Rant G00GLE Rant

I finally think the mighty Google has lost the plot. Earlier this year out of the blue they stopped showing my adwords because they failed to meet “Google’s Software Principle policy” standards. Simply put its because I did not have install / uninstall instructions on my website.

I tried to argue that with my target market being software developers they would know what to do with a java jar file. That there is no such installation process, or at least one that could be documented for every development scenario.

I hit a brick wall and they refused to allow my ads until I had made changes, so I parked the ads. Why was I paying for adwords anyway when I had a page one ranking for my target keywords?

Anyway, with the launch of a new product I decided it was time to update the site and go through the hoops since we are targeting new keywords. Great they said, thank you for updating the site, but you now need to fill out this form https://support.google.com/adwordspolicy/contact/advertise_software_pol since your distributing free software. It may take 1-2 weeks to complete this.

Need I say anymore? Get a grip Google, your size is starting to make you immovable and frankly I think I might have better success targeting users through Twitter.

Quick and easy setup of a VirtualBox server

In my ever growing home office network I’m always in need of more virtual machines for testing new products. This is why I use DebianVirtualBox and phpVirtualBox to create a quick and easy VirtualBox server.

Here’s a quick rundown to help others set this up quickly.

1. Download a stable version of Debian. Here I am using 7.8.0 Wheezy.

2. Install onto your chosen hardware. During setup simply choose the defaults until you get to set the root password. Make this something secure (obviously!) and then the install asks you to setup a user account. I setup an account named VirtualBox with username ‘vbox’ with password ‘vbox’ (we will use this later).

3. Go through the remaining installation choosing all the defaults until your asked to choose packages. Here you should select just the SSH server, Web server and Standard System utilities. You do not need a Desktop Environment.

4. Reboot the system and login as root. Now some housekeeping, edit the /etc/apt/sources.list and comment out the line that starts with “deb cdrom:” by placing a # at the beginning of the line. This stops the system asking you to put the CD back in anytime you want to install additional software, instead it will be downloaded from the network mirrors.

After saving the file execute:

apt-get update

5. Now we’ll install PHP execute:

apt-get install libapache2-mod-php5 php5

6. Next we’ll install VirtualBox. The latest version available at the time of writing is 4.3.20 so I’m downloading the Debian 64bit version since thats the OS I installed.

wget http://download.virtualbox.org/virtualbox/4.3.20/virtualbox-4.3_4.3.20-96996~Debian~wheezy_amd64.deb

You also should download the extension pack:

wget http://download.virtualbox.org/virtualbox/4.3.20/Oracle_VM_VirtualBox_Extension_Pack-4.3.20-96996.vbox-extpack

Install the deb using

dpkg -i virtualbox-4.3_4.3.20-96996~Debian~wheezy_amd64.deb

You should see a number of errors like

dpkg: dependency problems prevent configuration of virtualbox-4.3:
virtualbox-4.3 depends on libcurl3-gnutls (>= 7.16.2); however:
Package libcurl3-gnutls is not installed.

This is ok, we just fix it using

apt-get -f install

Finally after all that installed, install the VirtualBox extension pack

VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-4.3.20-96996.vbox-extpack

7. Now let’s download phpVirtualBox

wget http://sourceforge.net/projects/phpvirtualbox/files/phpvirtualbox-4.3-2.zip

Move to /var/www and unzip

mv phpvirtualbox-4.3-2.zip /var/www
cd /var/www

Then unzip it

unzip phpvirtualbox-4.3-2.zip

But unzip wasn’t found! So install it

apt-get install unzip

Repeat the unzip operation.

Now let’s create a link

ln -s phpvirtualbox-4.3-2 virtualbox

And setup the config

mv config.php-example config.php

Edit the config and set the password for the vbox user changing the line:

var $password = 'pass';


var $password = 'vbox';

Finally goto /etc/default and create a file called virtualbox and place the following contents into it


And there you have it, all that remains is to start the VirtualBox WebService

service vboxweb-service start

Then connect your browser to http://<host>/virtualbox and enter the default credentials of admin/admin

If you find your only able to create 32 bit virtual machines, its likely that your BIOS has not got virtualization enabled. Reboot and change the BIOS setting to restore 64 bit virtual machines.



Security in Review for 2015

It’s now heading to the end of December and we’re on the way to approaching the last holiday before the start of the new year. As the end of 2014 begins to come to an end, predictions are starting to come in when it comes to what businesses can expect in the upcoming year.

Security is Tops

Security is of course on the minds of every CEO and management team within a company, especially those in IT management. With the data breaches of several companies during the last half of 2014, along with Sony’s second hacking scandal, network security trends are just one of the many lists that experts are putting together. Verizon is just one such company that is predicting that more enterprises and businesses are going to put security on top of their 2015 lists. Network reliability is becoming a bigger target for businesses, thanks in part of the increase of big data, mobility connectivity, and video solutions, it’s important for businesses to prove their scalability and the increase of devices and information that are coming from both their employees and their clients.

Reliability is chief for businesses who are trying to protect themselves from cybercrime – security attacks have been on the rise since 2013, increasing by 48% in 2014. And while businesses do have to worry about outside hacking incidents, it’s actually inside incidents that businesses should be very worried about; hacking incidents that have been perpetrated by current employees have increased by 4% to 35% from 2013, while incidents from former employees have gone up from 27% to 30%.

The problem with this is businesses aren’t keeping up with these trends, as spending for secur ity has actually fallen.

What Businesses Should Look for in 2015

Cyber security and hacking should be the foremost concern for businesses. In light of this year ’s hacking scandals, ending with Sony’s recent issues, cybersecurity is going to take focus in 2015. Arecentstudy by FortiGuard Labs showed that black hat hackers are becoming more sophisticated when it comes to getting into company data. Destructive malware that allows for hackers to infiltrate systems, gather data, and then erase information will be able to help hackers cover their tracks after the deed ha s been done.

Also with the emergence of hacks like Heartbleed and Shellshock, the focus is now on server side vulnerabilities and exploitation, a trend that will continue into 2015 as we become more connected with the Internet of Things.

So what can businesses do to protect themselves and their clients? Firstly, companies need to educate employees when it comes to protecting data, especially in an increasing age of bring your own devices; as mentioned earlier, businesses are often a target due to insider mishaps with employees, such as when they share passwords or don’t use secure passwords for their devices or work. Reports from the Sony hacking showcased that the company had a folder of passwords that was encrypted with the simple phrase of ‘password’, one of the least secure passwords anyone can have on their account. Employees are often unconcerned about security when it comes to their computers or accounts while at work, often irritated or annoyed at the constant changing of passwords to the point where they will just use any password that comes to mind, regardless if it’s secure or not.

Obviously, putting the budget to insure that data security is up to par is another consideration to be aware of. In the case of both Home Depot and Sony, suspicious incidents were not looked into nor were steps taken to increase network security after smaller incidents have occurred. Analysts have stated that in light of these bigger attacks that companies still aren’t doing enough or aren’t doing anything at all to insure information is secure or that data is unable to be retrieved outside of allowed parameters.

As we become more and more connected with the Internet and as businesses merge with personal lives, it’s extremely important that businesses are taking the steps needed to protect the company and their clients’ data.

Pillars of Password Management


Compatibility and Mobility are two key characteristics of an effective Password Management solution. Together, they help build a balanced platform by providing network admins the ability to manage varied networks, while affording their users with the ability to access their accounts whenever, wherever and however they want.

Want to read more? Visit the Nervepoint Technologies Blog to get my fully story.

Identity Theft on the Rise for Businesses and Consumers

The latest news in regards to businesses being hacked, with millions of consumer data being stolen in each case, consumers have made the threat of identity theft their number one concern as we end 2014 and head into 2015. What’s worse, 2014 was the second year in a row in which identity theft has affected millions of Americans losing more than $18 billion dollars because of it.

The threat is enough that even Washington is taking some action against it, with President Obama signing a consumer initiative early in October in order to help consumers deal and fight back against identity theft.

Want to read more? Get my full story on the Nervepoint Technologies Blog.

Counting results with Hibernate Criteria with multiple joins/associations

We struggled to find the answer to a Hibernate question recently. We are using Hibernate Criteria on an entity with multiple associations and showing these results in a table. The query to return the results of a specific page in the table is simple and works great.

Criteria crit = createCriteria(getResourceClass());
crit = crit.createCriteria("roles");
crit = crit.createCriteria("principals");
crit.add(Restrictions.in("id", ids));
return (List) crit.list();

Because multiple roles can be added to the entity with the same principals this would normally cause duplicate results but thankfully the result transformer does its job. The problem came when we tried to get the total number of results as this was displayed also in the table.

The initial attempts to use the rowCount projection failed, we assumed this would work in conjunction with the distinct root entity transformer to return the exact number of rows.

return (Long) crit.uniqueResult();

After some experimentation we discovered the answer. Replace the CriteriaSpecification.DISTINCT_ROOT_ENTITY result transformer with CriteriaSpecification.PROJECTION and use the Projections.countDistinct projection against an entity field, in our case the name field.


This was not straight forward and we failed to find any references to this method online. We hope that this helps others solve the same problem and avoid some head scratching.

Nervepoint Access Manager’s support for Linux

I recently wrote on the Nervepoint Technologies blog about our support for managing Linux users in Nervepoint Access Manager and the benefits it provides for Linux Administrators.


Debugging OpenSAML request and responses.

SAML is a great protocol but can be confusing for any newbie having to develop with it for the first time.

Our team has been building an Identity Provider for the Hypersocket SSO project and one thing we struggled with was debugging SAML request and responses. It turns out a simple logging fix would provide the exact XML in our logs. This will be invaluable when developing and comparing responses with those expected by other systems.


Extracting packaged msi from Installshield Express setup.exe

I use Installshield Express to create some Windows installers. Problem is it does not allow the direct creation of a packaged MSI file. You can get an MSI but its output is a folder structure, the applications files are not packaged within the MSI itself.

Luckily I found this solution on StackTrace

For the lazy you basiclly do this, extact the MSI out of the setup.exe that the SingleImage format generates.

setup.exe /s /x /b"C:FolderInWhichMSIWillBeExtracted" /v"/qn"

Quick and easy hibernate logging

Wow has it been that long. I’ve been busy building the Hypersocket Framework and the many projects based on it now. We’ll get more chatty about those soon but in the meantime I’d like to record my quick and easy way to enable hibernate logging just by using log4j.

# logs the SQL statements
# Some more useful loggings
# Logs SQL statements for id generation
# Logs the JDBC-Parameter which are passed to a query (very verboose)
# Logs cache related activities