HTTP Status 408 errors, SSL, Tomcat

It took me a while to find the root cause of a problem logging into a web site running Tomcat from FireFox. I thought, this post would help others to find the root cause quickly and prevent this problem in the future when you design web applications.

If I enter a wrong username/password pair, it responds with a correct error. However, when I use the correct pair, I get “HTTP Status 408 – Request Timeout”. My search on Google returned a lot of results, but not helpful at all. Using Chrome from a different machine did not trigger this problem. So Firefox became the culprit.

Using the Web Developer Inspector I noticed that the original JSESSIONID cookie was not submitted back to j_security_check. I thought this is because I was using HTTPS and the cookie was “HttpOnly” with no “Secure”. That appeared to be a red herring.

The root cause was actually very simple. The second level domain set too many cookies, above the 4096 bytes limit. Tomcat was hosted behind a load balancer with a third level domain bound to it. For Chrome this limit seems to be higher. So the solution was to delete those second level domain cookies in FireFox (Click on the site information icon (“i” in a circle) in the address bar, chick on “>” and then “More Information”. Choose the “Security” tab, “View Cookies”. Select the cookies you want to delete. Use the Shift key if you want to delete more than 1. Then click “Remove Selected”).

How to prevent this problem in the future? If you have control on cookies set by a server handling your site on the second level domain and have subdomains, limit the size and the number of cookies that server sets. There is nastier problem lurking here. Suppose, you had enough to store just the JSESSIONID cookie and you hit the limit. Then if you attempt to set other cookies, the browser would quietly drop them on the floor and your web application might malfunction. One way to solve it is actually to check whether you get the cookie you just set. If your application did not get it back and your cookie is critical for your application, show a user-friendly page with an instruction how to clear cookies.

Chrome Browser History By Date

If you do not want to install any extensions or plug-ins, there is a way how you can browse your browser history faster. The history frame has the following URL: chrome://history-frame/#page=N, where N is the page number. For example, chrome://history-frame/#page=24. From here you can just try to do a binary search.

Lifecycle of Free Internet Services. In memory of Google Latitude

Two weeks ago Google retired Google Reader. One week ago Google announced that they retire Google Latitude and offline maps.

While it certainly did not make me a happy Google user, it made me start asking some fundamental questions about the lifecycle of free internet services as I start seeing familiar patterns.

I will focus on services oriented to the mass audience.

From a concept to market. While developing a service the owner has to have a rough idea what functionality the service should have when making it available to the audience and what is the business model. The owner has to choose the audience growth vs revenue. With the current technologies one does not have to have too much money to make a service available to the audience. Thus, there are many new entrants, often motivated by some cool technology and inflated expectations. It is not uncommon to postpone the decision about the business model.

Introduction to the market. The service is ready and cool. The owner uses it, recommends their friends, asks friends to recommend the service their friends, collects feedback, improves, and so on. If the owner asks themselves about the business model at this point, the choice is obvious, let the service be free to support the user base growth.

Growth. The user base is growing. In order to keep growth new features are needed to attract new users. Now the owner cannot do it themselves. Need more development, support, operation costs are rising. If the owner has enough cash, it looks like the growth is a good problem to have. If the owner does not have enough cash, the owner either have to search for some funding, start charging for the service or just face the painful decision. If the owner starts charging for the service, this is the first moment of truth what the service is worth for. There are alternatives. For example, introduce a paid premium service or try to gain non-monetary benefits like make use of collected data (initial or ongoing).

Maturity and Crash. At this point all excitement about the cool technology disappears. There is no too much to do on the product. Just fixing bugs here and there. The market is saturated now. Very slow growth. If the owner did not think about the business model, now this is the most important question. This is when services get discontinued. The owner at best has some experience and moves on to a new service to repeat the cycle all over again.

Not all services get discontinued. Making the right decisions and thinking about the business model, first of all, in the early stages is a key for the success. Do not let your excitement to suppress your wisdom.

Google Latitude and Google Reader are good example of this lifecycle. None of the services had a good business model, if any. Google Latitude collected some geospatial data from the users. Google Reader collected some user reading preferences. Google could not monetize that in any way. So they decided to discontinue the services. Somehow, that reminded me removing features from MapQuest after AOL acquired it. We all know what happened with AOL.

Another example. In early 2000 free email providers started removing POP3/IMAP access. In 2007 Lycos decided to delete all of customer’s email.

This should be a friendly reminder to those who uses free, but unsustainable services. If you use a service to keep your family pictures, remember to may go black. Email, calendar, contacts, important documents… The same thing. We have a sheer number of free well known services with a large user base, but are not profitable. It is just a matter of time when their owner decides to put a plug. And to add an insult to an injury, it is difficult or impossible to get your own data back.

Those who offer services should not only have a clear and sustainable business model, but also make sure that their users know the value they get from those services. Ideally, service providers should help their users to gain even more from the services.

Samsung Android Phone Problems and Solution

One of the Android phones in my household (Samsung Galaxy S2) started acting chaotically. It showed signs like:

• stopped charging;
• showing it was connected via MTP while it wasn’t;
• was turning on the car mode in a loop during charging;
• when I was turning it off, it was turning on automatically;
• when I was plugging the charger, it didn’t vibrate, etc.

The remedy was rather simple – cleanup the microUSB port using a toothbrush. Make sure your Settings/Voice input and output/Text-to-speech settings/Driving mode is unchecked.

Monitor Group

Monitor Group, co-founded by Michael Porter, filed for bankruptcy a couple of months ago. That bankruptcy was somewhat puzzling. Like a few financial companies, ones that are expected to know how to manage assets, went bankrupt in 2008, Monitor Group preaching other businesses on strategy and competition, sadly struggled to manage its own strategy and lost to its competitors. While certainly other factors played their roles in Monitor Group bankruptcy, there is an obvious general question – why does division of labor fails here. How much should we trust a consulting company and believe the consulting company is competent enough? In my opinion, that largely depends on how much of moral hazard is involved. If that’s true, consulting as a form of business will become very tricky until consultants take more responsibility for their actions and consequences of those actions.

Today Deloitte has acquired Monitor Group. I hope Deloitte will make better decisions based on Porter’s framework, which I still believe is good, but not as sufficient to achieve success.

2012 in review

The WordPress.com stats helper monkeys prepared a 2012 annual report for this blog.

Here’s an excerpt:

4,329 films were submitted to the 2012 Cannes Film Festival. This blog had 16,000 views in 2012. If each view were a film, this blog would power 4 Film Festivals

Click here to see the complete report.

Apple Insults Developers at WWDC

My news feed today was full of news about Apple’s WWDC. And it is no surprise. However, I am getting more and more concerned about Apple’s leadership. Reading Bloomberg, I felt that Apple is focused on Google rather than making existing and new customers happy. Users and developers are just a tool to beat Google. But it should have been clear for Apple executives that their customers fill Apple’s pockets for good products, not Google. I guess, Apple clearly belongs to the group of companies that work to try to charge more. I thought this is my opinion that might be wrong.

But later I read another article on Barron’s that appeared to be more disturbing to me. According to Barron’s, Tim Cook dropped this phrase of the day in front of a crowd of loyal Apple developers:

Only Apple could make such amazing hardware, software and services.

I guess, in Apple’s opinion, no one in the audience at WWDC (those who grow Apple’s ecosystem) is capable of making software better than Apple does. Unless they are employed by Apple. Let consumers decide what is amazing and what is not. Okay, this is about the insult. The injury (kind of)? Used MacBooks flooded the market. Yesterday’s treasure is today’s trash. I wonder how much an average Apple customer spends to get comparable functionality available on other platforms.

All above is my opinion as a user of Apple products.

JPMorgan Loss Paradox. Human Made Crises Fractal

I am having difficulty understanding the outrage against JPMorgan. Well, I understand the story and what media is trying to say. But that is not the whole story. More importantly, if any measures are taken and they are based on incomplete information lead to unintended results, ironically, similar to JPMorgan loss, again. That is, the “monster” replicates itself over and over again.

Let me clarify my point.

1. JPMorgan made bad decisions.
2. JPMorgan lost the money.
3. Other parties made the money – no one bothers even to suggest who made the money. I do not even mention suggesting why other parties made a good decision. But it is clear, wealth does not disappear that easy.
4. The government wants to introduce more regulation based on incomplete information. Sadly enough, that regulation would apply to those who make bad decisions and those who make good decisions, but would cost almost equally for many market participants.
5. If regulation is based on incomplete information, it leads to unintended results.
6. Like I already said, the situation repeats.

So I do not understand why it is okay for other investors to loose money and not okay for JPMorgan and why it is okay for JPMorgan to profit and not okay for other investors.

Eclipse Takes the Lead

Two years ago I was complaining about how heavy IDEs are. Not sure if any of Eclipse contributors read my blog, but it looks like Eclipse is taking the lead in this area. The Eclipse Foundation readies a browser-based IDE.

While this is still a baby step targeting only HTML and JavaScript development, it is in the right direction. While to my knowledge Eclipse will become the first browser-based IDE, it is not the first web-based development tool. Yahoo Pipes and content management systems are just a couple of examples. If you know other good examples, please let me know.

This is what I would like to see next.

2011 in review

The WordPress.com stats helper monkeys prepared a 2011 annual report for this blog.

 

Here’s an excerpt:

The concert hall at the Syndey Opera House holds 2,700 people. This blog was viewed about 16,000 times in 2011. If it were a concert at Sydney Opera House, it would take about 6 sold-out performances for that many people to see it.

Click here to see the complete report.