Monday, February 28, 2005

[itsdifferent] Importance of boss

The Japanese have always loved fresh fish. But the waters close to
Japan have not held many fish for decades. So to feed the Japanese
population, fishing boats got bigger and went farther than ever. The
farther the fishermen went, the longer it took to bring in the fish.
If the return trip took more than a few days, the fish were not fresh.
The Japanese did not like the taste.

To solve this problem, fishing companies installed freezers on their
boats. They would catch the fish and freeze them at sea. Freezers
allowed the boats to go farther and stay longer. However, the Japanese
could taste the difference between fresh and frozen and they did not
like frozen fish. The frozen fish brought lower price.

So fishing companies installed fish tanks. They would catch the fish
and stuff them in the tanks, fin to fin. After a little trashing

The fish stopped moving. They were tired and dull, but alive.
Unfortunately, the Japanese could still taste the difference. Because
the fish did not move for days, they lost their fresh-fish taste. The
Japanese preferred the lively taste of fresh fish, not sluggish fish.
So how did Japanese fishing companies solve this problem? How do they
get fresh-tasting fish to Japan? To keep the fish tasting fresh, the
Japanese fishing companies still put the fish in the tanks.

But now they add a small shark to each tank. The shark eats a few
fish,and keeps the others on their run.... most of the fish now have
no choice but to arrive in a very lively state. The fish are
challenged. As soon as you reach your goals, such as finding a
comfortable job, paying off your debts, having already achieved your
pre-set targets or whatever, you might lose your passion. You don't
need to work so hard so you relax.

Like the Japanese fish problem, the best solution is simple. Put a
shark in your tank and see how far you can really go!

Have you realised the importance of having a " BOSS" in your
If your challenges are too large or too numerous, do not give up.
Failing makes you tired. Instead, reorganize.Find more determination,
more knowledge, more help.

Don't create success and lie in it. You have resources, skills and
abilities to make a difference.
Instead of avoiding challenges jump into them. Beat the heck out of
them. Enjoy the game.

Yahoo! India Matrimony: Find your partner online.

Note: This Group is not a Job Searching Group, so please co-operate
and dont transfer any kind of job related material across this
Group.AnyOne doing so can be banned from the Group
Thanx , Group Co-Ordinators

Yahoo! Groups Sponsor

Yahoo! Groups Links
To visit your group on the web, go to:

To unsubscribe from this group, send an email to:

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
Yahoo! Groups Links
To visit your group on the web, go to:

To unsubscribe from this group, send an email to:

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.


[itsdifferent] BUDGET '05

· Tax bracket altered. Income upto Rs one lakh will be exempt across
the board. Income between Rs 1 lakh and Rs 1.5 lakh will attract 10
per cent tax and Rs.1.5 lakh to Rs.2.5 lakh will attract 20 per cent
tax. Income beyond Rs 2.5 lakh will be taxed 30 per cent.

· Rs 1 lakh consolidated exemption limit for all tax payers before
computing taxable income.

· Women & senior citizens with Rs 1.5 lakh exempted

· Section 88 of IT Act removed No LIC, No ICICI will help now.

· Corporate Income Tax at 30%, 10% surcharge

· Surcharge on cash withdrawals above Rs 10,000 per day. LLLLLL

· Direct taxes to yield Rs 6,000 crore, indirect taxes revenue-neutral.

· Countervailing duty on IT products proposed. Software exempt from
proposed duty

· Branded jewellery gets more expensive with 2% excise duty. Duty on
Imitation jewellery down. - Bad news for the newly married hubbies...

· Edible oil & vanaspathi to become cheaper

· Govt will provide Rs 3,644 crore for rehabilitation of tsunami victims

· Cigarettes and tobacco products get more expensive. Bidis spared.

· No customs duty on LPG, kerosene

· Rs 83,000 crore for defence

· Customs duty on textile industry down 20%to 10%

· Customs duty on select capital goods to be below 15%Customs duty on
polyester products down 20% to 15%

· Rationalisation of stamp duty proposed

· Tax relief to small scale industries, exemption limit up to Rs 4 crore.

· Subsidy regime to continue.

· Rs 100 crore grant to make Indian Institute of Science, Bangalore,
a world-class university.

· High-power committee to make Mumbai a regional financial hub

· Inflation reined in, business confidence restored

· Food-for-work programme in 150 districts

· Allocation for education for 2005-06 will be Rs 18,337 crore

· Industry growth pegged at 8%

· Work on AIIMS-like institutions to begin to promote medical educations

· Budget to focus on growth & job creation

· IT industry to offer 7 million jobs by 2009 WE WILL BE PM SOON

· Textile sector to offer 12 million jobs in 5 years

· Fertilizer subsidy to be at Rs 162.54 crore

· 2000 research fellowships for SC/ST students

· Rs 14,379 crores for women's development. All departments to
provide gender-based Budgets.

· Rs 3010 crore for mid-day meal scheme

· Special package for Bihar, J&K and North-Eastern states to
continue. Rs 7,975 crore grants for Bihar in five years.

· Rs 300 crore for Baglihar project

· Ambitious Bharat Nirman plan to provide rural infrastructure by 2009.

· Budget to support services sector through policy and tax initiatives.

· Rs 630 crore for National horticultural mission, which will be
launched on April 1, 2005

· Increase in flow of agricultural credit

· Allocation for Rajiv Gandhi drinking water missionincreased to Rs
4750 crore in 2005-06 from Rs 3300 crore in the current year.

· Accepts report on reforms in Co-operative banking sector

· Govt to promote microfinance and credit linking.

· NGOs, SHGs to become micro-insurance agents.

· Central assistance for recruitment and posting of Urdu teachers in
primary and upper primary schools where majority of students speak
that language.

· New scheme to revive manufacturing sector with focus on medium and
small scale industries.

· Package for handlooms & weaving industry.

· Scheme for revitalisation of sugar factories

· Policy support for pharma and Biotech sectors.

· Equity support to small and medium industries in knowledge sector

· $150 billion export target for 2008-2009

· Govt to explore FDI in new sectors: mining, trade and pensions

· Rs 1,100 crore for rural electrification

· Special-purpose vehicles to finance infrastructure.

· Seeks infrastructure projects for metros, big cities.

· RBI to unveil reforms roadmap for banking sector

· Legal framework for bond trading and securitisation.

· Rs 1400 crore provided for creation of 4000 km of four-lane highways.

· Fiscal deficit target to be achieved. Revenue deficit stands at Rs
95,300 crore. Fiscal deficit at 1.51 lakh crore

· Service tax net widened.

· Twelfth Finance Commissions recommendations would cost the
exchequer Rs 26,000 crore in 2005-06. VAT to be implemented from April
one, 2005


Kiran Mistry

Gateway Technolabs Pvt. Ltd
Analyst Programmer
8th Floor, Corporate House,
Judges Bungalow Road, Bodak Dev,
Ahmedabad - 380054. INDIA.
tel: 26852554-5-6

Note: This Group is not a Job Searching Group, so please co-operate
and dont transfer any kind of job related material across this
Group.AnyOne doing so can be banned from the Group
Thanx , Group Co-Ordinators

Yahoo! Groups Sponsor

Yahoo! Groups Links
To visit your group on the web, go to:

To unsubscribe from this group, send an email to:

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.


[itsdifferent] WinFX: An All-Managed API

WinFX: An All-Managed API
by Ian Griffiths, co-author of Mastering Visual Studio .NET

In Longhorn, Win32 will no longer be the principal API. It will, of
course, continue to be supported; 20-year-old DOS applications still
run on the latest version of Windows, and likewise, Win32 applications
will also continue to work for the foreseeable future. But just as DOS
and 16-bit Windows applications were superseded by Win32 applications,
so in Longhorn will Win32 become the "old way" of doing things. In
Win32's place is a new API called WinFX (pronounced "Win Effects").
WinFX is a significant milestone in the history of the Windows API, as
it puts .NET at the center of the platform. While Win32, the main API
for previous versions of Windows, is a C-style API, WinFX is designed
primarily to be used by .NET languages. In other words, it is a
managed API. Moreover, it is a superset of the existing .NET

Judging by the discussions on various newsgroups and mailing lists,
many seasoned Windows developers seem to have a hard time believing
that Longhorn's new APIs really will be pure .NET. The topic has come
up almost every day on the various WinFX Microsoft newsgroups since
the API's announcement, and it seems that many people think that a
.NET-only API cannot possibly exist, and that there must be a 'real'
Win32 API underneath it all.

The idea that Win32 must be lurking somewhere beneath the covers
presumably originates in part because of the way today's .NET
Framework is implemented. Many of the classes in the Framework Class
Library are wrappers on top of Win32 functionality. For example,
Windows Forms puts a .NET face on classic Win32 features such as HWND,
MSG, and WndProc. Likewise, the various classes in System.Net and
System.Net.Sockets ultimately wrap the services provided by the
Windows Sockets API in Win32.

However, there's no technical requirement for new WinFX functionality
to wrap a corresponding Win32 API. Indeed, we can look to existing
Windows and .NET technology to see why this need not be the case.

Platform Layers
It is tempting for experienced Windows developers to think of Win32 as
the fundamental API of Windows. All of the unmanaged language runtimes
shipped by Microsoft to date rely on Win32, even though they may hide
it behind some language-specific wrapper such as the standard C
library, or the unique world view that is Visual Basic 6. Similarly,
the .NET Frameworks that have shipped so far all rely on Win32 as
well. However, Win32 is not an island.

Win32 itself relies on underlying services from the Windows kernel. If
you look inside some of the DLLs that implement the Win32 API (such as
User32.dll) you will find that many of the functions have very short
implementations; they use the Pentium's INT instruction to make a
system call that does the real work.

One of the reasons for this is that Windows NT was originally designed
to support multiple 'subsystems'. Win32 was just one of these. The
first versions of NT also shipped with an OS/2 subsystem and a POSIX
subsystem, each of which presented a completely different API, but all
of which ran on top of the same set of system services. Of course,
OS/2 and POSIX are no longer especially relevant in Windows, making
the subsystem support seems like a historical footnote. However, there
are still good reasons for certain Win32 APIs to be implemented as
little more than a system call, even if subsystems had never been
invented, as there are some system services that can only be
implemented in the kernel itself.

It has always been possible to bypass Win32 and use the Windows kernel
services directly. However, developers rarely do this because such
code is unlikely to be portable from one version of Windows to the
next. Not only is this low-level API not documented, it can also
differ from platform to platform. The kernel in the Windows NT, 2000,
and XP product line is very different from the underlying kernel in
Windows 95, 98, and ME. Each version of Windows has its own
implementation of the Win32 DLLs (GDI32.dll, User32.dll, and so on) to
bridge the gap between the common public Win32 API and the
platform-specific, low-level system API.

For applications that need to run on more than one version of Windows
(that is, most Windows applications) it makes no sense to try and use
the low-level system calls. However, WinFX will be installed as part
of the operating system just like Win32 is today. This means that
unlike the current redistributable versions of the .NET Framework, any
particular version of WinFX will not need to be able to work on
multiple versions of Windows. The relationship between WinFX and the
OS kernel can become much more like the relationship between, say,
User32.dll and the OS kernel. (Nobody expects to be able to copy the
Windows 98 version of User32.dll onto their Windows XP machine and
have it work. The same will be true of the files that make up WinFX.)

Because WinFX will be a part of the OS, it will be able to have a much
closer relationship with the low-level system services. In theory,
WinFX could act as a peer of Win32 rather than having to be its
client; it could effectively be a distinct subsystem. In practice,
that's unlikely to happen any time soon for two reasons. First, where
Win32 already provides the necessary services, there seems little
point in WinFX reinventing the wheel. So expect those parts of the
.NET Framework that are wrappers around Win32 (such as Windows Forms)
to remain so for the foreseeable future. The second reason for not
making WinFX an entirely independent subsystem is that P/Invoke would
be tricky to implement if Win32 wasn't still there somewhere.

Nevertheless, although we are likely to carry on seeing wrappers where
Win32 already provides appropriate services, there's no reason for new
services to be exposed at the Win32 level and then wrapped by WinFX.
For platform services that are new to Longhorn, their only public API
will be in WinFX. There may be corresponding undocumented system calls
used by WinFX (just as there are today for many Win32 APIs) but there
is no reason for there to be an equivalent new public Win32 API;
Longhorn can cut out the middle man and have WinFX make system calls
directly. In the long term, we may even see Win32 relegated to an
isolated subsystem just as the old 16-bit world is today, only
supported for the benefit of legacy applications that still depend on
it. We have seen this kind of transformation where the wrapper and the
underlying API swap places once before in Windows. Remember Win32s
include a set of wrappers for the Windows 3.1 API, enabling 32-bit
applications to run on 16-bit systems. In some ways, the current .NET
Frameworks are reminiscent of Win32s: they allow applications to use
the new API even though the underlying OS is fundamentally rooted in
the old way of doing things. Over time, we saw DOS and 16-bit Windows
cease to be the underlying platform, while Win32 transformed from a
wrapper into a native API. WinFX marks the start of a similar
transition, with .NET turning from a wrapper into the native API. .NET
need not be a set of wrappers any more than Win32 needs to be a set of
wrappers for 16-bit versions of Windows.

Pure Managed Functionality
The ability of WinFX to link directly to system services, bypassing
Win32, is not the only way in which new Longhorn features can be
exposed in WinFX but not Win32. Many features will be implemented
entirely in managed code with no need for any help from lower levels
of the platform at all.

There are already many examples of pure managed features in the
shipping versions of .NET Framework. For example, you can make
extensive use of the XML functionality in the current versions of .NET
without the framework ever making a call into Win32. Likewise,
although ASP.NET integrates with IIS in the Win32 world, the vast
majority of the value that it adds over the unmanaged ISAPI extension
mechanism is implemented in managed code. The ASP.NET page caching
mechanism has no Win32 equivalent, neither do the key parts of its
object model. (HttpRequest, HttpResponse, and friends may look
reminiscent of the classic ASP objects, but they are not wrappers.
They were designed to look very similar to the ASP object, in order to
ease the transition to ASP.NET, but they are all implemented entirely
in managed code.)

The same will be true for much of the new functionality in Longhorn.
There will, of course, be some things which involve new platform
features all the way from WinFX's public API right down to kernel
mode-- the new 'Avalon' graphics model being the most obvious example.
However, there will be many more features implemented entirely in
managed code. For example, although Avalon relies on platform support
at all levels for performance reasons, a considerable amount of its
functionality will reside entirely in managed code. (It would be
rather inefficient if every single interaction your code had with
Avalon objects caused calls all the way down into the lowest levels of
the OS.)

To view the .NET Framework as being merely a wrapper around Win32 is
to ignore a large part of the benefit that it offers. Even with the
versions shipping today, there is a considerable amount of
functionality that is implemented entirely in managed code. This will
be true to an even greater extent in WinFX on Longhorn. Moreover,
where new features require support from the lower layers of the
platform, WinFX will not need to have a Win32 API that it can wrap, as
it will be able to use the low-level system API directly, just as
Win32 does today. For anyone writing Windows applications today, the
message is clear: managed code is the way of the future.

Note: This Group is not a Job Searching Group, so please co-operate
and dont transfer any kind of job related material across this
Group.AnyOne doing so can be banned from the Group
Thanx , Group Co-Ordinators

Yahoo! Groups Sponsor

Yahoo! Groups Links
To visit your group on the web, go to:

To unsubscribe from this group, send an email to:

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.


Tuesday, February 22, 2005

[itsdifferent] The Biggest Web Design Mistakes of 2004

---------- Forwarded message ----------
From: Chirag Gandhi
Date: Wed, 16 Feb 2005 20:25:34 +0530
Subject: [itsdifferent] The Biggest Web Design Mistakes of 2004



Examples of Bad Design

· Daily Sucker -- Current Examples of Bad Design

The Biggest Web Design Mistakes of 2004

· Mystery Meat Navigation

· Original WPTS circa 1996-98

· Stupid Versions of the Home Page
Fixing Your Bad Design

· Speeches / Videos

· Buy my book "Son of Web Pages That Suck" --
From ~ $2.79 up

Free Chapter from "Son of Web Pages That Suck" (PDF from Sybex via ftp 3.25Mb)

· Free Online Books

· Bookstore (external site)
Tools for Fixing Your Bad Design

· QuickScan (free check of the first 10 pages
of your Web site for bloated and duplicate images)

· Dr. HTML (external site)

· BrowserCam

· Free/ Cheap Windows Tools

· What would do?

· Everything you need to know about Web design
my father taught me in 1964.

· Don't confuse web design with sex

· Google is god, don't piss her off.

· Top 10 Intranet Design Mistakes (external site)

· Chairs are for sitting. PDF is for printing

· Bad file names get blocked

· When good Flash goes bad
Interviews / Press (external sites)

· Web Design Library Interview

· CIO Interview (with Jakob Nielsen)

· WebReference Interview

· Sitepoint Interview


· Biography

· E-mail Vincent


· Legal and Privacy Notice

· Trent Lott Parody

· My interview with Roger McGuinn of the Byrds

Vincent Flanders Presents:
The Biggest Web Design Mistakes of 2004 (Part 1 of 2)

I went through every Daily Sucker for the last year and I've come up
with a list of what I think were the biggest web design mistakes.

These mistakes apply only to real sites -- not personal, band, music,
art, movie, experimental, fashion, and (some) sports sites.

Some mistakes aren't actually design mistakes in the classical sense
-- ugly graphics, bad navigation, etc. -- but serious big picture
problems like our Number One Mistake of the Year:

1. Believing people care about you and your web site.

These ladies are laughing at you. Why? You designed your web site for
your needs, not their needs. It gets worse. After they stop laughing,
they're going to one of your competitors' sites and buy something.

Here's an e-mail I recently received:

Powerhouse is a UK electrical goods retail store. We knew they had a
nice bread maker at an even nicer price, so went to their website to
see if we could buy it. Because we use Firefox, we weren't allowed in.

Comet's website worked a treat and they have our money now!

Write these two sentences where you can see them as you're working on
your computer:

1. The only reason my web site exists is to solve my customers' problems.

2. What problems does the page I'm looking at solve?

Nobody cares about you or your site. Really. What visitors care about
is getting their problems solved. Most people visit a web site to
solve one or more of the following three problems.
They want/need information
They want/need to make a purchase / donation.
They want/need to be entertained.

Too many organizations believe that a web site is about opening a new
marketing channel or getting donations or to promote a brand. No. It's
about solving your customers' problems. Have I said that phrase

2. A man from Mars can't figure out what your web site is about in
less than 4 seconds.

You should be able to look at the home page of any site and figure out
what the site is about within four seconds. If you can't, your site
has failed.

People who make Mistake #1 often end up making Mistake #2. A perfect
example of a site that fails the Four-Second Test is amp.

If your browser window isn't 1024 x 768, you get "nothing." You don't
even see what this company thinks passes for content.

As BrowserCam demonstrates, the home page doesn't get much better when
the window is 1024 x 768.

What is this site about? Who knows? Who is going to care enough to
stay around and find out?

A final feature of sites that make Mistake #2 is that you can't really
figure out what the site is about from their company name and their
tagline, "Amp", tells you nothing, but implies something to do with
electricity. Their tagline, "Experienced Passion", only makes sense if
it's a dating service for seniors.

Non-profit organizations are the worst offenders when it comes to
names and taglines (and most everything else). Here's a typical
non-profit organization's name and tagline:

Big Hands of Hope
-- It's all about compassion

No. It's all about solving your visitors' problems. Nothing in the
name or tagline tells you this organization helps African children

Here's an over-the-top example of a name and tagline that's better:

Save the African Children
-- We keep them from dying a horrible death

Yes, the tagline has to be toned down, but at least you understand the
mission of the organization. As an aside, I HATE most names for
non-profit organizations because, like "Big Hands of Hope", they don't
tell you what they do. (I made up this organization and their

3. Mystical belief in the power of Web Standards, Usability, and tableless CSS.

There is nothing wrong with any of the above except they're being
touted by...guess who?...people who offer web design services
specializing in...guess what?...Web Standards, Usability, and
tableless CSS. These are simply tools. Remember, nobody gets excited
about the tools used to build a house ("Please tell me what brand of
hammers you used!"). People get excited about how the house looks and

Yes, Web Standards can make your site search engine friendly, reduce
bandwidth, etc. Usability is also very important but in a recent
interview, usability guru Jared Spool puts everything in perspective :

I learned quickly that business executives didn't care about usability
testing or information design. Explaining the importance of these
areas didn't get us any more work. Instead, when we're in front of
executives, we quickly learned to talk about only five things:
How do we increase revenue?
How do we reduce expenses?
How do we bring in more customers?
How do we get more business out of each existing customer?
How do we increase shareholder value?

Notice that the words 'design', 'usability', or 'navigation' never
appear in these questions. We found, early on, that the less we talked
about usability or design, the bigger our projects got. Today, I'm
writing a proposal for a $470,000 project where the word 'usability'
isn't mentioned once in the proposal.

When we work with teams, we teach them to follow the money and look
for the pain. Somewhere in your organization, someone is feeling pain
because they aren't getting the answers they want to one of the
questions above.

I'm using these quotes only to show you the silliness of falling in
love with web design belief systems. Unfortunately, while this
attitude will may get you business, it is still Mistake #1 -- the
organization is trying to solve its problems rather than the
customers' problems.

There seems to be a cargo cult belief that if we use Web Standards,
usability, and tableless CSS, our web sites will make money, we'll be
famous (or at least cool), and 0ur sites will look great. It isn't
that easy. My home page uses web standards and it's no monument to
great design.
4. Using design elements that get in the way of your visitors.

Would you do this?

You sell an expensive product or you're a fundraiser getting ready to
make the ask for a large sum of money.

You walk into a potential client's office, introduce yourself, and
place an information packet in front of the client.

As you start to make your big presentation, the client reaches into
the packet, extracts the contract/pledge form you hope he'll sign and
grabs a pen.

As the client starts to sign the lucrative, long-term contract/pledge,
you reach over across the table, grab the client by the throat, and
yell "Not so fast, a**h***, I haven't finished my presentation!!!"

You wouldn't do that, would you? Then why are you using design
techniques that keep the visitor from getting to the sale? They're the
web equivalent of grabbing someone by the throat. The golden rule of
doing business on the Web is "Don't do anything that gets in the way
of the sale."

Some of the many techniques that get in the way: splash pages,
FlashSplash pages, animations, lack of focal point on the page, too
much text, too many pictures, etc. See any of my books for more

Another way design gets in the way is when you confuse web design with
sex. I covered this topic in Chapter Four in my book "Son of Web Pages
That Suck" and in my article "Don't Confuse Web Design With Sex."

When people arrive at your site it's because they've made a
commitment. They've clicked a link or an ad and now they are at your
site so foreplay isn't necessary. Let them in your site.

On the other hand, foreplay is necessary when you buy ads on other
sites. This is when you have to seduce people to come to your site.

5. Navigational failure.

All web navigation must answer:

Where am I?
Where have I been?
Where can I go next
Where's the Home Page
Where's the Home Home Page

Navigation must be simple and consistent.

Common mistakes include different types of navigation on the same
site, a link to the current page on the current page (home page link
on home page), poorly worded links so the visitor doesn't know where
he'll go if he clicks, no links back to the home page, confusing links
to the home page (Seth Godin is a good example), etc.

There are probably 10 million ways to screw up navigation.

6. Using Mystery Meat Navigation.

Note: I have a whole section on this topic and lots of live examples
of organizations who make this stupid mistake.

While there are 10 million ways to screw up your navigation, the best
way is to use Mystery Meat Navigation (MMN). Here's the definition,
right out of Chapter Eight of "Son of Web Pages That Suck":

Mystery Meat Navigation occurs when, in order to find specific pages
in a site, the user must mouse over unmarked navigational "buttons" --
graphics that are usually blank or don't describe their function.
JavaScript code then reveals what the real purpose of the button is
and where it leads.

There are certain sites that are allowed to use MMN: music, band,
movie, art, experimental, fashion -- sites where making an impression
or being cool is mandatory. It's OK because nobody really cares about
these sites and their purpose isn't really about making money.

Another exception is what I would call "cult sites" -- sites that are
so popular with a specific group that their audience automatically
commits the icons to memory. Slashdot immediately comes to mind.

The problem with MMN is it influences designers and companies who
aren't smart enough to realize they're not in the music, art, movie,
or fashion business. When a manufacturing company starts using MMN,
you know the apocalypse can't be too far behind. Here's a university
that uses MMN for evil purposes.

Go to Part Two -->

Copyright (c) 1996-2005 Flanders Enterprises

Note: This Group is not a Job Searching Group, so please co-operate
and dont transfer any kind of job related material across this
Group.AnyOne doing so can be banned from the Group
Thanx , Group Co-Ordinators

Yahoo! Groups Sponsor

Yahoo! Groups Links
To visit your group on the web, go to:

To unsubscribe from this group, send an email to:

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.


[itsdifferent] Quick and easy SSL in OC4J Standalone

Most easiest way to implement SSL & most powerful documentation:

Technology Corner
Quick and easy SSL in OC4J Standalone
Filed under:
Java & (10g)AS
KC Web/Java— Leon van Tegelen @ 11:59 pm See Post Report

During development it is sometimes necessary to able to run your
webapplication under SSL. To obtain a test certificate from verisign
can sometimes take a little too much time and effort. Especially when
there is a bug waiting to be fixed.

This post describes an easy way to create a certificate yourself using
SUN's keytool and configure OC4J to use it. It originates almost one
to one from the Oracle Application Server Containers for J2ee Stand
Alone User's Guide (how about that for a title).

I assume that you have at least JDK 1.3 installed and setup correctly.
Make sure that the you set the PATH to include the JDK's bin

Create a certificate

Open a command prompt and change directory to the config directory of
your OC4J instance
type the following: keytool -genkey -keyalg "RSA" -keystore sslfile
-storepass simanoel -validity 365


keystore option sets the filename where the keys are stored
storepass option sets the password for the keystore
validity sets the number of days the certificate is valid

The keytool will prompt several questions to you. Just answer these as
you please.
The new keystore file ( sslfile in my case ) is created in the current
directory (config in this case)

2 .
Setting up OC4J

If you don't already have a secure-web-site.xml file in your OC4J
config directory, create one by copying the existing http-
web-site.xml and renaming the copy to secure-web-site.xml

Edit secure-web-site.xml

add secure="true" to the website element
add the following line inside the web-site element use the keystore
name and password you used when creatiung the certificate
te port number, to use an available port. The default for SSL is
normally 443, but you have to be a super user to use it, I therefore
used (4443)
Save the changes
It should look something like this

edit server.xml
Uncomment or add the following line
Save the changes

it will something like:

Restart OC4J. Now OC4J will listen for both SSL request (port 4443)
and non-SSL requests (port 8888). In my case the urls would be


You can switch either of them off by removing the corresponding entry
in server.xml

1 Comment »

The URI to TrackBack this entry is:

You may not know where Bulgaria is, but you sure helped a guy form
there (namely me ;->) with your OC4J+SSL howto. Thank you very much.

Comment by al_shopov — 12/1/2005 @ 3:13 pm

RSS feed for comments on this post.
Leave a comment

Line and paragraph breaks automatic, e-mail address never displayed,
HTML allowed: title="">

Name (required)

E-mail (required)


Your Comment

The Amis technology corner comprises Amis' activities, sources, tools,
articles and presentations on ICT subjects our technical experts are
dealing with on a daily basis.
Devel. + PL/SQL tools
Java & (10g)AS
Data Warehousing & BI
KC Web/Java
KC Designer/Forms

February 2005
« Jan
Sortable archives

Recent posts:
*Lots of little interesting notes on Oracle 9i & 10g - database
design, DBA, architecture, performance etc. from the Tom Kyte seminar
*Model driven Design of ETL functions
*Discussion on The Server Side: Comparing Microsoft Yukon (SQL Server
2005, Beta release) with Oracle 10g
*Tom Kyte part II. Using what we have learned
*Default Display Value - ADF JHeadstart icing on the cake
*Struts best practices - white paper on JavaWorld
*Pie Charts in SQL - how pathetic can you get?
*Tom Kyte about Things we "know"
*AskTom Live with Tom Kyte! - day three
*Stored Java to run an OS command, copy a file and get a directory
listing in Oracle
Recent comments:
dell: I was able to fix...
dell: Its giving me exception at...
Alfredo: Yes, this is very good...
Lucas: Today I heard that John...
Lucas: Leon, Thanks a lot. That...
Aino: Cool and nerdy. This calls...
Lucas: Have you seen and appreciated...
Leon van Tegelen: The actual way to do...
andrew: Wow! That beats the ol'...
Jasper: Matthew: without lowering ourselfs to...
Andrej Koelewijn
Brian Duff (Oracle Jdeveloper, SCM etc.)
Chris Schalk (Oracle JDeveloper)
Craig McClanahan's Weblog
Debu Panda (Oracle, J2EE)
Duncan Mills (Oracle, ADF, WebForms)
Jonas Jacobi (Oracle, ADF UIX, JSF)
Mark Rittman
Rob Clevenger (Oracle, JDeveloper)
Steve Muench (Dive into BC4J and ADF)
Sung Im (BC4J Helper)
Eclipse Plugin Central
JSF Central
Spring Framework
The Dev Shed
Oracle docs
DBDomain - Oracle Training Experts
DevX Get Oracle Help
Oracle FAQ
Oracle users' co-op FAQ
Oracle7 Troubleshooting
Other Blogs:


Browser Pie
Last 30 Posts
Last 50 Days reads
Site specific info
Stats in SVG
Top 30 Posts
RSS 2.0
Comments RSS 2.0

Powered by

Note: This Group is not a Job Searching Group, so please co-operate
and dont transfer any kind of job related material across this
Group.AnyOne doing so can be banned from the Group
Thanx , Group Co-Ordinators

Yahoo! Groups Links
To visit your group on the web, go to:

To unsubscribe from this group, send an email to:

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.


[itsdifferent] Developing ASP.NET Server Controls

Hi different from all,

its Me,

There is no such thing as failure. Failure is only success delayed.
Het Waghela
Sr. Analyst Programmer Gateway Technolabs Pvt Ltd
8th Floor, Corporate House,
Judges Bungalow Rd, Bodakdev,
Ahmedabad - 380054. INDIA.
mobile: 09426240240
Add me to your address book...Want a signature like this?

Note: This Group is not a Job Searching Group, so please co-operate
and dont transfer any kind of job related material across this
Group.AnyOne doing so can be banned from the Group
Thanx , Group Co-Ordinators

Yahoo! Groups Links
To visit your group on the web, go to:

To unsubscribe from this group, send an email to:

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.


[itsdifferent] Robots hit stride with human walk!

Robots that walk like humans - that familiar staple of science fiction
films - have been developed for real by scientists in the US and

Honda's Asimo was the most advanced robot until nowThree bipedal
designs, each built by a different research group, use the same
principle to achieve their human-like gait. One even adapts its stride
to changing terrain.

Long considered a holy grail of robotics, getting machines to walk
like people has proven notoriously difficult to achieve.

Details were announced on Thursday at the American Association for the
Advancement of Science annual meeting in Washington DC.

Though machines like those in the film I, Robot are still a long way
off, robots using this method of walking could have uses in dangerous
space missions or in cleaning up nuclear and toxic waste.

The work could transform the way humanoid robots are built and brings
the prospect of robotic replacement limbs a step closer.

In other humanoid walking robots, such as Honda's Asimo, motors
control much of the movement.

The new machines have less control over their movement and use up less
energy than "mainstream" robots, yet they walk in a more human-like


Two of the machines, developed at Cornell University in the US and
Delft University in Holland respectively, are built in a very similar

But while the Cornell robot is powered by batteries in its arms, the
Delft robot uses gas canisters in an attempt to mimic human muscles.
It has an empty bucket for a head, to emphasise that it uses no

The third robot, developed at the Massachusetts Institute of
Technology (MIT), has been nicknamed the Toddler on account of its
walking style. It uses neural networks to learn - adapting its
movement according to the terrain it is on.

It is about 43cm tall, weighs 2.8kg and has curved feet that look like clogs.

"For the first time, we've demonstrated a robot that learns how to
walk without anything in its control system that tells it how to,"
said Russ Tendrake of the cognitive and brain sciences department at

"It learns how to walk in about 20 minutes from a blank slate and
adjusts itself with every step."

The Toddler transfers its weight from one foot to the other until it
gains enough energy to start walking forward. It can start, stop,
steer and walk backwards.

The research could have much to tell us about the way humans walk: it
suggests passive dynamic movement plays a key role in human


There is no such thing as failure. Failure is only success delayed.
Het Waghela
Sr. Analyst Programmer Gateway Technolabs Pvt Ltd
8th Floor, Corporate House,
Judges Bungalow Rd, Bodakdev,
Ahmedabad - 380054. INDIA.
mobile: 09426240240
Add me to your address book...Want a signature like this?

Note: This Group is not a Job Searching Group, so please co-operate
and dont transfer any kind of job related material across this
Group.AnyOne doing so can be banned from the Group
Thanx , Group Co-Ordinators

Yahoo! Groups Links
To visit your group on the web, go to:

To unsubscribe from this group, send an email to:

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.


[itsdifferent] Understanding Struts Framework

The colossal progress made by technology in recent years and the
ever-increasing demands of the modern day, has turned the web
application development into a complex procedure. This process, which
was once an easy affair, is never the same now. Let us see the role
played by Struts Framework in web application development

This article is aimed at giving you a good understanding of Struts
framework. Struts is an open source framework useful in building the
web application with Java servlet and Java Server Pages Technology
(JSP). It is based on the Model-View-Controller design paradigm.

Before we start building the application, we need to download and
install Struts. It can be freely downloaded from I downlo-aded the struts version -
1.0.2 from -
Now, you can find the same on the Developer IQ CD 1 of this edition.
The easiest way to install is to copy the war files in the webapps
directory of the servlet container. If you are using the TOMCAT, then
place the war-file in the webapps directory and don't forget to
restart the server. And check the installation with this URL:
As per Model-View-Controller design pattern (Fig 1), Struts have three
major components: A Servlet controller that is provided by Struts
itself, JSP pages (the "View"), and the application's business logic
(or the "MODEL"). A collection of tag libraries used in your

Fig 1

Struts have been designed to give you modularity and loose couplings
in your application. Any reuse of framework is a bit difficult to
implement and it complicates the application. Therefore, it is better
to implement this framework for complicated applications where modular
approach is beneficial. I am taking one simple application, as you can
see in the following picture. This html form (Fig 2) contains
well-known controls. When we submit this page, it will again display
whatever we entered in the form, without loosing any data.

Fig 2

Directories and File Structure
The easiest way to start building the application is using the
"struts-blank" and copying it in webapps directory with different
name, say firstApp.
As you can see (Fig 3) the directory structure of my firstApp, this
image is captured by GIMP.

Fig 3

Now, let us see the files and directories in a Struts application.
1. MET-INF Directory contains the meta information used by utilities etc.
2. WEB-INF/classes is the directory where you place your java
application classes.
3. WEB-INF/*.tld. The struts tag libraries.
4. WEB-INF/classes/
In this file you can define your error messages and the messages of
application (fixed texts).
5. WEB-INF/lib/struts.jar. This file contains the servlet, taglib code
and helper classes etc.
6. WEB-INF/struts-config.xml Struts configuration file.
7. WEB-INF/web.xml is the usual file of the servlet container.
8. Index.jsp or any html file can be put in the root of the
application directory. In fig-3 you can see the submit.jsp.

The Web.xml file (Code 1)

Code 1

PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"













The web.xml file contains the standard stuff required to define the
whereabouts of the servlets i.e. action servlet, the definitions of
struts tag libraries and the URL mapping for the calls to this
servlet. As you will see, the servlet will be called if our browser
requests a file called *.do. So, when we submit the form in the action
we will use "". How does the controller servlet learn about
the mappings you want? We will see in the next section. Until now, we
have seen the directory structure of struts and the sample web.xml
file copied from the struts-blank sample application. Now, let us walk
step-by-step creating our sample application.

Building Model Components
In our example, we will create simple JavaBean (ref code-1), which
will have just get and set methods. Depending upon the application
business, logic beans might be a simple JavaBean or javabean that
access a database using JDBC calls. For bigger applications, these
beans often will be stateful or stateless Enterprise JavaBeans (EJBs),
instead. In a web application, JavaBeans can be stored in a number of
different collections of attributes. The scope and lifetime as per the
JSP specification is defined with the following terms.
1. page - Beans that are visible within a single JSP page, for the
lifetime of the current request.
2. request - Beans that are visible within a single JSP page, as well
as to any page or servlet that is included in this page, or forwarded
to by this page. (Request attributes)
3. session - Beans that are visible to all JSP pages and servlets that
participate in a particular user session, across one or more requests.
(Session attributes)
4. application - Beans that are visible to all JSP pages and servlets
that are part of a web application. (Servlet context attributes)

(Code 2) (

Code 2

package test;
public class SubmitBean {
private String lastName = "Manoj";
public String getLastName(){
return this.lastName;
public void setLastName(String lastName){
private String address = null;
public String getAddress() {
return this.address;
public void setAddress(String address){
private String married = null;
public String getMarried(){
return this.married;
public void setMarried(String married){
this.married = married;

private String sex=null;
public String getSex(){
public void setSex(String sex){;
private String age=null;
public String getAge(){
return this.age;

public void setAge(String age){

Building View Components
It is generally created using the Java Server pages (JSP) technology.
Most web developers have created forms using standard capabilities of
HTML, now let us develop our sample application form using the struts.
It is based on the Custom Tag Library facility of JSP 1.1.
A complete example of a submit form: (Code 3) submit.jsp

Code 3

<%@ page import="test.*" %>
<%@ page language="java" %>
<%@ taglib uri="/WEB-INF/struts-bean.tld" prefix="bean" %>
<%@ taglib uri="/WEB-INF/struts-html.tld" prefix="html" %>
<%@ taglib uri="/WEB-INF/struts-logic.tld" prefix="logic" %>

Submit example

Example submit page


sex: Male



If you have developed custom tags in JSP, then understanding the above
code is very easy. The taglib directive tells the JSP compiler where
to look for the tag library descriptor of struts tag library. We are
using prefix "html" that identifies tags from the struts-html library.
The next step is to create the ActionForm bean: (Code 4)

Code 4
package test;
import javax.servlet.http.HttpServletRequest;
import org.apache.struts.action.*;
public class SubmitForm extends ActionForm{
protected SubmitBean sb = new SubmitBean();
public void setSb(SubmitBean sb){;
public SubmitBean getSb(){
public void reset(ActionMapping mapping,
HttpServletRequest request){ = new SubmitBean();
public ActionErrors validate(ActionMapping mapping,
HttpServletRequest request) {
ActionErrors errors = new ActionErrors();
if (sb.getLastName() == null || sb.getLastName().equals("")){
errors.add("Last Name",new ActionError("error.lastName"));
if (sb.getAddress() == null || sb.getAddress().equals("")){
errors.add("Address",new ActionError("error.address"));
if (sb.getSex() == null || sb.getSex().equals("")){
errors.add("Sex",new ActionError(""));
if (sb.getAge() == null || sb.getAge().equals("")){
errors.add("Age",new ActionError("error.age"));
return errors;

In the above code, the program can be divided into two parts, one is
validation and other part is accessing the JavaBean. You could have
easily let extend ActionForm, but we import classes
from the struts framework. It means our model is depended on it. So I
developed separate bean, if you look carefully at the code of
submit.jsp, I used "sb.lastName" instead of lastName. This is because
we have getter and setter for the instance variable 'sb' in Struts offers an additional facility to validate the
input fields it has received. To use this feature override the
validate method:
public ActionErrors validate(ActionMapping mapping,
HttpServletRequest request)
The validate() method is called by Controller servlet after the bean
properties have been populated, but before the corresponding action
class's, perform() method is invoked. In the example, we checked
whether the value entered in the form fields is null or not as you can
see in code 3. The servlet controller will check whether the returned
ActionErrors object is empty or not. If it is not, then it will return
to the input file i.e. submit.jsp (defined in config file).
The error messages are taken from the
file, it could be defined in the following way (Code 5):

Code 5


Validation error


    Enter ur Last Name
      Enter ur address
        Enter ur sex
          Enter ur age

          In JSP page, we use these error messages using the struts tag

          Building Controller Components
          Until now we have constructed the Model and View components of our
          sample application. Now let us focus on Controller components. Struts
          includes a servlet that implements the primary function of mapping a
          request URI to an action class.
          Let us see our implementation of Action class

          (CODE 6)

          CODE 6

          package test;
          import javax.servlet.http.*;
          import org.apache.struts.action.*;

          public final class SubmitAction extends Action {

          public ActionForward perform(ActionMapping mapping,ActionForm form,
          HttpServletRequest request, HttpServletResponse response)
          SubmitForm f = (SubmitForm)form;
          String lastName =;
          System.out.println("Start p1erform(" + form + ") . . ." );
          return mapping.findForward("success");

          The aim of Action class is to process a request via its perform()
          method and return an ActionForward object that identifies where the
          control should be forwarded (e.g. JSP), in our case it is the same JSP
          page. Also, it has shown how to access the lastName value and how you
          may store data for use by another component, in our case it is the
          submit.jsp file. How does the controller servlet learn about the
          mapping? We have to create xml file by the name of struts-config.xml
          and place it in the WEB-INF directory, the xml file is as shown in
          Code 7.

          Code 7

          "-//Apache Software Foundation//DTD Struts Configuration 1.0//EN"




          Using Logic
          Add the following tags in our submit.jsp file and see what happens, it
          is self explanatory (Code 8):

          Code 8




          While compiling the ActionForm and Action classes, do not forget to
          include the classpath of the "struts.jar".

          Note: This Group is not a Job Searching Group, so please co-operate
          and dont transfer any kind of job related material across this
          Group.AnyOne doing so can be banned from the Group
          Thanx , Group Co-Ordinators

          Yahoo! Groups Sponsor

          Get unlimited calls to


          Yahoo! Groups Links
          To visit your group on the web, go to:

          To unsubscribe from this group, send an email to:

          Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.



[itsdifferent] Generating Dynamic Graphics using ASP.NET


Questioning the real need for dynamic graphics the author explores the real
world of HTTP. Imaging and typography, the exclusive features of the
internet are attributed to ASP.NET.

If you have been developing dynamic content driven websites for a
while, you would agree that ASP.NET has caused a paradigm shift to
web-development, which is of same magnitude that was brought about by
Visual Basic to the RAD world. The stateless world of HTTP now
supports sophistication that is akin to the rich, thick-client centric
applications. Collecting data from users, using web-based forms,
validating user's inputs, displaying dynamic data to the users are all
regular tasks that have become simpler to program and richer in
functionality. One of the chores that is not very often performed, but
has undergone significant changes is generation of dynamic graphics.
Web-applications typically use pre-rendered images (the ubiquitous
tag), for displaying graphical data to the user. So, where does
the need for dynamic graphics come into picture? While there are
several places where such functionality would be required, let me, for
the purpose of this article, just focus on two of them.

I am sure you would have seen plethora of websites on the Internet
that allow users to send e-greeting cards. Typically, you select an
image for your card, fill in the details required for customization of
your e-card (sender's name, your message, etc.) and hit the send
button. Most often, the resulting e-card is a two-celled table, with
the image on left and your text on right. What if you wanted to change
the functionality a little, such that, the text or the sender's name
is overlaid on top of the image itself instead of using HTML artifice…
In old PERL world there used to be a module called "GD" which would
allow you to manipulate images at runtime. In classic ASP, there was
no 'out of the box solution'. ASP.NET changes that Dot Net has an
elaborate set of classes that allows you to tap into the rich GDI+
functionality of Windows.
So what is GDI+? Well, to borrow from the documentation, "GDI+ is the
portion of Windows, that provides two dimensional vector graphics,
imaging and typography". It allows the programmer to display
information on a screen or printer without being concerned about the
details of a particular display device. It's a comprehensive API that
gives you access to functions that allow you to easily draw graphic
primitives like lines, arcs, rectangles, ellipses; manipulate existing
images etc. GDI+ also introduces a lot of features that were earlier
considered domain of high-end graphical packages or they had to be
implemented by hand (which usually meant lots of additional code),
like gradient brushes, alpha blending etc.

The GDI+ managed classes of the Dot Net Framework allow you to access
the GDI+ APIs in a consistent, coherent manner and are available to
you both in the Windows Forms application as well as in ASP.NET web
application. To use these classes, you need to include, depending on
the operations you want to perform some or all of the System.Drawing,
System.Drawing.Drawing2D, System.Drawing.Imaging and
System.Drawing.Text namespaces.
Let's first look at how we'll tackle our e-card application. Our core
task starts once the user has selected a picture for his or her
e-card. We open the image that the user chose, draw a semi-transparent
filled white rectangle superimposed on top of it, and finally render
the user's message in that rectangle. Assuming the image is in the
images folder under your web application's directory, here is the code
that manipulates the image at runtime. (Code 1)

Code 1

<%@ Page language="C#" ContentType="image/jpeg"%>
<%@ Import Namespace="System.Drawing" %>
<%@ Import Namespace="System.Drawing.Imaging" %>
<%@ Import Namespace="System.IO" %>

And this is what the output looks like in Fig 3.

Fig 3

Unlike the previous example, we do not have an image to start with. So
we first create a 300 x 300 bitmap that would give us our rendering
surface. We also set the SmoothingMode property of the Graphics object
to use anti-aliasing and fill the entire area with solid white color.
Again, this example assumes that you already have the values that you
plotted in the pie chart. To keep things simple, we hard-code the 4
values that we will be plotting. Here onwards, it's pretty much the
standard pie-chart drawing algorithm. You first calculate the total of
all values to be plotted so that you can find out the relative angle
that each value will occupy in the pie chart. We then loop through the
array of values, calculate its corresponding angle, and call FillPie
method of the Graphics class to plot it. The color of the brush used
to fill each slice is computed randomly so that each slice appears
distinct. You can also use a pre-defined array of colors if you want
the results to be a little more predictable (the method used here will
give you a pie-chart of different colors each time). Finally we note
that we output our image in PNG format and therefore cannot directly
write to the OutputStream of Response because certain graphic formats
require stream that can be queried and the current position within a
stream can be moved backwards and forwards. So we first output our
graphic to a MemoryStream and then simply dump it to the OutputStream.

So as you can see, ASP.NET makes it a snap to do any kind of graphical
manipulation at runtime!

Note: This Group is not a Job Searching Group, so please co-operate
and dont transfer any kind of job related material across this
Group.AnyOne doing so can be banned from the Group
Thanx , Group Co-Ordinators

Yahoo! Groups Sponsor

Get unlimited calls to


Yahoo! Groups Links
To visit your group on the web, go to:

To unsubscribe from this group, send an email to:

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.


[itsdifferent] Elements of J2EE

The matter of prime concern is the application architecture, which is
to be evolved and is easily integrable with other applications in the
enterprise. The risks involved in the architecture are identified by
SAAM or ATAM at different phases of the iterative project lifecycle.

J2EE gives flexibility to the developer and designer to use it for
different business needs. There is a chance for the architect to miss
the big picture while taking care of the low level details. This is an
attempt to formalize the architecting process where the architect
constantly evaluates his architecture for important architectural
attributes of the system like scalability, performance, usability etc.

Architecting Process Methodology Selection
Architecting Process Toolkit
Architect Corner ( has this artifact,
which has one view of different architecting processes and brief
introduction on relevance of usage and how it can be used. Enterprise
architecting differs from solution architecting and solution
architecting differs from application architecting. The choice of
methodology depends on the architecting process being applied. In any
process, technology, data application and business, architectural
views are created.

Formal Architectural Verification
SAAM and ATAM are the methods suggested to evaluate Architecture.

Application Architecture
Given that data, technology and business architectures are defined,
the challenge is in coming up with application architecture, which is
easily integrable with other applications in the enterprise.
The following steps are the inverse of ATAM and SAAM techniques in
getting the right architecture:
Looking at all use cases and grouping them into different functional modules.
Among the groups, identifying CRUD use cases and complex use cases.
Non-functional requirements of the system (concurrent users,
transaction rate, total number of users etc.).
Reusability, Portability, Scalability, Usability and Extensibility
requirements are the drivers for n-tier layered J2EE architecture.
System sizing templates help in identifying the hardware; the draft
deployment diagram comes with different nodes for web server,
application server, database, LDAP server and other external
Connecting the nodes in the diagram will pop up questions related to
communication/protocol/network bandwidth/firewall (DMZ/MZ).
Different functional groups of use cases with marking of CRUD/Complex
will drive the business services.
Logging, Error/Exception Handling, External Interface Integration and
other features drive the technology services.
Business Entities, Processes and Events are identified in each
functional group. The functional façade (session bean) has the
processes captured. Entities are modeled as Entity beans. Business
rules/logic, specific to an entity, go in as a business method in an
entity bean. Business rules, which involve multiple entities, are
handled at session façade method/level, where façade method hands over
DTO or a collection/hash map of DTOs.
Business events are handled using JMS\MOM. MDBs are used if the events
are triggered by business rules involving Entity\Entities. External
system event triggers are handled through messages messaging. Cron
type processes or third party scheduler handles batch jobs scheduling
events (Timer will be the answer for J2EE 1.4).
Web layer typically has a MVC framework like Struts, JATO, XSLT/XML, etc.
The requirements in the web layer are governed by user navigation,
workflow, user interface input validation, handling complex user
interface interaction, validation framework, default values, user
error messages mapping to system error messages.
Personalization, User State Management, Session Tracking and
Application State Management drives the web layer framework design.
Thick clients are driven by usability requirements and Swing is used
instead of a browser. Swing provides separation of view and model in
most of the reusable components in the API. The client side manager
will be the controller to manage the state. The data is obtained from
the Business Delegate, which invokes the EJB Service Facades.
Mobile Client requirements drive the usage of J2ME.
Multiple Client side requirements can be satisfied by Servlet, XSL/XML
framework which takes the agent type from the request and
appropriately picks up the style sheets and the pagination

Architectural Evaluation
In the project lifecycle, SAAM or ATAM is used to identify the risks
and the goodness of the architecture. In both these methods, a set of
critical use cases is checked for the architectural attributes.

Designing Business/Technology Services
Biz/Tech. Service requirements are the most important criteria for
design. But the architectural attributes in the system should be used
as a checklist while designing them. Architectural concerns like
Usability, Scalability, etc., are addressed using J2EE Design
Guidelines and Design Patterns. A J2EE blueprint is a good place to
check for similar situations or architectural requirements.

Developing Business/Technology Services
While developing Biz/Tech. Services, not only the design and
architectural guidelines are to be followed but also programming best
practices. Best practices for performance, scalability, and
extensibility need to be considered during, Code reviews.

Handling Changing Business Rules and Business Logic
During the project lifecycle or after, the new or changed requirements
demand change in business rules/logic in a business process. The usage
of rules engine makes the clean separation. Rules engine repository
can be accessed by the Process Façade and evaluated for business
events and logic.
The other way is to use a policy pattern to model varying business
rules and logic associated with a business process. The business
services provide the placeholders for passing specific policies to
handle a business process.

External Systems Integration
Decisions specific to external systems integration like JNI, SOAP (Web
Services) etc. should be evaluated against the architectural concerns.
Enterprise Architecting process helps in looking at enterprise level
business/data-tech. architecture. In a heterogeneous technology
platform, the architectural guidelines and standards need to be
addressed and they need to be in sync with the tech. vision of the

Enterprise Architecture Guidelines
While architecting an application, the following enterprise
architectural concerns are important to be considered:
Enterprise Reporting
Enterprise Identity Management
Enterprise Content Management
Enterprise Document Management
Enterprise Data Management

"Think at Enterprise Level, Act at Application Level"
Most of the architecting methodologies have the similar message. Due
to "Time to Market" and budgetary considerations local decisions are
taken to optimize on goals like time and cost. Architect can add a
great value in providing the visibility to the enterprise and save
future costs in constant refactoring of the architecture or living up
with a stove piped architecture.

Architect Corner (
Precise Java (
J2EE Blueprints (

Note: This Group is not a Job Searching Group, so please co-operate
and dont transfer any kind of job related material across this
Group.AnyOne doing so can be banned from the Group
Thanx , Group Co-Ordinators

Yahoo! Groups Sponsor

Get unlimited calls to


Yahoo! Groups Links
To visit your group on the web, go to:

To unsubscribe from this group, send an email to:

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.


[itsdifferent] 17 Tips for a Secure IIS Server

In the recent past, there have been several complaints about security
issues concerning Microsoft's IIS Server from Webmasters as well as
from large corporate users. However, according to system integrators
providing solutions based on Microsoft products, better practices in
configuring and maintaining the IIS Server can keep many such security
bugs away.Here, we list some of those recommended practices.

1. Migrate to Win2000
We are not trying to sell a MS product here! But if you need to run
IIS, then plan it on Windows 2000 rather than on Windows NT. For one
thing, we expect that the Microsoft development team would have
naturally become wiser as they moved from NT to Win2000. Many of the
Win2000 system-wide settings are configurable through the provided
security template (hisecweb.inf); there is no need to manually
configure Registry settings. The file is down-loadable from the
Microsoft security site. Some of the less-secure default settings in
WinNT 4 and IIS 4 are disabled by default in Win2000 and IIS 5.

2.Deploy hisecweb.inf Security Template
Microsoft Developer Network prescribes a security template, named
hisecweb.inf as a baseline applicable to most secure Web sites. The
template configures basic Win2000 system-wide policy. hisecweb.inf can
be downloaded from:

3. Configure IPSec Policy
You should seriously consider setting up an Internet Protocol Security
(IPSec) packet-filtering policy on every Web server. This policy
provides an extra level of security if your firewalls are breached.
Multiple levels of security technology are often considered a good
practice. In general, you should block all TCP/IP protocols other than
those you explicitly want to support and the ports you want to open.
You can use the IPSec administration tool or the IPSecPol command line
tool to deploy IPSec policy.

4. Remove RDS Registry Keys
The most common attack against an IIS server exploits Remote Data
Services (RDS).
RDS is vulnerable because it allows a conduit to Open Database
Connectivity (ODBC)
functionality that would permit DOS commands to be run as System on
the server. Through this, a malicious hacker can remotely gain access
to an IIS server.This attack persists as a threat three years after
its discovery because it can't be corrected by a patch or service
pack. Instead, you have to delete certain Registry keys.To resolve the
problems associated with RDS, remove the following Registry keys and
any sub-keys:

•HKEY_LOCAL_MACHINE\SYSTEM\Current ControlSet\ServicesW3SVC\Parameters\ADCLaunch\RDSServer.DataFactory
•HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\W3SVCParameters\ADCLaunch\AdvancedDataFactory

5. Don't Let Hackers Access DOS
The second most common method of attacking an IIS server is by causing
the underlying OS to execute a command of the attacker's choice. To do
this, the attacker must invoke a DOS shell, calling CMD.EXE on
WinNT/2000. Many of the known IIS vulnerabilities allow a URL to be
constructed that ultimately causes CMD.EXE to be invoked on the
server. The attacker then appends DOS commands, such as ECHO, to the
command-line parameter for CMD.EXE. The result is equivalent to
starting a DOS batch file.

Using this method, an attacker can invoke FTP, with instructions, in a
command shell on the server. The attacker opens an outbound FTP
connection to a server of his choosing and downloads a file or files
that he wants to use (such as programs that give him a remote console
on your server). The attacker then sends another URL to your server to
call the programs he just downloaded, and leaves.

Many of us have grown up using the DOS command shell and like to have
it available on our servers for administration. Unfortunately, it can
be exploited.On NT 4.0 systems, CMD.EXE can be deleted, renamed or
moved to another directory. Also, remove the COMSPEC environment
variable, since it points directly to the location of CMD.EXE. If you
renamed or moved CMD.EXE, you don't want to re-point COMSPEC, which
would help an attacker. If you delete CMD.EXE, COMSPEC has nothing to
point to.
On Windows 2000 systems, removing CMD.EXE is a little more difficult
because of Windows File Protection (WFP). CMD.EXE will automatically
be replaced by WFP if you delete, rename or move it. Hopefully, by
moving to Windows XP, this problem will be resolved.

6. Secure ODBC Operation
ODBC is the most-used method for accessing databases on a Windows
system. Unfortunately, ODBC inherently allows for DOS commands to be
embedded in ODBC calls. Several vulnerabilities have arisen that
demonstrate how DOS commands could be chained together in ODBC
queries, resulting in the invocation of CMD.EXE. Microsoft provides a
mechanism to prevent ODBC calls from invoking DOS commands.
Look in your Registry for the following key:
Under that key, you'll usually find a sub-key, 3.5 or 4.0, and under
that key another sub-key, Engines.
Check for a DWORD value called SandboxMode and make sure its value is 3:
•HKEY_LOCAL_MACHINE\Software\Microsoft\Jet\3.5\engines\SandboxMode = 3
•HKEY_LOCAL_MACHINE\Software\Microsoft\Jet\4.0\engines\SandboxMode = 3

7. Remove Dangerous Extension Mappings
Numerous vulnerabilities have been found in how IIS handles specific
Web-page extensions. For example, .HTR was intended to provide a
helper application that allowed Web visitors to change their
passwords. This added functionality introduces a vulnerability that an
attacker might exploit. Other extensions had other purposes at various
times in IIS' evolution, but now are no longer (or rarely) used.
Out of the box, IIS supports a wide variety of page requests.
Extension mapping allows specific types of URLs to be handled by
different programs, such as ISAPI and CGI. For the vast majority of
IIS installations, all that's needed is support for .HTM, which
doesn't require any extension mapping, and .ASP/.ASA, which require
mapping to ASP.DLL.

Extension mapping is part of Internet Services Manager, found by
right-clicking on each virtual Web root. Choose Properties, then Home
Directory, then Configuration. Make a note of all of the mappings and
their verbs (or exclusions on IIS 4.0) for future reference. Check the
ISA server configuration article!

8. Clean Up Your Server Regularly
One of the most commonly overlooked steps when putting an IIS server
into production is removing all of the stuff that might have been
added to aid in development. For example, FrontPage Server Extensions
might have been used by Visual Interdev during the development of the
Web application, or sample files from IIS' default installation might
have proved useful to understanding some new feature.

A production IIS server needs to be as clean as possible, free of
unnecessary files. Vulnerabilities have been uncovered in samples that
IIS ships and installs by default, including one of the three Registry
keys that cause the RDS problem. Two of them were used in normal
operation of RDS, but the third was only present when sample files
were installed. Initially, many people removed the two required keys,
but overlooked the sample key.

Samples aren't intended for a production environment and haven't been
fully debugged. They can give an attacker access into a production
server, even when the production directories have been secured. To
eliminate this vulnerability, remove all unnecessary Web directories,
applications and files from your production machines before putting
them into service.

Some COM components are not required for most applications and should
be removed. Most notably, consider disabling the File System Object
component, but note that this will also remove the Dictionary object.
Be aware that some programs might require components you're disabling.
For example, Site Server 3.0 uses File System Object. The following
command will disable File System Object:
regsvr32 scrrun.dll /u

9. Choose What You Need
A default installation is likely to be insecure. So, rather than doing
a default installation and then looking for a checklist of what to
remove, install only those components that are required for the IIS
server you're working on. Items can always be added later.
An example of why this helps is the recent SMTP problem with Windows
2000 and IIS 5.0. By default, all installations of IIS 5.0 include an
SMTP server, which most Web sites don't need. If the server is part of
a domain, the SMTP server can be made to perform SMTP relaying. SMTP
relaying is the reason most spam exists today.

10. Set Appropriate ACLs On Virtual Directories
Make sure the ACLs on the IIS-generated log files
(%systemroot%\system32\LogFiles) are:
• Administrators (Full Control)
• System (Full Control)
• Everyone (RWC)
This is to help prevent malicious users deleting the files to cover
their tracks. Although this procedure is somewhat
application-dependent, some rules of thumb apply, as described in
Table 1:

Table 1:

File Type

Access Control Lists

CGI (.exe, .dll, .cmd, .pl)

Everyone (X)Administrators (Full Control)System (Full Control)

Script files (.asp)

Everyone (X) Administrators (Full Control) System (Full Control)

Include files (.inc, .shtm, .shtml)

Everyone (X)Administrators (Full Control)System (Full Control)

Static content (.txt, .gif, .jpg, .html)

Everyone (R)Administrators (Full Control)System (Full Control)

11. Re-Partition Key System Files
Most exploit scripts rely on the fact that directories are going to
reside in the root or default partition. However, if you move or
install key system files to partitions other than the default root
drive, published scripts won't work without modifying them to look in
the correct partition. This can help you thwart many attacks. For
example, numerous vulnerabilities have been associated with the
traversal of directories, using the ..\ command. These vulnerabilities
allow attackers to access restricted directories such as \WINNT or
\WINNT\SYSTEM32. Normally, these directories and the sensitive
applications they contain are found in the root partition. By default,
IIS installs itself into the same partition. However, if you instead
tell IIS to install itself into another partition, you reduce this
vulnerability. Directory-traversal attacks cannot work across
partitions, so the attacker won't be able to access \WINNT or
\WINNT\SYSTEM32 in this environment.

12. Limit Permissions
An often overlooked IIS feature is its ability to enforce permissions
on Web visitors. IIS creates anonymous accounts: IUSR_machinename and
IWAM_machinename. IUSR is the account under which all
non-authenticated users access pages. All Web applications (those that
use a global.asa) are started under the IWAM account. These two
accounts are critical on public Web sites.To prevent these accounts
from being exploited, make sure that they have minimal permissions to
files that should not be directly accessed.

13. Analyze IIS Logs
Most attacks against Web servers are executed by sending the server a
specially crafted URL, which is often recorded in your logs.Assuming
you log to a flat text file - the IIS default -- do a search for files
that contain CMD.EXE or ECHO. If you've been under attack, either by
an automated tool or an individual attacker, chances are that you'll
find one of those text strings in your logs. Being aware of the
attacks against you is useful in helping determine what you need to do
to prevent exploits. For example, you could ban the attacking IP
addresses from your site (through IIS Manager) or filter them at your
upstream router.

14. Set IP Address/DNS Address Restrictions
This is not a common option to set, but if you want to restrict your
Web sites to certain users, this is one option available to you. Note
that if you enter Domain Name System (DNS) names, IIS has to do a DNS
lookup, which can be time-consuming.

15. Check
and Query String Input in ASP Code
Many sites use input from a user to call other code or build SQL
statements directly. In other words, they're treating the input as
valid, well-formed, non-malicious input. This should not be so; there
are a number of attacks where user input is treated incorrectly as
valid input and the user could gain access to the server or cause
damage. You should always check each input and query string
before passing it on to another process or method call that might use
an external resource such as the file system or a database.

16. Remove iisadmpwd Virtual Directory
This directory allows you to reset WinNT and Win2000 passwords. It's
designed primarily for intranet scenarios and is not installed as part
of IIS 5, but it is not removed when an IIS 4 server is upgraded to
IIS 5. It should be removed if you don't use an intranet or if you
connect the server to the Web. Refer to Microsoft Knowledge Base
article Q184619 for more info about this functionality.

17. Update the MS fixes
You must try to stay current with Microsoft hotfixes and service packs
that Microsoft releases. In August this year, Microsoft released a new
tool called HFNETCHK, which is designed to call Microsoft's Security
site and retrieve an up-to-the-minute XML file that contains
information about all of the hotfixes that your system might need.
It works on both NT 4.0 and Win2000 and covers the OS, IIS, Internet
Explorer and SQL Server.

The tool is an executable that runs on your server. It checks to see
what you've installed, what hotfixes should be applied and whether
they're installed.
You then look at the Microsoft Security Bulletins referenced in the
output, apply the hotfixes and/or service pack as needed, and run the
tool again.

Note: This Group is not a Job Searching Group, so please co-operate
and dont transfer any kind of job related material across this
Group.AnyOne doing so can be banned from the Group
Thanx , Group Co-Ordinators

Yahoo! Groups Sponsor

Get unlimited calls to


Yahoo! Groups Links
To visit your group on the web, go to:

To unsubscribe from this group, send an email to:

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.