Re: [OT] programming style or mental process ?
Quoting "André Warnier (tomcat/perl)" : On 05.04.2021 14:37, Christopher Schultz wrote: Or, more literarily, given that the syntax of most (all?) programming languages is based on English (if, then, else, new, for, while, until, exit, continue, etc.), we (*) do normally ask "is your coffee cold ?" and not "is cold your coffee ?". On the other hand, in English, coffee which is not hot is called "cold coffee" but in e.g. Spanish, it's "coffee cold". To nitpick, in Spanish one would rather say "cafe frio". ... and, in Italian, "caffè freddo", but we Italians love coffee, and we have much phantasy, so try also: "granita di caffè", "caffè gelato", "caffè col ghiaccio", "il caffè s'è fatto freddo", ... But that's a bit beside the point since - as mentioned above - most currently fashionable programming languages are based on English. Nevertheless, just for the sake of it, and in some imaginary situation in which the Java syntax would be based on Spanish, one would probably have this : si (nada == requerimiento.obtengaCodificaciónCarácteros()) entonces { } sino { } as opposed to si (requerimiento.obtengaCodificaciónCarácteros() == nada) entonces { } sino { } .. which makes it even more striking that the first form deviates from the human language, because "nothing" cannot really be equal to anything, and thus the first form should always evaluate to false. (*) (Which would also lead to more concise Java programs, because if you already know the answer, then you don't even need to make the test in the first place.) On the other hand, this provides an interesting insight into English-speaking people's thought processes, for example as to the expression "nothing matches a good coffee in the morning", which is undoubtedly evaluated as true by many, although logically it cannot be. :-) (*) actually, this appears to be false : in Java, (null == null) is true. See here for an in-depth discussion : https://stackoverflow.com/questions/2707322/what-is-null-in-java P.S. If anyone is interested about how it would be to write programs based on a Latin-inspired programming language, I recommend this : https://metacpan.org/pod/distribution/Lingua-Romana-Perligata/lib/Lingua/Romana/Perligata.pm (in which language it would be very difficult to confuse "==" and "=") - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Re: What exactly does the AJP connector on 8009 do?
On 4/6/21 9:11 AM, Olaf Kock wrote: *Everybody* has a dedicated testing system. Always! *Some* are lucky that they have a completely separate production system. We expect disk drives to fail. So we plan for it, using some form of RAID (full mirroring in my case). And so the power supply fails instead. Also: The likelihood of a power supply failure is inversely proportional to its maintenance accessibility. -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Re: What exactly does the AJP connector on 8009 do?
Olaf, On 4/6/21 12:11, Olaf Kock wrote: On 06.04.21 11:53, André Warnier (tomcat/perl) wrote: Shortcut : - comment-out the AJP Connector in the tomcat configuration - restart tomcat - and wait for desperate support calls That reminds me of the common wisdom in System Administration: *Everybody* has a dedicated testing system. Always! *Some* are lucky that they have a completely separate production system. That's ... amazing. http://www.quickmeme.com/meme/2gs6 -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] programming style or mental process ?
Konstantin, On 4/6/21 06:41, Konstantin Kolinko wrote: вс, 4 апр. 2021 г. в 13:24, André Warnier (tomcat/perl) : Hi. I have a question which may be totally off-topic for this list, but this has been puzzling me for a while and I figure that someone here may be able to provide some clue as to the answer, or at least some interesting ponts of view. In various places (including on this list), I have seen multiple occurrences of a certain way to write a test, namely : if (null == request.getCharacterEncoding()) { as opposed to if (request.getCharacterEncoding() == null) { Granted, the two are equivalent in the end. Some programming languages have rules, in what order an expression is evaluated. E.g. the left side is evaluated first, the result is stored in a register (memory) of a CPU, then the right side is evaluated and the result is stored, then it is followed by a comparison and a conditional jump. Thus the two variants are not equivalent. (Well, as null is a zero and not really a specific value, maybe it does not need evaluation and a memory register to store it.) JVM uses a stack and not registers, but of course many architectures (like most RISC) do use registers under the hood, so there is a bit of mapping here and there, at multiple levels. Then x86 is accumlator-based but also has a few registers, and that number grows with each processor revision. Anyhow, Java bytecode has primitives for loading null values onto the stack, so it both has a definite value (probably 0, I've never bothered to dig into it too much) and it is definitely loaded into registers (well, onto the stack). Further, JLS says that class members without explicit definitions get whatever the equivalent of "0" is in their data type. References are assigned "null", so null is probably == 0, though they could go old-school and use 0xdeadbeef like some C compilers back in the day. In Java the Java Language Specification dictates the evaluation order, "15.7.1 Evaluate Left-Hand Operand First". I vaguely remember that in the C language the evaluation order in such expressions is unspecified. https://docs.oracle.com/javase/specs/ If one side of an expression can have unexpected side effects (like a function call or a null pointer dereference can have), I prefer them to be evaluated first. Thus my preference is for "(request.getCharacterEncoding() == null)". Otherwise, another point of view to consider is readability of the code. If the function call is some lengthy expression, " (null == request.getCharacterEncoding()) " may be more readable when formatting the code results in wrapping the lengthy expression, splitting it into several lines. I think that I should also mention the well-known construct when a comparison is done by calling the "equals()" method on some constant value: CONSTANT_VALUE.equals(someFunction()) In this case the "CONSTANT_VALUE" is known to be non-null, and thus calling its method cannot result in a NullPointerException. (In more complex cases the static method "Objects.equals()" helps to compare two values in a null-aware way). In a way, this makes "null == thing" more consistent, because null is the constant in this case. You can't call null.equals(), of course, but it's the same idea... though for the opposite reason: in your case, you want to avoid both NPE and needless null-avoidance code. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[OT] Re: What exactly does the AJP connector on 8009 do?
On 06.04.21 11:53, André Warnier (tomcat/perl) wrote: > > Shortcut : > - comment-out the AJP Connector in the tomcat configuration > - restart tomcat > - and wait for desperate support calls > That reminds me of the common wisdom in System Administration: *Everybody* has a dedicated testing system. Always! *Some* are lucky that they have a completely separate production system. (lost the source) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: What exactly does the AJP connector on 8009 do?
André, On 4/6/21 05:53, André Warnier (tomcat/perl) wrote: On 06.04.2021 00:45, James H. H. Lampert wrote: On 4/5/21 1:22 PM, Christopher Schultz wrote: If you are not running a reverse-proxy in front of Tomcat, then it does absolutely nothing for you. If you *are* running a reverse-proxy in front of Tomcat, then it *may* do something for you, depending upon what software you are using and what its configuration is. Thanks. Hmm. We have *something* on one of our cloud servers, that has Tomcat sitting behind httpd (on the same box), and we have load balancing (through a couple of AWS Beanstalks) on our cloud-based product, but I don't know if the AJP port is involved in any of that. I don't know about AWS Beanstalks They almost certainly do not support AJP. but for Apache httpd, there are some tell-tale configuration directives in the Apache httpd configuration files, which - if present - will tell you if Apache httpd is communicating with the back-end tomcat using the AJP protocol (and hence tomcat's AJP Connector). Look for either of : - ProxyPass instructions mentioning "AJP:" - SetHandler jakarta-servlet - JkMount (case does generally not matter) +1 Shortcut : - comment-out the AJP Connector in the tomcat configuration - restart tomcat - and wait for desperate support calls :) (*) This is not a critic : it is very flexible that way; it's just a bit more work to search for the right files. You can also run httpd and have it dump the list of all included files: $ apachectl -t -D DUMP_INCLUDES It seems silly that "apachectl" doesn't have a "--dump-effective-configuration" option which just dumps out EVERYTHING, as httpd would see the complete configuration. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: What exactly does the AJP connector on 8009 do?
пн, 5 апр. 2021 г. в 21:59, James H. H. Lampert : > > We've just gotten a complaint about a vulnerability involving AJP (to > something called "Ghostcat") from a customer. The report from the > security consultant recommends updating to a more recent version of > Tomcat, and I note that we've already started rolling out 7.0.108 to > customers. > > Looking at server.xml, the only reference to AJP is in relation to port > 8009, and that this connector is commented out in 108, but not in 93. > > So what exactly *is* this connector, and what purpose does it serve? A well-configured instance of Apache Tomcat should serve requests either over "http:"/"https:" or over "ajp:", but not both. The clients for http: protocol are web browsers. The clients for AJP protocol are web servers (proxies). See also https://tomcat.apache.org/connectors-doc/ https://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html https://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Connectors https://en.wikipedia.org/wiki/Apache_JServ_Protocol Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] programming style or mental process ?
вс, 4 апр. 2021 г. в 13:24, André Warnier (tomcat/perl) : > > Hi. > I have a question which may be totally off-topic for this list, but this has > been puzzling > me for a while and I figure that someone here may be able to provide some > clue as to the > answer, or at least some interesting ponts of view. > > In various places (including on this list), I have seen multiple occurrences > of a certain > way to write a test, namely : > >if (null == request.getCharacterEncoding()) { > > as opposed to > >if (request.getCharacterEncoding() == null) { > > Granted, the two are equivalent in the end. Some programming languages have rules, in what order an expression is evaluated. E.g. the left side is evaluated first, the result is stored in a register (memory) of a CPU, then the right side is evaluated and the result is stored, then it is followed by a comparison and a conditional jump. Thus the two variants are not equivalent. (Well, as null is a zero and not really a specific value, maybe it does not need evaluation and a memory register to store it.) In Java the Java Language Specification dictates the evaluation order, "15.7.1 Evaluate Left-Hand Operand First". I vaguely remember that in the C language the evaluation order in such expressions is unspecified. https://docs.oracle.com/javase/specs/ If one side of an expression can have unexpected side effects (like a function call or a null pointer dereference can have), I prefer them to be evaluated first. Thus my preference is for "(request.getCharacterEncoding() == null)". Otherwise, another point of view to consider is readability of the code. If the function call is some lengthy expression, " (null == request.getCharacterEncoding()) " may be more readable when formatting the code results in wrapping the lengthy expression, splitting it into several lines. I think that I should also mention the well-known construct when a comparison is done by calling the "equals()" method on some constant value: CONSTANT_VALUE.equals(someFunction()) In this case the "CONSTANT_VALUE" is known to be non-null, and thus calling its method cannot result in a NullPointerException. (In more complex cases the static method "Objects.equals()" helps to compare two values in a null-aware way). Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: What exactly does the AJP connector on 8009 do?
On 06.04.2021 00:45, James H. H. Lampert wrote: On 4/5/21 1:22 PM, Christopher Schultz wrote: If you are not running a reverse-proxy in front of Tomcat, then it does absolutely nothing for you. If you *are* running a reverse-proxy in front of Tomcat, then it *may* do something for you, depending upon what software you are using and what its configuration is. Thanks. Hmm. We have *something* on one of our cloud servers, that has Tomcat sitting behind httpd (on the same box), and we have load balancing (through a couple of AWS Beanstalks) on our cloud-based product, but I don't know if the AJP port is involved in any of that. I don't know about AWS Beanstalks, but for Apache httpd, there are some tell-tale configuration directives in the Apache httpd configuration files, which - if present - will tell you if Apache httpd is communicating with the back-end tomcat using the AJP protocol (and hence tomcat's AJP Connector). Look for either of : - ProxyPass instructions mentioning "AJP:" - SetHandler jakarta-servlet - JkMount (case does generally not matter) (Note that under Linux(es), your Apache httpd config files may be spread in small chunks all over the place, generally in locations such as "/etc/apache2/*" or "/etc/httpd/*") (*) Relevant documentation is available here : 1) http://tomcat.apache.org/connectors-doc/ 2) http://tomcat.apache.org/connectors-doc/reference/apache.html 3) http://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass 4) (more complicated cases) http://httpd.apache.org/docs/2.4/mod/mod_rewrite.html#rewriterule Also, if Apache httpd uses AJP to communicate with tomcat, then either one of these Apache httpd add-on modules will be loaded and configured : - mod_jk - mod_proxy_ajp To find out which modules are loaded by Apache httpd, use the following command : # apache2ctl -M (Note that the mere fact that a module is loaded, does not necessarily mean that it is being *used*; but if neither of them is loaded, then you can be pretty sure that Apache httpd is NOT using AJP) Shortcut : - comment-out the AJP Connector in the tomcat configuration - restart tomcat - and wait for desperate support calls (*) This is not a critic : it is very flexible that way; it's just a bit more work to search for the right files. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] programming style or mental process ?
On 05.04.2021 14:37, Christopher Schultz wrote: Or, more literarily, given that the syntax of most (all?) programming languages is based on English (if, then, else, new, for, while, until, exit, continue, etc.), we (*) do normally ask "is your coffee cold ?" and not "is cold your coffee ?". On the other hand, in English, coffee which is not hot is called "cold coffee" but in e.g. Spanish, it's "coffee cold". To nitpick, in Spanish one would rather say "cafe frio". But that's a bit beside the point since - as mentioned above - most currently fashionable programming languages are based on English. Nevertheless, just for the sake of it, and in some imaginary situation in which the Java syntax would be based on Spanish, one would probably have this : si (nada == requerimiento.obtengaCodificaciónCarácteros()) entonces { } sino { } as opposed to si (requerimiento.obtengaCodificaciónCarácteros() == nada) entonces { } sino { } .. which makes it even more striking that the first form deviates from the human language, because "nothing" cannot really be equal to anything, and thus the first form should always evaluate to false. (*) (Which would also lead to more concise Java programs, because if you already know the answer, then you don't even need to make the test in the first place.) On the other hand, this provides an interesting insight into English-speaking people's thought processes, for example as to the expression "nothing matches a good coffee in the morning", which is undoubtedly evaluated as true by many, although logically it cannot be. :-) (*) actually, this appears to be false : in Java, (null == null) is true. See here for an in-depth discussion : https://stackoverflow.com/questions/2707322/what-is-null-in-java P.S. If anyone is interested about how it would be to write programs based on a Latin-inspired programming language, I recommend this : https://metacpan.org/pod/distribution/Lingua-Romana-Perligata/lib/Lingua/Romana/Perligata.pm (in which language it would be very difficult to confuse "==" and "=") - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org