Thursday 29 November 2018

Java Alternatives in Fedora Core

Installing Java 11

[root@localhost ~]# dnf install java-11-openjdk
[root@localhost ~]# dnf install java-11-openjdk-devel

Last metadata expiration check: 3:26:53 ago on Mon 12 Nov 2018 09:47:59 AM CET.
Dependencies resolved.
================================================================================
Package                   Arch       Version                 Repository   Size
================================================================================
Installing:
java-11-openjdk-devel     x86_64     1:11.0.1.13-1.fc28      updates     3.4 M

Transaction Summary
================================================================================
Install  1 Package

Total download size: 3.4 M
Installed size: 5.1 M
Is this ok [y/N]: y
Downloading Packages:
java-11-openjdk-devel-11.0.1.13-1.fc28.x86_64.rpm                                                                                                                                                75 kB/s | 3.4 MB     00:45
----------------------------------------------------------------------------------
Total                                                     72 kB/s | 3.4 MB     00:47
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing                                       1/1
  Installing       : java-11-openjdk-devel-1:11.0.1.13-1.fc28.x86_64                                        1/1
  Running scriptlet: java-11-openjdk-devel-1:11.0.1.13-1.fc28.x86_64                                        1/1
                                               1/1
  Verifying        : java-11-openjdk-devel-1:11.0.1.13-1.fc28.x86_64                                                         1/1

Installed:
  java-11-openjdk-devel.x86_64 1:11.0.1.13-1.fc28

Complete!

Switching to another Java version

[mrbear@localhost ~]$ sudo alternatives --config java
[mrbear@localhost ~]$ sudo alternatives --config javac

There are 2 programs which provide 'javac'.

  Selection    Command
-----------------------------------------------
*  1           java-1.8.0-openjdk.x86_64 (/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.181.b15-6.fc28.x86_64/bin/javac)
+ 2           java-11-openjdk.x86_64 (/usr/lib/jvm/java-11-openjdk-11.0.1.13-1.fc28.x86_64/bin/javac)

Enter to keep the current selection[+], or type selection number:

Of course my IntelliJ automatically detects the different Java versions installed on the system, when I tell it to add a new version of Java.

Nice.

References

Using alternative utils with JRE & JDK: https://robbinespu.github.io/eng/2018/03/21/Updating_java_with_alternative.html
Superhero Ninja - Easily switch between java versions using alternatives in Linux: https://superhero.ninja/2015/02/07/easily-switch-between-java-versions-using-alternatives-in-linux/

Saturday 24 November 2018

Devoxx 2018 - Other talks

I'll see what I can write down and remember about the sessions I attended. Do not expect these notes to be exhaustive, they're just there for me to keep a record.

It's a follow up of the post¹ Devoxx 2018 - Deep Dive Day One.

Tuesday - Deep Dive Day 2

Lambdas and Streams Masterclass Part 2

Very insightful session, especially the last part (which was quick because they were running out of time). I managed to type along on my labtop, as they gave us a few moments to try the exercises. There's a github of the Lab somewhere.

TypeScript: Complete

The session was, sadly, a bit geared towards Javascript developers, of which I am not one. An interesting toolkit I heard about was JHipster, which seems to be used for setting up a project initially, and takes care of all the dependencies, and my gods are there a lot of those.

PostgreSQL is the new NoSQL

An interesting idea was the use of UUIDs instead of a Sequence for the ID. It means it becomes much easier to merge two databases together, and no leaking of meaningful IDs to the outside in your application.

Use a Foreign Data Wrapper in PostgreSQL to attach to different data sources (other database servers, or even webservices, anything that provides data in fact.)

Micro Frontend: the microservice puzzle extended to the frontend

Very hard to follow for me, as I was a bit tired by then.

Wednesday

Java in 2018L: Change is the only Constant
Spearheading the future of programming
To JAR Hell and Back - A Live Migration To Java 11
PAAF: The passive agressive annotation framework: That was very funny! It contained annotations for indicating to other developers during writing code or code review what is wrong with the code. The framework is available at https://github.com/nvdh/paaf. Awesome annotations as @BlackBox, @Codesmell, @Backlog, @Altruistic, etc.
Project versioning like a git
Java, Today and Tomorrow
Patterns for building resilient software systems
Project Loom: Fibers and Continuations for Java: Very interesting. Fibers are part of a thread, and can help to make the thread non-blocking by having fibers yield control back to the thread. The work on it is still very much ongoing.
Java EE, Jakarta EE, MicroProfile, Or Maybe All Of Them?: Apparently the MicroProfile bit is already supported by several Application Servers, to wit Tom EE, Payara, Wildfly and OpenLiberty.

Thursday

Var with Style: Local Variable Type Inference in Java 10: Apparently there was some backlash amongst the community regarding this feature, but the speaker did an excellent job of indicating where it should be used and where it shouldn't be used and where it cannot be used. There's even a style guide for it!
GraalVM: Run Programs Faster Anywhere: Interesting if you wish to run several programming languages at the same time, and are interested in very fast startup times and very small memory footprint.
Is boilerplate code really so bad?: Yes, it's bad.
Polyglot Persistence - Which Data Model to pick for your Workload: An excellent overview of the different NoSQL/SQL/Document/KeyValueStores etc. data models and when to use them, the advantages and disadvantages, etc.
Vue.js: power and flexibility: Nice, reminds me of Angular and React, though.
From Java to Kotlin: the adventures of a smooth migration: Very easy to follow, seems easy to implement too, just add some dependencies and start replacing your java files. Most impressive was the fact that several packages of java classes could be replaced with one Kotlin file.
Bring serverless to Kubernetes with new open source tools
Down the SVG Rabbit Hole: Advanced SVG Effects & Optimized Workflow: I had no idea that the possibilities for animation and rendering of SVGs has come so far. Especially since it can all be rendered live in your browser nowadays.

Friday

How to build products people care about
How to apply AI to testing
Java Futures: Devoxx 2018 Edition

Sessions I wish I followed

Be More Productive with IntelliJ IDEA
Java Modularity :the Year after
Function Programming Patterns with Java8
The Z Garbage Collector

References

Devoxx BE (2018): https://devoxx.be/
Devoxx BE 2018 - Playlist on Youtube: https://www.youtube.com/playlist?list=PLRsbF2sD7JVp8vBso4ysmj-X0u6uGx1rH
Devoxx 2018 - Deep Dive Day One: http://randomthoughtsonjavaprogramming.blogspot.com/2018/11/devoxx-2018-deep-dive-day-one.html

Tuesday 13 November 2018

Devoxx 2018 - Deep Dive - Day One

Just writing down the sessions I followed, and some notes regarding the sessions.

Implementing Microservices with Jakarta EE and MicroProfile

The one point of issue that I had with the talk, is that it decided to tackle two issues. The talk was regarding JakartaEE and how to get about moving JavaEE over to Open Source, and what it takes. The talk was also about Eclipse MicroProfile. For me as a novice it is very hard afterwards to separate the characteristics of the two. I'm likely to mix it up.

It might have been better, if possible, to split the two items up into two talks.

JakartaEE

What I heard was that they are attempting to have an Eclipse Glassfish 5.1 version available on December 15th of this year, build from Open Source JavaEE specification 8.

There is already a staggering amount of building taking place of the different components in JakartaEE, see the EE4J CI/CD Progress².

They're looking into getting JCP Standards Process replaced by "Something Else" called "Specification Process 1.0", because obviously they need some sort of process in place for JakartaEE. Hopefully without any of the problems that made JCP too slow.

The JNoSQL project is the guinea pig for the new Process.

They have TCK - test cases suites - to determine if application servers follow the specs.

Code First Mentality is what seems to work. Like Hibernate and Spring prove that something works very well, then standardize it and include it in Jakarta EE.

JakartaEE is apparently moving away from reference implementations.

It's going to be Community driven.

Eclipse MicroProfile

The project started as a way to easily move forward with JavaEE, without waiting for standards to catch up and to see what is possible. To get something quickly, the things implemented first was CDI+JAXRS+JSONP, in order to get some microservices running.

So we are already familiar with the Full Profile and the Web Profile regarding Application Servers. The MicroProfile is kind of like that, but without the whole application server behind it.

It's for quick progress and less about standards. The speed is quite impressive, 7 major releases in 2 years of existence. Features based on the "the honour system". If you say that it works, and that you've tested it, that's good enough.

This in stark contrast with Jakarta EE, a (future) standard with 1-2 major releases per year.

He did mention a cool article¹ about what MicroProfile is bringing to JakartaEE.

Microservices

Now I am a novice when it comes to using microservices, how, when, where, etc.

Some interesting examples on how microservices are implemented:

Netflix

is running hundred and hundreds of microservices.

another company

could get by without with only 20 microservices that by definition might be a little more bulky.

third company

A good example of the use of microservices, is a company in Prague that computed hashes for passwords for people logging in. Apparently there were peaks in the system, for example when a new feature was announced, and people wanted to check what it did. It causes peaks, so the simple microservice for computing password hashes was deployed on every machine imaginable across all the branches of the company.

It's an excellent example of a very simple microservice that is computation intensive, without a lot of state required.

Java Streams vs. Reactive Streams: Which, When, How, and Why?

Venkat Subramaniam is a great speaker, and this was the first time I encountered him. The talk was amazing about the difference and common ground about the two. But also why you should use it, and when. Highly recommended.

Functional Exception Handling in Java with Vavr

A short talk but insightful. It basically boils down to using a Tuple to indicate success (the result value) or an error (the exception value) as a good work around of the fact that we cannot throw exceptions in lambdas.

Seems to be like the pattern used by Optional.

A Dozen Ways to Hack Your Brain to Write Fluently

It boils down to write a little bit, as soon as possible, and build it out from there.

There was a lot mroe to it than that, but I did not manage to follow the entire talk.

Exploring Java Heap Dumps

It was great. Apparently the Netbeans Java Profiler provides an API that makes it possible to drill down into the heap dumps you get to find out what the problem is. This way you can actually write a software application specifically for your problem and your application and attuned to your data model.

It can analyse the heap dump for you, but the javadoc specifically states for all functions in the API whether it can complete in normal time, or that the method you are using may require a long time (because it needs to access the entire heap dump).

It was actually not that big of an API. Apparently it is just a single package directory in the Netbeans Profiler source.

References

[1] How The MicroProfile Community Will Shape Jakarta EE: https://www.lightbend.com/blog/how-the-microprofile-community-will-shape-jakarta-ee
[2] JakartaEE CI/CD: https://ci.eclipse.org/
Getafix: How Facebook tools learn to fix bugs automatically: https://code.fb.com/developer-tools/getafix-how-facebook-tools-learn-to-fix-bugs-automatically/

Thursday 8 November 2018

Attending Devoxx Belgium 2018

I shall be attending the Devoxx Belgium 2018 Java Conference in Antwerp, from 12th - 16th of November 2018.

My first time.

References

Devoxx Belgium 2018: https://devoxx.be/

Monday 5 November 2018

I use Fedora

In due time, when I was little, I got started with the Redhat Linux distribution. It was a great step in the direction of getting a Linux operating system up and running with very little tweaking. Of course, I still had to compile the kernel, and configure XWindows and all sorts of other things.

Eventually, Fedora came into my life, and I have been using it ever since.

It's my Operating System of Choice both at home and at work.

References

Fedora Magazine - Say thanks during Fedora Appreciation Week (Nov. 5-11): https://fedoramagazine.org/say-thanks-appreciation-week-2018/

Thursday 1 November 2018

Securing Glassfish

As written in my previous blogpost, I mentioned securing Glassfish.

Here are the steps I took. I plan to add more steps, if I find them.

change the default passwords

a no-brainer, I think

do not run glassfish as root

I already did that, but I just mention it here. If you need to have it listening to port 80, there are plenty of ways to do that without running glassfish as root.

make sure the user running glassfish has /sbin/nologin as a login shell

so nobody can get shell access, unless you use another account¹.

Also means if we need to access the account ourselves, we could run:

sudo -u glassfish /bin/bash

turn off admin console access from outside the server

Go to Configuration -> server-config -> Network Config -> Network Listeners -> admin-listener.

Under the General tab, in the Address: field replace 0.0.0.0 to 127.0.0.1

Restart the server

You can access the admin console using an ssh tunnel⁶:

[user@localhost ~]$ ssh user@mysite.com -L 4848:localhost:4848 -N

The first 4848 is the port of your homepc. The second 4848 is the remote port. And then connecting your browser to localhost:4848.

make sure only the essentials are accessible from outside the server

an application server has a very high number of open ports, many of them are only required for local access. Verifying this can be done with the following command:

[root ~]# netstat -tulpen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode      PID/Program name
tcp        0      0 0.0.0.0:7676            0.0.0.0:*               LISTEN      1002       8518781    14140/java
tcp        0      0 0.0.0.0:42853           0.0.0.0:*               LISTEN      1002       9560152    14140/java
tcp        0      0 0.0.0.0:44425           0.0.0.0:*               LISTEN      1002       9560153    14140/java
tcp        0      0 0.0.0.0:45613           0.0.0.0:*               LISTEN      1002       9560151    14140/java
tcp        0      0 0.0.0.0:8686            0.0.0.0:*               LISTEN      1002       8518047    14140/java
tcp        0      0 0.0.0.0:4848            0.0.0.0:*               LISTEN      1002       8517513    14140/java
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      1002       8516146    14140/java
tcp        0      0 0.0.0.0:3700            0.0.0.0:*               LISTEN      1002       8516151    14140/java
tcp        0      0 0.0.0.0:8181            0.0.0.0:*               LISTEN      1002       8516148    14140/java
tcp        0      0 0.0.0.0:41593           0.0.0.0:*               LISTEN      1002       8517967    14140/javat

port	type	comments
7676		Message Queue Port
42853
44425
45613
8686	Pure JMX Clients Port
4848	the administration console	set it to localhost, and connect using ssh tunnel
8080	the normal http listener	this should be accessible from outside the server
3700	IIOP Port ("ORB listener 1")
8181	the normal https listener	this should be accessible from outside the server
41593

This can be either done by changing the ip address in the configuration of the glassfish server to 127.0.0.1 instead of 0.0.0.0.

But it could also be done by adding firewall rules, disallowing incoming traffic to ports you do not approve.

However, why not do both?

turn off autodeployments²

asadmin set server.admin-service.das-config.autodeploy-enabled=false

dynamic-reload-enabled² is another useful one to turn on and off in this manner

asadmin set server.admin-service.das-config.dynamic-reload-enabled=false

hide your identity

glassfish response headers contain information on what server you are running, what version, what frameworks, etc. You can turn this option off by following instructions of reference 3. Has some other excellent advice as well.

make sure any database access used by glassfish is as restricted as possible

usually it is enough to create a database user that has only access to one specific database^{4 5}

add a second admin user account for accessing the glassfish admin console

just in case of problems

make sure the user running the glassfish has files with as restricted rights as possible

there is no reason for "other" and "group" to have any access.

References

[1] StackExchange - Unix&Linux - Does /usr/sbin/nologin as a login shell serve a security purpose?: https://unix.stackexchange.com/questions/155139/does-usr-sbin-nologin-as-a-login-shell-serve-a-security-purpose
[2] GlassFish Server Open Source Edition - Application Deployment Guide - Release 5.0: https://javaee.github.io/glassfish/doc/5.0/application-deployment-guide.pdf
[3] Securing your GlassFish. Hardening Guide: http://blog.eisele.net/2011/05/securing-your-glassfish-hardening-guide.html
[4] How to create a user in MySQL/MariaDB and grant permissions on a specific database: http://www.daniloaz.com/en/how-to-create-a-user-in-mysql-mariadb-and-grant-permissions-on-a-specific-database/
[5] MariaDB - SET PASSWORD: https://mariadb.com/kb/en/library/set-password/
[6] Frank Wiles - Quick-Tip: SSH Tunneling Made Easy: https://www.revsys.com/writings/quicktips/ssh-tunnel.html
Fine Tuning Payara Server in Production: https://blog.payara.fish/fine-tuning-payara-server-in-production
Bug 1530511 - rocksdb appears under "show databases": https://bugzilla.redhat.com/show_bug.cgi?id=1530511