SCBCD

Did the sun JEE5 certification yesterday.
I started preparing the evening before, which did not leave nearly enough time,
but all was well :)
The exam is not easy, which is a plus for it's credibility, compared to some mock certifications on the market.
The EJB3 course I'm teaching at sun (sl351) is a good start, but not sufficient.
Mikalai Zaikin's SCBCD 5.0 Study Guide was the best resource I found on the web.

Topics I got:

• JNDI, JPQL, transactions, exceptions, rollback
• combining transactions and entitymanager
• orm mapping of an association class
• NO deployment descriptor syntax questions
  
• libraries included in JEE5
  
• mapping users to roles
  
• business method that you can call locally/remotely
• at which level can you apply specific annotations?
• legal return types for @webmethod
• composite primary keys
• mixing EJB2/3
• persistence units

Top level internet domains

ICANN says generic top level domains will soon be made available. Nice, all these .com names are a bit tecno indeed.

Attack of the coffee machines

Internet hacking through domotica to become a reality?

Message on security focus:

Hi All,
I have a Jura F90 Coffee maker with the Jura Internet Connection Kit. The idea is to:

"Enable the Jura Impressa F90 to communicate with the Internet, via a PC.
Download parameters to configure your espresso machine to your own personal taste.
If there's a problem, the engineers can run diagnostic tests and advise on the solution without your machine ever leaving the kitchen."

Guess what - it can not be patched as far as I can tell ;) It also has a few software vulnerabilities.

Fun things you can do with a Jura coffee maker:
1. Change the preset coffee settings (make weak or strong coffee)
2. Change the amount of water per cup (say 300ml for a short black) and make a puddle
3. Break it by engineering settings that are not compatible (and making it require a service)

The connectivity kit uses the connectivity of the PC it is running on to connect the coffee machine to the internet. This allows a remote coffee machine "engineer" to diagnose any problems and to remotely do a preliminary service.

Best yet, the software allows a remote attacker to gain access to the Windows XP system it is running on at the level of the user.

Compromise by Coffee.

Regards,
Craig Wright GSE-Compliance

Microsoft recommits to UML

Bill Gates reverses the decision to drop UML support in favour of a proprietary Domain Specific Language. UML support will be included in Visual Studio 10.
Microsoft was one of the original companies pushing UML 1.0.
They turned away from UML, when Rational, the creator of UML, was swallowed by IBM.

This is great news for a common modelling language independent of your choice of programming language.

News page...