« July 2008 | Main | September 2008 »

31 posts from August 2008


Rate This Blog

With the introduction of the Reactions feature in Blogger, I'm hoping visitors to this site will notice at the bottom of each post a simple "rating" section to give me a little feedback on whether or not you thought that the article was useful.  Please give me some feedback!

Weekend Post: Site Updates from 8/23 to 8/30

Last week was not a very active week for articles on this site.  My day job kept me pretty busy but I still managed to post a few trinkets and news items.

The week started off that the Apache Software Foundation released an update version of Apache Axis2 and ended with notification that milestone 7 of the Apache Harmony v5 jvm was released.

As you can probably tell, this past week for me was filled with PCI Compliance remediation tasks centered around disabling TRACE/TRACK methods on web and app servers and tightening up encryption.  The third of three articles involving pci remediation and disabling trace on apache was posted on Monday.  Also on Monday, I posted an updated a powershell script that was used for testing the TRACE method so that you can now test for any method against a particular URL.  I've mentioned it before but if you are looking to get a very good book on Windows Powershell, Pro Windows Powershell by Hristo Deshev and published by Apress is a great choice.

Friday's posts were inspired by folks searching on google on how to disable the TRACE method on apache tomcat and on how to tighten security on a BigIP LTM-managed Virtual Server in order to disable SSLv2.  The latter post was expanded in order to not only disable SSLv2 but null and weak ciphers as well.

Apache Harmony 5.0M7 Released

My apache newsfeed informed me that the seventh milestone (!?) release of Apache Harmony was released. The builds itself for milestone 7 appear to have been released at the end of July so this is late.

For those of you unaware of what apache harmony is, this is the apache software foundation project that is building an open-sourced implementation of the java virtual machine that is closed-source friendly. As I understand it, the main differences between the Apache License and the GPL is that the Apache License allows anyone to take the code and use it to create their own closed-source project.

Downloads are available here for Linux and Windows. OS X users are out of luck right now.