javax.net.ssl.SSLHandshakeException: extension (5) should not be presented in certificate_request

Jul 20th, 2020 | Filed under Uncategorized

After bumping to latest docker (19.03.12) or minikube (0.12.1) you might quickly realise that you cannot push images from under maven build lifecycle.

This is because docker guys bumped go lang dependency which by default is using TLS 1.3

Either add

-Djdk.tls.client.protocols=TLSv1.2

to your java / maven command line or update your java to the very latest as this is fixed in every major java version now.

https://github.com/golang/go/issues/35722

https://bugs.openjdk.java.net/browse/JDK-8236039

Also it might be great opportunity to learn about TLS 1.3.. the biggest improvement is reducing handshake time. Are you microservices talking to each other using latest TLS.. by default currently it’s rather unlikely and the change could greatly improve your integration test time, not to say about waiting time of your users.

Aws cost savings tip#1

Jun 1st, 2020 | Filed under aws, Uncategorized

This will start series of blog posts about cost savings on Amazon. There are many typical mistakes that everyone is making, quick wins action that you can take to save some costs both for big scale and small scale deployments.

When you migrate to the cloud most probably you will be using Ec2 and RDS databases. Whole my private project code base relies on Spring boot + JPA + mysql8.. adapting this to other storage type would cause that I am more dependent on Amazon which I do not want. And also I would need seriously change not only DAO layer, but the way I model my data.. a bit to much..

My db size is around 10 gigabytes.. average utilisation is low I stop db over night using cloud custodian so I mostly pay for the storage.

I already know that if I was using google cloud I would switch to kubernetes and install mysql db myself… then I would be paying for tiny computing power and a bit of storage… on Amazon RDS service includes automated backups (which are super convenient), possibility to have multi AZ database (which I do not need)… but for now.. I will stick to Amazon.. what can I do?

Recently I learned that after switching from mysql 5 to mysql 8 default character encoding changed..

In mysql5 it was called utf8 which could not cope with any character (yes – surprise!). In mysql8 it’s called utf8mb4 which is a real utf, but it’s size. is 4 bytes for each character.

In practice the difference is neglectable. Old utf8 takes 3 bytes per character and the only characters it could have issues with are some emoticons data. It’s unlikely that it could cause you a problem unless you are developing application for many users and you do want to allow users to store emoticons in – let’s say blog comments..

Anyway.. if you migrate your db from mysql5 to 8 expect your database size, snapshots increase in worst case by 33% (from 3 bytes per character to 4 bytes).
That includes also traffic between db and application..

In my app most of my data are just numbers so that experiment will not affect me much. But other tables mostly contains names that are could be just plain ascii. I do not store any input from users… sounds like a place for a improvement…

There are default settings for character sets and collations at four levels: server, database, table, and column.

https://dev.mysql.com/doc/refman/8.0/en/charset-syntax.html

To change default character set you can use :

ALTER TABLE t CHARACTER SET ascii;

but this does not convert existing data values.. for that you need to execute:

ALTER TABLE t CONVERT TO CHARACTER SET ascii;

After that.. my database was smaller by 10% and my storage costs dropped by 10% as well.

Ok and do we have any drawbacks? If you really know that your table and application usage will not be hurt by using ascii, latin or old utf8 character then no. If you want to introduce the change only to some tables then bare in mind that if you want to join let’s say “sessionId” from one table which is ascii and with second table where it is utf8 such join is not sagrable (indexes won’t be used) check here https://stackoverflow.com/questions/799584/what-makes-a-sql-statement-sargable

So as always.. you need to decide, experiment and check.

Interesting comparison of impact on character set and collaction across mysql 5 and 8 is here
https://www.percona.com/blog/2019/02/27/charset-and-collation-settings-impact-on-mysql-performance/

Bear in mind that the default utf8mb4 is there for a reason.. using that character you will not have any issues when storing data from many sources.. be it users or web scrapping data… Think about optimizations only if you have a use case for that (terrabytes of data for instance!)

Tags: , ,

Java does not work in latest firefox 52?

Mar 10th, 2017 | Filed under java

Old problem comes back due to different reasons. Firefox follows chrome and drops support for NPAPI plugins (it affects Silverlight and Flash as well).
By default support is disabled, but you can revert in.

  1. Go to about:config settings webpage (type it as uri in browser and press enter)
  2. Add new entry of boolean type with name plugin.load_flash_only and value set to false
  3. Restart browser and your java and silverlight should work again!

Ubuntu 16.04 custom kernel and latest Virtualbox

Dec 30th, 2016 | Filed under Uncategorized

Due to some reason I had to go with 48 kernel and not 4.4 default one.
After some time I realized that my virtualbox is no longer working… This is one of nice things with Ubuntu.. It works all together flawlessly until you start messing with it (for instance when you need latest software and latest software usually has dependencies on some other latest software).
So for Kernel 4.8 you need Virtualbox 5.1 to install it quickly

wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | sudo apt-key add -
sudo apt-get update
sudo apt-get install virtualbox-5.1
Tags:

Reason: Failed on SHA256 verification on gentoo

Oct 23rd, 2014 | Filed under gentoo, problems

One reason of

Reason: Failed on SHA256 verification

is that during creation of ebuilds some packages are fetched from external sources (for instance from adobe-flash site) and they sometimes publish new version of a package exactly under the same name.
Then next update results in a checksum error, because saved source from distfile directory is used.

To fix that you could:

rm -rf /usr/portage/www-plugins/adobe-flash/

or

fix it with
ebuild /usr/portage/www-plugins/adobe-flash/adobe-flash-11.2.202.411.ebuild clean prepare

Above situation should occure very rarely.

Tags:

How to install and configure TL-WN722N on gentoo

Jun 29th, 2014 | Filed under gentoo, problems

1. First make sure you have these options compiled into kernel

CONFIG_ATH_COMMON=m
CONFIG_ATH9K_HW=m
CONFIG_ATH9K_COMMON=m
CONFIG_ATH9K_HTC=m

If you cannot find them within your config it means that some other dependencies are missing from your kernel.
You can find it more easily with “make xconfig” and selecting option “show all”
2. Most likely you will have to select:

CONFIG_CFG80211
CONFIG_CFG80211_WEXT

Without these two you will receive a lot of fancy errors like:

ioctl[SIOCSIWPMKSA]: Invalid argument

3. If you will see warning related to RFKILL you can fix them by compiling RFKILL into your kernel and emerge rfkill as well.

CONFIG_RFKILL=y
CONFIG_RFKILL_LEDS=y
CONFIG_RFKILL_INPUT=y
CONFIG_ATH9K_RFKILL=y

After that you can check status of your device by:

rfkill list all

and if it’s blocked just unblock it by

rfkill unblock wifi

Ok.. now iwconfig should show some info about your device.
The only thing left is to confiugre /etc/wpa_supplicant/wpa_supplicant.conf file

for most common WPA2 configuration it should contain :

network={
ssid="yourSSID"
proto=WPA2
key_mgmt=WPA-PSK
pairwise=CCMP TKIP
group=CCMP TKIP WEP104 WEP40
priority=2
psk="yourpassword"
}

If you want to avoid having password in plaintext you can use command
wpa_passphrase yourSsid password

and then paste
psk=yourGeneratedHash

(note missing quotes!)

Now is time to check your configuration:

wpa_supplicant -iwlan0 -dd -Dwext -c/etc/wpa_supplicant/wpa_supplicant.conf

If everything works do

ln -s /etc/init.d/net.lo /etc/init.d/net.wlan0

and add it to default runlevel

rc-update add  net.wlan0 boot

In case of problems check:

  1. Is your card visible by lsusb ?
  2. Do you have any errors in dmesg
  3. Did you rebooted after recompiling modles?

I didn’t have to download anything drivers from suspicious pages! So please do not do this!
Everything worked on a modern kernel 3.13.7

Other common samples of wpa_supplicant.conf configurations related to different router’s security settings can be found here:
http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?style=printable&part=4&chap=4#doc_chap2

Tags:

Public key for jenkins is not installed

Apr 18th, 2014 | Filed under Uncategorized

Just do:

sudo wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo
sudo rpm --import http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key

sudo yum install jenkins

Tags:

How to update all kde packages without others on gentoo.

Feb 20th, 2014 | Filed under gentoo

Try emerge -u $(qlist -IC kde-base/)
Tags:

hwclock: Cannot access the Hardware Clock via any known method.

Dec 26th, 2013 | Filed under gentoo, problems

Recently I was updating my comp of course there was a need to make some kernel changes (I switched to Intel i5-4570 ), but most of things went rather smoothly, but I had problems with time during dual boot.

hwclock: Open of /dev/rtc failed: No such file or directory
No usable clock interface found.
hwclock: Cannot access the Hardware Clock via any known method.

Checking kernel settings wasn’t obvious to me, cause dual boot was working previously and I though I moved previous kernel config..

Anyway RTC support was not included in kernel.. now I have:

CONFIG_HPET_EMULATE_RTC=y
CONFIG_RTC_LIB=y
CONFIG_RTC_CLASS=y
CONFIG_RTC_HCTOSYS=y
CONFIG_RTC_SYSTOHC=y
CONFIG_RTC_HCTOSYS_DEVICE=”rtc0″
# RTC interfaces
CONFIG_RTC_INTF_SYSFS=y
CONFIG_RTC_INTF_PROC=y
CONFIG_RTC_INTF_DEV=y
# I2C RTC drivers
# SPI RTC drivers
# Platform RTC drivers
CONFIG_RTC_DRV_CMOS=y
# on-CPU RTC drivers
# HID Sensor RTC drivers

Some of settings may be not needed for you, but that’s my conf.
After recompiling and installing kernel error is gone.

Tags:

How to attach Java src jar’s to Eclipse on Macbook

Sep 5th, 2013 | Filed under java, mac

How to attach Java src jar’s to Eclipse

Go to:
cd /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home

Find the src.jar there:
find /Library/Java -name ‘src.jar’

And link whatever you will find in current directory
$ sudo ln -s /Library/Java/JavaVirtualMachines/1.6.0_51-b11-457.jdk/Contents/Home/src.jar .

Tags: