AmericanExpress.com: Tip On Configuring Your Web App

For all you web application developers, I’d like to briefly note the following stack trace I received from the American Express website while clicking around:

And here is the same trace in plain-text format:

JSPG0036E: Failed to find resource /cardcenter/common/interstitial.jsp

Root Cause:

java.io.FileNotFoundException: JSPG0036E: Failed to find resource /cardcenter/common/interstitial.jsp
	at com.ibm.ws.jsp.webcontainerext.AbstractJSPExtensionProcessor.findWrapper(AbstractJSPExtensionProcessor.java:322)
	at com.ibm.ws.jsp.webcontainerext.AbstractJSPExtensionProcessor.handleRequest(AbstractJSPExtensionProcessor.java:284)
	at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3548)
	at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:269)
	at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:818)
	at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1478)
	at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:126)
	at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:458)
	at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:387)
	at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:102)
	at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
	at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
	at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
	at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
	at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:196)
	at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:751)
	at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:881)
	at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1497)

Most developers might say, “So what? You just clicked on a broken link somewhere. Go back and go about your business.”

And that’s exactly what I did, since I just wanted to pay a credit card bill. But what if “my business” had been to gather forensic information about potential American Express website vulnerabilities? A stack trace may look innocuous, but we can be almost certain that this HTTP request was handled by a Java servlet. It uses Java Server Pages (JSPs) for view templating, and the application appears to be running on IBM WebSphere. Not only this, but we have line numbers for each stack frame, and the CSS appears to be some form of default styling.

Large institutions such as AmEx tend to not upgrade to the latest versions of development libraries until a future interal release cycle where the new version(s) can be internally vetted, tested, QA’d and put through a due diligence process. (Or for older apps, dependencies might not be upgraded at all.) This makes stack traces extremely valuable to an attacker. Why? Because I can obtain all historical versions of technologies such as WebSphere, and map every specific call in the stack trace back to the code until I find the software versions where the line numbers match up. The attacker should at least be able to narrow down the software version numbers to a range, if not the specific release version. After gathering this information, the attacker may choose to fixate on the older packages, and consult databases of vulnerabilities in legacy software until a vulnerability is discovered.

Long story short: turn off the rendering of stack traces in public-facing production applications. They’re convenient for validation of production errors, yes, but you don’t know what they may reveal.

Video: How To Produce A Live Music Event Recording: Post-Production

To help answer the question of why it takes so long to get an event recording on disc, even for small events, I’ve put together this high-level, high definition (720p) behind-the-scenes walkthrough of the post-production editing, mixing, mastering, replication and packaging processes used for the ahCOOTstic Rock event (and others) brought to you by the Phoenix Independent Musicians’ Project (PIMP Google Group) and Sonic Binge Records.

Enjoy and please share this video!

If you’re in Phoenix and want to be part of hot event productions like this, join the Phoenix Independent Musicians’ Project!

The $1K CD/DVD/LightScribe Replicator: The DIY Guide To Manufacturing Your Own Discs For Less Than $1 Each

This do-it-yourself replicator features eight Lite-On CD/DVD burners. By flipping the disc over you can burn images onto the top using the drive lasers.

I’ve slowly updated components of The $1K Home Studio over the last few years, but have never had a low-cost, DIY solution for disc replication. After playing with external CD burners and evaluating various proprietary hardware options such as the Aleratec auto-flip burner , MicroBoard tower replicators amongst many others, I decided that the current commercial solutions are nice, but most definitely overpriced. So I decided to develop my own solution. This custom-built behemoth is built from common off-the-shelf (COTS) hardware from Fry’s Electronics and inexpensive commercial software. It costs less to own than commercially branded replicators, and also functions as a normal desktop computer since it runs Windows 7 and Linux. (I took care to also buy a Gigabyte-brand motherboard that supposedly supports the OSx86 (“hackintosh”) project, but have had little success with the installation.)

Hardware

  • Intel i5 750 64-bit CPU. (Features 4 cores.)
  • 4GB RAM.
  • 8 x (yes, eight) Lite-On CD/DVD 5.25″ SATA burner drives.
  • Gigabyte motherboard with lots of SATA ports.
  • Add-on SATA card. (Most motherboards won’t have enough connectors, especially if you have 8 x burners plus 4 x hard drives. 🙂 )
  • Big-ass power supply. (The first one I bought wouldn’t even boot the thing. I put in a monster and everything started working.)

Software

The point of all these burners is to burn simultaneously to all of them, but Windows 7 and OS X cannot do this out of the box. Only a small subset of CD/DVD burning software on the market supports parallel burning, and some only seems to support multiple burners for specific types of burns. What’s worked best for me so far is…

  • Nero Multimedia Suite 10 for concurrent audio and data burning with multiple burners. You don’t have a lot of easy-to-use alternatives here, and I’ve also noticed a few glitches with Nero. Keep your eye out for sales here and you can pick up a copy dirt cheap.
  • Acoustica CD/DVD Label Maker for concurrent LightScribe replication across multiple burners. Again, not a lot of options here. The free software from LightScribe.com does not support multiple burners, though some vendor-specific bundles seem to. (LaCie’s LightScribe software in particular appears to support simultaneous LightScribe burns, and they also have a Mac version. I would have went with a Mac-based solution, but 8 x USB 2.0 drives probably would not work so well.)
CDs burned with LightScribe technology. Discs come in many different colors.

I decided to create all my replicated discs using LightScribe technology. This allows me to flip LightScribe CD-Rs upside-down in the burner and use the laser to burn custom graphics onto the top of the disc. I also made the command decision to use COTS cd sleeves instead of CD Jewel cases or slimline cases. The plastic ones are more expensive, always crack, and are pretty much useless from the start since most people seem to rip their CDs nowadays anyway. Sleeves protect the disc, come in many colors, are far less expensive, even cheaper in bulk, and perhaps best of all can be printed on directly though ordinary laser and ink jet printer.

The system runs Windows and Ubuntu. Additional drives are interchanged using hot-swap SATA drive modules.

System Pros

  • Inexpensive initial fixed cost of hardware parts and software licenses.
  • Inexpensive variable cost per disc since LightScribe labeling uses the drive laser instead of ink. There are no costly consumables to replace. (Ordinary LightScribe media purchased in bulk works great.)
  • Quick data, audio and LightScribe replication using 8 concurrent burners.
  • Doable by anyone capable of building of PC with a little time can build one.
  • Functions beautifully as a normal desktop computer.

System Cons

  • Not completely automated like some commercial units because disc loading, unloading and flipping (if using LightScribe) is a manual process.
  • Still uses CD-Rs. These are not the same as commercially pressed mass media discs, but a lot cheaper.
  • (This one is only applicable to audio.) I’ve yet to find inexpensive parallel burning software that can handle DDP images. (The standard in “Red Book” audio CD mastering.)
  • Since LightScribe labeling uses the drive laser instead of ink, disc labels are grayscale only. (Note: You have a lot of options in disc color, though, so it’s not a big deal. Just use your creativity.)

Replication Process Overview

Label four empty CD pancakes to manage the assembly line replication process. If you don't you'll get your disc piles confused!

My primary purpose for this buildout is to replicate audio CDs as quickly as possible for Sonic Binge Records: the awesome music production company. In particular, I need to quickly replicate a pancakes worth (usually 25-50) of audio CDs as inexpensively as possible. After much trial and error with the process, this is what I’ve found works best.

  1. Create final CD master image. (For me that’s using WaveBurner on a Mac. For replication purposes it doesn’t really matter as long as the master is good.)
  2. Take four empty CD pancake containers and label them “Blank”, “Burned”, “Labeled”, and “Ready” to create an assembly line process. You can of course save these for future jobs.
  3. Use Nero Burning ROM to replicate batches of 8 at a time. When they’re done, be sure to put them in the “Burned” stack so you don’t get burned discs confused with “Blank” discs.
  4. While they’re burning, create a square grayscale graphic for LightScribe burning. (Free label creator software is available, though anything like Photoshop works too. I usually use a combination of Photoshop and Acoustica.)
  5. Use Acoustica to label batches of 8 at a time. Each batch will take a while. Full-disc burns seems to take around 30 minutes per batch: much longer than the data/audio side of a standard CD-R. Moved discs to the “Ready” pile when they’re done. (Note: The “Labeled” pile is for discs that have been LightScribe labeled but not burned with data or audio. You can end up in this situation when using multiple computers to do burning.)
  6. While they’re burning, use your favorite document application to design your printed CD sleeves. I’ve started buying color variety packs in bulk packs of 300 to keep options high and costs down.
  7. Bulk print the entire order of sleeves in a single run. As long as you can set the size of the feeder tray, your existing feeder should work fine. (CAUTION: remember that the “window” is made of plastic, and can melt if exposed to heat. Think twice before trying your laser printer. 🙂 )
  8. Take discs from your “Ready” pile (as they finish getting labeled) and slip them into sleeves to create the final product, suitable for general distribution. The imaging lasering adds a great, distinctive touch, and of course you can get as creative as you want with the sleeves, too.
  9. Done! (aka beer time.)

Costs

  • Fixed: ~$1K for the machine build, with about $400 of that just for the burners. I reused/reposed parts from old junker machines where I could, and could have saved some money by buying online. I was in a rush and just went to the store.
  • Variable: Roughly $0.40 – $1.00 per disc, depending on the disc quality, packaging, ink etc. you decide to use for each project. (All things considered, the $0.40 version looks pretty decent!)

Closing Thoughts

If you’re a musician without computer skills I would not recommend attempting this project, but if you feel fairly comfortable putting together machines, it’s honestly not that hard. It’s just a PC, after all. (Disclaimer: I do have a degree in Computer Science and Engineering, so my perspective of “not that hard” may be a bit skewed.)

I hope you’ve found this rough how-to guide both inspirational and informative. It’s very useful to have a replication machine handy, and if you’re actively working with people on projects intend for distribution it’s a great investment!

Please use this comments section for all your general comments and questions and I’d be happy to address them. Thanks for reading!

Why Amateur Musicians Use Macs

While discussing tonights U2 concert in Phoenix, I got into a HUGE argument with a Linux user over why amateur musician/producers would have to be mentally challenged for *not* making a Mac their first investment over Linux and Windows. Since the proof is in the ear pudding, I wrote, recorded and mixed this U2-inspired acoustic/vocal jam (aka “rip off”) in 4 hours using only a 2.4GHz MacBook w/4GB RAM, OSX Snow Leopard, GarageBand, *built-in laptop microphone*, iPod earbuds, ghetto-fabulous Fender acoustic guitar and 2 vodka tonics. (In other words no fancy microphones, A/D converters or other hardware.) The noise at the beginning and end is the sound of the MacBooks fan running at full speed, but other than that (and some really sloppy pitch correction patchwork) I’m not aware of any software that ships with Vista, 7, or any modern Linux distribution that can do anything REMOTELY close out of the box in more-or-less the same amount of time. If you think otherwise, prove me wrong!

Download “It’s Alright” MP3.

(Truthiness: I cheated *slightly* by jumping into Logic Pro 9 for the pitch correction part since I was lazy and didn’t want production to take more than 30 minutes, but that wasn’t technically necessary!)