VirtualBox now downloadable as "Oracle VM VirtualBox 3.2"

I just opened the Oracle Technology Network (OTN) website today and noticed that VirtualBox now listed on the new download as "Oracle VM VirtualBox 3.2". The link points to Oracle VM download link.

The crowd is still waiting what will happen next with this product as Oracle has already had its own VM before the Sun Microsystems acquisition.

NTLM authentication is no longer supported by Spring Security 3.0.x

I am exploring the way to automatically authenticated on Windows platforms on Spring Security. The older way of doing this is by using the NTLM_FILTER which works with Spring Security 2.0.x.

I just realised that the NTLM filter is no longer supported in Spring Security 3.0.x. The preferred way to do authentication is using the Kerberos.

http://blog.springsource.com/2009/09/28/spring-security-kerberos/

I have stumbled upon this Kerberos authentication has since my freshmen year at university back in 1995. It should then be  I remember when using the yellow page tools on SunOS in SPARCstation  boxes; the ypbind, yppasswd, etc (renamed NIS) are Kerberos based. It's been around for years, yet I haven't had much experience in setting the configuration on the server from scratch.

Now that I have to explore this, it's time to go in depth with this Kerberos stuffs.

The Windows NT which formerly has its own authentication system, that time, began to adopting standards such as LDAP, Kerberos, etc. NTLM -- which stands for NT LAN Manager, hum, sounds very very oldies kind of stuff -- has been superseded by Kerberos based authentication. Windows 2000 started providing Kerberos authentication as an alternative. Of course since the introduction of Kerberos based system, the transition has been slow, suggesting the new user to use Kerberos by default, and only supporting NTLM when they need backward compatibility with old systems (such as Windows 98). Nevertheless there are some people is still using the NTLM on their legacy systems.

The Spring Security team has deprecated the NTLM integration and move to Kerberos based authentication (for Windows systems) instead.

Cost of not testing your solution will propagate and snow ball

Today I've a got a bit of relief at work, as we will have some free time for the next two days.

Today I will settle some things after the house moving. One of them is exchanging bulb. We need to replace 10 bulbs on the old rented house that has been damaged during our 2 years tenancy. The store didn't provide a testing platform for the bulbs, yet they provided one-to-one replacement guarantee. I bought 6 x SL twisted neon bulb, 2 x square-based SL neon bulb, 1 x 32w round TL neon bulb, and 1 spot light. From the 10 replacement bulbs I bought, one of them didn't really worked (defect). The store promised me for replacement when some of them are defect products. "Just don't throw the boxes, they said". Today is Monday, I bought the replacement last  Friday. Because I don't come to office on weekends, I have to postpone visiting the store to reduce cost (while losing time).

Hmm, even though I have one-to-one replacement guarantee, I still have to go down town to the store I bought from, and it's only just for this one bulb! For the replacement of this single bulb I have to go down town to the store near my office on off working day, pay the MRT (train) fare there, waste some time there, and then pay the fare for returning home again.

This event reminded the cost of not testing your solution thoroughly. Once it's rolled out, the impact wouldn't be just what you will feel at your coding room where you can simply fix, compile, and run again. The cost of replacement stuffs in production will create a huge snowball as it goes down hill. The issues, the delays, the lags will be propagated far.

Where as:

• we are not perfect -- we produce bugs
• the requirement guys are not perfect -- they produce defective or incomplete or inconsistent requirements
• our customers are not perfect -- they might ask us to do some impossible or contradicting stuffs

I believe it still better when we do test the right way before we roll out to production.