How to enable GZIP compression in Wildfly 8.2

Front-End Application performance is the key to improve user experience. Users expect pages to be loaded in two seconds. With large JavaScript libraries used for dynamic sites this is even more challenging. To speed up page loading and data transmission it is highly recommended (Google PageSpeed Rules, YSlow) to enable transparent gzip compression on the web-server. All modern browser support it.

Activate gzip compression in wildfly configuration file (e.g. standalone.xml) using the gzip filter as follows:

<subsystem xmlns="urn:jboss:domain:undertow:1.2">
  <server name="default-server">
    <host name="default-host" alias="localhost">
      <filter-ref name="gzipFilter" predicate="exists['%{o,Content-Type}'] and regex[pattern='(?:application/javascript|text/css|text/html|text/xml|application/json)(;.*)?', value=%{o,Content-Type}, full-match=true]"/>
      <filter-ref name="Vary-header"/>
    <gzip name="gzipFilter"/>
    <response-header name="Vary-header" header-name="Vary" header-value="Accept-Encoding"/>

This enables compression based on resource content type for javascript, html and css.
To make proxy servers happy, you have to add the Vary: Accept-Encoding header as shown above if you use gzip compression. For details see here.

Check the site using Google PageSpeed Insights, Firebug plugin for Firefox or Chrome developer tools. Or use online tools like Pingdom Website Speed Test.


How to disable SSLv3 on WildFly 8.1

SSL 3 is dead.
Because of POODLE attacks it is better security practice to disable SSLv3 and adopt only TLS. To disable SSLv3 on WildFly 8.1 set the enabled-protocols attribute of the https-listener node of the undertow subsystem in the wildfly configuration file (e.g. standalone.xml) accordingly:

<subsystem xmlns="urn:jboss:domain:undertow:1.1">
  <server name="default-server">
    <https-listener name="https" socket-binding="https" security-realm="SSLRealm" enabled-protocols="TLSv1,TLSv1.1,TLSv1.2"/>

Possible values for the enabled-protocols attribute in WildFly 8.1 are:

  • SSLv3
  • TLSv1
  • TLSv1.1
  • TLSv1.2
Multiple values can be separated by comma, e.g.:


Install JDK 8 manually on Windows

To install the JDK manually on a windows system:

  • Download the JDK Executable from Oracle
  • Extract the content of the installer exe to an empty folder (e.g. c:\jdk8)
  • Extract the extracted tools.zip into the same folder
  • Delete the tools.zip after successfull extraction 
  • Open a command line and change into the folder (cd c:\jdk8)
  • In the extraction directory execute (one line):
    for /r %x in (*.pack) do .\bin\unpack200 -r "%x" "%~dx%~px%~nx.jar"
  • Set the JAVA_HOME environment variable if required


Update Glassfish Eclipselink Version to 2.5.1

Glassfish ships with EclipseLink 2.3.2 as JPA Provider. To update the bundled version to a newer (2.5.1 in this case) do the following:

1) Download the new EclipseLink OSGi Bundles from the EclipeLink download site and unzip the archive to a folder on your disk.

2) Make a backup of your current Glassfish modules folder. Assuming you have installed Glassfish in C:\glassfish- the modules folder is C:\glassfish-\glassfish\modules.

3) Delete all JAR files in your current Glassfish modules folder beginning with org.eclipse.persistance.* and the JAR file javax.persistence.jar.

 4) From the downloaded OSGi bundles archive copy all JAR files beginning with org.eclipse.persistance.* but not the source files (containing source in their name) to your Glassfish modules folder. And copy the JAR file beginning with javax.persistance.* to your Glassfish modules folder, too.
5) Clear the contents of the OSGi cache for each domain from the domains osgi-cache folder. Assuming you have installed Glassfish in C:\glassfish- the domains OSGi cache folder for domain1 is C:\glassfish-\glassfish\domains\domain1\osgi-cache.

You can simply delete the whole osgi-cache folder. It will be recreated during next startup of the domain.

You can now start your Glassfish server with updated EclipseLink modules.


JavaFX for iOS NetBeans Plugin available

For NetBeans 7.4 there is a plugin available for building JavaFX applications for iOS devices. The plugin uses RoboVM to translate Java byte-code to native ARM code.

It can be downloaded here: http://plugins.netbeans.org/plugin/52156/javafx-for-ios-project-support


Install JDK 8 on Raspberry Pi

What you need:
  • Raspberry Pi (model B)
  • Raspbian installed
Install JDK 8:
  • Get Oracle JDK 8 (with JavaFX) for ARM from the Oracle download page: http://jdk8.java.net/download.html
    You need the Linux ARMv6/7 VFP, HardFP ABI version
  • Extract it to /opt/jdk1.8.0/ using:
    sudo tar zxvf jdk-8-ea-b*.tar.gz -C /opt
  • Setup Java
    sudo update-alternatives --install "/usr/bin/java" "java" "/opt/jdk1.8.0/bin/java" 1
    sudo update-alternatives --install "/usr/bin/javac" "javac" "/opt/jdk1.8.0/bin/javac" 1
If there is more than one java runtime installed check which version is used by output of:
java -version

If it is the wrong java runtime version, solve this by running:
sudo update-alternatives --config java
And choose the appropriate option.


Enable/Disable GPGMail 2 Sign by default

After Installation of the GPGTools (including GPGMail 2) the mail app tries to sign all outgoing mail by default. Unfortunately this can not be configured in the settings. But there are hidden settings.

To disable sign by default (one line!):
defaults write ~/Library/Preferences/org.gpgtools.gpgmail SignNewEmailsByDefault -bool NO

To enable sign by default (one line!):
defaults write ~/Library/Preferences/org.gpgtools.gpgmail SignNewEmailsByDefault -bool YES

For the complete list of hidden GPGMail 2 settings see here: http://support.gpgtools.org/kb/faq-gpgmail/gpgmail-2-hidden-settings


Java Connector Architecture (JCA) 1.6 and CDI on Glassfish 3.1

Context and Dependency Injection (CDI) is different if used in a Java Connector Architecture (JCA) 1.6 Resource Adapter.
If there is a beans.xml in the META-INF directory of a resource adapter (RAR), the beans.xml file is read and the resource adapter is recognized as a CDI module correctly.
This way CDI can be used for all beans inside the resource adapter.

But remember:
However it is not possible to inject CDI bean classes contained in a resource adapter RAR into other web applications or EJBs.


Midnight Commander (mc) and insert key on Mac OS X

The well known Midnight Commander (mc) uses the Insert-Key to select multiple files.
This key is not available on a Mac keyboard, but there is an alternative shortcut to select multiple files in midnight commander on Mac OS X:
        Ctrl + T
Using this in the terminal of Mac OS X has the same effect than the insert key.


Apple Keyboard on linux

To be able to use an Apple keyboard (MB110D/A) on a linux system, the correct layout must be set first. Select the corresponding in the Keyboard Preferences. In this case Germany Macintosh is added to the layouts list.
Keyboard model should be Apple.

Unfortunately, the keys [^/°] and [] remain reversed. To fix this the key codes have the be reassigned:

1) Find out the keycode
With help of the programm xev the keycode can be figured out. Start the programm as follows and press the keys [^/°] and [] afterwards. The keycodes should be displayed.
$ xev | grep keycode
    state 0x10, keycode 94 (keysym 0xfe52, dead_circumflex), same_screen YES,
    state 0x10, keycode 94 (keysym 0xfe52, dead_circumflex), same_screen YES,
    state 0x10, keycode 49 (keysym 0x3c, less), same_screen YES,
    state 0x10, keycode 49 (keysym 0x3c, less), same_screen YES,
So we need to fix the assignment for the keycodes 94 and 49.

2) Show current key assignment
The current key assignment can be displayed using xmodmap.
$ xmodmap -pke | grep " 94"
keycode  94 = less greater less greater bar brokenbar bar
$ xmodmap -pke | grep " 49"
keycode  49 = dead_circumflex degree dead_circumflex degree U2032 U2033 U2032 
Here you can already see the problem. On the button [^ / °] with keycode 94 are the signs for smaller, bigger, ...

3) Change key assignment
With xmodmap the key assignement can be changed.
$ xmodmap -e 'keycode 49 = less greater less greater bar brokenbar bar'
$ xmodmap -e 'keycode 94 = dead_circumflex degree dead_circumflex degree U2032 U2033 U2032'
However, this change only lasts until the next reboot. In order to implement this change permanent or restore after a reboot, the new assignments must be stored in the file ~/.Xmodmap.

$ xmodmap -pke | grep " 49" >> ~/.Xmodmap 
$ xmodmap -pke | grep " 94" >> ~/.Xmodmap 
The file should look like this now:
keycode  94 = dead_circumflex degree dead_circumflex degree U2032 U2033 U2032
keycode  49 = less greater less greater bar brokenbar bar


Patch files with git diff

In order to create a patch file that is usable with "patch -p0 < patchfile" with "git diff", the option "--no-prefix" has to be used:
git diff --no-prefix > patchfile

Now the patch can be applied using:
patch -p0 < patchfile

If you already have a patch file out of "git diff" where the "--no-prefix" option was not specified, the patch must be applied as follows:
patch -p1 < patchfile

This way the standard prefixes a/ and b/ are ignored.


Auto-Update for Java Applications

Java WebStart-Applications have a great update mechanism using JNLP. It checks during launch if there is a new version available on the server and downloads the new version to the client automatically. This way the client always runs with the latests version available on the server. But what about standalone Java applications?

Appcast - an RSS 2.0 update feed

Similar to podcasts a appcast is a RSS 2.0 feed to announce a new release of a software product. It basically uses standard RSS 2.0. The reference to the new version file can be specified in the enclosure tag:
<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0">
      <title>MyApp Changelog</title>
      <description>Latest changes and updates.</description>
         <title>Version 1.3.2</title>
         <pubDate>Wed, 18 Jun 2011 09:20:11 +0000</pubDate>
         <enclosure url="http://example.com/MyApp-1.3.2.zip" length="1234567" type="application/octet-stream" />

Just place this as appcast.xml on some host that is accessible by the application. The application can check if there is a new update available using this appcast.xml.

Appcast Framework for Mac OS X

Andy Matuschak's Sparkle is a free software update framework for Mac OS X that is very widespread. It has some appcast extensions for custom version strings and DSA signature for the update file. An complete sparkle appcast example can be found here. With these extensions is also possible to include a link to the release notes file.

Appcast updates for Java Applications?

The RSS 2.0 structure is very easy and there are already java parsers available. The sparkle extensions can also be parsed in Java. You can use JAXB to get the values out of the enclosure tag:
public class Enclosure {
    String url;
    long length;
    String type;
    String version;
    String shortVersionString;
    String dsaSignature;
The other tags can be processed the same way. You only need to compare the current application version string with the one from the appcast enclosure. If the appcast version is newer, download the update file.

But how do you handle applications with multiple JAR files if every component has it's own versioning? The version string from the MANIFEST.MF file can be used or one can add a new version string, e.g. 'Appcast-Version: 1.2.3', to the JAR's MANIFEST.MF file. This can be read easily at runtime with java.util.jar.Manifest class:
Manifest manifest = new Manifest(new FileInputStream(new File("manifest.mf")));
Attributes mainAttributes = manifest.getMainAttributes();
if (mainAttributes != null) {
   return mainAttributes.getValue("Appcast-Version");

The appcast URL itself can also be placed inside the MANIFEST.MF file for each application module, e.g. using "Appcast-Url: http://example.com/MyApp/appcast.xml".

Keep in mind that it is not possible to replace a JAR file of a currently running application. So you need a bootstrap mechanism to check and download updates and apply them during next start of the application.


Enable colors for git on Mac OS X

To enable colors for all git commands on Mac OS X use:

$ git config --global color.ui true


top command on OS X

On Linux systems the top command shows the running processes sorted by the highest CPU consumption by default.
This is not the case on Mac OS X systems. There the processes are sorted by their PID in descending order (highest PID on top).
For those that are interested in the processes that consume much CPU use the following:
top -o cpu

This is for sorting the processes according their CPU usage.

For easier access you can create an alias.
Add the following line in you .profile file:
alias top='top -o cpu'


Umlaute im DOS-Fenster unter Windows 7

Unter Windows 7 funktionierten die Umlaute in der DOS-Box bei älteren DOS-Programmen nicht mehr richtig.
Die Lösung brachte folgende zusätzliche Zeile in C:\Windows\system32\autoexec.nt:
  LH KB16 GR,,%Systemroot%\system32\keyboard.sys


FritzBox 7270 hinter Speedport 920V - Fernwartung

Betreibt man so wie ich eine FritzBox 7270 hinter einem Speedport 920V, der auch die Internetverbindung herstellt, so ergibt sich ein Problem mit der Fernwartung der FritzBox:

Auf dem Speedport 920V muss man natürlich ein Portforwarding für die Fernwartung der FritzBox einrichten. Ich hab einfach mal den SSL-Port 443 auf die FritzBox gesetzt.
Das klappt dann alles ganz gut bis zur Anmeldung an der FritzBox. Nach Eingabe von Benutzername und Passwort kommt nur noch eine leere weiße Seite.

Das Problem sind scheinbar die Referrer-Header, die die Browser mitschicken.
Schaltet man die nämlich aus, so funktioniert alles wunderbar:

Im Firefox in der Adresszeile  
eingeben und nach
  network.http.sendRefererHeader (Achtung: Referer mit einem 'r' !) suchen.

Der Standardwert ist 2. Ändert man den Wert auf 0, klappt die Fernwartung.

Leider ist das soweit ich weiß nur im Firefox möglich und auf anderen Internetseiten durchaus mit Problemen verbunden.

FritzBox 7270 hinter Speedport 920V

Wenn man VDSL nutzen möchte, bleibt einem - zumindest bei T-Home - nichts anderes übrig, als ein zusätzliches VDSL2-fähiges Modem zu verwenden. Die FritzBox 7270 hat ja leider keins.

Ich verwende hier den Speedport 920V.
Nach längeren Tests mit den unterschiedlichsten Konfigurationen hat sich folgendes Setup als am Besten erwiesen:

Speedport 920V (als Router)
FritzBox 7270 (als IP-Client/Switch/WLAN)

Der 920V bietet zwar in der Konfiguration die Möglichkeit ihn nur als Modem zu verwenden, allerdings scheiterten bei mir alle Einwahlversuche mit der FritzBox. Also lass ich die Verbindung nun vom 920V herstellen.

Hoffentlich kommt endlich bald die FritzBox 7390 mit eingebautem VDSL2-Modem!


Fritz!Box Anfragen an Port 14013

Meine FritzBox 7270 macht seit dem letzten Firmware-Update ständig Anfragen an Port 14013 aller Clients. Wie sich herausgestellt hat, liegt das an dem neuen Feature Kindersicherung.
Nachdem ich das in der FritzBox deaktiviert hatte, war Ruhe.


Date And Time Handling On Distributed Systems

Da es immer wieder Probleme mit dem Umgang von Datums- und Zeitwerten gibt, habe ich dazu mal einen entsprechenden Artikel verfasst, der die aktuellen Problemstellungen aufzeigt und "Best Practice" Empfehlungen gibt.