Life is a broken computer

This poem was written completely by Jamie, it’s an original work 100% by him.

Life is a broken computer.
Now boy let me tell you this,
I’m not working right.
Viruses are hitting me everywhere, and I can’t even charge.
My chords are ripped and my screen is cracked.
My speakers are destroyed and my vision is blurry.
Many of my sites are messed up.

Even through this, I have been goin’ on.
When I shut down I don’t stay shut down.
I always come back on.
Even though my internet is slow, I still get to where I need to go.
Viruses never kept me from getting to places.

They never will and they should never keep you either boy!
Now boy don’t you shut down.
I’m still goin’, boy
I’m still goin’,
Even though I’m not working right.

Crossing Over

I just noticed this post I wrote back in April but never published! So here it is… better late than never?


Last weekend, 4/4 – 4/6 was Jamie’s last camping trip as a Cub Scout, and the last one with the 452/785 units. Jamie’s been a Cub Scout for 5 years now. He’s been to just about every camping trip (or maybe every one?), and I have to say this might have been the best camping trip yet. It sure had the best weather I can remember.

Jamie and I headed down to camp on Friday afternoon. I took off at lunch on Friday to finish packing, so that shortly after Jamie got home from school we could take off. We ended up getting to the camp around 5pm. It seems everyone was a little later getting there this year. Only a few people beat us there; we pretty much had our pick of spots to set up on.

Friday was the typical Camporee Friday: it’s all about “getting there” and getting set up. Since we were there so early we helped others as they rolled in. I probably helped put up 5 or 6 tents that afternoon. Jamie helped some too, in between running around with other boys, shaking sticks and playing whatever game they had going with the neighboring pack. (I heard something about a truce, and the breaking of the truce, and preparations for war…)

On Saturday things went a little differently. Normally all the boys in all dens stay together as they float from activity to activity, escorted along by some of the parents. This year the older boys had separate activities. From 9am-11am they built rockets, launched rockets, practiced the scout Oath and Law (in preparation for Cross Over that evening), and for the first time I can remember…. tomahawk throw!!!

As Jamie transitions into Boy Scouts it strikes me how fast it all went by. As one of the mom’s of one of Jamie’s fellow Cub Scouts put it… “in the blink of an eye they became Boy Scouts.”






Sad News

It is with great sadness that I write this.

After a short but difficult struggle with lung cancer, Amy’s dad Rene passed away on Dec. 19th. When I say short, it was really short. We were just camping with him in August! He had a backache at the time (and had back problems since early May), but thought it was a result of some work he had done around the house. And in fact, that’s how the doctors were treating it – with muscle relaxers. It wasn’t until late August that he had an x-ray and they discovered some spots that might be cancerous. That suspicion was confirmed in September as he was checked into Wake Forest Baptist Medical Center in Winston Salem NC. He never went home again. From the hospital he went to a nursing home for rehabilitation, and eventually to the VA Hospice in Salisbury NC.

I will say this about my father-in-law: he was one of the kindest, gentlest and most sincere people I have ever met. He was a good man and he’ll be missed. I hate that our kids have been robbed of both of their grandfathers now but I’m really very grateful for the example that he was to them. I’m grateful for the example he was to me.

Rene, we love you and miss you.

This picture was taken in Aug. 2008 at one of our annual camping trips to Cade’s Cove.


Swafford Consulting Hired for TrACER-R Project

I’m very pleased and excited to announce that Swafford Consulting has been selected by IVIR Inc. (Information Visualization and Innovative Research) to rewrite and expand the Training/Test Assessment Capabilities and Reporting for Research (TrACER-R) System.

The following information has been publicly released by IVIR and posted on this website with permission from them.

TrACER is an automated assessment and evaluation system, designed for research and test conduct. It automatically produces test instruments, collects tests data, correlates data and produces both statistical and descriptive analysis for final test reports. The system can be used for any procedure or skill set identified in critical research areas. It produces objective evaluation of subjects, and observer/controller performance for cognitive tasks, psychomotor skills, affective measurement, and decision making performance. It is particularly useful for medical research.

Swafford Consulting has done work for IVIR before, on the F2MC Trainer project .

JBoss 7 – Channel end notification received, closing channel Channel ID (inbound) of Remoting connection to null

As mentioned in a previous post I’ve recently upgraded to JBoss EAP 6.2 / AS 7.1. For a few weeks after the transition a small set of users were complaining about a ‘channel closed’ error. Few errors have driven me crazier than this one. It was not a good time, for me or the users.

After receiving this error the user was unable to do anything in my application; they had to shut it down and restart. In the server logs I was also seeing a steady stream of :

java.lang.IllegalStateException: EJBCLIENT000025: No EJB receiver available for handling

I try pretty hard to minimize the possibility of bugs. But, every once in a while one does pop up, and when it does I try to reproduce it in a development environment, write a failing test, and then solve the problem. Try as I might, I just could not reproduce this error in a development setup. After some time it became clear that the error had something to do with their environment.

Well, it turned out that about the same time I updated the application servers, the IT staff were busy upgrading firewalls. They pulled a Linux based firewall and replaced it with a Cisco ASA (I can’t remember the exact model). These ASAs are pretty clever. They have some logic built into them to detect when a connection is ‘dead’ and then forcibly closes the connection. What happens is, after about 30 minutes of inactivity the firewall decides that the connection between the application client and the server (which is offsite in a data center) must be dead, so it kills it, unbeknownst to the application. Then, the user goes to do something again, and the dreaded ‘Channel Closed’ error would appear.

You might think that is the end of the story. I wish it were.

Once the problem became clear I knew the solution would be to use some sort of ‘keep alive’ on the connection. And, as it turns out there is a way to do that. Just set this property (either in XML or programmatically as I do here):


The issue was that I was mixing two different approaches to establishing remote connections, with the consequence being that my ‘heartbeat’ configuration was not taking effect. One method, which appears to be the less superior but better documented approach, is to use remote naming. There is also the EJB Client API, which according to this page is the better approach (though it doesn’t tell how to use it).

Long story short: if you want to use the EJB Client API, then your Context lookup should look something like this:

private static void getContext(String login,String hashedPassword) throws NamingException {
   Properties clientProp = new Properties();
   clientProp.put("", "programmatic-client-endpoint");
   clientProp.put("", "false");
   clientProp.put("remote.connections", "default");
   clientProp.put("remote.connection.default.port", "4447");
   String namingProvider = System.getProperty("java.naming.provider.url");
   if (namingProvider==null) namingProvider="localhost";
   clientProp.put("", namingProvider); 
   clientProp.put("remote.connection.default.username", login);
   clientProp.put("remote.connection.default.password", hashedPassword);
   cientProp.put("", "false");
   clientProp.put("", "false");
   clientProp.put("", "JBOSS-LOCAL-USER");
   EJBClientConfiguration cc = new PropertiesBasedEJBClientConfiguration(clientProp);
   ContextSelector<EJBClientContext> selector = new ConfigBasedEJBClientContextSelector(cc);
   Properties p = new Properties();
   p.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
   ctx = (Context) new InitialContext(p);

In particular please note that the Properties object passed into the InitialContext has just one key/value pair — the one that tells it to use the EJB Client API. All other configuration options should be passed into the PropertiesBasedEJBClientConfiguration. In my case I had some extra/ superfluous “stuff” in the Properties given to the InitialContext, and as a result the heartbeat messages were not going out. I think it had fallen back to using remote naming, but I can’t be sure. Once the extra junk was removed everything started working as expected.

chess4j learns some moves from Kasparov

Ok, “learn” is too strong a word. More accurately, chess4j now has a small opening book database populated with a little over 500 Kasparov games. Before doing any thinking on its own, chess4j will consult this database, and if a move is found it will play it. This has the effect of steering the game into a nice position that a Grandmaster might play fairly quickly, and it also adds some more variation to the opening moves as well.

500 games is not a lot, but at the moment the opening book is all contained in memory. That is, when the program starts it reads through those 500+ games, storing them in internal memory, and holding them in memory for the duration of the program’s execution. The next time it starts, it does it again.

I’m really pretty happy with the way this all came together. Here is the method that initializes this in memory opening book:

private static void initBook() throws Exception {
	OpeningBook book = OpeningBookInMemoryImpl.getInstance();
	FileInputStream fis = new FileInputStream(new File("pgn/Kasparov.pgn"));
	PGNIterator it = new PGNIterator(fis);
	PGNGame pgnGame;
	while ((pgnGame = != null) {

As you can see there are a few key classes that make this all work. First, we need an OpeningBook. OpeningBook is an interface, which in this case is implemented by the Singleton OpeningBookInMemoryImpl. I won’t go into the in memory implementation here, because in the future that will be replaced with something with a persistent datastore behind it (maybe MongoDB). But, I will show the interface it implements:

public interface OpeningBook {
	public void addToBook(PGNGame game);
	public List<BookMove> getMoves(Board board);
	public BookMove getMoveWeightedRandomByFrequency(Board board);

Pretty simple at the moment, and likely to be expanded. The key points are that you can add a move to the book, or get a list of BookMoves in a given position, or you can get a single BookMove using a weighted random selection algorithm.

Now that we have an OpeningBook, we need something that is capable of reading through a Portable Game Notation (PGN) file, producing a sequence of PGNGame objects.

PGNGame is really just a data object so I won’t show the code here. It really just encapsulates a game, which we can think of as a series of PGN tags, a list of moves, and a result (win, loss, draw).

The PGNIterator class is a little more interesting though. Since some of these PGN files get fairly large (40-50 mb is not unusual), it’s best to take a ‘streaming’ approach to processing them. Hence, if you look back at the initBook() method, you’ll notice the constructor for PGNIterator is given a FileInputStream. (It will accept any type of InputStream, which it uses internally to create a BufferedReader.)

Here is the next() method of PGNIterator :

public PGNGame next() throws IOException, ParseException, IllegalMoveException {
	PGNParser parser = new PGNParser();
	String nextGame = getNextPGN();
	if (nextGame != null) {
		return parser.parseGame(nextGame);
	return null;

I’m glossing over a few details here but hopefully that gets the point across. The call to getNextPGN() looks far enough ahead in the stream to capture the String representation of a game, or returns NULL if it can’t (probably because it hit the end of the file). It then uses this PGNParser to convert the String into a PGNGame. As you might imagine PGNParser uses some regular expression stuff that frankly made my head hurt a little. Finally, we saw above that the PGNGame is added to the opening book.

All of this is part of the 3.0 development so it’s not in the latest release, but the source code is available (along with several unit tests) so if you’re the developer type feel free to check it out from the project website on SourceForge .

Week in Review 2014-10-26

The last week… or 10 days actually have been insanely busy. Where to start?

Well, first, some GREAT news. Our son Jamie has accepted Christ and has been baptized! Amy and I knew this has been coming for some time, but not wanting to push Jamie at all, we let it come from him in his own time. That happened on Monday Oct. 6th as Jamie and I were driving to Cub Scouts. The timing was good as we had a weekend Revival scheduled at church for which my mom would be in town for. After speaking with Pastor Ronnie we agreed that would be the perfect time for a baptism.


My one regret is that Amy’s uncle George couldn’t be there. He was out of state on work.

My mom came into town on Friday the 17th. As I mentioned we had a weekend Revival at church, so it was off to church almost straight away. Then, on Saturday, it was off to the state fair. The traffic was … crazy, and it was so busy you would have thought we were at Disney on a holiday weekend! But, the kids had fun, and I got this beautiful pic of Amy and Ailsa on the ferris wheel.


After the state fair it was back to Goldsboro for night two of Revival. Then came Sunday, so of course it was back to church again. The service on Sunday 10/19 (the day of Jamie’s baptism) was one of the most Spirit filled services I have ever been in.

Monday we just sort of hung out around the house. Unfortunately we did have to send the kids to school. Normally we would have let them stay home while mom is visiting but Ailsa has already missed a few days so we didn’t want to push it. I worked a few hours in the morning and then we just took it easy the rest of the day, but we did have a nice home cooked meal that night.

Tuesday and Wednesday were pretty typical. Then comes Thursday… off to my aunt’s house in Creedmor for a birthday party. My Grandpa turned 90!


Saturday was a big day too. We went up to Lexington to see Amy’s dad and then onto my brother’s place in Clemmons for our nephew Aidyn’s 3rd birthday (his birthday is actually the same day as Grandpa’s).


Today (Sunday) was a little strange in that we came home after church and lunch, but it was a welcome break. Truly a day of rest! Amy took a nap, the kids played, and I actually got some time to work on chess4j, but that’s another post.

JBoss 7.x remoting + security-domain

I just recently updated an application to Red Hat’s EAP 6.2.0 platform, which uses the JBoss 7.3 Application Server under the hood. I’ve been a JBoss user for a long time now. In fact, this application started life on JBoss 3.something, and I (sometimes with the help of other devs) have seen it upgraded to every major version of JBoss since. The migration from 6 to 7 is hands down the most difficult to perform. Well, not that it’s really all that difficult, so we’ll just say time consuming. It took a good week to get everything right.

I’ll have more to say about the migration path soon, but one specific area that I think warrants special attention is the security subsystem.

The application has several components to it, one being a Java Swing client that uses Remote Method Invocation. The client has its own log in screen and used the UsernamePasswordHandler class and the ClientLoginModule from JBoss Security packages. Something like this:

UsernamePasswordHandler handler = new UsernamePasswordHandler(username, MD5.hash(password).toCharArray());
LoginContext lc = new LoginContext("MYCONTEXT", handler));

That’s all pretty simple really. The UsernamePasswordHandler is, well, a callback handler that handles NameCallbacks and PasswordCallbacks by setting the values to what you passed into the constructor. We just pass that handler into the LoginContext, which is backed by the default ‘ClientLogniModule’, which just sets the security principal and credential to what’s handed to it by the handler. When ‘login’ is invoked the username and (hashed) password are authenticated against whatever login-module is configured on the server side, which in my case is a DatabaseServerLoginModule.

Unfortunately this became a bit more complicated as a result of this migration. For reasons I don’t understand neither the UsernamePasswordHandler callback nor the ClientLoginModule are available in JBoss 7, nor can I find any classes with similar functionality. It’s not very difficult to implement your own, and in fact that’s what I had to do, but the fact that I had to is … annoying!

Another big change in JBoss 7 is that you can’t even get an InitialContext to do any JNDI lookups without authentication. In other words, you can’t simply just do ‘new InitialContext()’ any longer. I’m not talking about executing remote methods on an EJB here, I mean at the transport layer – the remoting connector itself requires authentication. Here is the configuration :

<subsystem xmlns="urn:jboss:domain:remoting:1.1">
<connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/>

See that bit about the ‘ApplicationRealm’ ? That’s the security realm. Within the security realm you must supply a configuration for user authentication. As far as I can tell you can either authenticate against what is called a ‘local user’ (an account you create with the JBoss ‘ or add-user.bat’ scripts, that applies to the entire server), or you hand it all off to a JAAS module. Since I have multiple applications running on the server that all have different sets of users, I opted for the latter. Here is the configuration for the ApplicationRealm security realm:

<security-realm name="ApplicationRealm" >
<authentication >
<jaas name="MySecurityDomain"/>

Now, this is where it gets really good. As I just said, I have multiple applications that all have a their own sets of users. However, the remoting connector is bound to a single security realm, and the security realm to a single JAAS module. I do not believe it’s an option to create multiple remoting connectors, each on its own port, which means that a single JAAS module needs to handle authentication for all applications that run on the server. I’m really hoping I’m just missing something here, but if I am then it’s due to inadequate documentation.

Anyway, I had one last hurdle to jump through. Since a single JAAS module was going to have to authenticate all users, I needed a way to deal with the possibility that there might be different users with the same name in different applications, or , the same user might exist in different applications, have the same password in each, but have different roles. In other words, I need to be sure we’re authenticating against the correct database for the application the user is logging into! So, it’s not enough to just pass over a user name and password any longer — we need the application (or context, or domain if you like) in addition. And then we need to use that context to query against the proper database.

To get the context I just appended it to the user name. So, instead of ‘james.swafford’ the principal is now ‘james.swafford@somedomain’. Easy enough. Now, how to do the authentication itself? I can think of two ways to do this.

I’ve always used the ‘out of the box’ Database Login Module on the server side. If we wanted to use that and had just one application to worry about, the configuration would look something like this:

<security-domain name="MySecurityDomain">
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:jboss/SomeDS"/>
<module-option name="principalsQuery" value="select md5passwd from users where login = ? and active=TRUE"/>
<module-option name="rolesQuery" value="select securityroles.role,'Roles' from securityroles inner join users_roles on securityroles.roleid=users_roles.role_id inner join users on users_roles.user_id=users.user_id where login =?"/>
<module-option name="unauthenticatedIdentity" value="guest"/>
<module-option name="password-stacking" value="useFirstPass"/>

Since I have multiple applications, I had to do something a little different. One trick would be to chain multiple login modules together, making each of them ‘sufficient’ instead of required. To do that you’d just have to change the queries to take the context into account.

<login-module code="Database" flag="sufficient">
<module-option name="dsJndiName" value="java:jboss/App1DS"/>
<module-option name="principalsQuery" value="select md5passwd from users where login || '@app1' = ? and active=TRUE"/>
<module-option name="rolesQuery" value="select securityroles.role,'Roles' from securityroles inner join users_roles on securityroles.roleid=users_roles.role_id inner join users on users_roles.user_id=users.user_id where login || '@app1' =?"/>
<module-option name="unauthenticatedIdentity" value="guest"/>
<module-option name="password-stacking" value="useFirstPass"/>
<login-module name="Database-2" code="Database" flag="sufficient">
<module-option name="dsJndiName" value="java:jboss/App2DS"/>
<module-option name="principalsQuery" value="select md5passwd from users where login || '@app2' = ? and active=TRUE"/>
<module-option name="rolesQuery" value="select securityroles.role,'Roles' from securityroles inner join users_roles on securityroles.roleid=users_roles.role_id inner join users on users_roles.user_id=users.user_id where login || '@app2' =?"/>
<module-option name="unauthenticatedIdentity" value="guest"/>
<module-option name="password-stacking" value="useFirstPass"/>

That works OK and is easy to do, but the drawback is that the app server is going to cycle through all of those modules until one successfully authenticates or they all fail. That is potentially a lot extra querying. Another, probably better solution would be to create a CustomLoginModule that is clever enough to use the context to determine which data source to query.

None of this was all that difficult but it is different and took a little time to learn. Hopefully this will help someone out there save a little time.

End of Summer Blues

Summertime 2014 has officially ended, and it’s a little sad around the Swafford house right now. We had a really awesome summer. Here are some highlights.

We went to NYC!



… and then upstate NY for a family reunion.


(You can read more about that trip here..)

We did a mini Vacation Bible School at our church!


We did a luau for Ailsa’s birthday!


… and put up our pool!


We went to Cade’s Cove!


We went to the beach!


We went to the Great Wolf Lodge!


We spent some Sunday afternoons at Sleepy Creek!


And certainly not least… we slept in! But you don’t get to see pictures of that.

Summer 2014, we will miss you.

Swafford Vacation 2014 – NY

Draft copy… will edit and add pictures later…

Day 0: Travel day. Traffic was bad from the start. It started to pick up around Fredericksburg VA and never really let up. Driving through NYC was a bit traumatic. Somehow we (and the car) made it unscathed. At least we think so. Who knows what the valet did after we gave the keys over. The view from the hotel is beautiful. It’s a corner room overlooking 3rd Ave. Lots of tall buildings and sky scrapers all around, including a limited view of the Chrysler building. The window opens about four inches out, which is surprising. Amy likes leaving it open and listening to the blaring of the horns and all the traffic down below.

Day 1: We ate breakfast at the hotel, thinking we would save time, but it didn’t really. The main item on the agenda today was a boat tour around Manhattan island. The tour started at 12:30. We took a subway and got there early enough to wander around a bit. We saw the USS Intrepid – what a beautiful ship! After walking around a while we got in line for the tour and boarded our ship. The tour guide was really good but needed to lay off the hand holding a little bit (he kept going on about strength in diversity and all that). We saw a lot of amazing sites, including a great view of the Statue of Liberty. We went under the Brooklyn Bridge, saw Yankee Stadium, Grant’s Tomb, and several other sites. Following the boat ride we ate at a cool Irish Pub on 46th and 11th called the Landmark Tavern. Then we took the subway down to Central Park and took a walk around. Finally we came back to the hotel for a rest, then went back out for ice cream. Great day.

Day 2: Got onto a subway and headed to Grand Central Station (Grand Central Terminal). What an amazing place. It’s a beautiful old building. I think Jamie liked it a lot. We boarded another subway and headed to the Financial District and then walked to the World Trade Center Site. You really don’t appreciate how tall the Freedom Tower is until you’re beside it. The memorial is fitting. We then walked about a mile down to China Town, where we ate at a Chinese Restaurant. We sat at this large round table in a corner that seated maybe 12 people. There was a French family, and a few Chinese guys, and us. That was different! I chickened out and had the Sesame Chicken. It was good. Afterward we went to FAO Schwarz, one of the largest toy stories in the world – but the don’t have Pokemon! Everyone was a little tired at this point so we went back to the hotel for a while before trekking back out for supper at Buca Di Beppo’s at Time Square. (We’ve eaten a few of those now, in Chicago, San Francisco, San Diego… always good). On the walk back we went through St. Patrick’s Cathedral. It is being rennovated but is still an amazing site.

Day 3: Breakfast line was crazy at the hotel so we went to a place called Bread Crums right up the street for muffins and coffee. We went to the Central Park Zoo and ate some hotdogs at the park for lunch ($32 for five hotdogs and four drinks!). Amy wanted to see Belvedere Castle so we did some hiking through the park. It was hot but well worth it. The park is beautiful. Later we went to see the NY Yankees play the Tampa Bay Rays at Yankee Stadium. The subway was so packed – it was like those films of the Japanese guys shoving people into the cars to get the doors closed. Poor Ailsa and Jamie couldn’t see anything, they were just packed in like Sardines. The stadium was awesome and seeing the Yankees play was something I’ll never forget. Ailsa thought it was pretty cool to see Derek Jeter. He tied Lou Gehrig’s club record that night for doubles. There was a heckler not too far from us.. he was hilarious. I was a little worried he was going to use foul language but he kept it “clean.”

Day 4: We went to the Empire State Building and did the NY Skyline Tour. Lunch at a nice place just outside of ESB, then onto the Imperial Theater on Broadway to see Les Miserables, which was amazing. After the show it was back to the hotel for a short break and then on to supper at an old Italian Restaurant. That night we got an spectacular lightning show from the hotel room. We have a corner room on the 31st floor. The lightning was spider webbing all across the sky and hit the World Trade Center Freedom Tower several times. Amy got a recording of it.

Day 5: A little sad, checking out of the hotel today and leaving NYC, driving 250 miles upstate. Looking forward to seeing some family though.