Skip to content

Web search for RDBMS is going down

I have been playing around PostgreSQL for a while, and every time I need a database for some personal projects, I choose PostgreSQL over MySQL, even though for some web application in which MySQL is considered more powerful. My biased favor in PostgreSQL is owing to the fact that I have a GIS background and there is always some geospatial data in my personal projects.

Today I have searched for a while for both of the RDBMS, and find something interesting. For detail comparison information, you can find good material here.

Generally, as far as I have seen now (mostly from stackoverflow), more developers prefer PostgreSQL over MySQL. However, from google trends, MySQL seems to enjoy more popularity. I also add the other two major RDBMS: oracle and sql server for comparison. The interesting thing is that the web search for all these RDBMS is going down year by year. So the question is what is replacing the RDBMS?  Is it just because developers are more familiar with these RDBMS nowadays so they search less?

RDBMS web search trends

GeoXACML Introduction

Last month my professor and I had agreed on the topic for my master’s thesis. The topic is about role based access control for geospatial data, but it should also apply to non-geospatial data. This topic is provided by the company that I have been working for since May,  and we had a brief discussion about it in a meeting. In the past few weeks, I have been researching on different approaches and find out there are two approaches seem to be promising: GeoXACML and Truman model. I have written a introductory report about both of the approaches with more emphasis on the first approach (just because I have read more material about GeoXACML).  I think they might help in my future work, so I put it here as two separate posts with possible additional information.

GeoXACML, which has been standardized by OGC, extends the XACML with geospatial data and spatial operations enabled, which means we can control the access of both no-spatial and spatial data. The system serves as a proxy component that intercepts messages exchanged between the clients and the server. The process can be described as follows:

1

Data-flow Model

Following diagram from XACML specification descript the data flow of the (Geo)XACML

Short description for main components:

Components Description
PAP Policy Administration Point – Point which manages policies
PDP Policy Decision Point – Point which evaluates and issues authorization decisions
PEP Policy Enforcement Point – Point which intercepts user’s access request to a resource and enforces PDP’s decision; fulfill obligations if exists.
PIP Policy Information Point – Point which can provide external information to a PDP, such as user attributes, application attributes, etc.

2

The model operates by the following steps.

  1. PAPs write policies and policy sets and make them available to the PDP. These policies or policy sets represent the complete policy for a specified target.

  2. The access requester sends a request for access to the PEP.

  3. The PEP sends the request for access to the context handler in its native request format, optionally including attributes of the subjects, resource, action and environment.

  4. The context handler constructs an XACML request context and sends it to the PDP.

  5. The PDP requests any additional subject, resource, action and environment attributes from the context handler.

  6. The context handler requests the attributes from a PIP.

  7. The PIP obtains the requested attributes.

  8. The PIP returns the requested attributes to the context handler.

  9. Optionally, the context handler includes the resource in the context.

  10. The context handler sends the requested attributes and (optionally) the resource to the PDP. The PDP evaluates the policy.

  11. The PDP returns the response context (including the authorization decision) to the context handler.

  12. The context handler translates the response context to the native response format of the PEP. The context handler returns the response to the PEP.

  13. The PEP fulfills the obligations.

  14. (Not shown) If access is permitted, then the PEP permits access to the resource; otherwise, it denies access.

The (Geo)XACML itself is not supposed to process large amount of data. The role based data filtering work is also done in the application; the filtering information is fetched from rule or policy and then communicates to application. Some operations might be executed to communicate information. (For WMS or map request, the operation maybe just appends extra parameters to the url, or more complex, save to memcache and configured by mapscript).

Policy Language Model

The policy language model defines an XML encoding for expressing general purpose access restrictions for access requests. It is the most important aspect of the XACML. Most of the actions in XACML take place in a policy. The policy is structured according to the following UML diagram.

Short description for main component:

Components Description
PolicySet Top level elements. Integration of policies or policy sets.
Policy Integration of rules
Rule Basic unit used to evaluate the access request and give a result.
Target Determine where the policy or rule is relevant
Obligations Extra operations need to be executed by PEP besides enforcing the decision result.

3

Examples

Let’s say there is a standard user Alice. [Only relevant components in example are described]

  • The standard user is allowed to pick objects from map, but don’t count those objects in military area;

  • The standard user is prohibited from viewing/editing objects other users’ plans and viewing/editing objects within some military areas.

There is the policy set contains different policies which defines constraints on different actions. These polices may be contained in the policy set:

[Policy 1] user pick objects with selection box (select count of the objects in the selection box). It will contain obligations to make application apply extra filters: don’t count objects in military area;

[Policy 2] user views/edits objects. For [Policy 2] there will be two rules: [Rule 1] object.plan.owner = user_id; [Rule 2] object.geom.within(m_area1) = false and object.geom.within(m_area2) = false.

Use case: Alice uses pick tool to select out cables in a selection box

Alice will be grated the permit for the pick request, and [Policy1] are determined to be relevant based on Target information. With obligations executed, besides the selection box, the policy filter, objects not in military area, will also be applied. And the count of the objects is returned. The first object information will be shown to the form. Note that before the cable information is shown, a view object request has been sent to GeoXACML and it will check whether Alice has the permit to view this cable information or not. [Policy 2] and then [Rule 1] and [Rule 2] in it are determined to be relevant to the request. The process can be described as follows:

4

Pros and Cons

Pros:

  1. It separates the authorization process and also the management of user permission from the use of application, which decreases the changes to the existing applications;

  2. There is no assumption on clients and servers, and multiple data sources are supported;

  3. Reusable, once the PDP and PAP are implemented, principally it can be used everywhere. And if the same request interface is shared among applications, then the PED and PIP can also be shared.

  4. Standardized and proved to be secure.

Cons:

  1. The implementation work would be heavy;

Implementations tips

There are quite a few XACML implementations on the Internet (mostly in Java, but also in python). GeoXACML implementation is not so many, but the extra work is not so big compared to XACML. GeoServer actually has an official proposal for GeoXACML integration and has already been implemented (Source code available, in Java). It is based on Sun’s XACML implementation. But for some reasons, it has not come with any of the GeoServer releases.

Change Eclipse startup image

The startup image is located in {eclipse_folder}/plugins/org.eclipse.platform_x.x.x.x/splash.bmp.

You may just replace this image with a new one. Then restart your eclipse.

One thing worth mentioning is that you might have images in formats other than bmp. In Ubuntu, you can easily convert common formats to bmp. Just install imagemagick package:

sudo apt-get install imagemagick

Then you can convert your image into bmp format:

convert image.jpg image.bmp

Create android application using phonegap in Unbuntu

The PhoneGap official site provide detailed documentation on installation and creating new application. Just a reminder, you also need to export the android tools platform-tools folder to PATH:
export PATH=$PATH:/opt/android-sdk-linux/tools:/opt/android-sdk-linux/platform-tools
(assuming you have Android SDK installed in /opt/android-sdk-linux – if not then amend accordingly)

Create launch bar icon in Ubuntu

Once again I want to have a look at Android development. Instead of the Android SDK tools, I had falsely downloaded the ADT bundle which comes with an android configured eclipse. The ADT bundle was good actually, but the annoying thing is that it share the same launcher icon as my existing eclipse, which means I cannot create a new launcher icon directly for the android eclipse instance. I have searched the google and this is actually a general configuration in Ubuntu. Basically you can create, remove or change launcher icons for every application. So this is how I do it.

1. Find a image that you would like to set as the icon.

2. Create a desktop file for you application in the following folder (you need root privilage), in my case it is Android-Eclipse.desktop

sudo gedit /usr/share/applications/Android-Eclipse.desktop

Paste into following lines into file:

[Desktop Entry]
Type=Application
Name=Android-Eclipse
Comment=Android Eclipse
Icon=/path/to/your/icon.png
Exec=/path/to/you/application/excutiable/file
Terminal=false
Categories=Development;IDE;Java;

3. Execute your application, the application icon will be show in launcher.

4. Right click the icon, select Lock to Launcher, then your application will pin to launcher.

laucher icon

Compile and Install KeePassX in Ubuntu

I was not aware of the existence of such password management tools, where you can store your accounts information and passwords, until one of my friend told me about it. In the beginning, I didn’t think this kind of software would be of any use, because once it has been hacked, all the accounts are in danger. I think I was wrong, this kind of software can be useful, especially when you have a lot of accounts to remember, and the reality is that you do have a lot of accounts.

Nowadays, many of the sites, especially those good ones, require an account, and only authenticated users are allow to use the site and browse the contents. Quite often I fail to recall the  username or password if I didn’t log in the site for a period of time. It is true that  many of the sites provide username/password retrieval through registration email, but I find that there are some accounts that I registered with an email account which I have already stop using and forget the username or password. So I start to use KeePassX which recommended by my friend. It’s an open source software and there is binary bundle for windows and mac OS, but now I need to use it on Ubuntu. I have to compile and install it from source code. Luckily it’s not very difficult and there is not too much dependencies.

1. Download the source code here, extract it;

2. Make sure you have g++, libxtst-dev, libqt4-dev, all can be installed through apt-get install;

3. Following the instruction in file INSTALL.

Finally I have to say I have given a stupid title.

Image

Seting up python virtual environment in Ubuntu

I do not use Ubuntu for development quite often, but every time I use it, it takes me a long time to set up the environment. And most of the time is spent on searching the internet even though it is easy to find these common things. So I decide to write them down and I hope it will also help those who are interested in Ubuntu. This work may consist of a series of posts which cover different topics in Ubuntu, but let’s hope I’m not that lazy and this post is not the last one of the series.

This post is to give some guidelines to set up python virtual environment in Ubuntu. My Ubuntu version is 12.04 LTS (Precise Pangolin), and the version of python comes with it is 2.7.3.  To create a python virtual environment, you will need the virtualenv package which can be found here. But I strongly recommend to install virtualenv with python pip package, which you can install in ubuntu with following command:

sudo apt-get install python-pip

With pip installed, you can install virtualenv with the command:

sudo pip install virtualenv

Now we can create a python virtual environment. Type following commands:

cd /folder/your/want/to/create/virtual/env/

virtualenv name-of-env --no-site-package

To start the virtual environment:

source bin/activate

After loading the environment, the prompt changes. It starts with the virtual environment name, in this case, it will look like:

(name-of-env)

To deactivate it, just type in:

deactivate

For more information, you can find it here.

Follow

Get every new post delivered to your Inbox.