other related demos are available here. Luckily I could deliver without much hassle inspite of having a high fever and cough! I hope I can hold at least until tomorrow morning when the big preso is scheduled @ 11:35am.

Anyway I attended 3 more talks today and took notes to share:
See below for notes from each talk.

The first talk I attended was: Picking the Right Technology for Enterprise Rich Internet Applications. I got little late and the session was packed with attendees standing way outside the room so I joined them.
The session talked about AIR, Silverlight & JavaFX as three possible technologies for Enterprise RIA. Per the talk, here are the basic criteria for RIA tools requirement:
  • Seamless deployment on client
  • High penetration of runtime
  • Web browser independence
  • Fast client/server communication protocol
  • Robust security
Of course, this session was given in Ajax World so pros/cons of Ajax were dicussed:

Pros of Ajax Cons of Ajax
No deployment required Ajax apps are browser depdendent
100+ Frameworks 100+ Frameworks
Open Source, no need to purchase software license Expensive due to long cycle, skilled developers demand top rate
JavaScript is an interpreted language, entire source code can be viewed using "View Source"
Network communication speed is not optimizedf for Ajax requests

And then basically it talked about the three technologies and their pros & cons are well captured in the slides.

The second session I attended was Performance Tuning your Ajax Applications. This was an interesting session and I learned a few tricks. Interstingly we have implemented quite a few of these performance enhancements in jMaki already.

Improving the performance of Ajax applications require tuning the following parameters:
  • Number of requests
    • Reduce number of JavaScript files that are loaded. This is the most important since each request to the backend adds extra cost. Even when the scripts are cached, the browser still makes a request (unless Since-Modified header is set correctly).
    • Typical approaches are to concatenate the files at dev time or at runtime based upon request.
    • Dev time approaches
      • Ant - concat all JS files using <concat> task
      • Dojo - Run Rhino over all provide/requires and then concatenate the files
      • Command-line
    • Run time approaches - Concatenation happens depending upon the request. Cons are:
      • Server-side dependent
      • Makes it harder to distribute code
      • Server is loaded as concatenation happens on server (mitigated with caching)
      • Works for <15 JS files
      • Does not track dependency
  • Size of requests
    • Remove white spaces and comments (Packer, Dojo, YCompresser, SafeCompress, ShrinkSafe are some of the tools)
    • Shorten the variable names
    • Gzip the code
    • Semicolon is optional but needed if you remove EOL (careful when compressing the code)
      • Drastically reduces the file size (e.g. Apache XAP reduced the file size from 330 kb to 70 kb)
      • Lots of gzip tools
      • Need to put appropriate headers so that browsers recognize gzipped content
    • Coding Style
      • Single line "if" and "for" do not need "{ }"
      • Combine var declarations into a single var such as var x=1, y = 2;
      • Use JavaScript style object
  • Time of requests
  • Time of initial code completion
    • Minimize the time that is executed @ start up
    • Bring the data once the initial page is loaded
    • Show images telling users that something is going on
      • Distracts user from the time it's taking
  • Other tips
    • Don't write your own parser  - use the native parsers
    • "If" statement optimization
    • Use the native facilities like getElementById() or getElementByTagName()
    • Consider different approaches of DOM creation
      • Tail Recursion
      • Setting the value in innerHTML
    • Consider JSON over DOM for object graph traversal - JSON could be much faster
Similar tips can be used for CSS as well.

My third talk of the day was Performance Paradigm of a Mashup World.

This talk given by Vice President of Webmetrics and laid a special emphasis on "Collaborative Monitoring" for performance measuring any mashup. This process involves not only monitoring your own application, but also setting up agents that measure performance with other services being invoked in the mashup, their further partners and so on. It also talked about a layered approach of using:
  • Standard monitoring - HTML page load time, DNS request processing time, etc.
  • Pixel Mapping monitoring - required mainly for GUI intensive application
  • Web services monitoring - Used for partner monitoring
This was further clarified using a 6-step process:
  • Know your apps
  • Learn where the points are in your ecosystem
  • Measure your perspective
  • Monitor your APIs
  • Collaborate within your organization
  • Collaborate with your partners & customers
That's it!

Check out some of the pictures:

The expo hall opens tomorrow and Sun's booth is right between the ballroom and the main door to expo hall, can't miss us ;)

The complete album is available at:

The Internet connection at the Roosevelt hotel is painfully slow inspite of charging $14.95/night where as most of the "modern" hotels offer free wireless :(

Technorati: conf ajaxworld newyork glassfish netbeans ria sun web2.0 jmaki

Sunday Mar 16, 2008

Ajax World New York 2008 - This Week

Sun Microsystems is a Gold sponsor of Ajax World East 2008. The event kick starts in New York City tomorrow and you can see the complete agenda here.

From Sun speakers, you'll hear how jMaki, GlassFish Comet, GlassFish and NetBeans provide an easy-to-use and industry-grade platform to develop and deploy Rich Internet Applications. Here is the list of Sun sessions:

Here is my wish list of sessions that I'd like to attend:

Tuesday, Mar 18
Picking the Right Technology for Rich Internet Applications Track 5 2:00 - 2:45pm
Ajax Applicability: When should Ajax be used ? Track 2 2:50 - 3:35pm
RIA Approach for Web 2.0 Development using jMaki Track 3 3:40 - 4:25pm
Wednesday, Mar 19
Opening Keynote: Can we fix the Web ? Opening Keynote 7:30 - 8:20am
Think Fast: Accelerate Ajax Development with Appcelerator Session 2 8:25 - 9:15am
REST and Ajax Reconciled Track 6 9:20 - 10:05am
Enterprise Comet: Real-Time or Real-Time Web 2.0 ? Session 4 11:00 - 11:30am
jMaki as an Ajax Mashup Framework Session 5 11:35 - 12:05pm
Understanding the top Web 2.0 Attack Vectors Track 3 12:10 - 12:55pm
Building Web 2.0 Applications with Project Zero Track 3 2:05 - 2:50pm
Ajax and Social Computing for the Enterprise Session 7 2:55 - 3:30pm
Aptana IDE: Your unfair advantage for Ajax etc. Track 3 5:20 - 6:05pm
SYS-CON.TV Power Panel: The Business Value of RIAs Session 10 6:10 - 6:55pm
Welcome Reception 6:30 - 8:30pm
Thursday Mar 20
RIA Adoption in 2008: Risks, Rewards, Challenges & Opportunity Opening Keynote 8:00 - 8:50am
Ajax and Rails Track 6 8:55 - 9:40am
Now Playing: Desktop Apps in the Browser Session 3 9:45 - 10:15am
DreamFace: The Ultimate Framework for Creating Personalized Web 2.0 Mashups Session 4 11:55 - 12:25pm
Securing Ajax Development and Testing Track 6 12:30 - 1:15pm
Asynchronous Ajax for Revlutionary Web Applications Track 3 2:15 - 3:00pm
Saving your Investment: Transforming J2EE Applications into Web 2.0 using GWT Track 4 3:05 - 3:50pm
Building Scalable Ajax Applications using GlassFish Comet Track 4 5:30 - 6:15pm
SYS-CON.TV Power Panel: What Lies Beyond AJAX? Session 9 6:15 - 7:00pm

It's only a wish list cause I'll be spending time at Sun booth in the Expo Floor as well and this is New York City ;)

See ya there!

Technorati: conf sun ajaxworld jmaki glassfish mashups comet netbeans ria

Wednesday Jan 09, 2008

Meet Agraj Mangal - Sun Campus Ambassador for Delhi University

As mentioned earlier, we have recruited a new student under Sun Campus Ambassador Program.

Meet Agraj Mangal - a student of Masters of Computer Applications  (equivalent to MS Computers but a 3 year program) from Delhi University. He has already started a blog - Kreativity Personified. If you are a student and would like to learn about Sun technologies then subscribe to his blog and have fun in the "quest of learning and sharing knowledge".

I met him when I presented on GlassFish @ Delhi University last year. He was selected after an intensive interview process after that. I'm glad he got selected cause he certainly impressed me with the short interaction at the University. I think he is going to be a great ambassador for our technologies. As first "assignment" in his new role, all the students in the Computer Science Department are already using  GlassFish and NetBeans for all their projects. So these students will already be GlassFish and NetBeans-enabled when they graduate.

Agraj has already started Java User Group and Open Solaris User Group in the University. Please feel free to bug him for any GlassFish and NetBeans related queries :) In order to help Agraj with his GlassFish quest, I'll create a "GlassFish For Schools" packet.

Read more about why Sun started Campus Ambassador program and other interesting details here.

Technorati: education school college sun campusambassador delhi glassfish netbeans

Wednesday Dec 05, 2007

Sun and Academic Institutions Together

I presented on GlassFish and related technologies (Metro, JRuby-on-GlassFish and jMaki) at the Department of Computer Science, Delhi University earlier this week. A more detailed blog describing that visit will be published later. But this blog is an attempt to create a summary of the main efforts that Sun has to offer to academic institutions.

The complete portfolio of Sun programs and solutions for the educational and research communities is listed here. More specific details are given below:

  • Sun Software Programs for Education - Offers special discounts to Education community on software licenses, training and software support
  • Sun Technology and Academic Resources (STAR) for Education and Research - STAR provides grants, collaborations and technology resources to educational institutions.
  • SDN Academic Developer Program empowers Academic Developers through sharing, collaboration and open innovation. It offers tools, resources and communities in which to participate and share.
  • Sun Academic Initiative is a program designed to introduce students to Sun technologies and equip them with skills in their chosen fields of study. The students get access to
    • Latest Sun technologies
    • High quality instruction and curriculum and course paths that lead to certification
    • Courses that can be integrated into degree program

    Read the entire program guide here. Apply for Sun Academic Initiative here.

  • Campus Ambassador (CA) program provides extensive training to a chosen student from a University on different Sun's open technologies including Java, NetBeans, GlassFish. This allow students to lead Sun's open source developer community in campus, run demos, promote Sun training events on campus and Sun tools to faculty. The chosen CA is paid a stipend :)
  • Student Zone provides details for students and new graduates. This page also lists country-specific events, for example Sun India University Program.
  • Sun's Real-world technology courses that earn you a certificate.
  • Subscribe to Sun Student Connection monthly newsletter. It provides you latest news on open source developer tools, technology resources and a range of developer topics.

Finally, get started by submitting resume. Hope you find this useful!

Technorati: education school college sun opensource academic

Monday Nov 26, 2007

FOSS.IN schedules now available - Almost 1600 registrants

FOSS.IN schedules are finally published, phew!

The conference is starting next Monday and this is living on the edge! This is the 7th year of the conference and I hope the scheduling is done little more in advance next year. This will allows us non-Bangaloreans to plan our activities around FOSS :)

I'll be giving "Packaging Java Applications for Ubuntu Platform" on Dec 4th, 4pm in A/120. See you there!

I'll publish the slides here after the talk.

Here are some other talks that I'd like to attend:

Date Topic Time
12/6, Thu FOSS.IN inaguration 10:00am-10:30am
12/6, Thu User to Hacker in 90 minutes: The Tools and Techniques needed to actually contribute to Open Source 3:30pm-5:00pm
12/7, Fri The Virtuous Cycle: Sun's FOSS philosophy and strategy 11:30am-1:00pm
12/7, Fri Hacking the Fox 3:30pm-5:00pm

I'd like to attend some talks on 12/8 but have to catch a flight in the afternoon. But otherwise the momentum is building pretty strong with almost 1600 registrants.

And then of course, you can find me around the GlassFish booth in the Expo.

Some more rant ...

  1. There is no conference planner on the website. You already saw my workaround above :)
  2. Why a Certificate is required for viewing individual session details ? Here is the certificate warning presented by Firefox:

    At least get the certificate by a Trusted Authority :(

Technorati: conf glassfish foss.in sun netbeans ubuntu


profile image
Arun Gupta is a technology enthusiast, a passionate runner, author, and a community guy who works for Oracle Corp.

Java EE 7 Samples

Stay Connected


« July 2016