Site Sponsors:
Microsoft Ignorance 
There we were, watching the bandwidth.

The client complains that the time is always around 8AM... people are settling in at work ...

10 ... 9 ... 8 ...

Look Bill... no more network!

What am I talking about?

Why, our inability to be able to readily manage our own computers, anymore! (*)

Yea - we can schedule each and every computer to check for updates within no more than a few days of their availability... but we can no longer turn it off?

... Hey Microsoft: whose computer is it, anyways?

Lamentations


In times past I would routinely turn updates off while traveling. Especially when traveling abroad. Why? Because in the XP days I have had airport servers use the operating-system's update as a vector to install viruses on my computer. Indeed, if you can inject your own Certificate Authority (CA,) into a browser, then hijacking such things is relatively easy to-do.

Moreover, ignoring the fact that there are some updates that will break both hardware-drivers, as well as corporate software, Microsoft's decision to prevent us from managing our own computers demonstrates three (3) things:

THING ONE: The first thing demonstrated is that Microsoft no longer had the brain=trust to adequately manage a belated software-update patch-farm.

Of course, Linux does so with impunity. For free.

Not only is the software development brain-trust logarithmically failing in Microsoft (as everywhere else throughout America,) but one must remember that the majority of Microsoft's updates are fixing software B-U-G-S, people.

Bad software. Bad testing practices. Back-doors, security exploits & holes. Corporate maleficence!

Even the simple & highly testable GAME of Minecraft - so elegantly and operationally handed-off to Microsoft developers - has since become a frustratingly bug-filled nightmare to play!

Such easily avoidable defect nightmares make one wonder - when it comes to quality - if some teams have simply been cursed?

THING TWO: The next thing demonstrated by the Windows 10 developers is that they are completely ignorant of the configurations management requirements of all modern corporations.

While crafting day-sidestepping installation policies are possible, a llot more than corporate visitors use complementary WIFI networks. --Since the advent of Windows 10, all are so slammed by the sheer plethora of now-mandatory Windows updates that most networks are thrashing these days... completely unusable!

And don't get me started about the toll automatic updates is taking across conference halls, at home, & in classrooms: Automatically updating computers in a wireless-networking situation is pure lunacy!.

THING THREE: Using the term "HIDE UPDATES" demonstrates a complete lack of understanding of the English language. Just like ignoring 25 years of Common-User Access conventions, in a time when a "senior engineer" is defined as having a mere 3 years of industry experience, we must marvel at how much money Microsoft must be saving ... while thousands of non-native others so obviously ruin what was once the most-used set of soft-wares in the world.


p.s.


Like Apple, Microsoft wants to be able to spy upon their users too.



(... Create a cookie-tracking Account ... Give them your reverse-searchable phone number ... Put all of your important documents in THEIR cloud... just so THEY can gather clandestine data on us as we SO COMPLACENTLY loose control over our own 'stuff!)

In the "Doh!"


Yet Apple could get away with such things (a mere 10% of the bandwidth, people!)

But at the moment there are A LOT more Microsoft computers, friends!

Therefore (it is sad to even have to point this out to them!), Microsoft updates will suck A LOT more capacity from the corporate pipes.

Even more interestingly, when it comes to spying on their own users MS does not even have the brain-trust to spy on folks properly!

Such is why - if you shut-down, unplug your Windows 10 computer from the Internet (don't forget to disable that home WIFI on those laptops!) that you will receive those "cannot spy on you (sic)" network messages.

Tragically, even when clicking on the resulting "more info" messages as directed, our quest for more information is completely ignored by Windows 10. (I recommend that you use 'view logs', instead? --If any type of corresponding notices are in the Windows log-files at-all, they are usually a lot more cryptic... but we might get lucky when we 'google for some type of understandable explanation...)

... I guess that they will fix THAT later, too?

Solving the Problems


In the mean time, might I suggest that you make a healthy donation to the Free-dome Software Foundation?

After that, then P-L-E-A-S-E contact your congressional representative and ask them - in a time when 1 in 7 Americans are having problems merely finding food - why our government is allowing American companies to use so many foreign workers?

If foreigners need American jobs, could their nations not petition our government to allow them to join the Union?


Statehood worked out rather well for Hawaii!

Who Cares?


Indeed, the fact that companies such as Hewlett Packard & Disney make their billions in America does not prevent their imported-executives from loosing any sleep as each farm American jobs out to (in the words of the guilty HP Executive) "less expensive" nations!

In the 1960's '70's & '80's, companies with no loyalty to the American worker would have been boycotted... What has changed?

(*) By the way: Even after I downloaded the software, I was unable to "hide updates" for anything. My advice now is that - when traveling - to simply not allow Windows 10 to connect to the Internet.

Caveat User!


[ add comment ] ( 50 views )   |  permalink
CentOS, Tomcat, MySQL, and Java Hosting 
In as much as it is now extremely affordable to toss server installs around the cloud, we decided to set up a Linux, Tomcat & MySQL (LTM) stack on CentOS.

Bitter Experiences


In an earlier post I mentioned that - while capable - that AWS was a box of frogs. While we might wonder aloud as we hear-tell of what is bumping around inside, once the 'pandora has been braved one will surely crave a far more native-English way of getting things done!

So it was with no little trepidation that I created a series of cloud servers on GoDaddy. While the prohibition on the static IP address remains, just like when creating cloud-servers elsewhere there are indeed DNS work-arounds.

Java Web Hosting


Setting up your first LTM stack can be a bit of a challenge.

Indeed, if RedHat is your favorite flavor of Linux, even lots of old-hands have been challenged by the server-management changes between CentOS 5, CentOS 6, & CentOS 7.

So while using Ubuntu on Godaddy's OpenStack cloud is allot easier, by way of documentation I also created a CentOS 7 based cloud server today.

Executive Summary


Please allow me to report that - for a mere $5 a month - that from starting & stopping to using SSH to access our Servers, that GoDaddy's cloud experience is presently far, far easier for software developers to work with. So easy that I feel no need to document it!

Once we have installed & updated a CentOS 7 Server - either in the cloud or elsewhere - installing the SCL is usually a solid place to start any LTM-installation process:
    sudo bash
yum update
yum install centos-release-SCL
yum update

rpm -Uvh http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm
yum -y install mysql-community-server
yum update
/usr/bin/systemctl enable mysqld
/usr/bin/systemctl start mysqld

yum -y install tomcat tomcat-webapps tomcat-admin-webapps
yum update
/usr/bin/systemctl enable tomcat
/usr/bin/systemctl start tomcat
If you are familiar with using CentOS 6 or earlier, then after typing in the above it might seem that RedHat is doing 'devo on the SCL mantra here...

After reviewing the above, can't we almost hear the sound of millions of web pages dying, as well as 500+ technical tomes hitting the trash can?

Yet I would have not been able to write a the most comprehensive Java Server set-up post ever if creating an LTM stack on CentOS 7 was easy!

Tomcat Users


Once all is running on 8080, then:
/usr/bin/systemctl stop tomcat
vi /etc/tomcat/tomcat-users.xml
~ then add ~
<user name="YourSecretName" password="YourSecretPassword" roles="admin,manager,admin-gui,admin-script,manager-gui,manager-script,manager-jmx,manager-status" />
followed by the
/usr/bin/systemctl start tomcat
-once again.

From 80 to 8080...


Sadly, the easiest way to get Tomcat to show up on port 80 is still via port forwarding.

Even more sadly, a heckofalotta things have to be gutted & installed to get our ports working. So if we see nothing when attempting to `cat` /etc/sysconfig/iptables, then one must:
systemctl stop firewalld
systemctl mask firewalld
yum install iptables-services
systemctl enable iptables

iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --dport 8080 -j ACCEPT
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

iptables-save > /etc/sysconfig/iptables
Note that adding any of these port-mappings to the bottom of /etc/rc.d/rc.local will not work. --The prohibition is an order-of-IPL type of thing.

Also note that if we see any under-desirable REJECTS when we do a:
iptables -L
-that we will have to remove those, as well.

I had two such port rejects.

To remove an offensive blockage from an iptables chain, we can either edit the iptables file directly (discussed later,) or use something like
iptables -D INPUT 1'sbn
or
iptables -D FORWARD 1'sbn
- where "1'sbn" is the 1's based item-number shown from the -L command.

Reboot-Proofing


Note that the:
    /usr/bin/systemctl enable mysqld
/usr/bin/systemctl enable tomcat
ensured that both MySQL and Tomcat would ever be there whenever that infamous 00.01 is subtracted from that 100% remainder of the work-weeks (!) 365.25. (i.e. 99.99? ;o)

Yet to verify that our on-boot iptables settings will be just as robust, then be sure to:
cat /etc/sysconfig/iptables
-We may also manually edit the same before a
systemctl restart iptables

Strawman - NOT!


Whenever one makes a change to the iptables using the command line interface, unless we want our port-mappings to go-away then don't forget to:
iptables-save > /etc/sysconfig/iptables
-or one dark & stormy night even a scheduled, maintenance reboot might suddenly begin to make one's after(work)life disappear.

MySQL Connector


Note also that yes, we can still:
yum -y install mysql-connector-java
Be sure to place the Connector either into your project's Java library bundle, and / or into the $CATALINA_HOME/lib wherever Tomcat will be used. -Never provided with Tomcat, we will need the MySQL Connector wherever we will be connecting from our application (R&D, Testing, Production (et al)), to an MySQL Server : port.

In my own "army of one" research, given the choice between modifying conf/server.xml or conf/context.xml in the $CATALINA_HOME, we wanted to share the resource. Because bouncing the 'tcat is also no longer much of a problem, we decided to use the former:
  <Resource name="jdbc/TestDB" auth="Container" type="javax.sql.DataSource"
maxActive="100" maxIdle="30" maxWait="10000"
username="javauser" password="javadude" driverClassName="com.mysql.jdbc.Driver"
url="jdbc:mysql://localhost:3306/javatest"/>
Such told however, note that if the Resource definition is exactly duplicated, that creating multiple definitions in both files are presently little more than an annoying maintenance problem.

Next, as recommended by the Tomcat docs, we temporarily granted universal access & created a simple database:
sudo bash
mysql
GRANT ALL PRIVILEGES ON *.* TO 'javauser'@'localhost'
IDENTIFIED BY 'javadude' WITH GRANT OPTION;
create database javatest;
use javatest;
create table testdata (
id int not null auto_increment primary key,
foo varchar(25),
bar int);
insert into testdata values(null, 'hello', 12345);
If you are attaching to a remote MySQL, be sure to replace javauser@localhost with the user@IP of your R&D machine.

Please note that putting quotes around the user@server identifier - as shown above - is also a well kept secret. -A secret that will make any dotted-quad session identification quite impossible without them.

Note also that - unlike any form of rational English usage of the concept "IDENTIFIED BY" - that javadude is the MySQL password that Mr. or Miss javauser must use.

Beware the bind-address!


If you are connecting okay on your localhost, yet see "error 2003 (hy000)" and / or need to tunnel through ssh (:22) elsewhere, then you will have to find / -type f ... your my.cnf file.

On CentOS, the my.cnf file is usually /etc/my.cnf. Ubuntu, /etc/mysql/my.cnf.... but your mileage may vary.

Yet no matter where the mysqld configuration file is located, we will want to comment-out that bind-address:

[mysqld]
# bind-address=127.0.0.1
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=1

[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
--You will now be able to create a classic Java Connection String without using strange (and slow!) SSH connection-tunnelling strategies.

Remember that to keep your brain fully rooted inside of it's proper casing to be sure to finish up with a
service mysqld restart

after saving that my.cnf edit!

Ultimately, note that if & when all else fails (it has been known :) that we can read the MySQL connection troubleshooting scroll for ourselves.

The Java Project


Turning our attention to the WEB-INF/web.xml in our Java project, we added the obligatory
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<description>MySQL Test App</description>
<resource-ref>
<description>DB Connection</description>
<res-ref-name>jdbc/TestDB</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
</web-app>
When working remotely (who should not?) we also added the exact same <Resource name="jdbc/TestDB" ... (as used above) to our project's META-INF/context.xml file.

Related


If the above to-do retelling did not rocket your project into the inter-app hyperspace of cloud 'nerdvanna, then you will surely want to read more about either:

(1) Installing Tomcat 7

(2) Installing MySQL on CentOS 7

(3) Re-using those VERY nicely-demonstrative Tomcat 7 MySQL + other database example walk-throughs.

(4) Or perhaps even reviewing the official list of MySQL Connectors, as you may insist ...




Sharing is caring!

-Rn




[ add comment ] ( 72 views )   |  permalink  |  related link

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Next> Last>>