Re: [OT] programming style or mental process ?

2021-04-04 Thread Zala Pierre GOUPIL 
> >
> > In your case, with a function call, this wouldn't make a difference
> > "if(request.getCharacterEncoding() = null)" would be illegal syntax as
> > well, but "if(someObject = null)" is perfectly legal, but doesn't
> > express the author's intent clearly: Is it a smart person who's taking a
> > shortcut, or a newbie using the wrong operator?
> >
>
> Let the seasoned programmer who's never made that same mistake throw the
> first stone.
>


I think I never did that mistake. Or at least, I didn't realize it.

Re: [ANN] New committer: Woonsan Ko

2018-12-19 Thread Zala Pierre GOUPIL 
Congratulations Woonsan! Keep up the good work!

Regards,

Zala



On Wed, Dec 19, 2018 at 10:56 AM Mark Thomas  wrote:

> On behalf of the Tomcat committers I am pleased to announce that
> Woonsan Ko (woonsan) has been voted in as a new Tomcat committer.
>
> Please join me in welcoming him.
>
> Kind regards,
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 
Je n'aime pas seulement ma vie, mais aussi celle des autres.

(Blade Runner)

Re: [ANN] New committer: Igal Sapir

2018-05-25 Thread Zala Pierre GOUPIL 
Well done! Congratulations!

Regards,

Zala



On Fri, May 25, 2018 at 12:38 PM, Felix Schumacher <
felix.schumac...@internetallee.de> wrote:

> Congrats,
>  Felix
>
> Am 24. Mai 2018 21:09:06 MESZ schrieb Mark Thomas :
> >On behalf of the Tomcat committers I am pleased to announce that
> >Igal Sapir (isapir) has been voted in as a new Tomcat committer.
> >
> >Please join me in welcoming him.
> >
> >Regards,
> >
> >Mark
> >
> >-
> >To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> >For additional commands, e-mail: dev-h...@tomcat.apache.org
>



-- 
Je n'aime pas seulement ma vie, mais aussi celle des autres.

(Blade Runner)

Re: [OT] MoSkito (was: ApacheCon anyone?)

2017-05-13 Thread Zala Pierre GOUPIL 
On Sat, May 13, 2017 at 4:29 PM, Mark Thomas  wrote:

> On 13 May 2017 08:09:38 BST, "Igal @ Lucee.org"  wrote:
> >Leon,
> >
> >On 5/12/2017 3:32 PM, Leon Rosenberg wrote:
> >>
> >> Yeah, strange isn't it? Unfortunately I haven't submitted and my
> >decision
> >> to come to apache con was rather spontaneous... But, know what Chris
> >?
> >> You'll be there, I'll be there and my notebook will be there too, so
> >you
> >> can have a private presentation anytime you want ;-))) And everyone
> >else
> >> who's interested too ;-) So how about MoSkito-private-hour? ;-)
> >
> >I've heard of MoSkito for the first time from this thread, and it seems
> >very interesting.
> >
> >It'd be great if you can post a video of such private presentation
> >online (thus making it not-so-private-anymore), for those of us who can
> >not attend ApacheCon.
>
> If there is interest, and Leon has the time, we can set up a webinar.
>
> Mark
>
>
I'd really like to attend!

Zala


-- 
Je n'aime pas seulement ma vie, mais aussi celle des autres.

(Blade Runner)

Re: [ANN] New committer: Michael Osipov

2017-05-08 Thread Zala Pierre GOUPIL 
On Mon, May 8, 2017 at 3:52 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Michael,
>
> On 5/8/17 4:08 AM, Mark Thomas wrote:
> > On behalf of the Tomcat committers I am pleased to announce that
> > Michael Osipov (michaelo) has been voted in as a new Tomcat
> > committer.
> >
> > Please join me in welcoming him.



Congratulations!

Re: [ANN] New committer: Emmanuel Bourg

2017-01-20 Thread Zala Pierre GOUPIL 
Toutes mes félicitations !

Le 20 janv. 2017 18:12, "Mark Thomas"  a écrit :

> On behalf of the Tomcat committers I am pleased to announce that
> Emmanuel Bourg (ebourg) has been voted in as a new Tomcat committer.
>
> Please join me in welcoming him.
>
> Regards,
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: “Virtual hosting” with port removed?

2015-02-01 Thread Zala Pierre GOUPIL 
Good evening,

If you use Tomcat alone (without Apache or any other web servers), you'll
have to find a way to have it listen on the port 80 (there a some of them
available on the web).

Because Tomcat uses the port 8080 by default. In such a situation, you
can't remove the port number: no port number in the address bar means port
80! And as you use MacOS X, which is a Unix derivative, you can't just
modify Tomcat's server.xml and ask it  to use the port 80: on Unix, port
numbers  1024 are reserved and a program needs the root privileges to bind
to them.

One more thing: any Tomcat distribution is able to set up a virtual host,
so you should definitively use the plain-vanilla Tomcat available
officially.

Regards,

Pierre



On Mon, Feb 2, 2015 at 12:22 AM, Micky Hulse mickyhu...@gmail.com wrote:

 Thanks for tips Hassan! I really appreciate it!

 I'll follow your suggestions and take another stab at it. I'll post back
 here with my results.

  On Feb 1, 2015, at 2:46 PM, Hassan Schroeder hassan.schroe...@gmail.com
 wrote:
  Why? Download the real thing, untar, done. No questions about
  packaging issues. Who knows what this thing does?

 Good point!

 Silly question: Will the real thing allow me to setup a vhost like in
 Apache2?

  OK, is your problem with httpd or Tomcat?
  Is httpd responding to your request for 'http://tomcat.local/'?

 I was able to get tomcat.local to work, but not without the port.

  If so, then why aren't you proxying everything to Tomcat? You don't
  need to proxy every app individually, and you're not proxying ROOT
  at all. Your gists and your stated goals seem at cross purposes...

 Sorry about that. I copied where I left off. I had tried many variations
 of the code you see (with and without app specified). Anyway, I apologize
 for the confusion I created.

 I'll be back!
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




-- 
Si le sang ne coule pas assez chaud dans tes veines, je le répandrai sur le
sable pour qu'il bouille au soleil.

Re: “Virtual hosting” with port removed?

2015-02-01 Thread Zala Pierre GOUPIL 
Ho, just to be sure: never ever launch Tomcat with root privileges. Right?
:-)

On Mon, Feb 2, 2015 at 1:39 AM, Zala Pierre GOUPIL goupilpie...@gmail.com
wrote:

 Good evening,

 If you use Tomcat alone (without Apache or any other web servers), you'll
 have to find a way to have it listen on the port 80 (there a some of them
 available on the web).

 Because Tomcat uses the port 8080 by default. In such a situation, you
 can't remove the port number: no port number in the address bar means port
 80! And as you use MacOS X, which is a Unix derivative, you can't just
 modify Tomcat's server.xml and ask it  to use the port 80: on Unix, port
 numbers  1024 are reserved and a program needs the root privileges to bind
 to them.

 One more thing: any Tomcat distribution is able to set up a virtual host,
 so you should definitively use the plain-vanilla Tomcat available
 officially.

 Regards,

 Pierre



 On Mon, Feb 2, 2015 at 12:22 AM, Micky Hulse mickyhu...@gmail.com wrote:

 Thanks for tips Hassan! I really appreciate it!

 I'll follow your suggestions and take another stab at it. I'll post back
 here with my results.

  On Feb 1, 2015, at 2:46 PM, Hassan Schroeder 
 hassan.schroe...@gmail.com wrote:
  Why? Download the real thing, untar, done. No questions about
  packaging issues. Who knows what this thing does?

 Good point!

 Silly question: Will the real thing allow me to setup a vhost like in
 Apache2?

  OK, is your problem with httpd or Tomcat?
  Is httpd responding to your request for 'http://tomcat.local/'?

 I was able to get tomcat.local to work, but not without the port.

  If so, then why aren't you proxying everything to Tomcat? You don't
  need to proxy every app individually, and you're not proxying ROOT
  at all. Your gists and your stated goals seem at cross purposes...

 Sorry about that. I copied where I left off. I had tried many variations
 of the code you see (with and without app specified). Anyway, I apologize
 for the confusion I created.

 I'll be back!
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




 --
 Si le sang ne coule pas assez chaud dans tes veines, je le répandrai sur
 le sable pour qu'il bouille au soleil.




-- 
Si le sang ne coule pas assez chaud dans tes veines, je le répandrai sur le
sable pour qu'il bouille au soleil.

Re: Feature suggestion: excludeCiphers

2014-11-13 Thread Zala Pierre GOUPIL 
Thanks, man! It's really helpful!

On Thu, Nov 13, 2014 at 5:43 PM, Glen Peterson g...@organicdesign.org
wrote:

 Thank you Mark - that works great!  That feature suggestion is not
 needed after all.

 I found two places where the Tomcat 8 documentation could be more
 helpful.  I would be happy to do the following updates if I'm allowed:

 1. I didn't see ciphers on this page at all (maybe it should be
 renamed TLS-howto in a post-POODLE world?):
 http://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html

 2. The ciphers section here doesn't mention that it accepts the
 OpenSSL syntax:
 http://tomcat.apache.org/tomcat-8.0-doc/security-howto.html

 This page has a helpful description of the syntax (what I used to
 learn it today):
 https://www.openssl.org/docs/apps/ciphers.html

 If you like the ciphers element below, you are welcome to paste it in the
 docs.



 For anyone interested, this is what I ended up with:


 ciphers=ALL:!aNULL:!eNULL:!EXPORT:!LOW:!MEDIUM:!3DES:!TLS_RSA_WITH_AES_128_CBC_SHA256:!TLS_RSA_WITH_AES_128_CBC_SHA:!TLS_RSA_WITH_AES_128_GCM_SHA256:@STRENGTH
 

 Maybe someone more familiar with OpenSSL options could do better, but
 this is working and should be forward-compatible because it eliminates
 weaker ciphers without specifying which stronger ones to use.  Note
 that without specifying @STRENGTH (which means to sort in decreasing
 order by strength), nmap couldn't find
 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 but Qualys did, so sorting seems
 to have some effect for certain clients.  Even sorted like this,
 Qualys still reports that, the server has no preference.

 Also note, that the new configuration doesn't support IE8 on Windows
 XP, but we currently support IE8/Vista and forward.  Qualys says IE7
 on Vista still works, so presumably IE8 would work there too.

 On Thu, Nov 13, 2014 at 9:16 AM, Mark Thomas ma...@apache.org wrote:
  On 13/11/2014 02:58, Glen Peterson wrote:
  Tomcat has been one of my favorite pieces of software for about a
  decade.  Thanks to all your generous contributions it just keeps
  getting better!  I appreciate the focus on security in Tomcat 8.
 
  Suggestion:
  =
  Instead of specifying allowed ciphers in the Connector node of
  server.xml, I'd like to specify dis-allowed/excluced ciphers so that
  as new, better cipher suites become available we won't have to do
  anything.  Maybe an excludeCiphers attribute?
 
  You should be able to do this already in Tomcat 8 if you use the OpenSSl
  syntax.
 
  Mark
 
 
 
  Background:
  =
  We're getting an 'A' on the Qualys TLS test with stand-alone Tomcat,
  which is pretty cool:
  https://www.ssllabs.com/ssltest/index.html
 
  Mostly, that's because of the following settings (in case this helps
 anyone):
 
  Connector port=8443
protocol=org.apache.coyote.http11.Http11NioProtocol
maxThreads=150 SSLEnabled=true
scheme=https secure=true
clientAuth=false
sslEnabledProtocols=TLSv1,TLSv1.1,TLSv1.2
compression=on disableUploadTimeout=true
connectionTimeout=18
URIEncoding=UTF-8
keystorePass=notTheRealPassword
ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
  TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
  TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
  TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
  TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
  TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA /
 
  It seems like just a few years ago there were about 50 cipher suites
  to choose from.  Now there are 12 that work with TLS.  Eight of those
  have Forward Security (the 8 listed above).  Presumably those eight
  will also become outdated over time and new ones will be added to
  replace them.  The problem with specifying ciphers as above is that
  someone will have to know when and how to manually update the cipher
  list.
 
  With each upgrade of Java, we need to remember to do something like
  the following:
 
   - Delete the ciphers attribute
   - Restart tomcat
   - Test here: https://www.ssllabs.com/ssltest/index.html
   - Copy the list of cipher suites
   - Delete any that don't support Forward Security
   - Make a new ciphers attribute.
   - Verify that the browsers and devices we support will still work.
 
  To be honest, I'm not sure if that needs to be done with each Java
  patch release, or only when Java 9 comes out.  If instead of
  specifying valid ciphers, I specified invalid ones, then the new ones
  would just flow through the system and become available without me
  doing anything!
 
  Thank you in advance for considering this suggestion.
 
  @GlenKPeterson
 
  -
  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
 
  -
  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  For

Re: [ANN] New committer: Felix Schumacher

2014-09-19 Thread Zala Pierre GOUPIL 
Congratulations! You can be proud!

Regards,

Pierre




On Fri, Sep 19, 2014 at 9:49 AM, Rainer Jung rj...@apache.org wrote:

 On behalf of the Tomcat committers I am pleased to announce that
 Felix Schumacher (fschumacher) has been voted in as a new Tomcat committer.

 Please join me in welcoming him.

 Regards,

 Rainer

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




-- 
La vie est source de joie, la mort est source de paix, seule la transition
est difficile.