How to Install Sinhala Fonts in Gentoo

This is pretty simple and straight forward.I am writing this post because as of today(20/04/2014) I could not find a proper guid to install Sinhala Unicode in Gentoo.

Almost all tools I am going to use, should have been installed in the system. I used wget to get lklug.ttf from sourceforge and shoud be run this command as root(as sudo if you have installed and configured sudo). You can manually download the file and put in /usr/share/fonts directory as well.

wget -P /usr/share/fonts

Then update font cache

fc-cache -fv

Next enable Sinhala locale: using any text editor add following to /etc/locale.gen file

si_LK UTF-8

And generate locale using command,


Now you should be able to see Sinhala fonts immediately in your system. You might need to restart applications NOT the system. For me just reloading Firefox tab (Aurora with gentoo branding) was enough for me.

Thats it 🙂 and now, you may be want to visit Sinhala Wikipedia page and testify.

Quick Introduction to Apache Shiro

Please note that this article is not going to cover all the aspects of Apache Shiro or even all the features. This can be used as a “Quick Glance at Apache Shiro for Java Programmers” or as a quick catch up.

What is Apache Shiro?

  • Shiro is a Java security framework which is intended to be used in client applications which can be web application or even stand alone application.
  • Shiro APIs implements JAAS (Java Authentication and Authorization Service) features and enhance the usage.It enables authentication, authorization, cryptography, and session management within an application.
  • Shiro does not provide SSO service out of the box at the moment.

Though this can be used in both Java web applications and alone applications, I am going to brief following Topics with considering only usage in Java web applications.

  1. Framework Basics
  2. Security Implementation
  3. Framework Limitations

1.Framework Basics

There are 3 key concepts you have to think about if you are using Apache Shiro

  • Subject
  • Security Manager
  • Realm

Subject <=> the currently executing user

  • Shiro is entirely built around Subject. And all functionality of an application is represented and secured based on a per-user basis. i.e Subject.
  • Subjects can be maintained across threads (Threading and Concurrency).
  • Developer can access ‘Subject’ anywhere in code which allows security operations to occur anywhere.

import org.apache.shiro.subject.Subject;
import org.apache.shiro.SecurityUtils;

Subject currentUser = SecurityUtils.getSubject();

Security Manager

  • Counterpart of subject: actually handles security behind the scene.
  • ‘Shiro Servlet’ Filter can be specified in web.xml of a web application and that will set up the SecurityManager instance.
  • This instance would be a singleton for an application. By default configured via an ini(can be configured with POJO-compatible configuration mechanisms).

Example Filter

<!– no init-param means load the INI config from classpath:shiro.ini –>


Descriptive shiro.ini

# =======================
# Shiro INI configuration
# =======================
# Objects and their properties are defined here,
# Such as the securityManager, Realms and anything
# else needed to build the SecurityManager

# The ‘users’ section is for simple deployments
# when you only need a small number of statically-defined
# set of User accounts.

# The ‘roles’ section is for simple deployments
# when you only need a small number of statically-defined
# roles.

# The ‘urls’ section is used for url-based security
# in web applications. We’ll discuss this section in the
# Web documentation


  • bridge between Shiro and application’s security data. Such as user accounts (LDAP or User Data Base) to perform authentication and authorization.
  • One or more realms can be configured for an application.

Example LDAP configuration defined in shiro.ini

ldapRealm = org.apache.shiro.realm.ldap.JndiLdapRealm
ldapRealm.userDnTemplate = uid={0},ou=users,dc=yourdc,dc=com
ldapRealm.contextFactory.url = ldap://ldapHost:389
ldapRealm.contextFactory.authenticationMechanism = DIGEST-MD5


2.Security Implementation

Authentication Handling

AuthenticationToken token = new UsernamePasswordToken(username, password);//Acquire submitted principals and credentials

Subject currentUser = SecurityUtils.getSubject();//Get the current Subject


Access Control

if ( subject.hasRole(“administrator”) ) //check role
if ( subject.isPermitted(“user:create”) ) //check permission
if ( subject.isPermitted(“user:delete:jsmith”) ) //check instance permission

Session Handling

  • Capable of handling both Usual Http Sessions and Shiro’s native sessions which are capable of Shiro features.

Session session = subject.getSession();
session.getAttribute(“key”, someValue);
Date start = session.getStartTimestamp();
Date timestamp = session.getLastAccessTime();

Content Filtering in JSP

  • There is a set of Shiro specific tag set

<shiro:hasRole name=”admin”> | <a href=”admin/index.jsp” >Admin Area</a></shiro:hasRole>

3.Framework limitations

  • Does not deal with Virtual Machine level security.
  • No Realm Write Operations.(i.e cannot create new accounts)

Here are some useful links if you want to get in to Apache Shiro.

How did I fix Ubuntu + McAfee Issue

Let me start with the story, Before couple of months back this issue was noticed in my office in which there is a hybrid environment with vulnerable Windows and Ubuntu. IT policies wanted an an anti-virus on Ubuntu and they had already purchased McAfee. After installing McAfee on Ubuntu we noticed that if we install, uninstall or reconfigure other software using apt-* ,synaptic or software center which crashes the machine ; it will not not open any program and if you reboot at that time it will unusable at all.
At that time I was not in the scene and my fellow engineers and McAfee had identified why machine was crashing. It is because McAfee installs some loaders in to /lib folder which loaders abuse soname conversions like this.

ishan@iambanwela:~$ ls -l /lib | grep ld-
lrwxrwxrwx  1 root root     25 Feb 20 12:16 -> i386-linux-gnu/
lrwxrwxrwx  1 root root     41 Feb 15 17:13 -> /opt/McAfee/runtime/2.0/lib/
lrwxrwxrwx  1 root root     41 Feb 15 17:05 -> /opt/McAfee/runtime/2.0/lib/
lrwxrwxrwx  1 root root     38 Feb 15 17:06 -> /opt/NAI/LinuxShield/lib/

if you use synaptic, software center, apt-get or apt-* machine will be crashed and will not boot again. In the same way if you manually run ldconfig this happens. For to explain the issue I installed some software. So that I boot the machine with a live CD,mount the HDD and it was like this

ubuntu@ubuntu:~$ cd /media/bde36629-6bdf-402e-9d2b-eec66e76b672/lib
ubuntu@ubuntu:/media/bde36629-6bdf-402e-9d2b-eec66e76b672/lib$ ls -l |grep ld-
lrwxrwxrwx  1 root root     13 Feb 20 16:26 ->
lrwxrwxrwx  1 root root     41 Feb 15 17:13 -> /opt/McAfee/runtime/2.0/lib/
lrwxrwxrwx  1 root root     41 Feb 15 17:05 -> /opt/McAfee/runtime/2.0/lib/
lrwxrwxrwx  1 root root     38 Feb 15 17:06 -> /opt/NAI/LinuxShield/lib/

probably you might understood the problem now and you can simply fix this using

$sudo ln -snf i386-linux-gnu/

since this is occurred after run ldconfig I looked in to ldconfig script as well as where does it come from. ldconfig comes with libc-bin package and libc-bin comes with glibc and it is compiled from eglibc package which I downloaded here for Ubuntu 12.04.

Inside eglibc_2.15.orig.tar.gz package in eglibc-2.15/elf folder ldconfig.c can be found. In ldconfig.c file I found that dynamic linker is also considered as shared library and which looks for “ld-” and load.

/* Does this file look like a shared library or is it a hwcap
subdirectory?  The dynamic linker is also considered as
shared library.  */
if (((strncmp (direntry->d_name, “lib”, 3) != 0
&& strncmp (direntry->d_name, “ld-“, 3) != 0)
|| strstr (direntry->d_name, “.so”) == NULL)
&& (
direntry->d_type == DT_REG ||
!is_hwcap_platform (direntry->d_name)))

size_t len = strlen (direntry->d_name);

now I know the logic of dynamic linker. In this stage I got 2 paths to solve this
1.Change ldconfig.c and recompile and install(but obviously we will break conventions and this might disable future updates of )
2.Change ldconfig script which executes ldonfig.real

so I tried 2nd option first.
The last line of /sbin/ldconfig script was

exec /sbin/ldconfig.real “$@”

so that I removed exec and put a line to create the broken link so that it was like this

/sbin/ldconfig.real “$@”
cd /sbin/
sudo ln -snf i386-linux-gnu/

This worked for me and I tried 1st option also.
I edited (direntry->d_name, “ld-“, 3) != 0 to look for not only “ld-” but also for “ld-2” like this (direntry->d_name, “ld-2”, 4) != 0 and compiled.

Compilation was little bit tricky, it took some time to fix dependencies with configure script, make and make install. In READ ME of eglibc warned; this might make your machine very unstable…!
But after some time I installed it and worked still that machine did not crash.

For my company I recommended to edit ldconfig script.

Here McAfee has stated the issue

and here in Launchpad, Ubuntu(Canonical) has rejected the bug

Deep Dive into Apache Cordova (PhoneGap) with Android

In this Blog post I will talk about how Apache Cordova works in detail with respect to android. This is for curious minds who like to know how it works and how is it implemented. Apache Cordova is an application framework that enables you to build natively installed mobile apps using HTML and JavaScript. This is the only free open source framework which supports 7 mobile platforms.

In this post I will give you an introduction with brief history and discuss about technique used in Cordova, implementation in Android in deep with code.

This was first started as PhoneGap in an iPhoneDevCamp, San Francisco in August 2008.(Originally this was only available for iOS) The entire development was carried out by a company named Nitobi. In October 2011, Nitobi was purchased by Adobe and the source code was donated to Apache. Since initial name given in Apache Software Foundation, ‘Callback’ was too generic, and then it was changed to Cordova.

Basically Cordova generates a hybrid app (i.e. which contains native component as well as non-native component with respect to each platform) in which

  • all UI is rendered using browser
  • functions are written in JavaScript
  • using Cordova framework access device native capabilities

let’s move to the technique of Cordova

  1. Instantiate chrome less browser instance
  2. implement “cordova.exec” bridge with JavaScript to send massages to native side
  3. implement native plugin code to push data back to JavaScript side
  4. Implement JavaScript API by wrapping cordova.exec()

You will write the entire program in index.html file and with in that file you will call JavaScript functions which are introduced by Cordova. Then those functions may call cordova.exec() bridge function which contains

  • {Function} success The success callback
  • {Function} fail The fail callback
  • {String} service The name of the service to use
  • {String} action Action to be run in cordova
  • {String[]} [args] Zero or more arguments to pass to the method (which is implemented in native code)

Let’s move to Android implementation in detail. It starts with instantiating chrome less browser and it is android webview. You can download Cordova source code from official web site or download Learn Cordova project here, open with eclipse and search through DroidGap Class.

import android.webkit.* //done in DroidGap Class

With Google excellence Android has got keen well defined interfaces and their implementations. So that WebView has several customization points

  • WebViewClient
  • ChromeViewClient
  • WebSettings
  • addJavaScriptInterface(Object, String)

And Cordova developers have exploited them in a nice way.


This class is called when something that might impact a browser UI happens. for instance, progress updates and JavaScript alerts are sent here. In our case this handles JavaScripts and implementation is CorvovaChromeClient


This is called when thing happens that impact the rendering of the content and intercept URL loading. Cordova overrides shouldOverrideUrlLoading() method and implementation is CordovaWebViewClient (here when overriding cordova lets WebViewClient to handle some browser API features itself)

enable JavaScripts in webView can be done through WebSetting

You may think “addJavaScriptInterface(Object, String)” is a wonderful method to implement entire Cordova functionality. But it is not…! (It was until android 2.3 cookies was used to communicate between WebClient and native code. some bug occurred in “addJavaScriptInterface()” and Cordova was forced to change the path.

At this point an out of box solution was needed. And it was overriding the prompt (download Learn Cordova project here, open with eclipse and search through CordovaChromeClient Class) With in CordovaChromeClient pluginManager.exec() is called (not to be confused with cordova.exec() )

When pluginManager receives a request for an execution, it finds the appropriate Java class and calls for the execute method. After the request is executed, it returns the PluginResult to pluginManager.

Here comes another challenge (don’t forget pluginManager is a native piece of code) put results back in the browser instance.

The obvious way is loadURL() but it has some issues. If you create web content and load to browser instance user will experience loss of focus in user interface. No matter how fast the loading there is no way to overcome. (If user was typing it would be lost and next it will focus on another input)

Next Option is CallBackServer provides a way for Java (native) to run JavaScript in the web page that has loaded Cordova.(please find in the code The CallbackServer class implements

  • an XHR server (XMLHttpReuest)
  • a polling server

with a list of JavaScript statements that are to be executed on the web page(index.html)

For the completeness of the post I will brief how XHR works.

  1. JavaScript makes an async XHR call
  2. The server holds the connection open until data is available
  3. The server writes the data to the client and closes the connection
  4. The server immediately starts listening for the next XHR call
  5. The client receives this XHR response, processes it
  6. The client sends a new async XHR request

In addition if the device has a proxy set, then XHR cannot be used directly, so polling must be used instead. (Polling is actively sampling/monitoring the status of an external device by a client program as a synchronous activity)

Polling works like this, first the client calls CallbackServer.getJavascript() to retrieve next statement, if statement available, then client processes it and again the client repeats. This is how Cordova pushes native data to JavaScript.

Thats all for this post and I will talk more about Cordova in future.

Graphical Remote Desktop Protocols RFB(VNC), RDP and x11

Hi all, in the first blog post I’m going to compare three popular GUI remote desktop protocols. Probably not with history and in detail specification. And I am trying to state them in a simple so that it wold be more readable and easy to distinguish.

1)Remote Frame Buffering (RFB) protocol.

This simple protocol is used in all VNC software and available for all windowing systems(x11, Windows, OSX) on all major operating systems. It basically works as follows

  1. host sends a picture of the desktop across the network
  2. client sends keyboard and mouse events to the host
  3. then wait for host to render image and send it back to client

Most of the free implementations are not integrated with session management. So that its hard to use with out a user at the host. Since this protocol is pixel based, frames (pictures) are transfered via network so that VNC softwares consumes much bandwidth thank other protocols.

Although there are some optimizations like sending only parts of the screen which have changed, this protocol does not work well in networks which has considerable latencies(like GSM and even on HSPA networks).

This would be very useful to share desktop simply with other users with in a LAN.

2)Remote Desktop Protocol (RDP)

This proprietary protocol is defined by microsoft and specification has been released under microsoft open specifications.Basically it works like this(I dont know how it is implemented in microsoft windows) The host machine sends a description of the window and how to render the image to the client machine, then the client machine is responsible for rendering an image and displaying it. Other processing rather than GUI would be done at the host.

since the client computer “understands” the image it has created for you, it can perform simple operations like moving windows without sending all mouse responses to the host and wait for the response.It can just calculate and draw the results for you right away. Which causes highly responsive remote desktop experience.

This protocol is integrated well with microsoft windows logons and sessions and data is transfered through a secure connection.Unfortunately usual microsoft windows does not support multiple user logins (windows server versions supports up to 2or 3 logins) and which restricts one major benefits which could have been achieved via remote desktop.


This is an abstraction of GUI from other components of an operating system(kernel) in Unix like operating systems.This is specially designed to be used over network connections and provides the basic framework for building such GUI environments on other supported platforms(Windows Clients are available like CygwinX).

If it is explained in a simple way all graphics are rendered at client and host CPU and its programs are used remotely passing commands back and forth.

Unlike other protocols this has an application abstraction layer which supports 2D and 3D operations to be fully accelerated on the remote X server.Since X network protocol which is used for the communication is based on X command primitives (with GLX, OpenGL 3D primitives) , very little band width would be used to transfer commands.

X11 can be used with ssh tunnel in a more secure manner.

In the market there are several popular proprietary remote desktop protocols like TeamViewer. But the above three remains in the top because RFB for the simplicity and flexibility, RDP natively supported for windows with high performance and x11 natively supported for Linux and OSX as well as the architectural adaptability.