Releasing to Maven Central

While we already published releases on JCenter, we are now in the process of getting OpenFastTrace published on Maven Central. The goal is of course to make using OFT as convenient as possible for everyone.

I am happy to see that the people from Maven Central take security seriously and do not just let anyone publish modules under any package name. They asked us to prove that we own the domain “”, so that gave me the necessary kick in the butt to speed up my plan to set up a web presence for OFT outside of Github on our domain. This blog is the first part.

Samsung Printer “security”

Not much time today, so just a list of “features” I’ve discovered on my shiny new Samsung M2825 printer:

  1.  HTTP but no HTTPS (admittedly most devices do that since there is the problem of how to start the certificate chain)
  2. Default user / password: “admin” / “sec00000”
  3. No mention of open HTTP server in installation manual
  4. No mention in handbook
  5. Shipped with firmware from 2015
  6. Firmware update dialog does not indicate that new firmware is available
  7. Firmware update via file upload from PC – not convenient
  8. Ton of protocols switched on by default
  9. HTML Handbook broken (text only) after unpacking
  10. Firmware well-hidden on the support page (unfold and scroll down): (edit 2018-07-01: this link not available anymore)
  11. Password cut after 18 characters (no indication when entering new password)
  12. Offers to select source IP for login (probably intended to improve “security”)


Another example that “S” stands for security in IOT.

Intrusive Sharing

Good software tries not to surprise the user. Today I was surprised that four of the integration tests in OpenFastTrace (OFT) failed although I did not touch the code.

The failure reason given was a character encoding problem. Since I was quite sure that the problem did not occur last time I ran the test and I did not touch the code since, I knew the reason was not in our code.

I suspected that the test did not (or not only) use the test data in the resource directory, so I manually ran the test and explicityly pointed OFT to the resources. This time the test passed.

Then it started to dawn to me: the strange .AppleDouble directories that seemed to appear out of nowhere in my home directory might be the culprit.

A quick Internet search later I realized that they were a result of sharing my home directory over my LAN with another machine. Surely enough they contained the same filenames and that OFT mistook them for input files. Since the content of those files looks binary, OFT could not read them.

I stopped sharing and search-deleted all those directories. After that everything was back to normal.

Coming back to my original point: the appearance of .AppleDouble directories just because I shared a directory via Samba from my Linux box came as a complete surprise to me. I am grinding my teeth already because they will also be in all backups. Luckily I spotted them before I did any git commits.

Bottomline: don’t suprise your users – do exactly what they expect.