Thunderbird mail forwarding from a filter broken

I want to use a spare gmail account to backup all my incoming and outgoing mail in Thunderbird. Outgoing is easy enough - for each account under tools/accounts/Copies & Folders you add a line to the Bcc section. To set up backup of incoming mail, I created a filter to act on the inbox and find "read" messages, and forward them. This ought to work but doesn't....I just get an alert popup box with "sending of messages failed." It seems I'm not the only one.

Java signed applet security insanity

I've been looking into using signed applets as a javascript-plastic bridge. The applets have to be signed so that they can make RMI connections to the Plastic Hub - this works well. Then through the wonders of LiveConnect you can call methods on the applet from JavaScript, and thanks to a magical object called JSObject you can make callbacks back to the JavaScript from the Java. This also, mostly, works well. However, try deploying the applet anywhere but localhost, and some of the JavaScript->Java calls fail with security exceptions (see below). Not all, just some. The reason? Apparently, if the JavaScript itself isn't signed, then any method calls originating in the JavaScript are treated as if the applet itself isn't signed - you lose all your signed applet privs. What kind of deranged madman thought that up? It's useless as a security benefit - all you do is put the controversial stuff into a separate thread, so that the JavaScript to Java calls merely set and get properties...so it's trivially subverted. Instead it just makes your code more complicated than it need be, and confounds the poor programmer with mysterious errors.

Implementation note: it's not good enough just to spawn an new thread in the method called by JavaScript, as this will inherit the security of the calling thread. Instead you need to instantiate a worker thread in (say) the start() method of the applet, and have the JavaScript-called method hand tasks to this worker. You can see a (rather naive) implementation here.

-----------
An alternative solution:
Put the "untrusted code" in:

  somemethod() {
       ...normal code here...
       String user = (String) AccessController.doPrivileged(
         new PrivilegedAction() {
           public Object run() {
               return System.getProperty("user.name");
           }
         }
       );

Stacktrace for google's benefit:
java.security.PrivilegedActionException: java.lang.reflect.InvocationTargetException
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.liveconnect.SecureInvocation$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.liveconnect.SecureInvocation.CallMethod(Unknown Source)
at sun.plugin.liveconnect.SecureInvocation.access$300(Unknown Source)
at sun.plugin.liveconnect.SecureInvocation$CallMethodThread.run(Unknown Source)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.invoke.JSInvoke.invoke(Unknown Source)
at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
at sun.plugin.liveconnect.PrivilegedCallMethodAction.run(Unknown Source)
... 6 more
Caused by: java.security.AccessControlException: access denied (java.net.SocketPermission 10.0.0.8:2234 connect,resolve)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.checkConnectPermission(Unknown Source)
at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)
at sun.rmi.server.UnicastRef.invoke(Unknown Source)
at net.ladypleaser.rmilite.impl.RemoteInvocationHandlerImpl_Stub.invoke(Unknown Source)
at net.ladypleaser.rmilite.impl.LocalInvocationHandlerImpl.invokeRemote(LocalInvocationHandlerImpl.java:53)
at net.ladypleaser.rmilite.impl.LocalInvocationHandlerImpl.invoke(LocalInvocationHandlerImpl.java:41)
at $Proxy0.requestToSubset(Unknown Source)
at org.votech.plastic.managers.PlasticApplication.sendMessage(PlasticApplication.java:166)
at org.votech.plastic.managers.PlasticApplication.sendMessage(PlasticApplication.java:140)
at uk.ac.roe.PlasticHubApplet.sendLoadVOTable(Unknown Source)
... 16 more

How to get an applet to repaint

You have an applet. In response to some event you want to change all the components it contains. However, your changes don't appear...why?
If I was using a JFrame, I'd liberally throw in a few pack() statements, which causes the JFrame to resize itself based on the new components, and redraw, but you don't have this option with an applet. After some javadocing, it seems that a combination of validate(), invalidate() and repaint() ought to do it. Some experiments later, it seems that

• invalidate does nothing
• validate shows up the new components, but over the old ones
• repaint erases everything

• invalidate followed by validate is the same as validate
• invalidate followed by repaint is the same as repaint

• validate followed by repaint does the trick
  

Copying a list of files in Ant

One might think that such an everyday task as copying a list of files would be trivial in Ant. Not so - it's a bloody nightmare.

1. First attempt: creating a FileList would seem to be what you want. Nope - the Copy task doesn't support FileLists. Why?????
2. Second attempt: create a FileSet (with the usual substitution of angle brackets....would it be too much to ask to have a blog site that doesn't stuff up xml?):



[copy todir="foo"]
  [fileset dir="bar"]
     [filename name="pathfrombarto/file"/]
     [filename name="differentpathfrombarto/file2"/]
  [/fileset]
[/copy]


Nope - the filenames are mutually exclusive - the fileset does an "and" on them, and since your files won't match both names, it copies nothing. Ridiculous.

In any case, the fact that you're forced to use a FileSet and its pattern matching means that if you have a large set of files below "dir" (e.g. a Maven repository) then the above takes an age.

The solution, incidentally, is:

[copy todir="foo"]
  [fileset dir="bar"]
    [or]
     [filename name="pathfrombarto/file"/]
     [filename name="differentpathfrombarto/file2"/]
    [/or]
  [/fileset]
[/copy]

Though it still takes an age to process.

Weekly Summary 30/8/06

• Guy has created a new community with password change facility - passed I&R and ready to install.
  
• Tried to install, but it won't self-register: see bug 1789
• Guy has put a fix on the merge queue for this...in the meantime we can hack the reg entry....done...appears to work well. Except.....you can change your password with any old password.
• Mark to reinstall when it passes I&R? How did this error slip through I&R in the first place?
  
• Submitted abstract to ADASS 2006 http://www.adass.org:8080/Conferences/2006/Venue/people/participants/abstract?abstract_id=82
• Planning: using Open Workbench http://www.openworkbench.org/ to create GANTT charts and managed dependencies between tasks.
• Downloaded and installed Eirik http://wiki.eurovotech.org/twiki/bin/view/VOTech/EirikDemo on a Debian machine. Plastic and AR functionality appear fine. Couldn’t test further due to Window size issues. Installation straightforward - install debian version of R first, then hand edit the Eirik startup script to find the location or libR.so.
  • Tried to install Eirik on Shuna (Bob’s machine). Since I’m not root this involved building R from source using ./config and make. This is fairly easy to do, following the instructions, but care must be taken in the config stage to request a shared library libR.so to be built, and also to set –with-readline=no on Shuna. Unfortunately getting Eirik to run on Shuna wasn’t do-able due to assorted missing shared libs on this machine.
  • However, following several iterations, did get a windows version running.
    
• Hardened the hub to concurrency problems and clients passing shit values.
• Jeff and others are experiencing some AR problems - AR is refusing RMI connections. I also have the same problem from time to time and it’s usually cured with a reboot. Mark’s Plaskit hub doesn’t suffer from this. Suspect it’s something to do with the way the AR deals with IP addresses - a network outtage is enough to screw it up.
• Finished Anomaly Detection pipeline
• Looking at deploying stilts at the same time. There are problems with the existings STILTS deployments discussed here. (Fixed by Kona). Get Kona/Mark to install?
  
• Standard and Advanced interfaces now done, and registered. All works smoothly, but not very robust to errors in data since fastem locks up waiting for a user response....not a great idea for a CEA app.
• Created an applet to allow users to simply change their workbench registry settings. This was also a learning exercise for creating a plastic-applet.
  
• Instructions for use are here.
• Finished a prototype Plastic-compatible web page...this is aimed at our own WSA, but also to get DataScope on board.
  
• Received request from Noel to smarten up our metadata - we need to discuss logos.
• Checked Son Of GAIA for Nigel, and found that I can’t run the webstart version either due to missing classes. Probably due to the 1.5 java libraries having renamed some classes. Reported to ussc@star.rl.ac.uk...address is defunct...emailed Mark Taylor...apparently you need to install the JAI package first (not documented!).
  
• Assisted Brian getting his weka cea apps deployed to our test registry. We encountered a lot of out-of-memory errors in the registry, and also a particularly annoying bug necessitating the reconfiguration of the registry and changing its authority Id.
• Assisted Brian changing the registry his workbench uses.
• Realised that if we have a test registry, we need a test JES, so installed one here. The official release of JES is lacking an astrogrid-security jar, which you have to add by hand to WEB-INF/lib. Catherine has now released a new build, which Mark should test.
  
• Thanks to Brian, reproduced the mysterious "Found Resource Document, but had no AccessURL" that has been plaguing systems that harvest from our publishing registry and try to access our date sets. Bugzilla report. It appears to be due to our use of Java 1.5. I've found that most of our old datasets suffer from the problem, but that it doesn't occur in the latest snapshot build of the workbench. Hence we could ignore it - it will go away when we reregister our new services anyway. Left it in Mark and Kevin's capable hands.
  
• Republished Plastic site with google analytics code throughout
• mvn 2.0.5 not yet released, and the bugs in 2.0.4 make site publication a painful process as
• site:deploy doesn't work in windows
• site:stage doesn't copy the contents of directories, effectively making multiproject site deployment useless

Actions
(68.2) JDT to give an ROE coffee talk with a demo of AstroGrid
- maybe also including access to UKIDSS data.
pending...


(69.1) JDT and KEA to produce a plan for providing password-changing
functionality for ROE account holders registering for AG.
DONE - see above

(69.2) JDT to pass this up to Noel Winstanley and/or Kevin Benson. DONE - see above

ACTION (70.1) MSH to install the new version of Community.
done by JDT

ACTION: (70.4) JDT to contact Guy Rixon to check that their plans for wrapping
STIL(TS) as CEA services are consistent.
DONE - see above

Thoughts:
Need better cover for MSH's absence

Creating the Anomaly Detector CEC

I'm installing Andy Connolly's Expectation Maximization/Anomaly Detection algorithm into an AstroGrid CEC (Common Execution Connector) to make it available to the VO. Along the way I've been using the splendid STILTS utility to do all the VOTable conversions.
Things I've learned along the way

• STILTS is sufficient to take a table in assorted different formats, and extract a user-defined set of columns (specified by position or name), and export the results as an EM-friendly space-separated text file. It is also smart enough to take the generated list of row numbers and p_values and do an exact cross match on the original table...thus generating a clone of the original table, sorted by p_value and with the p_values attached as an extra column. In short, it does all the table manipulation needed to transform a VO-standard table into a proprietary format and back again, with only a little help from awk.
• Any processes started by the CEC must NOT ask the user for input. The current EM-algorithm prompts the user for input if it fails for some reason...this seriously screws up your CEC. The solution is to add a test on the return value from the STILTS preprocessing step, before the EM-algorith is called:
• #echo $?
  #Try to protect fastem from bad data
  if [ "$?" -ne "0" ]; then
  echo "STILTS failed to prepare data. Aborting"
  exit 1
  fi


• You can only specify a registry template for a single CEA application. This means that if you're CEC supports several applications, you need to edit the registry description by hand after it's been generated.
  
• You can specify an optional argument in the CEC-CL config with (insert)
• The CEC-CL only supports the following kinds of parameters:
• -key value
• positional
• key=value
• Unfortunately the em algorithm takes parameters as
• key value
• You can get round this by pattern matching on the params with something like ${@//=/ } which takes all the parameters in one go and replaces all = with ' '
  

New week, new blog

Still looking for the perfect home for my blog. All I want is something that's quick and responsive that I can use to jot down notes from work to give my ageing memory a break. Plus...when you spend all day wrestling maven into submission, it's possible that what you've learned just might save someone else some grey hairs.

So, I'm defecting from wordpress: http://jontayler.wordpress.com/ to here.