Mark S. Kolich

Clok: A new way to view time

2010-01-21T01:45:00Z

Clok is a "very fuzzy" world-clock I built, modeled after Caskey Dickson's idea and Java Clok implementation. Clok is not built to give you the exact time in every time zone; for that, get another, more accurate, world clock. Instead, my version of Clok is used to help me answer basic time related questions, like:

Several of my co-workers are based in London; can I email them at the office, or are they at home?
I need to call my girlfriend, but she's in Manila visiting family. Is it daytime there?
Some interesting world news just broke in Dubai; roughly what time is there?

These questions are all a slight variation of the timeless (no pun intended), "what time is it?" The latest version of Clok can be found at http://clok.koli.ch.

1 - How Do I Read this Clok?

Each column represents a single hour, in a 24-hour day. Each hour is color coded, according to the various pieces, or periods, of a typical day. As explained here, "sleeping is obviously the least productive and so that is represented in black. The morning is the time between sleeping and lunch, lunch is a time of recovery and planning for the rest of the day. Then there is the afternoon, which for many is the time when the majority of their work gets done. Finally comes evening, which is personal time, time spent with family, or time taking care of those responsibilities that have to do with running our lives and not earning a paycheck." The colors of each hour in the day directly correspond to these periods.

Each row is a different time zone, modeled after this list on Wikipedia. And finally, the red line is the approximate current time in that time zone.

Clok automatically updates itself every minute while open; no browser refresh is required.

2 - The User Interface

You may have noticed that when you mouseover each row on the Clok, four tiny buttons appear on the far right of each time zone. These represent the various modes: H for human, K for hacker/developer/coder, S for server, and R for raccoon (nocturnal). When clicked, these buttons change the mode of Clok. If you're a relatively normal individual with decent sleeping habits, you will find Human mode most useful. If you, or a friend across the world participates in a more nocturnal lifestyle, then you might enjoy Raccoon mode.

If you find the time zone annotations annoying, and would like to hide them, click anywhere in the orange header bar and the name/UTC ID of each time zone should disappear.

3 - Technical Details

My version of Clok is pure CSS, JavaScript, and PHP (no Flash!). When the DOM is ready, AJAX is used behind the scenes to call a PHP controller on the server, which actually does the work of computing the time in every requested time zone. This controller returns a block of JSON that maps a time zone to the position of its red "current time" bar. The JavaScript loops over these JSON objects in the response, and uses jQuery to move (animate) the red bars into position. To stay current, an interval fires once every 60,000 ms (1 minute) which triggers Clok to refresh itself.

4 - Where Can I Find this Clok?

Try http://clok.koli.ch.

Enjoy.

Java: JumpToLine, Jump or Seek to a Line in a File

2010-01-18T20:13:00Z

Seeking to a line number in a text file isn't too hard to implement in Java if you use a few common and trusted API's like Apache's Commons I/O library. Recently I needed some Java that could automatically seek to a given line in a file and then remember the line number of the last line read. The next time I open the log reader, it should automatically seek itself to the last line read, and let me read any subsequent lines added by another user or process. This is perfect for log file monitoring: the first invocation of the reader would read lines 1 through X and the next invocation would read lines X+1 through Y, and so on. Using Apache's Commons I/O API, this isn't difficult at all. You may or may not know that the Commons I/O API contains a very convenient LineIterator class, which lets the developer iterate over lines in a file using a Reader.

With that in mind, meet JumpToLine, a somewhat hackish class I wrote that wraps Apache's Commons I/O LineIterator in a way that lets you seek ahead to a specific line in a file, and is smart enough to remember the last line read (so that you don't read the same line twice).]]> Example #1

Here's how you might use JumpToLine to seek to line 10 in mylog.log, then read that line and every line after it:

final JumpToLine jtl = new JumpToLine(new File("mylog.log"));

try {
  // Open the underlying reader and LineIterator.
  jtl.open();
  // Seek to line 10; will throw a NoSuchElementException if
  // out of range.
  jtl.seek(10);
  // While there are any lines after and including line 10,
  // read them.
  while(jtl.hasNext()) {
    final String line = jtl.readLine();
    System.out.println(line);
  }
} catch (Exception e) {
  e.printStackTrace(System.err);
} finally {
  // Close the underlying reader and LineIterator.
  jtl.close();
}

Example #2

Here's how you might use JumpToLine to seek to the last line read in mylog.log, and then read any subsequent lines added to the file since it was last read:

final JumpToLine jtl = new JumpToLine(new File("mylog.log"));

try {
  // Open the underlying reader and LineIterator.
  jtl.open();
  // Seek to the last line read since we last tried to
  // read any lines from this file.
  jtl.seek();
  // While there are any more lines to read from the last
  // line read position, then read them.
  while(jtl.hasNext()) {
    final String line = jtl.readLine();
    System.out.println(line);
  }
  // For grins, what is the last line number we read?
  System.out.println("Last line number read: " +
      jtl.getLastLineRead());
} catch (Exception e) {
  e.printStackTrace(System.err);
} finally {
  // Close the underlying reader and LineIterator.
  jtl.close();
}

Download JumpToLine here. Note that JumpToLine is dependent on Apache's Commons I/O API which you can download here.

Happy New Year's

2009-12-31T15:55:00Z

Last year I wrote up a quick blog post to ring in the New Year, highlighting some of my accomplishments and failures of 2008. In that spirit, keeping the tradition alive, here's my 2009 in a nutshell:

I kicked off 2009 figuring out how to block Trackback Spam, and wrote up an opinionated piece re: why I dislike and therefore don't use, Facebook. MyCougarLand.com failed to update their DNS records, which generated a lot of traffic (not the kind you would expect) to my blog. In late January, I discovered that I own a bottle of wine from a convicted felon. Ala February, I joined Twitter, and heard that Network Solutions featured my WHOIS Firefox Plugin on their homepage. I bought a new battery backup UPS for my home data center, after a little physics exercise to discover the exact type of UPS I needed. I launched kolich.cc, but then later built and released Onyx. With summer approaching, I made my own solar shield out of cardboard and tinfoil while thinking up ten awesome .htaccess hacks for Movable Type. Continuing the awesomeness, I launched a mobile version of my blog at kolich.mobi for all of my readers on mobile devices. Like any good year, a few of my systems crashed, then recovered but I had fun with HP LaserJet printers at the office. I registered kolich.tel, went green for Iran, and figured out how to include base-64 encoded binary data in CSS. And, of course, I released Gagawa PHP 1.2 before hiking Mount San Gorgonio in the San Bernardino National Forest, but not before I wasted several days at the office on a stupid bug. I registered koli.ch (thank you Network Solutions!), and gave hot linkers a nice big 5000x5000px animated GIF to chew on. And to cap it all off, I blew the whistle on Twitter (they're spying on us) and then dove into some C++ to discover how Windows UAC works, which by the way, reminded me how much I hate Windows.

2009, the end.

Experimenting with More Domains, and Fun with Http 302 Found

2009-12-29T00:10:00Z

My somewhat narcissistic obsession with domain names involving my last name has recently driven me to purchase markkolich.com. The saga leading up to this acquisition started when I snagged koli.ch, and saw my ranking in a few search engine results absolutely plummet. I kicked off my own investigation and realized that Google doesn't seem to understand a custom domain hack of my last name. For the record, Yahoo! does. I suppose that's one thing Yahoo! actually does better than Google: properly interpreting domain hacks and other URL trickery.

In any event, I setup the markkolich.com VirtualHost to redirect to mark.koli.ch via a 302 Found. It seems that when Google and Yahoo encounter an HTTP 302 Found, they gracefully redirect their spiders to the destination but maintain the redirector's address. For example, this URL https://onyx.koli.ch/x2fr redirects to http://plugins.jquery.com/project/Timer using a 302 Found. When spiders encounter https://onyx.koli.ch/x2fr they are forwarded to the destination, but add http://plugins.jquery.com/project/Timer under https://onyx.koli.ch/x2fr to their index. In other words, the jQuery Timer plugin page will be listed under the URL https://onyx.koli.ch/x2fr in the search results! Interestingly enough, HTTP 301 Moved Permanently does not exhibit this behavior.

For the time being, I'm going to see how the new domain stacks up against koli.ch. My expectation is that spiders will index markkolich.com, see a 302 Found, and add it to their index as is without worrying about the destination address.

Stay tuned.

A Better Way to Include JavaScript and CSS in your Web-Apps (Break Proxy and Browser Caching too!)

2009-12-23T02:30:00Z

Most web-apps include a number of JavaScript and CSS files, that in most cases, need to be included/sourced on every page of the application. Doing so can bring up a few, while trivial, often annoying problems:

Dependencies between scripts. For example, if you attempt to use a jQuery plugin before the base jQuery library has loaded into the browser you'll obviously see an error. Working out these dependencies before hand can save you a few headaches.
Web-browsers and web-proxies cache your JavaScript and CSS files too often. I can't count the number of times on two hands when I made a small change to a JavaScript file, saved the change, refreshed my browser, and .... nothing. The web-browser didn't load the changed file; instead, it loaded the JavaScript from cache. Using a mechanism to always force the web-browser or web-proxy to reload your JavaScript and CSS can save you time.

Meet Gagawa, an open source object-oriented HTML generation engine written in Java and PHP. You probably wouldn't build an entire site with Gagawa, but it's absolutely perfect for small HTML tasks, like solving this irritating dependency and caching problem.]]> Using Gagawa PHP, problem solved:


require_once("gagawa.php");

$js = array(
  // The base jQuery library, needed by all other
  // jQuery plugins and your jQuery code.
  "/js/jquery-1.3.2.min.js",

  // jQuery plugins; jQuery base needs to be loaded
  // before you source these.
  "/js/jquery.ui.min.js",
  "/js/jquery.hotkeys.min.js",

  // Some other, unrelated JavaScript library like
  // underscore JS.
  "/js/underscore.min.js",

  // Your JavaScript, with dependencies on jQuery, the
  // jQuery plugins and Underscore JS, should be loaded
  // last.
  "/js/yourjs.min.js"
  );

$css = array(
  "/css/othercss.min.css",
  "/css/yourcss.css"
  );

// Build  for each JavaScript
// we need, in order. Use time() to break browser
// caching.
foreach ($js as $url) {
  $script = new Script("text/javascript");
  echo $script->setSrc($url."?".time())->write();
  }

// Build  for each CSS file we need,
// in order.  Use time() to break browser caching.
foreach ($css as $url) {
  $link = new Link();
  $link->setHref($url."?".time())->setRel("stylesheet")->setType("text/css");
  echo $link->write();
  }

?>

This code snippet generates some solid output that fits nicely into the of your HTML:

Note that each JavaScript and CSS file is loaded and added to your HTML, in order as desired, eliminating any stray dependency issues. Also, note that I'm appending "?" and the current Epoch timestamp to the end of the JavaScript source URL, and CSS Href. PHP's time() function works nicely here because I'll get a different timestamp on each page load. And as far as the browser (or a web-proxy) is concerned, "/js/yourjs.min.js?1261534594" is different than "/js/yourjs.min.js?1234567890" and will be treated as such. With this mechanism, every time you refresh the page, the browser will be forced to reload and reevaluate your scripts. Say goodbye to browsers caching and not recognizing your changes!

You can download the latest version of Gagawa at http://code.google.com/p/gagawa/downloads/list. Also, if you're interested, other Gagawa examples can be found on the Gagawa homepage.

If you're looking for a real, live, example of this technique in action check out Onyx.

Merry Christmas.

Writing Your Own Animation Loop with javax.swing.Timer

2009-12-20T20:55:00Z

In the last week or so, while working on some Java Swing code for a project at work, I hit Swing bug #4480705. When the user clicked a button to start an "activation", I changed the ImageIcon on a JButton to an animated GIF to indicate activity (e.g., "we're doing something, please wait"). So, while the application was busy, I disabled the JButton and set its ImageIcon to an animated spinner. Loading this animated GIF and setting it on the JButton using setIcon() caused the Java Swing EventQueue threads to deadlock, as described here, and my entire application hung. Well technically speaking, not the entire application, but just the Swing portion of the JVM. Clearly, Swing doesn't like animated GIF's as much as the Sun documentation claims.

The solution to this deadlock is to avoid using animated GIF's all together, and write your own animate loop using javax.swing.Timer. That's exactly what I did, and it works great.

For your viewing pleasure, I wrote up a quick demo/example (see Beavis and Butthead screencap) which demonstrates the use of javax.swing.Timer and how you can integrate it into your Swing application.

Download just the source, or the full Eclipse project.

Rock on.

UAC Prompt From Java: CreateProcess error=740, The requested operation requires elevation (ShellExecuteEx Runas Example)

2009-12-18T17:35:00Z

I just finished an absolutely monstrous project at work that involved quite a bit of Java and a little Visual C++. The latter part of this project involved writing some VC++ that interactively upgraded a piece of Java based software installed on a PC. This sounds relatively mundane, but frankly, it wasn't. I ended up spending almost of week of engineering effort, writing code that gracefully understands how to deal with Window's User Account Control (UAC). If you're not familiar with UAC, it's that incredibly annoying security mechanism in Vista, and Win7, that prompts the user for confirmation if a piece of software attempts to make any changes to a protected location on the computer. I appreciate what Microsoft was trying to accomplish with UAC, but it couldn't be more painful for a developer to work with. Not to mention I couldn't find any decent documentation from Microsoft that discussed how to properly integrate your software with UAC. I found a lot of marketing type documents and other nonsense through MSDN, and eventually gave up in disgust. All I wanted was a simple document, ideally one titled "this is how to open a UAC prompt in your application."

In the end, I figured out how to deal with UAC by studying the source code of the Mozilla Firefox Updater (knowing that Firefox is open-source, so I can look at its code, and it always seems to update itself just fine on my development Win 7 and Vista boxes). This post is an attempt to document how I built an application that understands, and gracefully handles UAC.
]]> can't do any of these things without elevating itself to an Administrator, or privileged user. Your application running as a normal user, must programmatically elevate itself to an Administrator before it has permission to run these privileged operations. Your application needs to trigger Windows to display a UAC prompt. Welcome to the painful world of Windows User Account Control.

Here are several important points to remember about UAC (things I learned the hard way):

Unprivileged applications running as normal users, cannot simply fork another process to trigger a UAC prompt. Even if the "requestedExecutionLevel" of your application manifest is "requireAdministrator". Using _spawnv(), exec(), etc. with a binary that has "requireAdministrator" set in its manifest will NOT work. For example, a Java app running as a normal user cannot spawn a process with privileged access; even in the process Java is trying to spawn has the correct "requireAdministrator" manifest property.
A unprivileged application can only trigger a UAC prompt using the ShellExecute or ShellExecuteEx shell functions, provided via shell32.lib.
Setting requireAdministrator in your application manifest only appears to open a UAC prompt when a user double clicks on your executable in Windows Explorer.

1 - The Application Manifest

Several resources claim you can trigger a UAC by simply inserting an application manifest into the assembly of your application binary. An application manifest that triggers a UAC looks something like this:


         name="yourapp.exe" type="win32">
  
  Some Application Description
  
    
               name="Microsoft.Windows.Common-Controls"
         version="6.0.0.0" processorArchitecture="*"
         publicKeyToken="6595b64144ccf1df" language="*" />
    
  
  
    
      
                    uiAccess="false">

Note the "level=requireAdministrator" attribute in this XML that I alluded to earlier. This works, but only when the user double-clicks your executable, or launches it from the Start Menu. This is hardly sufficient for an application that needs to become an Administrator when updating itself. You'll need something more.

2 - Basic UAC Flow

Ok, so before you dig into it, I thought it might be helpful to explain the basic flow of a UAC aware application and how everything fits together. Normally, your application runs as an unprivileged user. But, sometimes it needs to be an Administrator (to do whatever). So, here's the basic idea, in pseudo code:

int main (int argc, char **argv) {

  HRESULT operation = tryToDoSomethingPrivileged();

  if (operation == ACCESS_DENIED && !alreadyElevated) {

    // Spawn a copy of ourselves, via ShellExecuteEx().
    // The "runas" verb is important because that's what
    // internally triggers Windows to open up a UAC prompt.
    HANDLE child = ShellExecuteEx(argc, argv, "runas");

    if (child) {
      // User accepted UAC prompt (gave permission).
      // The unprivileged parent should wait for
      // the privileged child to finish.
      WaitForSingleObject(child, INFINITE);
      CloseHandle(pid);
    }
    else {
      // User rejected UAC prompt.
      return FAILURE;
    }

    return SUCCESS;

  }
  
  return SUCCESS;  

}

On Windows XP, or other versions of Windows with UAC disabled, note that the user will simply run right through the code fragment without any prompt. However, if UAC is enabled, the privileged operation will be rejected meaning the application needs to spawn a copy of itself using ShellExecuteEx.

Here's a quick code snippet showing the usage of ShellExecuteEx to open a UAC prompt:

SHELLEXECUTEINFO sinfo;
memset(&sinfo, 0, sizeof(SHELLEXECUTEINFO));
sinfo.cbSize       = sizeof(SHELLEXECUTEINFO);
sinfo.fMask        = SEE_MASK_FLAG_DDEWAIT |
	               SEE_MASK_NOCLOSEPROCESS;
sinfo.hwnd         = NULL;
sinfo.lpFile       = argv[0];
sinfo.lpParameters = spawnCmdLine;
sinfo.lpVerb       = L"runas"; // <<-- this is what makes a UAC prompt show up
sinfo.nShow        = SW_SHOWMAXIMIZED;

// The only way to get a UAC prompt to show up
// is by calling ShellExecuteEx() with the correct
// SHELLEXECUTEINFO struct.  Non privlidged applications
// cannot open/start a UAC prompt by simply spawning
// a process that has the correct XML manifest.
BOOL result = ShellExecuteEx(&sinfo);

Note the "runas" lpVerb in the SHELLEXECUTEINFO struct; this is the verb that triggers windows to "shell execute" your application via UAC.

3 - An Example

I whipped up a quick yet complete UAC example in Visual C++. You can download the entire VC++ project here. Or, download just the pre-compiled release binary if you want to experiment. Or, perhaps you'd prefer just the CPP source code. My VC++ example code was built using Visual C++ 2008 Express Edition, which you can download for free here.

The UAC demo, aptly named "uac-example", should be run from a command prompt with a single argument:

C:\> uac-example.exe

My UAC example works by attempting to create an empty file in the working directory specified by the command line argument. If the working directory happens to be a Windows protected location on the file system, like "C:\Program Files", the example app will initially fail to create this empty file. In that case, it will re-spawn a copy of itself via a UAC prompt and try again as an Administrator. If the app successfully created the file when elevated, you will see the following success message:

If you reject the UAC prompt (clicked Deny), you'll see this:

If your working directory isn't a Windows protected directory, like %APPDATA% or your Desktop, you'll immediately see this without a UAC prompt:

Here are some example working directories you might like to try:

C:\> uac-example.exe "C:\Program Files"
C:\> uac-example.exe "%APPDATA%"
C:\> uac-example.exe .

Please note that if you're using a UAC capable computer, but UAC is turned off, no matter what directory you give to my example app it will always say "Worked (no UAC required)!" This is obviously because if UAC is turned off, Windows isn't actively protecting any locations on the file system, so any running process can pretty much do whatever it wants.

4 - Opening a UAC Prompt From Java

If you need to open a UAC prompt from Java, you should know that there is no way to do so without writing your own native app. Your Java code should call your UAC enabled native app to do "whatever it needs to do" in a privileged mode. Here's an example using my uac-example app with Java's ProcessBuilder:

import java.io.File;
import java.util.ArrayList;
import java.util.List;

public class UACTester {
  
  private static final String UAC_EXAMPLE_EXE = "uac-example.exe";

  public static void main(String[] args) {

    final File uacExample = new File(UAC_EXAMPLE_EXE);
    File workingDir;
    
    try {
      workingDir = new File(args[0]);
    } catch ( Exception e ) {
      workingDir = new File(".");
    }
    
    try {
      // Build the command list to be given to the ProcessBuilder
      final List cmdArgs = new ArrayList();
      cmdArgs.add(uacExample.getAbsolutePath());
      cmdArgs.add(workingDir.getAbsolutePath());

      // Create a process, and start it.
      final ProcessBuilder p = new ProcessBuilder(cmdArgs);
      p.directory(new File("."));
      p.start();
    } catch (Throwable t) {
      t.printStackTrace(System.out);
    }
    
  }

}

Note that if your Java app attempts to spawn a process as an Administrator, you'll most likely see an exception like this:

CreateProcess error=740, The requested operation requires elevation
...

If the argument given to my sample Java app is a UAC protected directory, the native executable it calls will need to open a UAC prompt.

Yea.

5 - Links and Other Resources

Here are a few links and other resources I gathered while writing this blog post and integrating UAC support into a project at work:

That's it! Hope this helps someone else out there struggling with UAC.

SEO: Contemplating ccTLD's vs. Traditional Dot-Com Domains

2009-12-01T07:13:00Z

You're reading this blog, so you may have noticed that I'm operating under mark.koli.ch; a domain hack of my name using the .ch Swiss ccTLD. The previously retired kolich.com sits idle, serving up HTTP 410 Gone's when appropriate. Interestingly enough, however, since making the switch to koli.ch I've noticed a significant drop-off of in traffic to my blog. I suspect that the switch to a non-traditional ccTLD, like .ch, is to blame. Since the switch to a dot-ch domain incoming traffic to my blog, directly from Google, has fallen off significantly. It seems that Google's ranking algorithms consider dot-com domains "more valuable" or relevant, than sites hosted under various ccTLD's. Equally annoying is that Google, and even Yahoo, fail to properly understand my koli.ch domain hack at all. In other words, when someone issues a search for "kolich blog", Google and Yahoo fail to properly interpret "koli.ch" as "kolich". Therefore, search results with "kolich" as a whole-word in the URL appear higher in the search results than others with "koli.ch". Google must understand some domain-hacks though, given that they seem to recgonize "del.icio.us" as "delicious" in their search results. I'm still wondering how to tell Google that "koli.ch" should be interpreted as "kolich", a whole word.

It's funny though because I've often criticized and poked fun at folks touting various SEO (search engine optimization) techniques. My opinion has been that as long as you build a great site, with decent information on it, "they" (visitors) will come. I still live by that mantra but it's clear to me now that Google, and other search engines, really do pay careful attention to your domain. Even so, I have no plans to switch back to kolich.com, but if you are considering a switch to a domain hack like mark.koli.ch you should expect or at least be aware of the changes this move might bring to your page rank in various search results.

Apache Tip: Deny TRACE and TRACK Requests with mod_rewrite

2009-11-14T18:41:46Z

It's long been rumored that exposing the HTTP TRACE and TRACK methods on your web-server can open the door to a number of miscellaneous vulnerabilities, including cookie thefts and other cross-site tracing attacks. Many resources out there claim you should configure you web-server to flat-out reject TRACE and TRACK requests, and I agree with them. Generally speaking, there's really no good need (that I've found) that would require or make use of TRACE or TRACK. With that said, if you're running Apache, it's fairly easy to reject TRACE and TRACK using mod_rewrite:

RewriteCond %{REQUEST_METHOD} ^TRACE [NC,OR]
RewriteCond %{REQUEST_METHOD} ^TRACK [NC]
RewriteRule ^/(.*)$ - [F,L]

You can prove to yourself that this works, by using a tool like curl to issue an HTTP TRACE and TRACK to your newly secured web-server. Use the -X option with curl to specify the HTTP request type:

#/> curl -v -A "Curl" -X TRACE mark.koli.ch
* About to connect() to mark.koli.ch port 80 (#0)
*   Trying 24.130.215.240... connected
* Connected to mark.koli.ch (24.130.215.240) port 80 (#0)
> TRACE / HTTP/1.1
> User-Agent: Curl
> Host: mark.koli.ch
> Accept: */*
>
< HTTP/1.1 403 Forbidden
< Date: Sat, 14 Nov 2009 18:53:06 GMT
< Server: Apache
< Content-Length: 202
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
<


403 Forbidden

Forbidden

You don't have permission to access /
on this server.


* Closing connection #0

Yep, works nicely. One thing that slightly annoys me though is that the HTTP OPTIONS method still reports that my server supports TRACE, even though I clearly don't anymore. A quick Google search reports that many other folks have had the same concern, with no clear resolution.

The Twitter Abacus: Silently Logging Every Link You Click On (twitter.com/abacus)

2009-11-13T23:27:00Z

This afternoon, I was using the HttpFox Firefox extension to analyze some web-traffic for a work related project. With HttpFox still running in the background (I forgot I left it running), I opened another tab and navigated over to my Twitter page to check out a few things. I clicked a few links, replied to a few folks, etc. Switching back to my work project, I closed Twitter and re-opened HttpFox. Well well well, what do we have here. I discovered that Twitter silently rolled out some JavaScript that actively tracks every link I click on. Any link, in any Tweet, that you click on is silently reported back to Twitter behind the scenes. Looking at the output of HttpFox pretty much proves it:

Looks like twitter.com/abacus is some type of web-service used by Twitter to log what links we're all clicking on. I'm curious why Twitter cares what links we're clicking on.

BTW, Twitter, if you're reading this, the HTTP Content-Type in your responses from /abacus are incorrect. You're phoning home by creating a new Image() in your core JavaScript like so:

(new Image()).src="/abacus?"+$.param(A);

But your Content-Type from this request is text/html, which could cause problems in a few browsers. If you're going to use an Image(), the returned Content-Type from your /abacus web-service should be that of an image: image/jpeg, image/png, image/gif, etc.

Cheers.

Rediscovering HTTP 410 Gone

2009-11-11T05:47:00Z

This evening, I accomplished another important milestone in the kolich.com migration process. Since acquiring koli.ch, I've been slowly migrating my blog and all of its resources to my new online home under mark.koli.ch. This migration began back in September 2009, as I aptly described here and here. Only problem is, I still see a ton of bots and other users requesting resources under kolich.com, even though as far as I'm concerned, it's shut down and there's nothing to see there.

For a month or so, I've been gracefully redirecting traffic with an HTTP 301 Moved Permanently. Even so, it appears that Google and other crawlers are still hitting kolich.com looking for stuff that simply doesn't exist there anymore, even though I've been telling them for a solid month to "go look somewhere else." Time to pull out the big guns. A quick flip through my handy copy of RFC 2616, that's the HTTP 1.1 spec, lead me to rediscover HTTP 410 Gone. If you haven't met HTTP 410, it's the forgotten step child of HTTP 404 Not Found. As described here, "Error 410 means 'Resource gone', as in, a resource used to exist at this location, but now it's gone. Not only is it gone, but I don't know (or I don't want to tell you) where it went. If I knew where it went, and I wanted to tell you, I would use error 301 ('Permanent redirect') and any smart client would simply redirect to the new address. But 410 means 'Resource gone, no forwarding address'. Train gone sorry."

Looks great, that's exactly what I need. Time to serve up some 410's. I configured my local mark.kolich.com Apache 2.2.3 virtual host with mod_rewrite to return an HTTP 410 Gone for most resources:

RewriteCond %{REQUEST_URI} !\.(html?)$ [NC]
RewriteCond %{REQUEST_URI} !^/$ [NC]
RewriteRule ^/(.*)$ - [G,L]

Note the [G,L] on the RewriteRule directive. G, meaning Gone, and L meaning the last rule in the chain to apply to this request. In this case, any request for a resource that doesn't end in .html (or .htm) and isn't aimed at the server root, I immediately respond with an HTTP 410 Gone. Here's a nice example. I'm handling HTML pages a little differently. Requests for an actual blog entry itself (a resource that ends in .html), are caught an handled a little more gracefully as shown here. I haven't yet decided when to phase out this graceful catch.

In any event, let's see if an HTTP 410 gets the attention of those pesky crawlers and RSS feed readers. To be continued ...

Let Movable Type Generate Your XML Sitemap with a Custom Index Template

2009-11-07T08:45:00Z

Many sites are moving towards dynamic XML sitemaps. These sitemaps let you tell Google, Yahoo, Bing, and Ask.com which pages on your site they should index, how often, and when they were last modified. You can even assign a priority to each page in the sitemap, which serves as an indication of how important a specific page is in relation to others.

The sitemap protocol is well defined here at sitemaps.org.

Yesterday, I configured Movable Type, my blog publishing platform, to automatically generate my own sitemap.xml when I publish a new page or blog entry. I added a custom Movable Type Index Template that would automatically generate a complete sitemap.xml for me, and place it under the root of my blog at http://mark.koli.ch/sitemap.xml.

1- My Sitemap XML Index Template

My custom sitemap XML Index Template is relatively straightforward. In my Movable Type control panel, I clicked "Create index template" on the Blog Templates screen. I named my template "XML Sitemap" and used the following configuration:

"?>



 
  <$mt:BlogURL encode_xml="1"$>
  
    
      <$mt:EntryModifiedDate utc="1" format="%Y-%m-%dT%H:%M:%S+00:00"$>
    
  
  weekly
  1.0
 



 
  <$mt:PagePermalink$>
  
  0.8
 




 
  <$mt:EntryPermalink encode_xml="1"$>
  <$mt:EntryDate utc="1" format="%Y-%m-%dT%H:%M:%S+00:00"$>
  never
  0.6
 




 
  
  0.4
  never

Using the sitemap XML protocol defined at sitemaps.org, I configured this template to include my blog root, all pages, all entries, and all archives in the sitemap. I assigned a higher priority to my blog root and individual pages versus the entries and archives. Note that I also omitted the tag under each "page", because I have no idea how often those pages will actually change. Also, I intentionally omitted the tag under each archive page, since again, there's not point in defining the last modified date on an archive.

Of course, you're free to change this template as you see fit as long as it adheres to the sitemap standard.

2- Submit Your Sitemap XML (Submission URL's)

Once you publish your sitemap with Movable Type, you'll probably want to alert Google, Bing, Yahoo and Ask.com that you've got a new sitemap.xml available for your blog. As described here in the sitemap protocol, you can "ping" these web crawlers to alert them of the change. To do so, copy and paste these URL's into a web-browser, and replace with the full URL to your new sitemap:

http://www.google.com/ping?sitemap=
http://search.yahooapis.com/SiteExplorerService/V1/ping?sitemap=
http://submissions.ask.com/ping?sitemap=
http://www.bing.com/webmaster/ping.aspx?siteMap=

Example:

http://www.google.com/ping?sitemap=http://mark.koli.ch/sitemap.xml

On each submission, you should see some type of successful (HTTP 200 OK) response indicating that your submission was successful. Here's what Google's looked like:

Enjoy!

Onyx (beta)

2009-11-06T20:15:00Z

If you follow me on Twitter, you may have noticed I silently launched Onyx a few weeks ago. In a nutshell, as described on the Onyx homepage ...

"Onyx is a social file management tool I built to help me keep track of, organize, and share my digital archive. While browsing the web, I tend to accumulate a lot of junk; if I like something, I save it. If I see a cool application of some sort, I'll take a screen shot. If I find a cool song, I'll snag it for later. Or, if I have an important document I need to archive, I'll store it. All of this digital content was sitting around in a relatively unorganized and unsearchable set of files and directories on a local file system. Onyx is my solution to this digital content clutter problem. Files and bookmarks uploaded into Onyx can be protected, searched, organized and shared much easier than a set of files and directories on my local disk."

Yep.

Onyx was a chance for me to "cross off" an important task on my digital TODO list that's been hanging over my head for a while: organize and archive all of my digital crap. It also gave me a chance to play with some new technologies I've been wanting to integrate into a real project for quite a while, like jQuery UI's draggable and droppable. I also learned how to base-36 encode numbers for a tiny URL, and solved a very annoying problem using HTTPS with Internet Explorer.

In the last 24-hours, I finished uploading all of my personal, and public, digital content into Onyx which you can browse here from my Onyx home directory. Of course, like any good file management solution, my personal/private files are protected. What you'll see in my home directory are files and folders I've allowed the public to view.

For the curious software engineer, Onyx is written entirely in PHP running on Apache 2.2.3. I'm also using a clever little mod_rewrite hack in Apache to drop the .php on each Onyx URL. Dropping the .php makes my URL's look a little cleaner; hipster Django and RoR can suck on that one. You may also ask why I named this project "Onyx". As described here on Wikipedia, Onyx is a type of colorful layered quartz which contains bands of almost every color. This colorful layering reminded me of the layered structure of a file system: files, folders, bookmarks, etc. all mashed together. Hence, Onyx.

If you'd like to read a little more about my Onyx project, you might find this post interesting. Thoughts and feedback are always welcome.

Rock on.

Google Dashboard Fail, and Blocking Google Tracking Cookies in Firefox

2009-11-06T05:02:00Z

Today, the spoiled elitists at Google announced the release of Google Dashboard. It's a way for you to see, in reasonable detail, what Google knows about you based on the Google services you use. Their blog claims, "in an effort to provide you with greater transparency and control over their own data, we've built the Google Dashboard." Clever.

What's bothersome to me is that I need a Google Account to see what Google supposedly knows about me. Well, what about those cute little .google.com cookies they shove into my browser when I use their search engine? IMHO, Google Dashboard is missing one key feature: the ability to clearly show me what Google knows about me and my web-search history, anonymously, based on the already unique ID tracking numbers in those cookies. Google, why do I need an account to see what you've learned about me based on my "anonymous" web-history?

There's probably only a few realistic explanations for why Google wouldn't let you see this information:

Their cookies aren't actually used for tracking of web-searches and user habits. I suppose this is a possibility.
Or, more likely, analyzing your web-search traffic is where the real bacon is. And, not surprisingly, Google doesn't want to show us the real underlying data their advertising engine uses to show us ads, which is their primary revenue stream. I guess I don't blame them. After all, they are just another public corporation with shareholder responsibilities.

I'm awfully tired of the world bending over and blindly accepting everything Google throws at us as the greatest thing since sliced bread. If you really understand how Google makes their money, you should also try to understand what Google is not showing us, or not telling us, and why.

Blocking Google Cookies in Firefox

For the most part, I've given up on Google. Their web-search is fine, but I don't particularly enjoy the fact that my web-search and browsing history is "anonymously" tracked behind my back. If you'd like to permanently, or temporarily, block Google from inserting their nosy tracking cookies into your browser you can easily do so by setting a "cookie exception" in Firefox (assuming you use Firefox):

Click the Tools menu, and select "Options...".
Click the Privacy tab.
Click the "Exceptions..." button.
In the "Address of web site:" box, enter ".google.com" no quotes and click Block to add the google.com domain to your blocked list.

A few blog readers astutely pointed out that if you block cookies from .google.com, you won't be able to login to any Google services. Yes, I know that. And for the record, I don't use Gmail or any other Google Account that would require me to login on a regular basis. When I need to login to my Google Code account, I temporary unblock .google.com, and login.

Controlling When and Where Java Writes Out its Permgen and Heap to Disk

2009-10-30T17:10:00Z

A blog reader recently contacted me with an interesting question: can you explicitly tell Java when and where to flush its permgen and heap to disk? The answer, based on what I understand about Java and operating system fundamentals, is no.

I can say with much certainty that you can't control where Java saves its heap and permgen (either on disk or in memory). Java itself doesn't know about paging stuff out to disk. It simply asks the operating system for the memory it needs and if the OS can't give it, then either the OS has to fail the request or make room by paging out unused chunks of memory to swap. In other words, Java relies on the host OS to handle this type of stuff.

But what if you're dealing with millions of Java objects on a standard computer and you don't have room to keep all of those objects in physical memory? In this case, your only real option is to write code that manually swaps objects in/out of the disk. Of course, this requires that you implement your own swapping mechanism, which isn't too bad. When your Java application needs a set of objects, it loads what it needs into memory from disk, does some stuff with the objects, then writes them back out to disk.

Meet java.io.Serializable:
http://java.sun.com/javase/6/docs/api/java/io/Serializable.html

Here's an example:

import java.io.ByteArrayOutputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;

public class Dog implements Serializable {

  private static final long serialVersionUID = -4367737315167700936L;

  private String name_;
  private String breed_;
  
  public Dog (String name, String breed) {
    this.name_ = name;
    this.breed_ = breed;
  }
  
  @Override
  public String toString(){
    return String.format("%s:%s", this.name_, this.breed_);
  }
  
  public static void main (String [] args) {
    
    final List dogs = new ArrayList();
    dogs.add( new Dog("Fido", "mutt") );
    dogs.add( new Dog("Clifford", "big red dog") );
    
    ByteArrayOutputStream os = null;
    ObjectOutputStream out = null;
    for( Dog d : dogs ){
      try {

        // To write the dogs out to a file, you'll of course
        // need to use a FileOutputStream instead of a
        // ByteArrayOutputStream
        os = new ByteArrayOutputStream();
        out = new ObjectOutputStream(os);
        out.writeObject(d);
        
        // Print the serialized version of Dog
        final String serialized = os.toString();
        System.out.println(d.toString() + " serialized is: " +
              serialized);
 
      } catch (Exception e) {
        e.printStackTrace(System.err);
      }
      finally {
        closeQuietly(os);
        closeQuietly(out);
      }
    }
    
  }
  
  private static final void closeQuietly(final OutputStream os){
    try {
      os.close();
    } catch (Exception e) {  }
  }
  
}

Each of the objects you wish to save to disk will have to implement java.io.Serializable. This will let you convert a Java object into something that can be written out to disk. From there, you will have to write some type of queue or stack control mechanism that will know when, from where, and how to page these objects in and out of the disk.

Base36 Encoding for Tiny URLs With PHP

2009-10-29T00:15:00Z

While adding permalink and Twitter support to Onyx last week, I realized that PHP can easily convert a number between two arbitrary bases using its built in base_convert function. This was crucial for me because it meant that I could quickly generate a base-36 encoded string from a standard base-10 number:

$tiny = base_convert($key, 10, 36);

As Wikipedia explains, "...the choice of 36 is convenient in that the digits can be represented using the Arabic numerals 0-9 and the Latin letters A-Z. Base 36 is therefore the most compact case-insensitive alphanumeric numeral system using ASCII characters...". Not to mention, it's the highest radix most languages support by default.

I built Onyx to maintain a list of files (as inode's) in a MySQL database table. Luckily, the inode's are stored in this table as auto incrementing BIGINT(20)'s, which are of course, base-10 encoded numbers:

CREATE TABLE files (

  f_inode BIGINT(20) NOT NULL AUTO_INCREMENT,
  ...

  INDEX inode_index ( f_inode ),
  PRIMARY KEY ( f_inode ),
  ...

) TYPE=InnoDB;

Base-36 encoding my inode's is key because this means that I can easily, for example, convert base-10 inode 3,032 into "2c8" base-36 for a tiny URL. From there, it's simply a matter of using the base-36 encoded string in a tiny/shortened permalink URL to refer to the correct file/inode on Onyx. Yes, this is a poor example because I'm only saving 1 character in a supposedly shorter URL ("3032" vs "2c8"). However, this makes a lot more sense with larger base-10 numbers like 105,621,983 which condenses nicely into "1qvufz" base-36. Personally, I'd rather see /1qvufz on the end of a "tiny" URL than /105621983.

Enjoy.

Bundle Java (the JRE) and Launch a Java App with 7zip SFX! ... (Convert Java Apps to an Executable, sort of)

2009-10-27T04:00:00Z

I've been playing around with a lot of installer type stuff recently. I discovered that Mozilla Firefox uses the 7zip SFX install launcher (if that's what you call it?) to kick off the Firefox installation process. I started playing around with 7zip SFX, and realized that you can do some pretty cool stuff with it. In fact, I discovered that you can actually bundle a Java app and the Java Runtime Environment (JRE) into your own little 7zip SFX launcher. Naturally, this means you can write a Java app and then let your users start it by double clicking a native Win32 .exe. And best of all, because your launcher contains the Java Runtime Environment, the user does not have to have a JRE installed on their system to run your application! The launcher extracts the JRE and your app to a temporary directory, then launches it using that freshly extracted JRE.

Continue reading for the details ...]]> 1 - Why Is This Useful

Java is fantastic for its write once, run anywhere methodology. Only problem is, unlike a native Windows app, you need a JVM/JRE to run a Java application. Most vendors who sell software written in Java tell their users or customers that they need to install a JRE first before they can run the app. This makes sense, but it's a slight (err, huge) inconvenience; Sun's Java installer is bulky and often cumbersome. Wouldn't it be nice if you could avoid that forced installation step, and simply ship a supported Java runtime with your Java application? This way, the user simply double clicks an .exe, a launcher extracts a supported JRE, and starts. In short, the user doesn't have to install a JRE at all, but rather the JRE they need is simply extracted to a temporary directory and your application starts using that freshly extracted JRE. Further, when the user exits the application, the temporary JRE directory your app launcher created is automatically cleaned up, and all is well.

Not surprisingly, this is completely doable using 7zip SFX. However, note that if you choose to ship the JRE with your launcher, you can expect your executable to be approximately 16MB larger than it would be without the JRE. IMHO, 16MB is a small price to pay for the added convenience of not having to install another piece of bloated software. Plus you know that the JRE your launcher extracts and starts your application with fully supports your Java app; you don't have to worry about the Java updater updating the JRE on the user's system behind your back which might break your app.

2 - Getting Started

Before you start packaging up your app with 7zip, you'll probably want to download my complete example pack. This ZIP file contains everything you'll need to get started, including a ready to ship JRE (Java 6 Update 16) and an Ant build file. Note that you do not need to install 7zip; I've packed the necessary 7zip.exe to create the archive with the example pack. However, if you want to install 7zip, can download the installer here or from my mirror on Onyx. This sample pack is also an Eclipse project. If you work out of Eclipse, you can import the .project inside of the example pack into your Eclipse IDE.

Or, if you want to see the 7zSD.sfx launcher in action, download the pre-built demo launcher.

3 - Fundamentals

Here's how this all works. 7zip (and other ZIP installer type packages) provide SFX launchers. These launchers are essentially native Windows executables that understand how to extract an archive to a temporary directory, and launch an application (usually another installer). This is how the Mozilla Firefox installer works: when you launch the "installer" the extracting files dialog that opens is actually the 7zip SFX launcher extracting the real "setup.exe" to a temporary directory. Once done, it starts setup.exe to complete the installation process.

In this case, the basic principle is the same, except I'm using the 7zip SFX launcher to extract my application and required JRE components to a temporary directory, and then start it. Producing a native Windows SFX launcher is quite easy; you need to binary concatenate three files together: the SFX launcher, an app.tag configuration file, and a 7zip archive. In Windows, using the copy command, this looks something like:

C:\> copy /b 7zSD.sfx + app.tag + app.7z start.exe

This produces start.exe, a portable native Windows app that contains everything your Java application needs to run in a single executable! When run, start.exe will use 7zSD.sfx to extract the contents of app.7z to a temporary directory, and launch whatever application you've defined in app.tag. Pretty freakin' sweet if I say so myself.

4 - My Sample Java App

My example Java app is very straightforward. Yours will, of course, be more complicated. My sample app simply opens a JOptionPane to display the current "working directory" (where the SFX launcher was started from) and the "temporary directory" (the temp directory where the SFX launcher extracted the JRE and application files to).

package com.kolich.sevenzip.example;

import java.io.File;
import java.io.IOException;

import javax.swing.JFrame;
import javax.swing.JOptionPane;
import javax.swing.SwingUtilities;

public class StartHere {
  
  private File workingDir_;
  private File tempDir_;
  
  public StartHere(File root, File temp){
    this.workingDir_ = root;
    this.tempDir_ = temp;
  }
  
  /**
   * The working directory, where the application was
   * started from.
   * @return
   */
  public File getWorkingDir(){
    return this.workingDir_;
  }
  
  /**
   * The temp directory, where the launcher extracted
   * your app and JRE to on the users' system.
   * @return
   */
  public File getTempDir(){
    return this.tempDir_;
  }

  public static void main(String[] args)
    throws Exception {
    
    File root;
    try {
      root = new File(args[0]);
    } catch ( Exception e ) {
      root = new File(".");
    }
    
    File temp;
    try {
      temp = new File(args[1]);
    } catch ( Exception e ) {
      temp = new File(".");
    }
    
    final StartHere sh = new StartHere(root, temp);    
    Runnable worker = new Runnable() {
        public void run() {
          showMessageDialog(sh);
          System.exit(0);
        }
    };
    SwingUtilities.invokeLater(worker);
    
  }
  
  private static void showMessageDialog(StartHere sh) {
    try {
      JOptionPane.showMessageDialog(new JFrame(),
        "A java app launched by 7zip SFX!\n\n" +
        "My working directory is:\n" +
        sh.getWorkingDir().getCanonicalPath() +
        "\n\nAnd I've been extracted to temp directory:\n" +
        sh.getTempDir().getCanonicalPath() );
    } catch (IOException e) {
      e.printStackTrace( System.err );
    }

  }
  
}

Here's a screen shot:

The Ant build script in my example pack compiles this app and creates app.jar, a runnable JAR file.

5 - The App.tag Configuration File

I'm using the 7zSD.sfx launcher by Oleg Scherbakov at http://7zsfx.solta.ru/en/. There are a ton of configuration options as described here on Oleg's web-site. In the example, my app.tag configuration file is as follows:

;!@Install@!UTF-8!
Title="7ZIP Java Launcher Example"
ExtractDialogText="Extracting ..."
GUIFlags="32"
ExtractTitle="Extracting"
FinishMessage="Application stopped."
RunProgram="launcher\jre\bin\javaw.exe -jar launcher\app.jar \"%%S\" \"%%T\""
;!@InstallEnd@!

There's nothing too complicated about the configuration file. In this example, I'm simply extracting the 7zip file included with the native SFX launcher and starting launcher\jre\bin\javaw.exe, which is the JRE packaged with the launcher (found under launcher\jre in the example pack). The %%S property in the configuration file is the directory that contains the SFX executable (where the user started it from). The %%T property is the temporary directory where the SFX launcher placed the extracted JRE and application files. Note that when the Java application exits, the SFX launcher will automatically delete/cleanup this temporary directory.

This example simply asks 7zSD.sfx to extract and then start launcher\app.jar using launcher\jre\bin\javaw.exe.

6 - The Ant Build File

My ant build file does a few things. First, it compiles the Java app and packages it into a runnable JAR file. From there, it uses 7zip to compress the JRE and the resulting JAR file into app.7z. Finally, it uses Ant's concat task to binary concatenate 7zSD.sfx, app.tag and the app.7z file together. The result is start.exe, a native self-contained Windows executable that contains the JRE and Java app itself!

Note that the JRE is 7zip'ed inside of app.7z. This is how the JRE is shipped/included with the launcher.

You can always manually build the installer package yourself, but why bother if you have an Ant build file ready to do the work for you? When you run the package.7zipexample build target in the example build file, the resulting ready to launch executable can be found at dist\start.exe. Start.exe is your shippable application. Again, no pre-installed Java Runtime Environment required!

7 - Changing the Icons and Version Information

If you use Oleg's 7zSD.sfx launcher as is, you'll notice the icon attached to the resulting .exe is quite poor. In all likelihood, you'll want to replace the icon with one for your application. Doing so is quite easy with Resource Hacker, a freeware utility to view, modify, rename, add, delete and extract resources in 32bit Windows executables and resource files. Detailed instructions on how to replace the icon can be found here on the 7zSD.sfx web-site. Note that you can also use Resource Hacker to edit the version and copyright details included in the resulting executable as shown below.

In summary, it's fairly straightforward to bundle and ship the Java Runtime Environment with your Java application using 7zip SFX. Heck, Sun allows and even tells you how to redistribute the JRE with your applications (just read the LICENSE file provided with any JRE installation). In the near future, I plan on converting Cappuccino, a really simple web-server powered by Restlet, to a 7zip SFX enabled app.

Good luck, and don't hesitate to contact me if you have any questions or concerns. Enjoy!

Internet Explorer Can't Open Files Via HTTPS: Try Removing The Pragma Header

2009-10-23T05:50:00Z

While wrapping up a few bugs on one of my latest projects, Onyx, I encountered one of the most annoying and irritating IE nuisances to date. Let me reiterate my hatred for Internet Explorer. So here's the deal. In PHP, I was serving up a few static files nestled away on the web-server. The user would click a link, my PHP would fopen a file, and send it to the browser. Simple enough, and this worked just fine on HTTP. Then, I moved my new web-application to a production environment under HTTPS. Suddenly, some downloads failed on IE with the following error:

"Internet Explorer cannot download [file] from [server]. Internet Explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later."

Here's a screen shot of the error from IE8:

With a little digging, I tracked down the following support pages on microsoft.com that explain the problem:

http://support.microsoft.com/kb/316431 -- Internet Explorer is unable to open Office documents from an SSL Web site.
http://support.microsoft.com/kb/812935 -- "Internet Explorer Cannot Download" Error Message When You Use an HTTPS URL to Open an Office Document or PDF File

It appears that Internet Explorer gets confused when it sees a Pragma and Cache-Control header together in the same response. And, it has difficulties interpreting these headers properly over HTTPS. As described on microsoft.com, "when Internet Explorer communicates with a secure Web site through SSL, Internet Explorer enforces any no-cache request. If the header or headers are present, Internet Explorer does not cache the file. Consequently, Office cannot open the file." And, when you're using sessions in PHP, the PHP engine automatically by default inserts the Expire, Cache-Control, and Pragma headers in your responses as explained here.

In my case, the solution to this issue was to remove the Pragma header in my HTTP response. In PHP, I forcefully unset the Pragma header with the following code-snippet:

header("Pragma: ");

This successfully clears the Pragma header in my responses, and all is well. With this tweak, IE7 and 8 correctly handle my file downloads.

Reliably Checking Windows Bitness (32-bit or 64-bit) With a Tiny C++ App

2009-10-21T22:04:00Z

I threw myself right into the bitness fire this afternoon, trying to figure out how to reliably determine if a Windows OS is 32-bit or native 64-bit. I tried all sorts of things, everything from a VB Script, to a few tiny C++ programs built to issue WMI queries. I tried using WMI to read the OSArchitecture property from its "SELECT * FROM Win32_OperatingSystem" output, but that failed miserably on Windows XP. As it turns out, the OSArchitecture property you can read via WMI wasn't added until Vista. Nice. So how do we check for 64-bit Windows XP?

After about an hour or so of searching, I stumbled across this post which described in reasonable detail what I needed to:

"In your code, you first need to check the size of IntPtr, if it returns 8 then you are running on a 64-bit OS. If it returns 4, you are running a 32 bit application, so now you need to know whether you are running natively or under WOW64. To get this information you will need to call kernel32.dll API "IsWow64Process" using PInvoke, this API returns a Boolean 'true' if you are running under WOW64, that means you are running 32 bit application on a 64-bit Windows system. Be careful however to check the OS version before calling this API, only XP SP2 and implements this one."

How could Microsoft make something that should be so easy, so complicated? What a FAIL.

I then found this post, that offered up a nice little 32-bit C++ app one can compile and run to check the real, actual bitness of the OS. For the most part, it does exactly what the first post said I needed to do, with the exception of checking the size of IntPtr's. I cleaned it up a little bit, and successfully compiled it on 32-bit Windows XP with Microsoft Visual C++ 2005 (Version 8.0.50). This app checks the bitness of the OS by discovering if it's running under WOW64, or natively as a 32-bit app. WOW64 stands for Windows-on-Windows, it's the 64-bit only kernel subsystem that lets 32-bit apps run on 64-bit Windows. The bitness checker starts and then asks the Windows kernel if it's running under WOW64. If it is running under WOW64, that clearly means it's a 32-bit app (as compiled) running on a 64-bit OS. If it's not running in WOW64, then we're on a 32-bit OS ...

#include "stdafx.h"
#include 
#include "comutil.h"

#define RESPONSE_32_BIT "32"
#define RESPONSE_64_BIT "64"

using namespace std;

typedef BOOL (WINAPI *IW64PFP)(HANDLE, BOOL *);

int main(int argc, char **argv){

  BOOL res = FALSE;

  // When this application is compiled as a 32-bit app,
  // and run on a native 64-bit system, Windows will run
  // this application under WOW64.  WOW64 is the Windows-
  // on-Windows subsystem that lets native 32-bit applications
  // run in 64-bit land.  This calls the kernel32.dll
  // API to see if this process is running under WOW64.
  // If it is running under WOW64, then that clearly means
  // this 32-bit application is running on a 64-bit OS,
  // and IsWow64Process will return true.
  IW64PFP IW64P = (IW64PFP)GetProcAddress(
            GetModuleHandle(L"kernel32"), "IsWow64Process");

  if(IW64P != NULL){
    IW64P(GetCurrentProcess(), &res);
  }

  cout << ((res) ? RESPONSE_64_BIT : RESPONSE_32_BIT) << endl;

  return 0;
  
}

Will output "32" on 32-bit Windows and "64" on 64-bit Windows. Download the pre-built .exe and .cpp source here.

Tested and worked on: 32-bit Windows XP Professional SP3, 32-bit Windows Vista Enterprise SP2, 64-bit Windows Vista Enterprise, 32-Bit Windows 7 Home Premium, 64-bit Windows 7 Home Premium.
Did NOT test on: 64-bit Windows XP. I don't have a 64-bit Windows XP box lying around. If you have one, and you can check this code for me, please let me know and I'll be happy to update this post and give you credit for testing it for me. @cmsimike confirmed on 10/27/09 that my bitness checker also works perfectly on 64-bit Windows XP.
Roger confirmed on 11/12/09 that my bitness checker also works on 32-bit Windows Server 2003 and 64-bit Windows Server 2008. Thanks, Roger!

Cheers.

Java's "os.arch" System Property is the Bitness of the JRE, NOT the Operating System

2009-10-19T18:15:00Z

If you ever use Java to check if a system is 32 or 64-bit, you should know that Java's "os.arch" system property returns the bitness of the JRE, not the OS itself. Sites like this are WRONG; any resource that claims Java's "os.arch" property returns the real "architecture of the OS" is lying. Case in point, I recently ran this tiny program on a 64-bit Windows 7 machine, with a 32-bit JRE:

import com.sun.servicetag.SystemEnvironment;

public class OSArchLies {
  
  public static void main(String[] args) {
    
    // Will say "x86" even on a 64-bit machine
    // using a 32-bit Java runtime
    SystemEnvironment env =
        SystemEnvironment.getSystemEnvironment();
    final String envArch = env.getOsArchitecture();
    
    // The os.arch property will also say "x86" on a
    // 64-bit machine using a 32-bit runtime
    final String propArch = System.getProperty("os.arch");
    
    System.out.println( "getOsArchitecture() says => " + envArch );
    System.out.println( "getProperty() says => " + propArch );
    
  }

}

The output from this tiny app on a 64-bit box:

#/> java OSArchLies
getOsArchitecture() says => x86
getProperty() says => x86

In this case, one would expect to see something like "x86_64" or "amd64" instead of just "x86". Bottom line, don't believe what you read online about "os.arch" and other Java system properties. They are usually properties of the JRE/JDK itself, and not necessarily the real properties of the underlying OS or architecture. If you need to check if a system is actually 32 or 64-bit, you should look elsewhere in the system registry or write your own native app and call it from Java.