For our current internal project, I needed a way to display images within a Java Swing application. There are probably as many solutions to this out, as there are swing programmers, but here is a quick way to get this done, that solves my two major issues:

Resizable, i.e. when the panel changes in size, the image changes along.

Integratable with NetBeans, especially with the Matisse component designer.

This worked for me:

public class ImagePanel extends JPanel {

    private Image image;
    private Image displayImage;

    public ImagePanel() {
        super();
    }

    public ImagePanel(Image image) {
        super();
        this.image = image;
        this.displayImage = image;
    }

    @Override
    public void paintComponent(Graphics g) {
        fitImage();

        while (!g.drawImage(displayImage, 0, 0, null)) {
        }
    }

    @Override
    public void setSize(Dimension d) {
        super.setSize(d);
    }

    private synchronized void fitImage() {

        if (image != null) {
            int imageHeight = image.getHeight(null);
            int imageWidth = image.getWidth(null);

            double ratio = ((double) imageHeight) / ((double) imageWidth);

            Dimension d = this.getSize();

            double height = d.getHeight();
            double width = d.getWidth();

            if (height == 0 || width == 0) {
                height = this.image.getHeight(null);
                width = this.image.getWidth(null);

            } else {
                double tempH = Math.floor(ratio * width);
                double tempW = Math.floor(height / ratio);

                if (tempH + 1 > height) {
                    width = tempW;
                } else {
                    height = tempH;
                }
            }
            displayImage = image.getScaledInstance((int) Math.floor(width), (int) Math.floor(height), Image.SCALE_DEFAULT);
        }
    }

    public Image getImage() {
        return image;
    }

    public void setImage(Image image) {
        this.image = image;
        fitImage();
    }

Note the while-loop in the paintComponent() method. Without this, you will only get partial image updates, since the drawImage() method on Graphics runs in the background. For very large images or latency sensitive applications this might be an issue, but for my application this is quite acceptable.

In order to integrate this class with NetBeans, you create a Swing JPanel with the graphical designer, and set the "Custom Creation Code" for that panel to be your ImagePanel. Within the code, you can now easily cast to ImagePanel, thus giving you the full image functionality, while not sacrificing visual design.

tags:java swing image panel NetBeans

    I love foundational discussions - they always have the potential to fundamentally change my world-view, which is quite stimulating.

    Radovan picked up on my little piece on reputation. In particular he suggests that the question "What attributes should be influenced by reputation and what should not?" does not make any sense.

    I fully agree with this statement, but not necessarily with all conclusions that Radovan draws. As I see it, the question is not what attributes of an entity should be influenced by reputation, but much more about what attributes can be reasonably approximated by a mean-value approach such as reputation.

    In Radovan's example, the height of a given person can be precisely determined (up to an error margin, that is part of that measurement). The result of such a measurement--as long as it is reproducible--is the objective value of the attribute "height". It does not make any sense to attach a reputation to this value. But you can attach a reputation/"credibility score"/whatever to the measurement process (this is typically done through the specification of the error margin), or the faithfulness of storing this information in a given storage system (e.g. through the reliability score of this provider, determined by averaging over the subjective reliability score given to the storage system by its customers/clients). The aggregate "reputation" of this process (measuring, recording, storing, reproducing) can then be used to calculate the "reputation" of you saying that I am 147 cm tall.

    But--and this is important: your statement about my height (or the aggregate statement of the community about my height) does not influence the fact (if you want to use this hopelessly overloaded term) that I am 187cm tall.

    This is fundamentally different from what might happen with other attributes: for example, let us look at my "reputation for drawing aesthetically pleasing pictures". While I ( or my daughter) might be convinced that I have a rather high score for this attribute, the rest of the world might beg to differ. My community-wide^[1] reputation as a gifted painter could thus be much lower. Note that I do not have any reasonable recourse: there is (fortunately) no final authority, or repoducible process that can determine a definite value for this particular attribute.

    Nevertheless, for such non-CFD, mean-value attributes you still face the same issues that you do face for objective attributes: there is the change of recording or storage failure, and thus other factors that might ultimately determine the reliability of a "reputation as painter" score I might have.

[1] Note that at this point it becomes very important to define the correct domain of your mean-value process, i.e. you have to fix an ensemble.

    Paul proposed a conjecture regarding the validity of using reputation systems in the context of identity systems. This (and some discussion on the IDGang list) inspired me to dig again through some of my notes regarding the ontology of physical reality (and thus--by extension--quantum theory).

    My personal position in the discussion on the most sensible approach to physial ontology was always firmly rooted in the realist corner: I completely reject positivism and--mostly-- empiricism on fundamental principle. There is no doubt in my mind that there is an objective physical reality, independent of human (or any other) observer^[1].

Reputation in information systems

    Now, a reputation scheme can easily be interpreted as mechanism to determine the value of an entity's attribute by averaging over the subjective values of that particular attribute, as seen by an ensemble of parties interacting with the entity in question. So, for example, to determine the "trustworthiness in business transactions" of user A of an auctioning site, one can average over the subjective opinion of business partners of user A on his trustworthiness.

    This approach is valid, and as many social (or even business) sites indicate very useful. It can be applied reasonably well to attributes of an entity that are either non-counterfactual definite (i.e. completely subjective), or not measurable by an objective and reproducible measurement approach.

    "Trustworthiness" is a good example for a subjective attribute, and credit-worthiness of a company or individual might be an attribute of the later type: while the fundamentals of a company determine its ability to shoulder a certain about of debt without collapsing, there is (to my knowledge) no definite algorithm to compute a simple "creditworthiness" attribute. However, the averaging over the credit ratings from different rating agencies (i.e. a kind of "credit reputation") is normally a good approximation of this attribute^[2].

    However, there are some attributes that cannot be averaged over: those attributes are counterfactual definite, i.e. objective and can be measured by a repoducible mechanism. A good example for such an attribute is my physical height,  my employment status with a given company, or my gender. All of these might change in time, but at a given point in time, they can be easily determined and have an objective value--even if nobody measures it. Applying a mean-value approach to these does not make any sense.

    One might interject, that for such a counterfactualy definite attribute there might be a different perception of its value with other entities. For example, while my actual height is 187cm (~ 6' 1"), some people might think that I am taller or shorter.  Now, my actual height does not change because a number of people are thinking so. It is my perceived height that changes and this attribute is entirely different from the former.

    So, in the end it is very important to evaluate carefully if a given attribute of an entity in an information system lends itself to be used in the context of reputation systems. In some specific cases this does make sense, but in others it is entirely pointless.

[1] Yet, while realism is vital to my world view, I am much more inclined to abandon local reality than counterfactual definiteness.

[2] The current financial quagmire is an example of how such a reputation system can fail.

  GIMPS has released a statement indicating that the 45th and 46th Mersenne primes were recently found at Sun by Tom Duell (right here in Burlington, MA) and Rob Giltrap (Wellington, New Zealand). Both ran on Sparc based systems. Congratulations!

tags: mathematics prime numbers

    Amazingly enough, it took less than 24 hours to see the first massive privacy issues flaring up with Google Chrome. In a CNET interview, Peter Eckersley of the EFF says:

"We're worried that Chrome will be another giant conveyer belt moving private information about our use of the Web into Google's data vaults," Eckersley said. "Google already knows far too much about what everybody is thinking at any given moment.

    Now this is a total surprise, is it not? Not only can Google read all your mail, knows what you are looking for on the web, and has your financial information through Googlc Checkout or Adsense. With the Omnibox (or the mysterious "one or more unique application numbers"), they now also see all the places you go to -- on the internet and any possible intranets.

    Now, I do not know exactly how this will play out legally, but as far as I am concerned, the internal structure of an Intranet is usally some I'd rather not expose to outsiders. Beyond privacy concerns, there are clear security and intrusion concerns, and allowing Google to obtain this data for free and without any binding contract between Google and my company does not seem very prudent. If I had any say, I would strangle recommend to prohibit the use of Chrome in any enterprise environment. This should obviously extend to government agencies, and among them law enforcement and military. How embarrassing would it be, if--by honest mistake--the DNS or CA infrastructure of the combat command and control systems of say, the Airforce or the CIA would suddenly appear on a Google search result.

    Do not get me wrong: I do like Open Source, and adding competition to the market is always a good thing. I simply see the ugly face of monopoly lurking around the corner, and this time it also has a big file on any internet user. This is a little too much power in the hands of a single entity. If Google was part of a government, people would be a lot less eager to submit their most private data (with the exception of Germany, of course--there it works the other way round).

tags: google chrome privacy

  Germans usually do not tire to remind the rest of the world that data privacy is most important to them, and the German supreme court recently confirmed a human right to "informational self-determination", which limits the means and circumstances under which authorities (or private parties) may obtain and use data about residents. This right is supposed to be the base for the privacy laws in Germany. Privacy protection goes so far to limit the ability of courts to authorize law enforcement to tap criminal's homes or gain access to their computers, including most heinous crimes such as pedophilia, genocide, or terrorism.

  Well, those laws and rights do not necessarily apply to goverment itself. There is a growing list of current and future blatant privacy violation practices, that all Germans are objected to by law:

• The federal tax authorities are finishing the creation of an universal tax ID number scheme, that is pretty much as invasive as the social security scheme in the US.
  
• Since 2005, employees of the German IRS may obtain bank account information on any tax payer without a warrant, and without informing the tax payer or their bank. This is done automatically, and the banks (as thus the banks customers) have to pay for this warrent-less scheme.
  
• Current plans for extending the national ID card to also include biometric identifiers will create a national database on all residents older than 16 years. 
• The GEZ (a semi-private collection agency for public broadcast fees) has to be provided by the municipal authorities with any address changes of residents within Germany. In addition, the GEZ has bought information through dubious channels, and correlated this data with their officially obtained information. It is believed that the GEZ has one of the most complete lists of households in Germany.
  

  In addition there have been outright illegal actions:

• Earlier this year, the German foreign service (BND) bought stolen financial data on suspected tax evaders from a criminal in Liechtenstein. This data has been admitted in tax courts as regular evidence.
  
• The lastest installment is a scheme where Bochum municipal authorities have sold their address change data to professional data merchants, resulting in more than € 200,000 revenues. Neighboring Gelsenkirchen made about € 170,000 by selling the data that residents have to provide to city and state government by law.
  

  These list could be continued for some time, so I think it is time to dedicate a section in the Hypocrisy article on Wikipedia to the German right to "informational self-determination".

germany privacy informational self-determination

Just in time for First Beam, the LHC staff has released a video. It's geeky, but quite funny:

Watch First Beam on September 10 at http://webcast.cern.ch/

  No, I am not talking about Google Chrome (yet). But it is related: if you look at

it seems that Germany has already conquered Denmark, Benelux, Switzerland, and Austria-Hungary. It could also be a the EUSSR with its capital in Brussels...

  Or maybe this is a completely new country call "Googleland", where every citizen deposits all their data in a save datacenter, identified by a unique id. "Information Self-Determination" is a basic human right, and any data merchant will get shot on sight. 

  The only exception is the operator of the datacenter (that would be Google, being compensated for their services by an unalienable right to use any of the data for targeted advertising campaigns), or any data thief that offers information on citizens suspected of being involved in terrorism, sedition, or tax evasion.

humor privacy google chrome

  This is just another installment of how the freedom of expression and scientific research is being sacrificed on the altar of "public safety" and "property rights". From the CNET article:

"A federal judge on Saturday granted the Massachusetts transit authority's request for an injunction preventing three MIT students from giving a presentation about hacking smartcards used in the Boston subway system."

  To summarize this incident: a couple of student find a giant security hole is a publicly financed payment system. They inform the authorities and involved parties to given them a change to work on the situation. The faceless bureaucrats respond in the way any large (and thus inefficient) organization will respond: ignorance and disbelief. The students follow the time-honored tradition of publicizing their results and suddenly the gears spring into actions: federal courts, FBI, and preliminary injunctions appear. The official reason is "public safety", but everyone involved knows that this is just a very lame excuse. In truth, it is the desire of an inadequately powerful state-sponsored enterprise to hide their incompetence and silence their "subjects".

  The fact that this can even be done is the availability of unconstitutional laws (at least in spirit) like the DMCA and similar utterly meritless legislation. Coming from Europe, I am used to the frequent oppression of freedoms, even today. So far, the U.S. has been setting an example of how e.g. the freedom of expression should be interpreted. This gag order by a federal judge in Boston (sic!) is an untenable limitation of this right. It goes against some of the most fundamental principles enshrined in the Constitution and the Bill of Rights. 

  For more information, check the EFF website. 

tags: civil rights, freedom of speech, mbta

I just laughed out loud:

Go King Homer I. of Spain!

tags: humor, simpsons

  Last year we announced an experiment at Sun: in order to gather more information about the operational characteristics of "user-centric" identity technologies, we decided to roll out an OpenID provider for Sun employees. This OpenID provider was intended to be used by Sun employees for personal usage at various OpenID sites that have been popping up at some places.

  This experiment involved various parts of the company, including field people, products folks, the security team, and our Chief Privacy Officer. We negotiated a number of requirements for our experiment: employee privacy must be maintained at all times, the system must not interfere with any other Sun authentication or business system, etc. All this was quite achievable and we passed the--albeit lax, since it was an experiment--security and privacy reviews, the focus of which was the protection of Sun employees and property.

  The weakness in Debian-generated certificates and the recent DNS cache poisoning attack vector resulted in a triple whammy: weak certificates, broken DNS, weak protocol. After Ben's report last week, we revisited the current design of the service and came up with a few recommendations. Mark Wilcox notes that my list could be hard to follow, especially for non-technical users. To some extend^[1] I do agree with him, so we decided to take additional steps on our end to improve security:

  The very core of these changes lies in the idea that we are introducing HTTPS based OpenIDs for our users. In OpenID 1 and 2, a RP normalizes any identifier without scheme prefix into an unsecured HTTP based identifier. Only a prefixing the OpenID identifier with the https:// scheme will result in discovery over an TLS secured transport channel. This looks a lot "geekier" than the somewhat more appealing "naked" OpenID identifiers, but as a result of this change, the lookup will now be handled completely over server-authenticated channels. 

  In order to make this approach useful, we would need the cooperation of OpenID RPs: in the current specs, http://openid.sun.com/user and https://openid.sun.com/user are two separate entities, which--in my opinion--makes no sense. If RPs would start recognizing these two identifiers as the same entity, it would help improve the security of the OpenID protocol in a quite significant way, since users could easily migrate from the broken insecure HTTP discovery protocol over to the somewhat more secure HTTPS transport.

  Obviously, this cannot address the key-reandomness weakness, but then ... only time can. Meanwhile we have to rely on CRLs and OSCP checking for certificate revocation.

  UPDATE: The approach outlined above might be criticized for equating two URI that are not equivalent (https://... and http://...). I appreciate this from a principal point of view, but extreme time require extreme measures .

  A reasonable way to address the potential security implication for current https://.. identifiers would be for the RP to perform a one-time security upgrade: assuming that the RP recognizes a particular claimed_id e.g. http://openid.sun.com/user. Whenever there is a login with the same identifier over HTTPS (i.e. claimed_id is https://openid.sun.com/user in the example), the RP can 'upgrade' the account to an HTTPS-only account.

  On the OP side, any account for https://x.y.z should trigger the complete block for any http://x.y.z ids.

  Thanks to John Bradley for some stimulating discussions on these issues.

tags: OpenID security transport security

[1] Mark mentions OAAM's strong authenication and risk based authentication technologies as potential solutions for OpenID's weaknesses. Maybe it is because I am not familir with this product, but I cannot see how OAAM can help with the weaknesses that occur through using HTTP (as opposed to HTTPS) for discovery. Likewise, socially engineered attacked can be effective in circumventing stronger authentication mechanisms (such as pictures or virtual keyboards) for less technology-sophisticated users: instead of their image, the rogue OP displays an error message along the lines of "Sorry, your personal image is currently unavailable due to maintenance. Please use standard authentication in the meantime." This might not work with all users, but I know enough folks who would login also with the "standard authentication" scheme.