Android Development Restarted

It has been quite a while since I touched an Android phone the last time for code projects. I got in contact first time with an Android phone during an open source conference in 2008 in Sydney when I met Chris DiBona (Director of Open Source at Google). Announcing the SDK 1.0. Soon after I got the G1, aka HTC Dream phone which was the first Android phone available. I could not even imagine this platform would be so widespread adopted and pushed in the years to come. I was even thinking about the investment that time, spending a few hundred dollars on a phone that might be just a experiment. In 2010 I also bought the Nexus One.

Anyway I created some apps for personal use, experimented with the apps market but due to other development and work focus lost it out of sight and just remained normal Android user.

Now my interest returned, at least to update my knowledge about this technology. Today things are becoming a bit easier (IDE, documentation) but also more complex, mainly due to the massive range of devices and manufacturers which makes screen design quite challenging, but also to security concerns as more spam and junk apps are around, users are no longer so flexible with the app security settings.

Coding becomes more convenient, now Android got its own IDE, the Android Studio. After an initial download and subsequent additional downloads of required packages you can start with your projects straight away.

With Ubuntu just just download the linux package, make sure you have a JDK installed, and execute the shellscript in the bin folder.

Android Studio

Android Studio

Enforce password for Ubuntu user on EC2 instances

Using linux (Ubuntu) instances on Amazon EC2 is a quite safe thing to do, at least measured by the security provided by the platform (security groups, ACL, physical security,..). I recommend reading their security site here. At the end of the day the server is only as secure as you configure it, if you choose to open all ports running services with their default configurations and password settings, Amazon can’t help you.

When connecting to a Ubuntu server with ssh you need to provide the keyfile (somekeyfile.pem) that you can download when creating the key pair.

Key file

Key file

This 2048 bit key is required to login as regular ubuntu user. What I dislike is the fact that this user can sudo all, so once someone manage to get into you user account, he has root access too. I recommend to set a password for the ubuntu user and change the sudoers configuration.

Change the password for user ubuntu

Open the sudoers include file

sudo vi /etc/suderos.d/90-cloudimg-ubuntu or sudo vi /etc/sudoers

change last line from



ubuntu ALL=(ALL) ALL

Glassfish and https running secure applications

By default Glassfish listens to http on port 8080 and https on port 8181.
It is better to listen to the default ports 80 for http and 443 for https, usually you dont want the user to enter port numbers as part of the URL.

Even the Glassfish Admin Console allows to change the ports (Configurations/Server Config/Network Config/Network Listener), certain server OS such as Ubuntu do not allow non-root users (you should run Glassfish as separate user !) to ports below 1024. We can achieve this by port rerouting with the iptables command (under Ubuntu)

iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8181
iptables-save -c > /etc/iptables.rules
iptables-restore < /etc/iptables.rules

vi /etc/network/if-pre-up.d/iptablesload
iptables-restore < /etc/iptables.rules
exit 0

Additionally you can get a proper SSL certificate to stop annoying the user with a no proper certificate warning. See previous tutorial here.

SSL Error

SSL Error (Chrome)

If you operate an enterprise application with a known URL to the users, unlike a regular website where the portal should be reached with regular http, I would completely disable regular http.

Disable http

Disable http

Copy EC2 instance to another region

Is it finally possible ? While the AMI import tool is long awaited for but only available for Windows, it is rather a big hazzle to transfer manually (see this) any other OS ( my last attempt in 2010).

Today Amazon announced the EBS Snapshot Copy Feature (across regions). The intention is certainly to allow easy migration of data to another region, as you can copy the snapshot, create a volume and attach it to an instance. I was curious to try if I can migrate my Ubuntu instance to another region and it worked. You can use both command-line as well the AWS web admin.

Amazon S3 plugin for Jenkins CI again

About once a year I revisit (link) this topic again (usually when the plugin causes trouble). Now I get this signature error

AWS Error Code: SignatureDoesNotMatch, AWS Error Message: The request signature we calculated does not match the signature you provided. Check your key and signing method., S3 Extended Request ID:..

The good news first:
The S3 plugin became mainstream, you can install it from the plugin page under Jenkins Administration | Plugin Manager. You dont need to build the plugin any longer by yourself and can skip the rest of this entry.

S3 Plugin

The long version:
It seems the error is caused by a ‘+’ sign in the access key troubling the encoding function used (see issue). The latest build (Sep 2012) should fix this problem.

If you want to build by yourself, you need to get the sourcecode from git and build the plugin file, beware as it requires Maven 3 now. Below instructions apply fro Ubuntu.

Upload plugin



Glassfish 3.1 – Clustering Tutorial Part2 (sessions)

In the previous part (link) I get you running with a simple Glassfish 3.1 cluster setup with 2 instances running on 2 nodes. Now we have a cluster setup and can deploy an application one time and it will run on both nodes, no big deal, it doesn’t get us anywhere. So in part 2 we will do some modifications to our virtualbox server setup and create a web application with sessions replicated to both instances.


  • The server and cluster setup from part 1 (link)

Preparation of host and Virtualbox guests:

In part 1 we used n1 and n2 as hostname, this creates trouble for this part. A key information for the sessions is the server-hostname (domain) and we cannot share sessions between totally different hosts.

  1. Update guest server hostname
    Change etc/hosts and /etc/hostname
    Server n1 becomes    localhost

    Server n2 becomes    localhost


    • You can use any domain name (other than, which I dont own btw).
    • The IP addresses must fit your own Virtualbox setup.
  2. Update your host
    The host running Virtualbox. Change /etc/hosts
  3. Check multicast
    The communication between the nodes is using multicast for the session replication. The Glassfish team gives us a tool to verify if your servers can “see” each other.
    Go to the bin folder of the Glassfish installation and execute ./asadmin validate-multicast on both nodes
    You should get feedback like this Continue reading

Glassfish 3.1 – Clustering Tutorial

Glassfish Clustering, after being absent from version 3, made its re-debut after 2.1 in the current version 3.1
I was eager to get my hands on and tried to make sense of some information from various sources (see reference).

Clustering is quite a sophisticated subject, which you dont need to cover during development time, but at some stage (deployment to production) you better off knowing how it works and verify your application runs in the clustering environment.

I compiled the most essential steps in this instant-15min-tutorial creating the most simple cluster: 2 nodes with 1 instance each, 1 node also runs the DAS.

Glassfish Cluster

Continue reading