Twenty Years

On Jan 21st Amy and I celebrated our 20th wedding anniversary! It seems incredible to me that we have been married that long already. When I look back, they’re all there but it doesn’t feel like it’s been that long. But it’s true, we have spent half of our lives married to each other. That’s not even counting the three years we dated before that!

This being a “big one”, we really wanted to do something special. Above all we just wanted to spend some time together. It’s not very often that we do things without the kids, but this was going to be one of those times. We would leave the kids with Amy’s mom Eve for the week.

When we first started thinking about what to do, we thought about doing a cruise. Amy has never been on a cruise (and the only ones I’ve been on were the kind with the big gray ships that have a “USS” in their name). However, at the time Amy’s dad Rene was very sick battling cancer. We weren’t sure what would be going on by the time our anniversary rolled around, so we didn’t want to be stuck out on the water if something were to happen. Amy came up with the idea of just taking a road trip, to nowhere in particular, just a road trip. Then we decided to take a road trip to Key West.

So, on Monday 1/19 we boarded the pets, dropped the kids off with Eve, and headed south. We left around 11am and cruised into Daytona Beach around 6:30pm. That would be far enough for one day. We enjoyed a nice meal at Red Lobster and got a room at a Hyatt with an ocean view. The next morning we got back on the road. We made one stop in Boynton Beach to pick up some 95 Bordeaux Amy had ordered, then cruised into the Cheeca Lodge in Islamorada FL (about 75 miles from Key West). We had a gorgeous room with an ocean view (literally right there by the water!) and a hot tub on the balcony. It was so nice just opening the sliding glass doors up, or sitting on the balcony and enjoying the view in the warm weather. The resort had some nice restaurants so we just ate at one of them — Atlantic’s Edge — that night.

IMG_20150121_114329_202

On our anniversary, Wednesday 1/21 we didn’t even leave the resort. 🙂 It was so….. relaxing. We slept in, ordered room service, had lunch at the Tiki Bar, drank some pina coladas, had dinner at Limoncello (the Italian restaurant), and enjoyed that 95 Bordeaux. It was a great day.

Thursday we ventured down to Key West. The traffic on all of those islands doesn’t move too fast so it took a couple of hours, but it was a nice scenic ride. While in Key West we visited the Southernmost Point, toured a lighthouse, saw the outside Hemingway’s house with all his six toed cats, ate at a little Italian Pizzeria, walked around a cemetery, and just did a lot of walking around. It got hot! By the time we got back in the car we were ready to head back to the resort for some more relaxation!

IMG_20150120_160602_170

We had to check out Friday, but weren’t in a big hurry. We sort of lazily went about our morning, eating breakfast down by the water and just enjoying the last little bit we could. When we finally did check out we stopped by a couple of places around Key Largo to get some souvenirs. We made another stop in Boynton Beach to eat lunch, and got two more bottles of that 95 Bordeaux — one to be opened on our 25th anniversary and one on our 50th! (God willing!). We stopped for the night in St. Augustine, had another great meal and finally got home on Saturday afternoon.

So, all in all we spent five nights away from home, three of those in the Keys. We logged over 2000 miles. We ate some great meals. Most importantly though we had a great time just being together. It was a great way to celebrate our anniversary.

Posted in Life Updates, Travel | Comments Off on Twenty Years

Life is a broken computer

This poem was written completely by Jamie, it’s an original work 100% by him.

Life is a broken computer.
Now boy let me tell you this,
I’m not working right.
Viruses are hitting me everywhere, and I can’t even charge.
My chords are ripped and my screen is cracked.
My speakers are destroyed and my vision is blurry.
Many of my sites are messed up.

Even through this, I have been goin’ on.
When I shut down I don’t stay shut down.
I always come back on.
Even though my internet is slow, I still get to where I need to go.
Viruses never kept me from getting to places.

They never will and they should never keep you either boy!
Now boy don’t you shut down.
I’m still goin’, boy
I’m still goin’,
Even though I’m not working right.

Posted in Uncategorized | Comments Off on Life is a broken computer

Crossing Over

I just noticed this post I wrote back in April but never published! So here it is… better late than never?

====

Last weekend, 4/4 – 4/6 was Jamie’s last camping trip as a Cub Scout, and the last one with the 452/785 units. Jamie’s been a Cub Scout for 5 years now. He’s been to just about every camping trip (or maybe every one?), and I have to say this might have been the best camping trip yet. It sure had the best weather I can remember.

Jamie and I headed down to camp on Friday afternoon. I took off at lunch on Friday to finish packing, so that shortly after Jamie got home from school we could take off. We ended up getting to the camp around 5pm. It seems everyone was a little later getting there this year. Only a few people beat us there; we pretty much had our pick of spots to set up on.

Friday was the typical Camporee Friday: it’s all about “getting there” and getting set up. Since we were there so early we helped others as they rolled in. I probably helped put up 5 or 6 tents that afternoon. Jamie helped some too, in between running around with other boys, shaking sticks and playing whatever game they had going with the neighboring pack. (I heard something about a truce, and the breaking of the truce, and preparations for war…)

On Saturday things went a little differently. Normally all the boys in all dens stay together as they float from activity to activity, escorted along by some of the parents. This year the older boys had separate activities. From 9am-11am they built rockets, launched rockets, practiced the scout Oath and Law (in preparation for Cross Over that evening), and for the first time I can remember…. tomahawk throw!!!

As Jamie transitions into Boy Scouts it strikes me how fast it all went by. As one of the mom’s of one of Jamie’s fellow Cub Scouts put it… “in the blink of an eye they became Boy Scouts.”

tomahawk_throw

spring_camporee_2014_meandboys

color_guard

kitchen_patrol

chowtime

Posted in Life Updates, Scouts | Comments Off on Crossing Over

Sad News

It is with great sadness that I write this.

After a short but difficult struggle with lung cancer, Amy’s dad Rene passed away on Dec. 19th. When I say short, it was really short. We were just camping with him in August! He had a backache at the time (and had back problems since early May), but thought it was a result of some work he had done around the house. And in fact, that’s how the doctors were treating it – with muscle relaxers. It wasn’t until late August that he had an x-ray and they discovered some spots that might be cancerous. That suspicion was confirmed in September as he was checked into Wake Forest Baptist Medical Center in Winston Salem NC. He never went home again. From the hospital he went to a nursing home for rehabilitation, and eventually to the VA Hospice in Salisbury NC.

I will say this about my father-in-law: he was one of the kindest, gentlest and most sincere people I have ever met. He was a good man and he’ll be missed. I hate that our kids have been robbed of both of their grandfathers now but I’m really very grateful for the example that he was to them. I’m grateful for the example he was to me.

Rene, we love you and miss you.

This picture was taken in Aug. 2008 at one of our annual camping trips to Cade’s Cove.

16_SicardsSwaffords

Posted in Life Updates | Comments Off on Sad News

Swafford Consulting Hired for TrACER-R Project

I’m very pleased and excited to announce that Swafford Consulting has been selected by IVIR Inc. (Information Visualization and Innovative Research) to rewrite and expand the Training/Test Assessment Capabilities and Reporting for Research (TrACER-R) System.

The following information has been publicly released by IVIR and posted on this website with permission from them.

TrACER is an automated assessment and evaluation system, designed for research and test conduct. It automatically produces test instruments, collects tests data, correlates data and produces both statistical and descriptive analysis for final test reports. The system can be used for any procedure or skill set identified in critical research areas. It produces objective evaluation of subjects, and observer/controller performance for cognitive tasks, psychomotor skills, affective measurement, and decision making performance. It is particularly useful for medical research.

Swafford Consulting has done work for IVIR before, on the F2MC Trainer project .

Posted in Software Development | Comments Off on Swafford Consulting Hired for TrACER-R Project

JBoss 7 – Channel end notification received, closing channel Channel ID (inbound) of Remoting connection to null

As mentioned in a previous post I’ve recently upgraded to JBoss EAP 6.2 / AS 7.1. For a few weeks after the transition a small set of users were complaining about a ‘channel closed’ error. Few errors have driven me crazier than this one. It was not a good time, for me or the users.

After receiving this error the user was unable to do anything in my application; they had to shut it down and restart. In the server logs I was also seeing a steady stream of :


java.lang.IllegalStateException: EJBCLIENT000025: No EJB receiver available for handling

I try pretty hard to minimize the possibility of bugs. But, every once in a while one does pop up, and when it does I try to reproduce it in a development environment, write a failing test, and then solve the problem. Try as I might, I just could not reproduce this error in a development setup. After some time it became clear that the error had something to do with their environment.

Well, it turned out that about the same time I updated the application servers, the IT staff were busy upgrading firewalls. They pulled a Linux based firewall and replaced it with a Cisco ASA (I can’t remember the exact model). These ASAs are pretty clever. They have some logic built into them to detect when a connection is ‘dead’ and then forcibly closes the connection. What happens is, after about 30 minutes of inactivity the firewall decides that the connection between the application client and the server (which is offsite in a data center) must be dead, so it kills it, unbeknownst to the application. Then, the user goes to do something again, and the dreaded ‘Channel Closed’ error would appear.

You might think that is the end of the story. I wish it were.

Once the problem became clear I knew the solution would be to use some sort of ‘keep alive’ on the connection. And, as it turns out there is a way to do that. Just set this property (either in XML or programmatically as I do here):


clientProp.put("remote.connection.default.connect.options.org.jboss.remoting3.RemotingOptions.HEARTBEAT_INTERVAL","60000");

The issue was that I was mixing two different approaches to establishing remote connections, with the consequence being that my ‘heartbeat’ configuration was not taking effect. One method, which appears to be the less superior but better documented approach, is to use remote naming. There is also the EJB Client API, which according to this page is the better approach (though it doesn’t tell how to use it).

Long story short: if you want to use the EJB Client API, then your Context lookup should look something like this:

private static void getContext(String login,String hashedPassword) throws NamingException {
   Properties clientProp = new Properties();
   clientProp.put("endpoint.name", "programmatic-client-endpoint");
   clientProp.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", "false");
   clientProp.put("remote.connections", "default");
   clientProp.put("remote.connection.default.port", "4447");
   String namingProvider = System.getProperty("java.naming.provider.url");
   if (namingProvider==null) namingProvider="localhost";
   clientProp.put("remote.connection.default.host", namingProvider); 
   clientProp.put("remote.connection.default.username", login);
   clientProp.put("remote.connection.default.password", hashedPassword);
   cientProp.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false");
   clientProp.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS", "false");
   clientProp.put("remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS", "JBOSS-LOCAL-USER");
   clientProp.put("remote.connection.default.connect.options.org.jboss.remoting3.RemotingOptions.HEARTBEAT_INTERVAL","60000");
   EJBClientConfiguration cc = new PropertiesBasedEJBClientConfiguration(clientProp);
   ContextSelector<EJBClientContext> selector = new ConfigBasedEJBClientContextSelector(cc);
   EJBClientContext.setSelector(selector);		
 
   Properties p = new Properties();
   p.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
 
   ctx = (Context) new InitialContext(p);
}

In particular please note that the Properties object passed into the InitialContext has just one key/value pair — the one that tells it to use the EJB Client API. All other configuration options should be passed into the PropertiesBasedEJBClientConfiguration. In my case I had some extra/ superfluous “stuff” in the Properties given to the InitialContext, and as a result the heartbeat messages were not going out. I think it had fallen back to using remote naming, but I can’t be sure. Once the extra junk was removed everything started working as expected.

Posted in Software Development | Comments Off on JBoss 7 – Channel end notification received, closing channel Channel ID (inbound) of Remoting connection to null

chess4j learns some moves from Kasparov

Ok, “learn” is too strong a word. More accurately, chess4j now has a small opening book database populated with a little over 500 Kasparov games. Before doing any thinking on its own, chess4j will consult this database, and if a move is found it will play it. This has the effect of steering the game into a nice position that a Grandmaster might play fairly quickly, and it also adds some more variation to the opening moves as well.

500 games is not a lot, but at the moment the opening book is all contained in memory. That is, when the program starts it reads through those 500+ games, storing them in internal memory, and holding them in memory for the duration of the program’s execution. The next time it starts, it does it again.

I’m really pretty happy with the way this all came together. Here is the method that initializes this in memory opening book:

private static void initBook() throws Exception {
	OpeningBook book = OpeningBookInMemoryImpl.getInstance();
	FileInputStream fis = new FileInputStream(new File("pgn/Kasparov.pgn"));
	PGNIterator it = new PGNIterator(fis);
 
	PGNGame pgnGame;
	while ((pgnGame = it.next()) != null) {
		book.addToBook(pgnGame);
	}
 
	fis.close();
}

As you can see there are a few key classes that make this all work. First, we need an OpeningBook. OpeningBook is an interface, which in this case is implemented by the Singleton OpeningBookInMemoryImpl. I won’t go into the in memory implementation here, because in the future that will be replaced with something with a persistent datastore behind it (maybe MongoDB). But, I will show the interface it implements:

public interface OpeningBook {
 
	public void addToBook(PGNGame game);
 
	public List<BookMove> getMoves(Board board);
 
	public BookMove getMoveWeightedRandomByFrequency(Board board);
}

Pretty simple at the moment, and likely to be expanded. The key points are that you can add a move to the book, or get a list of BookMoves in a given position, or you can get a single BookMove using a weighted random selection algorithm.

Now that we have an OpeningBook, we need something that is capable of reading through a Portable Game Notation (PGN) file, producing a sequence of PGNGame objects.

PGNGame is really just a data object so I won’t show the code here. It really just encapsulates a game, which we can think of as a series of PGN tags, a list of moves, and a result (win, loss, draw).

The PGNIterator class is a little more interesting though. Since some of these PGN files get fairly large (40-50 mb is not unusual), it’s best to take a ‘streaming’ approach to processing them. Hence, if you look back at the initBook() method, you’ll notice the constructor for PGNIterator is given a FileInputStream. (It will accept any type of InputStream, which it uses internally to create a BufferedReader.)

Here is the next() method of PGNIterator :

public PGNGame next() throws IOException, ParseException, IllegalMoveException {
 
	PGNParser parser = new PGNParser();
	String nextGame = getNextPGN();
 
	if (nextGame != null) {
		return parser.parseGame(nextGame);
	}
 
	return null;
}

I’m glossing over a few details here but hopefully that gets the point across. The call to getNextPGN() looks far enough ahead in the stream to capture the String representation of a game, or returns NULL if it can’t (probably because it hit the end of the file). It then uses this PGNParser to convert the String into a PGNGame. As you might imagine PGNParser uses some regular expression stuff that frankly made my head hurt a little. Finally, we saw above that the PGNGame is added to the opening book.

All of this is part of the 3.0 development so it’s not in the latest release, but the source code is available (along with several unit tests) so if you’re the developer type feel free to check it out from the project website on SourceForge .

Posted in chess4j, Computer Chess | Comments Off on chess4j learns some moves from Kasparov

Week in Review 2014-10-26

The last week… or 10 days actually have been insanely busy. Where to start?

Well, first, some GREAT news. Our son Jamie has accepted Christ and has been baptized! Amy and I knew this has been coming for some time, but not wanting to push Jamie at all, we let it come from him in his own time. That happened on Monday Oct. 6th as Jamie and I were driving to Cub Scouts. The timing was good as we had a weekend Revival scheduled at church for which my mom would be in town for. After speaking with Pastor Ronnie we agreed that would be the perfect time for a baptism.

jamie_baptism

My one regret is that Amy’s uncle George couldn’t be there. He was out of state on work.

My mom came into town on Friday the 17th. As I mentioned we had a weekend Revival at church, so it was off to church almost straight away. Then, on Saturday, it was off to the state fair. The traffic was … crazy, and it was so busy you would have thought we were at Disney on a holiday weekend! But, the kids had fun, and I got this beautiful pic of Amy and Ailsa on the ferris wheel.

amy_ailsa_state_fair

After the state fair it was back to Goldsboro for night two of Revival. Then came Sunday, so of course it was back to church again. The service on Sunday 10/19 (the day of Jamie’s baptism) was one of the most Spirit filled services I have ever been in.

Monday we just sort of hung out around the house. Unfortunately we did have to send the kids to school. Normally we would have let them stay home while mom is visiting but Ailsa has already missed a few days so we didn’t want to push it. I worked a few hours in the morning and then we just took it easy the rest of the day, but we did have a nice home cooked meal that night.

Tuesday and Wednesday were pretty typical. Then comes Thursday… off to my aunt’s house in Creedmor for a birthday party. My Grandpa turned 90!

gramps90

Saturday was a big day too. We went up to Lexington to see Amy’s dad and then onto my brother’s place in Clemmons for our nephew Aidyn’s 3rd birthday (his birthday is actually the same day as Grandpa’s).

aidyn3

Today (Sunday) was a little strange in that we came home after church and lunch, but it was a welcome break. Truly a day of rest! Amy took a nap, the kids played, and I actually got some time to work on chess4j, but that’s another post.

Posted in Life Updates | Comments Off on Week in Review 2014-10-26

JBoss 7.x remoting + security-domain

I just recently updated an application to Red Hat’s EAP 6.2.0 platform, which uses the JBoss 7.3 Application Server under the hood. I’ve been a JBoss user for a long time now. In fact, this application started life on JBoss 3.something, and I (sometimes with the help of other devs) have seen it upgraded to every major version of JBoss since. The migration from 6 to 7 is hands down the most difficult to perform. Well, not that it’s really all that difficult, so we’ll just say time consuming. It took a good week to get everything right.

I’ll have more to say about the migration path soon, but one specific area that I think warrants special attention is the security subsystem.

The application has several components to it, one being a Java Swing client that uses Remote Method Invocation. The client has its own log in screen and used the UsernamePasswordHandler class and the ClientLoginModule from JBoss Security packages. Something like this:


UsernamePasswordHandler handler = new UsernamePasswordHandler(username, MD5.hash(password).toCharArray());
LoginContext lc = new LoginContext("MYCONTEXT", handler));
lc.login();

That’s all pretty simple really. The UsernamePasswordHandler is, well, a callback handler that handles NameCallbacks and PasswordCallbacks by setting the values to what you passed into the constructor. We just pass that handler into the LoginContext, which is backed by the default ‘ClientLogniModule’, which just sets the security principal and credential to what’s handed to it by the handler. When ‘login’ is invoked the username and (hashed) password are authenticated against whatever login-module is configured on the server side, which in my case is a DatabaseServerLoginModule.

Unfortunately this became a bit more complicated as a result of this migration. For reasons I don’t understand neither the UsernamePasswordHandler callback nor the ClientLoginModule are available in JBoss 7, nor can I find any classes with similar functionality. It’s not very difficult to implement your own, and in fact that’s what I had to do, but the fact that I had to is … annoying!

Another big change in JBoss 7 is that you can’t even get an InitialContext to do any JNDI lookups without authentication. In other words, you can’t simply just do ‘new InitialContext()’ any longer. I’m not talking about executing remote methods on an EJB here, I mean at the transport layer – the remoting connector itself requires authentication. Here is the configuration :


<subsystem xmlns="urn:jboss:domain:remoting:1.1">
<connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/>
</subsystem>

See that bit about the ‘ApplicationRealm’ ? That’s the security realm. Within the security realm you must supply a configuration for user authentication. As far as I can tell you can either authenticate against what is called a ‘local user’ (an account you create with the JBoss ‘add-user.sh or add-user.bat’ scripts, that applies to the entire server), or you hand it all off to a JAAS module. Since I have multiple applications running on the server that all have different sets of users, I opted for the latter. Here is the configuration for the ApplicationRealm security realm:


<security-realm name="ApplicationRealm" >
<authentication >
<jaas name="MySecurityDomain"/>
</authentication>
</security-realm>

Now, this is where it gets really good. As I just said, I have multiple applications that all have a their own sets of users. However, the remoting connector is bound to a single security realm, and the security realm to a single JAAS module. I do not believe it’s an option to create multiple remoting connectors, each on its own port, which means that a single JAAS module needs to handle authentication for all applications that run on the server. I’m really hoping I’m just missing something here, but if I am then it’s due to inadequate documentation.

Anyway, I had one last hurdle to jump through. Since a single JAAS module was going to have to authenticate all users, I needed a way to deal with the possibility that there might be different users with the same name in different applications, or , the same user might exist in different applications, have the same password in each, but have different roles. In other words, I need to be sure we’re authenticating against the correct database for the application the user is logging into! So, it’s not enough to just pass over a user name and password any longer — we need the application (or context, or domain if you like) in addition. And then we need to use that context to query against the proper database.

To get the context I just appended it to the user name. So, instead of ‘james.swafford’ the principal is now ‘james.swafford@somedomain’. Easy enough. Now, how to do the authentication itself? I can think of two ways to do this.

I’ve always used the ‘out of the box’ Database Login Module on the server side. If we wanted to use that and had just one application to worry about, the configuration would look something like this:


<security-domain name="MySecurityDomain">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:jboss/SomeDS"/>
<module-option name="principalsQuery" value="select md5passwd from users where login = ? and active=TRUE"/>
<module-option name="rolesQuery" value="select securityroles.role,'Roles' from securityroles inner join users_roles on securityroles.roleid=users_roles.role_id inner join users on users_roles.user_id=users.user_id where login =?"/>
<module-option name="unauthenticatedIdentity" value="guest"/>
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>

Since I have multiple applications, I had to do something a little different. One trick would be to chain multiple login modules together, making each of them ‘sufficient’ instead of required. To do that you’d just have to change the queries to take the context into account.


<authentication>
<login-module code="Database" flag="sufficient">
<module-option name="dsJndiName" value="java:jboss/App1DS"/>
<module-option name="principalsQuery" value="select md5passwd from users where login || '@app1' = ? and active=TRUE"/>
<module-option name="rolesQuery" value="select securityroles.role,'Roles' from securityroles inner join users_roles on securityroles.roleid=users_roles.role_id inner join users on users_roles.user_id=users.user_id where login || '@app1' =?"/>
<module-option name="unauthenticatedIdentity" value="guest"/>
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module name="Database-2" code="Database" flag="sufficient">
<module-option name="dsJndiName" value="java:jboss/App2DS"/>
<module-option name="principalsQuery" value="select md5passwd from users where login || '@app2' = ? and active=TRUE"/>
<module-option name="rolesQuery" value="select securityroles.role,'Roles' from securityroles inner join users_roles on securityroles.roleid=users_roles.role_id inner join users on users_roles.user_id=users.user_id where login || '@app2' =?"/>
<module-option name="unauthenticatedIdentity" value="guest"/>
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
</authentication>

That works OK and is easy to do, but the drawback is that the app server is going to cycle through all of those modules until one successfully authenticates or they all fail. That is potentially a lot extra querying. Another, probably better solution would be to create a CustomLoginModule that is clever enough to use the context to determine which data source to query.

None of this was all that difficult but it is different and took a little time to learn. Hopefully this will help someone out there save a little time.

Posted in Software Development | Comments Off on JBoss 7.x remoting + security-domain

End of Summer Blues

Summertime 2014 has officially ended, and it’s a little sad around the Swafford house right now. We had a really awesome summer. Here are some highlights.

We went to NYC!

nyc

nyc_family

… and then upstate NY for a family reunion.

grandma_and_gramps

(You can read more about that trip here..)

We did a mini Vacation Bible School at our church!

vbs

We did a luau for Ailsa’s birthday!

amy

… and put up our pool!

pool

We went to Cade’s Cove!

cadescove

We went to the beach!

beach

We went to the Great Wolf Lodge!

greatwolflodge

We spent some Sunday afternoons at Sleepy Creek!

sleepycreek

And certainly not least… we slept in! But you don’t get to see pictures of that.

Summer 2014, we will miss you.

Posted in Life Updates, Travel | 1 Comment