Developer paths beyond the Visual Studio juggernaut

I have just purchased a Mac laptop and am planning to partition it to run OSX and Ubuntu. Currently I use Microsoft Visual Studio on Windows for development projects. My concern is whether there is an equivalent to Visual Studio and the Microsoft Developer Network (MSDN) on OS X or Ubuntu?

Today I was asked this question, one which is very similar to others I have been asked and answered in the past. In Windows the decisions a developer must make prior to starting coding are relatively simple because it is an environment dominated by Visual Studio. When making the move to OSX or Linux the decisions facing the developer are more complicated because no single company dominates these platforms in the same way Microsoft does Windows.

Outside of this Microsoft’s sphere of influence is a large number of avenues to consider which can significantly influence the productivity and even success, of your software project. The short answer is there no direct equivalent to Visual Studio and MSDN for OSX or Ubuntu, but there are plenty of satisfactory alternatives. In making your decision consider what languages you use now, or are interested in learning in the future. Also identify what general platform you wish to develop for; be it the desktop, server, web or mobile. And always remember whilst none of these discussed paths are wrong, some are more right than others depending on the project.

Married and back from the honeymoon

On the 7th February Emma and I got married on a brilliantly sunny (and hot) Auckland day. We then had a great honeymoon in Nelson and Golden Bay, where amazingly the weather held out very well compared to the rest of the country.

In Nelson we stayed at Te Puna Wai and in Golden Bay we had a comfy bach at Adrift. Both of the places were excellent, and if you are in that part of the world definitely consider them both if you are after great views, spa baths and hospitality.

For posterity I have put some of the photographs we took of our travel online here.

 

StressFree Webmin theme version 2.0 released

Version 2.0 of the StressFree Webmin theme adds limited support for Google Gears. Whilst this addition does not provide true "offline" functionality it does help speed up the performance of the Webmin theme, especially over slow connections. In a nutshell Gears is used to cache a significant portion of Webmin's static content (images, javascript and CSS).

To enable Gears click the Gears link on the top right of the screen and follow the instructions. If your browser does not have Gears installed you will be provided a link to install the library. A demonstration of this functionality is given in the video below. There is not much to see, but the performance improvement is noticeable if you use Webmin a lot.

The concept and initial code for this functionality was kindly provided by Dwi Kristianto. I have integrated his proposal into the core StressFree theme and in the process tweaked it a fair bit to ensure it works in a variety of Webmin configurations.

This release also fixes a login screen rendering bug introduced since version 1.450 of Webmin. Unfortunately to resolve this bug backwards compatibility with Webmin versions > 1.450 is broken. If you are not using Webmin 1.450+ it is recommended that you do not install this theme, or better yet, upgrade Webmin prior to installing this theme.

The updated theme can be downloaded from here.

 

Autodesk Seek gets a new look and more content

Autodesk has not yet abandoned their web-based services endeavours in spite of a wilting construction industry and sinking global economy. Just prior to Autodesk University 2008 their Seek service received a significant makeover. Now this week it was announced BIMWorld has been acquired by Autodesk so that its BIMLibrary catalogue can be folded into Seek's. These events all sound good on paper, but how do they stack up, and more importantly is this a step forward for the Seek service?

The new user interface

The old white on black style of Seek has disappeared in favour of pastels on white. Overall this is a welcome change, but more importantly the overall appearance has been tidied up, with more attention paid to the rendering of onscreen elements. The result still feels very database-driven, but compared to the previous interface it does have a better flow and a less haphazard look. The Javascript-based Yahoo! User Interface library has been used to good effect and overall it feels very snappy. Unfortunately under this new coat of paint some things have not changed, for example the URIs for each product are shockingly bad. The option to email a link of the product has improved, but most people are used to simply copying and pasting URLs from the browser. If Autodesk expect others to link to content they need to resolve this problem. Until then it is very difficult for people to collaborate using Seek as a point of reference.

SpringSource tc Server: The right product at the right time

Releasing a new product into one of the worst economic climates ever would generally be considered a bad move, but for SpringSource it may prove a master stroke. Recently they announced that early next year (Jan/Feb) version 1.0 of tc Server, a fully supported, business-friendly edition of Tomcat 6.0, will be available. For those in the Java world Tomcat is the first port of call when developing or deploying web applications. This is because it is free (open source), lightweight and relatively easy to use compared to the Java application server competition; JBoss, GlassFish, WebLogic and WebSphere.

Unfortunately when compared to alternatives Tomcat has never been as well supported in the role of mission critical, business server. JBoss does support Tomcat so that it can fulfill the role of servlet engine for their application server, but most will acknowledge the two are quite different beasts. Other companies ship Tomcat as part of their products, for example Novell and Alfresco, but in these cases support is of a token nature and generally extends only to how the company's own software runs within it. So in this cloudy support and economic environment it is easy to see why SpringSource is moving to offer a supported, business-friendly edition of Tomcat.

Loose some OSX fat with Xslimmer

These days disk space is not a huge problem, but on a MacBook Air it can get a little tight once all your applications and media libraries are installed. This dilemma is not helped by OSX 10.5 Leopard's installation bloat. Not only is multiple language support installed by default, but most applications come with both x86 and PowerPC binary files. So if like me you only understand English, removing superfluous languages and binaries will free gigabytes.

Now whilst it is possible to do this task manually it is hardly fun or a good use of one's time. Fortunately there are a few tools out there that can do the job for you, my favourite being Xslimmer. Whilst this application does cost a handful of dollars (US$12.95) it has a great interface and keeps a 'blacklist' of applications that experience issues when they are placed on a diet, for example Skype. Plus if it helps remember that for this money you are reclaiming storage space, so it could be argued $13 is a very small price to pay when your laptop's hard drive cannot be replaced and external USB drives look ugly.

Using Xslimmer is very easy, simply open it and run the Genie command to automatically locate all your applications. Once found Xslimmer will analyse each program to determine what excess fat can be trimmed. This usually results in a 25%-50% reduction in application size. This soon adds up to gigabytes of space on a typical OSX installation. Once analysis is complete you can choose to backup all unnecessary files or just delete them entirely. After this decision is made Xslimmer quietly gets on with the job, which for me resulted in 2.5 gigabytes of storage being freed (approximately US$5.20 per gigabyte).

The only thing to keep in mind is that as software updates and new applications are installed new fat will be introduced to the system. This means if you want to keep your system nice and lean re-runnig Xslimmer every few months is a good idea.

 

Transparent Single Sign-On with CAS & eDirectory

A few months ago I had a patch accepted by the JA-SIG CAS project to enable this single sign-on (SSO) service to automatically authenticate users who are part of an internal Novell network. The benefit of this is that once a user has logged into their corporate network they do not have to authenticate themselves when they use any of the company's web applications. CAS is a good choice for an SSO solution because it is free, fairly simple to setup and has libraries for integrating with Java and just about every other web language. Also, due to its relative simplicity, many popular web applications support CAS 'out of the box', so it pays to do some checking before reinventing the SSO wheel.

How exactly this transparent authentication mechanism works is a little complicated, but in practice it occurs in a fraction of a second without any intervention. Below is a diagram outlining the actions that take place and a brief description of what happens at each step.

  1. The staff member logs in to the Novell network to gain access to their desktop.
  2. Once logged in the user visits an internally hosted web application. (e.g. CRM, DMS, etc.)
  3. Because the user is not logged in, the web application returns a CAS redirect command to the browser.
  4. The user's browser is automatically redirected to the CAS web service for authentication.
  5. The CAS service detects the incoming I.P. address and performs an LDAP search for this value in the eDirectory.
  6. The LDAP search finds the user's I.P. address and returns their credentials.
  7. CAS creates an authenticated session for the user and returns a one-time use ticket to the browser.
  8. The browser automatically redirects back to the web application and presents the authentication ticket for validation.
  9. The web application checks this ticket against the CAS service. If valid the user's credentials are returned.
  10. The web application creates an authenticated session and returns the relevant HTML content to the browser.

Setting all this up is not too difficult, so long as you carefully follow my instructions on the CAS wiki. The key is understanding what is going on and how the CAS configuration files work to achieve this task. The added bonus is that because this technique uses information stored in eDirectory it works with (pretty much) any Internet browser without any extra client-side software.

 

Remotely managing VMWare servers via SSH

As the cornerstone of any company's server infrastructure it is extremely rare to find VMWare servers (be they Server, ESX or ESXi) directly exposed the the Internet. Generally these important services are hidden behind layers of protection which can make managing them when not onsite quite a challenge. Of course you could setup a VPN or use some remote desktop access software, but why bother when plain old SSH can do the job for you.

Once you have SSH access to a system within the organisation's network it is a fairly simple task to create virtual tunnels to the VMWare servers. This is a secure way to manage the devices because all traffic goes through an encrypted tunnel and beyond the SSH service itself you are not interacting with any other internal services.

Remote VMWare server access requires two SSH tunnels, an HTTPS tunnel (typically port 443) and a console tunnel (typically port 902). Below is a small script that you can use to create these tunnels from Linux, OSX or any other *NIX operating system.

Copy and paste the following text into a file named vmware-manage.sh:

#! /bin/sh

# The local I.P. address for the tunnel endpoint
LOCAL_IP=192.168.1.1

# The SSH connection details
SSH_USER=sshuser
SSH_HOST=ssh.host.com
SSH_PORT=62222

# VMWare server configuration
VMWARE_IP=$2
VMWARE_WEB_PORT=443
VMWARE_CONSOLE_PORT=902

echo "Managing VMWare server at $VMWARE_IP"
echo "Accessible via $LOCAL_IP:$VMWARE_WEB_PORT"
echo "Press CTRL+C to close"

case "$1" in
console)
sudo ssh -N -L $LOCAL_IP:$VMWARE_CONSOLE_PORT:$VMWARE_IP:$VMWARE_CONSOLE_PORT $SSH_USER@$SSH_HOST -p $SSH_PORT
;;
web)
sudo ssh -N -L $LOCAL_IP:$VMWARE_WEB_PORT:$VMWARE_IP:$VMWARE_WEB_PORT $SSH_USER@$SSH_HOST -p $SSH_PORT
;;
esac

At the top of the file edit the LOCAL_IP, SSH_USER, SSH_HOST and SSH_PORT variables to suit your specific setup.

  • LOCAL_IP - Typically your desktop's I.P. address (or 127.0.0.1).
  • SSH_USER - The SSH user account to log in with.
  • SSH_HOST - The hostname with the accessible SSH service.
  • SSH_PORT - The port SSH is running on. For security run SSH on a non-standard port if facing the Internet (i.e. not 22).

Now flag this file as being executable:

chmod a+x vmware-manage.sh

To manage a VMWare server with an internal I.P. address of 10.1.1.5 run the following command:

./vmware-manage.sh web 10.1.1.5

You will be prompted for your local password (for sudo access) and the SSH password.

Once created open a second console and create the second tunnel for console access:

./vmware-manage.sh console 10.1.1.5

You should no be able to access your VMWare server at https://192.168.1.1 (i.e. the LOCAL_IP address value). Or if you are using the VI Client enter 192.168.1.1 as the server address.

Once you have finished managing your system you can close the tunnels by pressing CTRL+C.

 

Transparent Squid Authentication to eDirectory

This post explains how to setup a Squid HTTP proxy to transparently authenticate users against a Novell eDirectory. In the Novell eco-system Border Manager is the venerable choice for an internal firewall and proxy but it is showing its age. This guide is based on this Novell Cool Solution. Unlike Border Manager, which requires the CLNTRUST client-side tool, the setup described works without the need for any desktop client software.

How it works

Within a Novell managed network the eDirectory stores authenticated user's I.P. addresses. Squid performs an LDAP search against eDirectory using the incoming I.P. address of the client. If successful the authenticated username is returned and a proxy session established. If the search comes up empty Squid prompts the client to manually enter their credentials for authentication against the eDirectory. If this too fails the proxy request is denied.

eDirectory 8.8 incompatability

This solution currently only works with eDirectory < 8.8 because Novell has slightly changed the format they store network addresses in newer versions. At the time of writing I have not been able to test against eDirectory 8.8 so I cannot determine the required code changes or test results. Hopefully in the near future this situation will change.

Squid's external_acl_type option

Transparent authentication is made possible thanks to Squid's external_acl_type configuration option. This allows external identities and groups to be identified via any external script. Once Squid is installed setting up transparent eDirectory authentication is a two step process:

  1. Create and tweak the squid_edir_iplookup.pl file.
  2. Edit the squid.conf configuration file

VMWare Server 2 finally goes gold

On September 23 after a year of public development VMWare Server 2.0 was officially released. Server is VMWare's free, entry-level, server-centric hypervisor. Unlike VMWare's other server virtualisation products ESX and ESXi, Server must be pre-installed onto a host operating system (Windows or Linux). This adds a management and performance overhead, which for some is incentive enough to choose VMWare's more costlier offerings (or explore Xen). However if you are looking to easily virtualise a handful of servers and do not mind a small performance hit, VMWare Server is a great place to begin.

In comparison to VMWare Server 1 (a.k.a GSX) this new release appears to be a complete rewrite. However when first announced the new version received a mixed response as many existing users viewed it as slow, bloated and buggy compared to its predecessor. Ignoring the bugs which come with any beta-quality code, the majority of this criticism fell into two areas: the new web-based management console and a 500MB+ download (up from ~100MB).

Web-centric virtualisation management

Without a doubt the most controversial aspect of VMWare Server 2 is its focus on a web-based management console. In the previous release management was primarily conducted through a Windows-only client with a token web interface provided to view what was running. This new interface enables all of the hypervisor's functionality to be managed and monitored from any modern, Javascript-enabled browser. The only cavet being that virtual machine console access requires an ActiveX or Firefox extension (Windows/Linux only). Process-wise this is a little disjointed as a browser restart is needed when this extension is first installed. Whilst not a major problem this two-step process does take the shine from being able to manage your virtual infrastructure from 'any' computer.

As an aside given the variety of Java-based SSH, VNC and remote client applets it is a little surprising to see VMWare go the ActiveX/Firefox extension route. Whilst I have not tried the ActiveX control, the Firefox extension is large and feels sluggish when running in both Windows and Linux. Still the ability to setup and manage VMWare from something other than Windows is a definite bonus. However as an OSX user it would be nice to see VMWare management support on this platform as well.

Pages