Tuesday, April 21, 2009

Tomcat, Apache, IIS ETag Format

The ETag format

  1. Apache 1.3 and 2.x is inode-size-timestamp. Although a given file may reside in the same directory across multiple servers, and have the same file size, permissions, timestamp, etc., its inode is different from one server to the next.
  2. Tomcat simply generates a Weak ETag by concatenating the content length and the last modified time in milliseconds
  3. The format for ETags on IIS is Filetimestamp:ChangeNumber. A ChangeNumber is a counter used to track configuration changes to IIS. It's unlikely that the ChangeNumber is the same across all IIS servers behind a web site.

Monday, April 20, 2009

Fiddler - Debug on localhost

Most of the time, web developer wants to see web traffics against localhost. If you are working with Fiddler, and by now, you should realise that Fiddler is not working with localhost or

It is documented in fiddler website.

Some workaround is
  1. Use machine name instead of localhost. That is http://my_machine_name/
  2. Use your local IP address. Check with ipconfig command
  3. If you're using Fiddler v2.1.8 or later, just use http://ipv4.fiddler to hit localhost on the IPv4 adapter, or use http://ipv6.fiddler to hit localhost on the IPv6 adapter
  4. Add a . at localhost. That is http://localhost./myweb

Fiddler and YSlow

These 2 utility are good for web developer.

YSlow - Come together with FireBug for FireFox extension and developed by Yahoo!. It provides you with Web traffic analysis as well as performance tips. Abstract from YSlow

YSlow analyzes web pages and tells you why they're slow based on the rules for high performance web sites. YSlow is a Firefox add-on integrated with the popular Firebug web development tool.

YSlow gives you:
  • Performance report card

  • HTTP/HTML summary

  • List of components in the page

  • Tools including JSLint

Fiddler - Web trace tools develop for IE. It provides web debugging and analysis. The latest version claims to have FireFox Hook. Abstract from Fiddler

Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language.

End of Analog Camera?

In the last ISC West security show in Vegas, IP-Camera is evolving very fast.

Some hits are:
  1. Mega-pixel IP camera and Hi-Definition camera
  2. H.264 camera streaming
  3. Low light capabilities
  4. Build-in analytics
  5. Build-in storage
There is even a vendor who has create a NVR + Analytics within a camera.

Analog camera is almost obsolete in the show. Even Pelco is pushing hard on their new Sarix IP-Camera.

Just a though, why those some IP-Camera suppliers like to design their own H.264 stream and proprietary conntectivity? It causes inconvinence for decoding and prevent integrition opportunity...

HTTP Performance Tips - Add Expires or a Cache-Control Header

According to Yahoo HTTP best practices, adding an Expires or Cache-Control header helps to increase performance of web server. Ideally, the performance should increase as cached data are not request and transmitted over the next visit.

To archive that, you should
  1. For static components: implement "Never expire" policy by setting far future Expires header
  2. For dynamic components: use an appropriate Cache-Control header to help the browser with conditional requests. The value is 48 hours.
To archive this in tomcat, you have to create a Servlet Filter to intercept incoming request and set the above HTTP header in response.

I am not going to post code here as there are many existing code out there. But, if you have no idea on what to search for, those links below will help

  1. I had tested this Expires Serlvet and it works.
  2. HTTP 1.1 Protocol Parameter
  3. HTTP 1.1 Header Fields Definition

Thursday, April 16, 2009

HTTP Performance Tips - Enable GZIP Compression on Tomcat

HTTP compression boost the performance of your web application. To enable HTTP compression on Tomcat, do the following

1. Locate server.xml in <tomcat install home>/conf

2. Find connector tag. Something like this

<Connector port="80" maxHttpHeaderSize="8192"

maxThreads="300" minSpareThreads="25" maxSpareThreads="100"

enableLookups="false" redirectPort="443" acceptCount="100"

connectionTimeout="120000" disableUploadTimeout="true"


3. Add the following in the HTTP connector. It will enable GZIP compression for html, xml, javascript and css



noCompressionUserAgents="gozilla, traviata"


4. Final Connector looks like

<Connector port="80" maxHttpHeaderSize="8192"

maxThreads="300" minSpareThreads="25" maxSpareThreads="100"

enableLookups="false" redirectPort="443" acceptCount="100"

connectionTimeout="120000" disableUploadTimeout="true"




noCompressionUserAgents="gozilla, traviata"

compressableMimeType="text/html,text/xml,text/javascript,text/css" />

5. Restart the server

6. On successful HTTP GZIP compression implementation, you should see these in FireBug's YSlow


1. Apache Tomcat HTTP Connector Reference

2. Extract from Yahoo about GZIP components

Gzip Components
tag: server
The time it takes to transfer an HTTP request and response across the network can be significantly reduced by decisions made by front-end engineers. It's true that the end-user's bandwidth speed, Internet service provider, proximity to peering exchange points, etc. are beyond the control of the development team. But there are other variables that affect response times. Compression reduces response times by reducing the size of the HTTP response.
Starting with HTTP/1.1, web clients indicate support for compression with the Accept-Encoding header in the HTTP request. Accept-Encoding: gzip, deflate
If the web server sees this header in the request, it may compress the response using one of the methods listed by the client. The web server notifies the web client of this via the Content-Encoding header in the response. Content-Encoding: gzip
Gzip is the most popular and effective compression method at this time. It was developed by the GNU project and standardized by RFC 1952. The only other compression format you're likely to see is deflate, but it's less effective and less popular.
Gzipping generally reduces the response size by about 70%. Approximately 90% of today's Internet traffic travels through browsers that claim to support gzip. If you use Apache, the module configuring gzip depends on your version: Apache 1.3 uses mod_gzip while Apache 2.x uses mod_deflate.
There are known issues with browsers and proxies that may cause a mismatch in what the browser expects and what it receives with regard to compressed content. Fortunately, these edge cases are dwindling as the use of older browsers drops off. The Apache modules help out by adding appropriate Vary response headers automatically.
Servers choose what to gzip based on file type, but are typically too limited in what they decide to compress. Most web sites gzip their HTML documents. It's also worthwhile to gzip your scripts and stylesheets, but many web sites miss this opportunity. In fact, it's worthwhile to compress any text response including XML and JSON. Image and PDF files should not be gzipped because they are already compressed. Trying to gzip them not only wastes CPU but can potentially increase file sizes.
Gzipping as many file types as possible is an easy way to reduce page weight and accelerate the user experience.

Add code formatting to Blogger

I understand that it is a pain to provide code block and code formatting in Blogger. Below are some tips to make your life better (hopefully, at least a bit better)

Code Container

Sometime, you will want to put your code inside a container as below

public void testCode(){

//your code here


To have the container, do the following

1. Go to Layout -> Edit HTML -> Edit Template

2. Search for this Code


3. Add the following before the above code

border:1px solid #A6B0BF;

pre:hover {
border:1px solid #efefef;

code {
color: #000000;

.clear {

4. Save the template

5. Now, you can add your code to the container in

<pre> code </pre>
Tag Formatting

If you work with XML or Tagging with < > , you will fine that it is not a easy task in Blogger. By default, Blogger will remove these < > so that they can perform their template processing.

So far, my way to workaround with it is to use ASCII code for HTML. There is one website which help to replace those characters for you.


Tuesday, April 14, 2009

SmartGWT vs GXT

Sanjiv Jivan has moved to Isomorphic Software and developed SmartGWT 1.0b2. It is a Google GWT wrapping around SmartClient. SmartGWT 1.0b2 is a stability release and contains various enhancements and bug fixes. GWT 1.6 M2 is also supported.

Ever since ExtJs changed the licensing model, GWT-Ext is considerably "dead". SmartGWT is the upcoming replacement for it.

When comparing to GXT, SmartGWT does have a "laggy" feeling when using the loaded application. The arguement is SmartGWT is a wrapper around SmartClient Ajax API while GXT provide pure Java code pruning.

Comparison Summary


  • Only thing I am impressed about SmartGWT is their data binding and RestDataSource feature
  • LGPL license => free.
  • Rich UI featureset => very much like the old GXT.
  • SmartGWT is JSNI wrap around GWT + SmartClient to create SmartGWT => slow


  • GXT data binding is kind of similar to the old GWT-EXT.
  • GXT is pure GWT implementation => Fast, code pruning, custom js build
  • GXT 2.0 is coming out next week. They declare that 2.0 has flash chart API. WebDesktop and Flash Chart are what SmartGWT lack of.
  • It will cost some $$$ to get the developer licenses

There is not hard and fast rule on who is better. SmartGWT is a UI winner while GXT is a application loading winner.

I observed that SmartGWT codes are hosted at Google Code. I am very concern about SmartGWT user support if Sanjiv Jivan decides to switch again....

Thursday, April 2, 2009

Java - RSA encryption 117 Bytes limitation

There is a limitation on RSA encryption with large files and strings. That is, Java RSA has a encryption size limit of 117 bytes for PKCS v1.5 padding. This limitation is fine as RSA operation is computationally intensive and should be used for key exchange.

But, if you really want to perform RSA encryption on large file, you will have to break the file into small block, ie, byte[100]. That is encrypt in 100 bytes and decrypt in 128 bytes

See http://www.aviransplace.com/2004/10/12/using-rsa-encryption-with-java/3/