Skip to content
October 2, 2014 / BrianOFlan

Ant Property Setting Order

Everyone knows that Ant properties are immutable [1]:  Once set, they retain their first-set value forever.  Further attempts to set a property of the same name are ignored by Ant (unless, using ant-contrib [2], the property is unset like this: <var name="x" value="" unset="true"/> [3]).
You may wonder if there is any way to change (or “mute”?) the otherwise immutable sacredness of properties. In fact, “user” properties (or “command line” properties, set with -D on the command line) are the only properties that are truly immutable and immune to all the following attempts at overriding (but not immune to the ant-contrib “var” task).
The important implication there is that these two lines will set a property to the value “abc”:
<property name="xmlFileProperty1" value="abc" />
<property name="xmlFileProperty1" value="def" />
The first attempt to set the property wins:  The property setting order is first-set.  This pattern is reinforced if you try to set the same property name from the command line:  Ant sees the command line before it finds its build.xml (or -f file) and keeps the command line value for that property.  The pattern also holds if you had already set the property indirectly by loading a property file (with <property file="" />) and that file included that same property name.  Ant keeps the property file’s value if the file is loaded first (as long as no “user”/command line properties have already set it).
You can kind-of get around some property immutability by calling a target using the “antcall” task [4].  That task takes nested “param” elements with the same kinds of attributes as the “property” task and can override properties of the same name (except for “user” properties).
But!  When you have more than one param with the same name, something unexpected happens:  The property setting order is last-set.  That is to say that these lines set a property to the value “def” (but only until the antcall-ed target returns or concludes):

<antcall target="someTarget">
<param name="antcallProp1" value="abc" />
<param name="antcallProp1" value="def" />


Similar seemingly out-of-order property setting shows up with the “ant” task [5], the task that invokes another Ant build file:

<ant antfile="someOtherXmlFile">
<property name="antTaskProp1" value="abc" />
<property name="antTaskProp1" value="def" />


Property files themselves behave this way (last-set).  A property file like this will end up setting the property to “def” (unless something else has already set the imilar seemingly out-of-order property setting shows up with the “ant” task, the task that invokes another Ant build file:
What’s interesting is that this is not documented for Ant or for java.util.Properties (which Ant uses for loading properties files) [6][7][8].  (If you expected java.util.Properties to do something cool like create an array out of any key with too many definitions, there’s Apache Commons’s PropertiesConfiguration class[9][10][11].)
There is one more undocumented situation where Ant defies its property setting order:  With command line argument properties (“user” properties).  If you set the same property more than once on the command line, the property setting order is last-set.  A command like this will end up setting the property to “def”:
ant -DcmdLineProp1=abc -DcmdLineProp1=def
Knowing that can be very important in case you need to override some setting.  I have seen long Ant commands with many command line variables.  Without thoroughly researching all the possible values each variable could end up being, there is no way to know whether or not you are accidentally overriding a property.  (And without knowing the property setting order, you may not know that the last command line property wins.)
If you had a variable called ANT_ARGS_NORMAL set to “-v -Djavac.debug=off -lib ../some/path” setting and used javac.debug to control the “debug” attribute of the “javac” task [12][13] — if that, then these two commands would produce opposite results (only the second command produces class files with debug metadata:

ant -Djavac.debug=true ${ANT_ARGS_NORMAL}
ant ${ANT_ARGS_NORMAL} -Djavac.debug=true




And that’s what bit me today.

And that’s what inspired this investigation into the true nature of Ant property setting order.



Read more…

October 28, 2011 / BrianOFlan


What do you do when your network is too small to need its own name server? Perhaps a firewall limits your access to name servers except the company’s few approved ones.

What do you do? Settle for IP addresses? Stuck memorizing 192.168…. octets?

Or have you produced an elaborate solution using the /etc/hosts table and Subversion or CVS?

You could check the ifconfig command upon reboot to see if your IP address has changed from what you expect it to be (from /etc/hosts). Then update the hosts table and commit it to a common subversion repository so everyone who updates can find you!


So what do you do?

October 25, 2011 / BrianOFlan

Correction: How to redirect network traffic to your virtual machines

What do you do when a computer doesn’t work? What’s the first thing you do?

Turn it off and turn it back on again.

That usually works. No matter what it is? Caught on fire? Turn it off and then back on. (Perhaps also dousing the flames and cooling it.)

In fact, one of the only times this trick does not work is when you flip the power switch on and off as fast as you can over and over again just to see if your power supplies can take it.

So what do you do when your elaborate experiment in redirecting network traffic from a real server (as host) to its guest virtual machines fails to work immediately? Gently turn everything off: Power off the VMs, bounce the real server, restart everything and watch it magically perform as desired.

A little bit drastic, isn’t it? Turn the computer all-the-way off? Why not just restart the network service? Doesn’t work; it’s not the real network nor the real interfaces we’re concerned about but rather the virtual network.

I have a classy well-sized server running multiple VMs on a long-term, maximum uptime plan. I don’t want to bounce all the VMs, or restart all the VMware services. Can’t I flip some virtual power button on a virtual router? In fact, I can: Here’s the missing piece from a previous article that described how to configure host and guests to redirect external network traffic into VMs.

/usr/bin/vmware-networks --stop ;
/usr/bin/vmware-networks --start ;

Virtual delight.

(I also updated the original article to include restarting the virtual network as the final step.)

September 24, 2011 / BrianOFlan

Security Shivers

What to do about the BEAST?  (What beast?)

Apache can serve TLS 1.2 with mod_gnutls (rather than OpenSSL’s mod_ssl) and Opera 10 is supposed to handle it.  (Opera’s viability was questioned empirically on Slashdot yesterday[1].)

Get this: The only other browser boasting TLS 1.2 capability? Microsoft Internet Explorer 9 (and IE8 if you adjust its default config).  Internet Explorer!?
Plus, Microsoft Server 2008 and IIS7+ claimed TLS 1.2 capability back in 2009.

Who knew we could rely on Microsoft to be the big sturdy when all other secure web traffic crumbled?
Well, Google’s got a workaround for Chrome that sticks with TLS 1.0. And who doesn’t trust Google?
Read more…

July 6, 2011 / BrianOFlan

Alphabetical Order vs. Chronological Words and Prefixes

Especially when it comes to naming computer files, it’s important to pick a name that will allow you to clearly tell which version is the latest:  “Flannery Family Taxes 2010.pdf” is a good name for the final copy but “Flannery Family Taxes 2010-d20110605.pdf” tells me exactly when I produced that version.  I will pay more attention to that one than “Flannery Family Taxes 2010-d20110415.pdf”.

Christa hates my habit of saving multiple versions of a file.  “Just keep the latest version.  Why keep all these in-between files?”

I try to explain how much work I have lost by making a change to an important document only to erase hours of work while saving it.  If I have a new file name every hour or every save, I can always find the second-latest version and minimize these kinds of “Select All, Delete, Save” disasters.

Notice the use of ISO 8601 dates to allow for easy sorting:  I can sort by modified date or created date but even if I sort by name, “20110605” sorts after “20110415”, as it should.

But there is no ISO 8601 equivalent for relative terms like “before” and “after”.  In fact, terms like these consistently sort in the wrong order:

  • “post-” sorts before “pre-“
  • “new” before “old” and “original” (“orig”)
  • “after” precedes “before”
  • “finish” precedes “start”

The only pairs I can conjure for correct sorting is “beginning” vs. “end” and “earlier” vs. “later”.  Try mixing up terms like using “before” or “backup” with “new” instead of “after”.  Pairing “old” with “post-” allows you to specify what changed in the file name:  “post-accountant_review” or “post-found_lost_paperwork”.  (“Post” is a near archaism, however:  It sounds like I’m referring to the mail.)

What a funny problem of our language.

Alternatives to relative terms:

  • Time-stamps, where we started.  But “d20110606” must wait until one day after “d20110605” unless you start adding time details:  “d20110605T1130” or “d20110605T113015” to include seconds (more than one change per minute?) — or “d20110605T1130Z” to clarify that thee timezone is UTC.
    • Note that ISO 8601 often uses dashes to separate parts of the date and colons to separate parts of the time.  Colons are no good for file names and dashes seem unnecessary characters as long as days and months use leading zeros (“20110605” instead of ambiguous “201165”).
  • Another workaround involves abandoning words and prefixes of relative chronology in favor of absolute versions:  “version1” vs. “version2” or “ver1” or “v1”.  If you are distinguishing more than just versions, perhaps “alternate2” or “alt2”:
    • Flannery Family Taxes 2010-d20110605-alt2.pdf” vs. “Flannery Family Taxes 2010-d20110605-alt1.pdf
  • But by the time you are arbitrarily enumerating alternate versions, why not just name what alternates:
    • Flannery Family Taxes 2010-d20110605-no_deductions.pdf” vs. “Flannery Family Taxes 2010-d20110605-donations_deducted.pdf
June 10, 2011 / BrianOFlan

How to redirect network traffic to your virtual machines (run by VMware Player in Linux)

VMware gives out VMware Player for free.  It runs virtual machines (VMs) so you can have a spare computer or two within your computer — or test new software and configurations before applying them to your real computer.  Because it’s free, don’t expect it to be as powerful as the $190 VMware Workstation.  At first it was tightly restricted to only playing existing virtual machines.  But now you can use it to create your own virtual machines:  All you need is a system installation CD or DVD or an ISO image file.  What a valuable tool.

VMware offers amazing products for managing these virtual machines.  Deploy hundreds of VMs across dozens of small blade servers or thin 1U servers.  Take snapshot images of VMs, copy and duplicate VMs, migrate a running VM from one server to another.  Features like these are worth their price.

One of the most worthwhile features:  Virtual network configuration tools.  Without a graphical user interface, you have to figure out on your own how to direct network traffic from the host server to its guest VMs.  Unless you are skilled at computer networking, you may give up in the face of command lines and firewall rules.  Just buy VMware Workstation already.  (This is not an affiliated endorsement or anything ulterior.)

Usually, a quick Google search on a few keywords will reveal the answer to any technical challenge.  In this case, the problem isn’t a lack of documentation but rather how all the documentation assumes an advanced prior knowledge of networking.  The problem is deep within a specific technical realm.  It depends on uncommon language and concepts.

Here is one quick example to give some access to the obscure context of networking-meets-virtualization:
Read more…

June 8, 2011 / BrianOFlan

Blow-your-mind concept: Virtualization

If you had to explain virtualization to someone for the first time, how would you do it?

There I was at the Museum of Science and Industry in Chicago.  They have an intricate doll house composed of countless tiny but expensive artifacts.  It was one of my wife’s favorite exhibits:  In this whole huge museum, one tiny little house full of tiny little things.

On another floor they have a huge room full of one giant model railroad.  The railroad winds around multiple cities-in-miniature, including Seattle and Chicago.  Because we were in Chicago and there was the little model of Chicago with little model buildings, I wondered if I could reach down and lift up the roof of the miniature Museum of Science and Industry like a lid.  Then I could look inside with a microscope and see if the miniature museum contains a scale model of the model railroad, with an even more miniature museum in it.  Like a dream within a dream.

That’s a good way to start sneaking ideas about virtualization into everyday situations.  Suppose we won a lot of money and so we bought a house so big that it contained separate houses for each member of the family.  That way there’s no fighting or blaming each other when we lose things.  What if someone had a doll house inside their house within the family’s uber-house?

Or what if we had a computer that was really powerful but mostly sat around all day bored because only a few people could use at once?  It can only be configured one way at a time and maybe it takes a long time to switch configurations.  What if you could walk into that computer’s mind, like some kind of Matrix-meets-Tron?

What a strange world the inside of a computer might be.  You’d probably have magic powers.  You could build several computers out of thin air (or out of computer mind juice).  Then you could set up each of those computers-within-a-computer with a different configuration.

People using the real computer could decide whether or not to use it directly or to use one of its sub-computers.  Now more people are happy because they can use all kinds of configurations.  You’re happy you don’t have to re-configure the one giant computer all the time.  Plus, the computer is happy to finally use a better portion of its over-sized brain.

What’s really going to bake your noodle later on is what happens if you went inside the real computer, made some sub-computers and then went inside one of the sub-computers to create another layer of computers-in-a-computer.  Sub-sub-computers?  Or what if they went inside you and made some sub-people who were way better at configuring different kinds of computers and sub-computers?

Well, a sub-computer could be called a virtual computer or a virtual machine, VM for short, since it’s not a real computer but rather a computer simulation of a computer.  It can do almost everything a real computer can.  It’s virtually a computer.  The layer of computer simulation that handles sub-computers is what many call virtualization, a word that never satisfies spell-checkers.

VMware and Citrix are two top companies making this virtualization real.  Install a free program and then configure your own VM the way you want.  If you like it, save a copy.  Tired of installing more and more software programs on your personal computer?  Install them on a VM instead.  If it gets cluttered and slows down, make a new, fresh VM from a clean template.  Create a whole virtual network of interconnected virtual machines, all behaving like separate machines but all running within the confines of one single, actual machine.  Set up a few big, real computers and run virtual computers across them:  If one of the real computers dies, the virtual computers wake up on the surviving real computers and keep working.  Need multiple environments in your multi-tiered development process?  Fire up dozens of VMs in minutes:  Configure development, integration, staging and test strings before putting it into production.

Alas, the one thing you can’t (or shouldn’t?) really do with virtualization yet is create unlimited layers of sub-virtualization.  So much for sub-sub-computers.  Someday we may overcome this so-called Spinny-Top Confusion.

So today I set up an initial virtualization environment on a medium-sized (16p x 48GB) server.  Tomorrow I explain it to the team.

April 11, 2011 / BrianOFlan

VDI Totem

We were talking about our growing Citrix infrastructure and started getting carried away.

“Can I run VMware in my VDI?”

“Yeah — can I host a bunch of virtual machines from one big VDI that I could access from anywhere?”

“And possibly run a whole Citrix cluster on a few dozen virtual machines, all hosted entirely within one VDI?  We could virtualize our Citrix virtualization desktop infrastructure!”

“No.  I don’t think so.  Pretty soon it would get so confusing that you wouldn’t know what was real anymore without having a little spinny-top to check.”

(It’s a shame we dropped it.  I think we were on to something.  If I could only find a way to plant the idea and its feasibility somewhere deep in their subconscious….)

September 8, 2010 / BrianOFlan


When a man lies, he murders some part of the world.
These are the pale deaths which men miscall their lives.
All this I cannot bear to witness any longer.
Cannot the kingdom of salvation take me home?

(Recited/typed from memory with respect to Cliff Burton and Paul Gerhardt.)

August 27, 2010 / BrianOFlan

Amazon Web Services vs. Rackspace

A Rackspace ad caught my eye:  Cloud Servers starting at 1.5¢ per hour, about $11 per month.

Hate to make a decision based on price alone.  Comparisons exist favoring Rackspace Cloud Servers for small loads but Amazon EC2 for large instances.  If you’re not sure your site will get big, starting on Rackspace makes sense.  Perhaps when you grow, you will switch to EC2.  If you’re destined for high-volume compute-intensive popularity, you may start out on EC2.

According to the comparison linked above, small instances on Rackspace cost 35% to 3.7% the price of Amazon.  Another comparison shows Amazon to be consistently cheaper.

It was good to see cool options competitive to Amazon Web Services.  Consider Rackspace’s Cloud Files (same storage price as Amazon S3, costs more than S3’s Reduced Redundancy Storage, and more expensive data transfer) and Cloud Sites (costs slightly more than Amazon’s CloudFront).