Aranea Blog

Todays online systems can be implemented in tons of technologies and they can be web 0.1 or web 3.0. There are some guidelines on how to do certain things.

Whenever you’ve given your username, email and a password to a site you can never know if the password was saved in plaintext or just a hash of it. If it was stored in plaintext you can think about the different security implications yourself. Whenever the password remainder sends you your password it was stored in plain text.

One more thing that systems should not do is store these passwords inside cookies in plain-text. See about Cross-site scripting from Wikipedia.

I was working on a project that was using WordPress as a CMS and there was a password protected todo list. As I was inspecting a cache issue I was checking the headers of static files with Firebug and I stumbled upon on some request/response fields. I noticed that one of the cookies had the password of the TODO item in plaintext.

I googled for it and found that it has been reported. The comment to the report is ‘Well it’s not like other sites can access the cookie or anything :)’.

Whenever I use software that has been around for a while (at least a year) and it has a userspace I expect it to follow at least the most basic guidelines. I hope it gets fixed.

Introducing the new approved Aranea Development Model. Pair programming at its best, demonstrated by Jevgeni and Toomas.

I have been away from Aranea for almost a year. Now that I’m back I need to have my development envrionment set up. As I’m doing it the third time now (my laptop), I thought I’ll share the experience of getting an Aranea checkout built and tested (via sample app). This will differ from setting up an development environment but still will provide some insight.

What do you need?

• JDK at least 1.4
• SVN client
• Apache Ant

First off do a checkout of the project. The trunk branch is named latest in Changelogic - so we’ll be working with the latest and greatest.

[code]
svn checkout http://svn.araneaframework.org/repos/aranea/branches/latest aranea
[/code]
A directory aranea was created by the checkout command. Now you have all the source and build files present but you’re still missing the libraries to compile the source code. Execute:
[code]
ant fetch-libs
[/code]

The script contacts the ibiblio maven repository using the ivy dependency manager and fetches the jar files. This can take from 3 minutes to 18 (my current record), the time depends on what not

Lets compile the code and the examples:

[code]
ant build-all
[/code]
On my 2Ghz laptop running at 800Mhz it took 52 seconds. find . -iname “*java” -exec cat {} \; | wc -l shows 82653 lines of source files.

So now you have aranea built and ready to see the example applications. As we’ll just check the main application right now, we need to start the bundled database. Open up another shell in the aranea directory. Traverse to examples/main. Run:

[code]

ant run-database

[/code]

This will start the bundled HSQLDB with the sample data. Traverse to examples/main with another shell and execute:

[code]

ant run-app

[/code]

Now you have launched jetty webserver on port 2000 and JPDA dt_socket connection on port 5999. Head over to http://localhost:2000/mainExample/main and you should see a login screen. Click “Bypass login” and you’re in to see the demo app.

Well you’re done now. You have the source, built class files and working samples. See the other samples in the examples directory (they all obey the ant run-app target) and check out what we have in store.

If your fingers are still itching then head off to the issue tracker. Choose a bug. Debug & fix it. Test it. Send a patch our way.

If you had any troubles with the guide just drop a comment about it we’ll try to solve your issues.

PS. If you’re in Barcelona and wondering where to stay the night give Hotel Aranea a try (not affiliated, have not stayed there but what a name :)).

TheServerSide.com has released a tech brief about Aranea Framework. It is a video interview with our lead Jevgeni Kabanov. He talks about legacy migration with Aranea and gives a sneak peak of the other upcoming projects. Check out the other tech briefs also.

We started using sourceforge.net about a month ago. SF performs pretty well for cvs and mailinglists, but not the same for web. People reported getting 1kb/s download speeds for the documentation and the pdf files very often came corrupted via download.

The main reasons for moving most of our infrastructure from SF to johncompanies.com were:

• Web hosting caused problems for our users (wiki, forum, blog, changelogic).
• Mailinglists had the prefix $PROJECT_NAME. Writing araneaframework-devel@lists.sourceforge.net was pretty long. aranea-devel@lists.araneaframework.org is 5 characters shorter

Now we have set up our community

• Wiki - http://wiki.araneaframework.org - powered by Moin Moin
• Forum - http://forum.araneaframework.org - powered by phpBB
• Blog - http://blog.araneaframework.org - powered by WordPress
• Issue tracking software - powered by Changelogic

We opened up two mailinglists:

• Aranea devel mailinglist. This meant for the development talk on project Aranea Framework. Register here
• Aranea announce mailinglist. This is a read-only list for annoncements on Aranea. Register here

We will be releasing M2 shortly this week. Be sure to check back.