Monday, August 29, 2011

Five Best Hard Drive Space Analyzers


The dreaded moment has come and you can't download a movie you want to watch, or install some games you want to play because your hard drive is full. What's worse, you have no idea what to delete to make some room. Thankfully there are several apps you can turn to that will give you a good idea what's using all of your drive space. Here are the top five, based on your nominations.
Earlier in the week we asked you which tools you used to scan your drive and give you a complete picture of what's using all of your space. You definitely responded, and now we're back to highlight the top five.
Five Best Hard Drive Space Analyzers

SpacesSniffer (Windows)

SpaceSniffer is a free, portable Windows utility that uses a tree-view to show you which areas on your hard drive take up the most space in a single view. Just scan your hard drive with the tool to see your hard drive, arranged in squares that represent which files and folders are using the most space. Click on any large block to see a breakdown of what's inside that folder, also organized by what's taking up the most space. You can also filter specific types of files from the scan, tag files and label them for review later, and search specifically for file types, modification dates, and more.

Five Best Hard Drive Space Analyzers

Space Monger (Windows)

SpaceMonger is another free, Windows-only disk management utility that uses a treemap to show you where the biggest, most space-hogging files are located. It hasn't been updated in several years, but that doesn't mean that the app isn't still useful. It doesn't support 64-bit systems, but if you're running 32-bit Windows you should be okay. SpaceMonger's claim to fame is that it doesn't just allow you to see a treemap of your data, but you can manage, move, copy, and delete that data from inside the app.

Five Best Hard Drive Space Analyzers

TreeSize (Windows)

TreeSize is a robust drive analysis tool that comes in multiple flavors. The free version is also portable, and gives you a quick, directory-oriented view of your hard drive arranged by the folders that take up the most space. Behind the folder names are progress bars that display their relative size to one another, so you can quickly pinpoint the ones that take up the most space. You can also expand any folder in the directory list to see its contents. In addition to the free version, TreeSize Professional and TreeSize Personal offer the features of the free version, the ability to export reports of your drive layout, the ability to see additional statistics on file types, ages, and modification dates, command line scanning, and more. TreeSize Personal will set you back $24.95 for a single user license and support, and TreeSize Professional will cost you $52.95 for a single user license and support. TreeSize Free is, as the name implies, completely free.

Five Best Hard Drive Space Analyzers

DaisyDisk (Mac)

DaisyDisk is the only Mac utility to make the top five, but it's a great utility. The app, like most other disk utilities, scans your drive and displays its content in order of what's taking up the most space, but instead of using a treemap, you get a fan-view (the developer calls it a "sunburst map,") that extends out to the center, with similar files and folders grouped together at the base so you can see how they're organized on the drive. DaisyDisk also lets you clean up large and unwanted files quickly, and analyze multiple disks and drives at the same time. Daisy Disk will set you back $19.99 regular price, but it's on sale now for $9.99 in the Mac App Store.

Five Best Hard Drive Space Analyzers

WinDirStat (Windows)

WinDirStat is free, lightweight, comes in a portable version, and upon startup shows you the contents of your drive in three views: a directory-view, which displays your folder contents organized by how much space they're consuming, an extension list that will show you what's inside of the selected directory and how much of what types of files you're using, and the graphic view at the bottom that highlights the contents of your drive in colored blocks that you can highlight or click on for additional information. Hover over a group of blocks to see the folder they're in, or select a specific one to see what it is.

Wednesday, August 24, 2011

Tool causes Apache web server to freeze


Apache Feather A previously unknown flaw in the code for processing byte range headers allows version 2.2.x of the Apache Web Server to be crippled from a single PC. A suitable "Apache Killer" Perl script that impressively demonstrates the problem has already been published on the Full Disclosure mailing list.
The tool sends GET requests with multiple "byte ranges" that will claim large portions of the system's memory space. A "byte range" statement allows a browser to only load certain parts of a document, for example bytes 500 to 1000. This method is used by programs such as download clients to resume downloads that have been interrupted; it is designed to reduce bandwidth requirements. However, it appears that stating multiple unsorted components in the header can cause an Apache server to malfunction.
No official patch has been released, but a functional workaround is to use rewrite rules that only allow a single range request in GET and HEAD headers. This should not present a problem for most applications. To enable the rules, administrators must load the Apache Web Server's mod_rewrite module.
Another suggested workaround is to use the mod_header module with the RequestHeader unset Range configuration to completely delete any range requests that may be contained in a header. However, this approach is likely to cause more problems than restricting the number of ranges. Admins should use the tool to test the effectiveness of their measures before others do it for them.

Monday, August 22, 2011

Software is eating the world

n short, software is eating the world.
More than 10 years after the peak of the 1990s dot-com bubble, a dozen or so new Internet companies like Facebook and Twitter are sparking controversy in Silicon Valley, due to their rapidly growing private market valuations, and even the occasional successful IPO. With scars from the heyday of Webvan and Pets.com still fresh in the investor psyche, people are asking, "Isn't this just a dangerous new bubble?"
I, along with others, have been arguing the other side of the case. (I am co-founder and general partner of venture capital firm Andreessen-Horowitz, which has invested in Facebook, Groupon, Skype, Twitter, Zynga, and Foursquare, among others. I am also personally an investor in LinkedIn.) We believe that many of the prominent new Internet companies are building real, high-growth, high-margin, highly defensible businesses.
[SOFTWARE1] QuickHoney
Today's stock market actually hates technology, as shown by all-time low price/earnings ratios for major public technology companies. Apple, for example, has a P/E ratio of around 15.2—about the same as the broader stock market, despite Apple's immense profitability and dominant market position (Apple in the last couple weeks became the biggest company in America, judged by market capitalization, surpassing Exxon Mobil). And, perhaps most telling, you can't have a bubble when people are constantly screaming "Bubble!"
But too much of the debate is still around financial valuation, as opposed to the underlying intrinsic value of the best of Silicon Valley's new companies. My own theory is that we are in the middle of a dramatic and broad technological and economic shift in which software companies are poised to take over large swathes of the economy.
More and more major businesses and industries are being run on software and delivered as online services—from movies to agriculture to national defense. Many of the winners are Silicon Valley-style entrepreneurial technology companies that are invading and overturning established industry structures. Over the next 10 years, I expect many more industries to be disrupted by software, with new world-beating Silicon Valley companies doing the disruption in more cases than not.
[SOFTWARE2] QuickHoney
Why is this happening now?
Six decades into the computer revolution, four decades since the invention of the microprocessor, and two decades into the rise of the modern Internet, all of the technology required to transform industries through software finally works and can be widely delivered at global scale.
Over two billion people now use the broadband Internet, up from perhaps 50 million a decade ago, when I was at Netscape, the company I co-founded. In the next 10 years, I expect at least five billion people worldwide to own smartphones, giving every individual with such a phone instant access to the full power of the Internet, every moment of every day.
On the back end, software programming tools and Internet-based services make it easy to launch new global software-powered start-ups in many industries—without the need to invest in new infrastructure and train new employees. In 2000, when my partner Ben Horowitz was CEO of the first cloud computing company, Loudcloud, the cost of a customer running a basic Internet application was approximately $150,000 a month. Running that same application today in Amazon's cloud costs about $1,500 a month.
[SOFTWARE4] QuickHoney
With lower start-up costs and a vastly expanded market for online services, the result is a global economy that for the first time will be fully digitally wired—the dream of every cyber-visionary of the early 1990s, finally delivered, a full generation later.
Perhaps the single most dramatic example of this phenomenon of software eating a traditional business is the suicide of Borders and corresponding rise of Amazon. In 2001, Borders agreed to hand over its online business to Amazon under the theory that online book sales were non-strategic and unimportant.
Oops.
Today, the world's largest bookseller, Amazon, is a software company—its core capability is its amazing software engine for selling virtually everything online, no retail stores necessary. On top of that, while Borders was thrashing in the throes of impending bankruptcy, Amazon rearranged its web site to promote its Kindle digital books over physical books for the first time. Now even the books themselves are software.
Today's largest video service by number of subscribers is a software company: Netflix. How Netflix eviscerated Blockbuster is an old story, but now other traditional entertainment providers are facing the same threat. Comcast, Time Warner and others are responding by transforming themselves into software companies with efforts such as TV Everywhere, which liberates content from the physical cable and connects it to smartphones and tablets.
Today's dominant music companies are software companies, too: Apple's iTunes, Spotify and Pandora. Traditional record labels increasingly exist only to provide those software companies with content. Industry revenue from digital channels totaled $4.6 billion in 2010, growing to 29% of total revenue from 2% in 2004.
Today's fastest growing entertainment companies are videogame makers—again, software—with the industry growing to $60 billion from $30 billion five years ago. And the fastest growing major videogame company is Zynga (maker of games including FarmVille), which delivers its games entirely online. Zynga's first-quarter revenues grew to $235 million this year, more than double revenues from a year earlier. Rovio, maker of Angry Birds, is expected to clear $100 million in revenue this year (the company was nearly bankrupt when it debuted the popular game on the iPhone in late 2009). Meanwhile, traditional videogame powerhouses like Electronic Arts and Nintendo have seen revenues stagnate and fall.
The best new movie production company in many decades, Pixar, was a software company. Disney—Disney!—had to buy Pixar, a software company, to remain relevant in animated movies.
Photography, of course, was eaten by software long ago. It's virtually impossible to buy a mobile phone that doesn't include a software-powered camera, and photos are uploaded automatically to the Internet for permanent archiving and global sharing. Companies like Shutterfly, Snapfish and Flickr have stepped into Kodak's place.
Today's largest direct marketing platform is a software company—Google. Now it's been joined by Groupon, Living Social, Foursquare and others, which are using software to eat the retail marketing industry. Groupon generated over $700 million in revenue in 2010, after being in business for only two years.
Today's fastest growing telecom company is Skype, a software company that was just bought by Microsoft for $8.5 billion. CenturyLink, the third largest telecom company in the U.S., with a $20 billion market cap, had 15 million access lines at the end of June 30—declining at an annual rate of about 7%. Excluding the revenue from its Qwest acquisition, CenturyLink's revenue from these legacy services declined by more than 11%. Meanwhile, the two biggest telecom companies, AT&T and Verizon, have survived by transforming themselves into software companies, partnering with Apple and other smartphone makers.
[SOFTWARE5] QuickHoney
LinkedIn is today's fastest growing recruiting company. For the first time ever, on LinkedIn, employees can maintain their own resumes for recruiters to search in real time—giving LinkedIn the opportunity to eat the lucrative $400 billion recruiting industry.
Software is also eating much of the value chain of industries that are widely viewed as primarily existing in the physical world. In today's cars, software runs the engines, controls safety features, entertains passengers, guides drivers to destinations and connects each car to mobile, satellite and GPS networks. The days when a car aficionado could repair his or her own car are long past, due primarily to the high software content. The trend toward hybrid and electric vehicles will only accelerate the software shift—electric cars are completely computer controlled. And the creation of software-powered driverless cars is already under way at Google and the major car companies.
Today's leading real-world retailer, Wal-Mart, uses software to power its logistics and distribution capabilities, which it has used to crush its competition. Likewise for FedEx, which is best thought of as a software network that happens to have trucks, planes and distribution hubs attached. And the success or failure of airlines today and in the future hinges on their ability to price tickets and optimize routes and yields correctly—with software.
Oil and gas companies were early innovators in supercomputing and data visualization and analysis, which are crucial to today's oil and gas exploration efforts. Agriculture is increasingly powered by software as well, including satellite analysis of soils linked to per-acre seed selection software algorithms.
The financial services industry has been visibly transformed by software over the last 30 years. Practically every financial transaction, from someone buying a cup of coffee to someone trading a trillion dollars of credit default derivatives, is done in software. And many of the leading innovators in financial services are software companies, such as Square, which allows anyone to accept credit card payments with a mobile phone, and PayPal, which generated more than $1 billion in revenue in the second quarter of this year, up 31% over the previous year.
Health care and education, in my view, are next up for fundamental software-based transformation. My venture capital firm is backing aggressive start-ups in both of these gigantic and critical industries. We believe both of these industries, which historically have been highly resistant to entrepreneurial change, are primed for tipping by great new software-centric entrepreneurs.
Even national defense is increasingly software-based. The modern combat soldier is embedded in a web of software that provides intelligence, communications, logistics and weapons guidance. Software-powered drones launch airstrikes without putting human pilots at risk. Intelligence agencies do large-scale data mining with software to uncover and track potential terrorist plots.
Companies in every industry need to assume that a software revolution is coming. This includes even industries that are software-based today. Great incumbent software companies like Oracle and Microsoft are increasingly threatened with irrelevance by new software offerings like Salesforce.com and Android (especially in a world where Google owns a major handset maker).
In some industries, particularly those with a heavy real-world component such as oil and gas, the software revolution is primarily an opportunity for incumbents. But in many industries, new software ideas will result in the rise of new Silicon Valley-style start-ups that invade existing industries with impunity. Over the next 10 years, the battles between incumbents and software-powered insurgents will be epic. Joseph Schumpeter, the economist who coined the term "creative destruction," would be proud.
[SOFTWARE6] QuickHoney
And while people watching the values of their 401(k)s bounce up and down the last few weeks might doubt it, this is a profoundly positive story for the American economy, in particular. It's not an accident that many of the biggest recent technology companies—including Google, Amazon, eBay and more—are American companies. Our combination of great research universities, a pro-risk business culture, deep pools of innovation-seeking equity capital and reliable business and contract law is unprecedented and unparalleled in the world.
Still, we face several challenges.
First of all, every new company today is being built in the face of massive economic headwinds, making the challenge far greater than it was in the relatively benign '90s. The good news about building a company during times like this is that the companies that do succeed are going to be extremely strong and resilient. And when the economy finally stabilizes, look out—the best of the new companies will grow even faster.
Secondly, many people in the U.S. and around the world lack the education and skills required to participate in the great new companies coming out of the software revolution. This is a tragedy since every company I work with is absolutely starved for talent. Qualified software engineers, managers, marketers and salespeople in Silicon Valley can rack up dozens of high-paying, high-upside job offers any time they want, while national unemployment and underemployment is sky high. This problem is even worse than it looks because many workers in existing industries will be stranded on the wrong side of software-based disruption and may never be able to work in their fields again. There's no way through this problem other than education, and we have a long way to go.
Finally, the new companies need to prove their worth. They need to build strong cultures, delight their customers, establish their own competitive advantages and, yes, justify their rising valuations. No one should expect building a new high-growth, software-powered company in an established industry to be easy. It's brutally difficult.
I'm privileged to work with some of the best of the new breed of software companies, and I can tell you they're really good at what they do. If they perform to my and others' expectations, they are going to be highly valuable cornerstone companies in the global economy, eating markets far larger than the technology industry has historically been able to pursue.
Instead of constantly questioning their valuations, let's seek to understand how the new generation of technology companies are doing what they do, what the broader consequences are for businesses and the economy and what we can collectively do to expand the number of innovative new software companies created in the U.S. and around the world.
That's the big opportunity. I know where I'm putting my money.

Thursday, August 18, 2011

CSI-India.org - Home

CSI-India.org - Home

Valve, JAAS , Filter in Tomcat now


Tomcat is a widely popular lightweight application server. When securing Tomcat web applications, Valve, JAAS and Filter are used in various scenarios. The challenges for developers are when to use each of these methods and how to integrate them together if more than one method is chosen.
Valve
A Valve is a piece of Java code that can be inserted into the request processing pipeline. The Valve can be defined on a different scope such as Engine, Host and Context. Tomcat comes with a set of pre-built valves that can be found here [2]. However, developers can write their own Valve and participate in the processing of the Valve chain. The main requirements for a Valve are:
  • It needs to extend ValveBase
  • It needs to call getNext().invoke(request, response) to chain other Valves.
JAAS
Java Authentication and Authorization Service (JAAS) [3] is a security framework that allows a user's program to participate in the authentication and authorization process. JAAS also serves as an integration point to allow different user-specific security implementations to be used. JAAS is supported in Tomcat through its JAASRealm interface [4].

When JAASRealm is used, a user will need to provide a login module and the appropriate configurations: a configuration file and a security configuration in the web.xml. Once it's configured properly, the login module will be called and managed by the Tomcat.
Listing 2 has a sample JAAS login module. This login module will use a callback to get the userid and password. It will check whether the password is the reverse of the userid. If the check succeeds, it will create a principal based on the username and assign the role "jvalve" to the principal.
Filter
A filter is part of the Java Servlet specification [5]. A filter can be inserted into the request processing pipeline. It will be executed before the servlet is called and invoked again when the servlet process is done. Multiple filters can be chained together and thus can be used as an integration point for different users who want to use the filter to accomplish certain cross-cutting functions. The main requirements for a filter are:
  • It needs to extend javax.servlet.Filter.
  • It needs to call chain.doFilter(request, response).
Listing 3 shows an example filter. This filter simply calculates the time used to complete the request.
The Relationships
All three technologies, Valve, JAAS and Filter, have the following commonalities:
  • Run before the servlet is invoked
  • Allow cross-cutting functions to be implemented.
  • Provide integration points to allow multiple Valves, login modules and filters to be defined by different users.
  • Provide a common place for implementing security features.
Even though JAAS is the official method for providing security implementations, Valve and filter have been used to implement securities frequently. Especially in the Tomcat case, it is relatively hard to get a Subject in the application code (JBoss has a SharedState, WebLogic and WebSphere all provide a static method to make the "Subject" available for the application code). Implementations may use Valve for the authentication and then set the authenticated principal on the request for the filter and application code to use.
However, it's also important to understand their differences especially if you want to use them together.
  • The order that they get invoked is as follows: Valve, JAAS module, Filter and then Servlet.
  • Valve and Filter have access to a request/response/session, etc. However, JAAS only has access to the shared state. It can interact with the Tomcat container to retrieve such things as security information, but can only do so through callbacks.
Because of the above differences, it becomes a challenge if you want to use all three of them together and pass information among them. Consider the following example. Tivilo WebSeal provides a Valve engine that will set an authenticated user on the request. Your company has been using the JAAS module for the additional authentication purpose. The JAAS module will want to retrieve that authenticated user from the Valve. Tomcat will not help in this case