by the container an explicit non-requirement, so you couldn't count on
it at another site or in another container version anyway. If you're
going to make them dependent then you have to provide the whole
dependency resolution mechanism.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Asking whether
Not just Debian; I had several Gentoo boxes get into this state.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Asking whether markets are efficient is like asking whether people are smart.
pgpQqvHnxfAYd.pgp
Description: PGP signature
.
Searching for firefox kerberos authentication showed me a lot of
hits that might help you on the client side.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Asking whether markets are efficient is like asking whether people are smart.
pgp9LAw8gVbpY.pgp
Description: PGP signature
the necessary methods, so you should be
able to write something to do that.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Asking whether markets are efficient is like asking whether people are smart.
pgpsj9A6LWcQ8.pgp
Description: PGP signature
of
most of them and suppose that few of you all have either.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Asking whether markets are efficient is like asking whether people are smart.
pgpJKCQyXtpu7.pgp
Description: PGP signature
.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
I don't do doorbusters.
pgpLNCz9kvV07.pgp
Description: PGP signature
-party plugins corral?
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
I don't do doorbusters.
pgpnNSX0H6LHV.pgp
Description: PGP signature
On Thu, Mar 14, 2013 at 07:13:20AM -0700, fachhoch wrote:
every few seconds a new session is begin created from an ipaddress , I have
no clue who owns that ipaddress , how can I find more about that
ipaddress?
'whois'.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
There's
servlet container running in a
poorly-tuned OS or undersized hardware will still underperform. The
general plan here is the same: start with an educated guess, observe,
adjust, monitor
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
There's an app for that: your browser
for tarpit. There should be a lot of discussion.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Machines should not be friendly. Machines should be obedient.
signature.asc
Description: Digital signature
visible by messing with
their attacks, just wondering.
Then again, my experience shows that when a computer slows down most
people either just live with the problem or buy a faster machine. Ugh.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Machines should not be friendly. Machines
think that muddling the concerns of developers and installers is
asking for trouble.
(I also feel that an app. should be able to function without any
configuration at all, at least to the point of telling me what I
forgot to configure.)
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
can grasp it. What's the next soft spot, and can we defend or harden
it? Can we afford to win the bot battle, or is it better to just
shrug them off?
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Machines should not be friendly. Machines should be obedient.
signature.asc
that
high because they are doing another job for us.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Machines should not be friendly. Machines should be obedient.
signature.asc
Description: Digital signature
an app. is placed in appBase,
Tomcat feels free to extract its own context descriptor and destroy
same as needed. It can't tell our hand-built ones from its own
extracts.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Machines should not be friendly. Machines should be obedient
for incorrect design in this area.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Machines should not be friendly. Machines should be obedient.
signature.asc
Description: Digital signature
On Tue, May 07, 2013 at 01:17:40PM -0400, Jesse Barnum wrote:
On May 7, 2013, at 9:40 AM, Mark H. Wood mw...@iupui.edu wrote:
Well, the developer can simply pack into the app. whatever internal
configuration is needed, since he has ready access to the interior of
the app and can deposit
On Tue, May 07, 2013 at 04:45:39PM +, Jeffrey Janner wrote:
-Original Message-
From: Mark H. Wood [mailto:mw...@iupui.edu]
Sent: Tuesday, May 07, 2013 8:41 AM
To: users@tomcat.apache.org
Subject: Re: Why is context.xml no longer copied to
Catalina/localhost/myapp.xml
to write less-brittle code. This should not be a big deal.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Machines should not be friendly. Machines should be obedient.
signature.asc
Description: Digital signature
be instructive to look at the browser's error
console too.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Machines should not be friendly. Machines should be obedient.
signature.asc
Description: Digital signature
On Tue, Aug 06, 2013 at 03:05:44PM +, Jeffrey Janner wrote:
Had a programmer build a filepath using \ instead of / , because he's
windows centric (duh).
Probably should be using java.io.File.separator.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Machines should
configuration files are not Java and the conventions are
different. Single backslashes work just fine for me with the
RemoteAddrValve, and I don't see why they should not work in
configuring the RemoteAddressFilter.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Machines should not be friendly
not. I'd have to write something to scrape the
messages out of the forum and turn them into email.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Machines should not be friendly. Machines should be obedient.
signature.asc
Description: Digital signature
. So the
UA punts, leaving the cursor at the top of the message, and the
trusting user thinks this is what should happen. The *adept* user
knows that editing and composition make his work more effective, and
is guided by training and experience rather than the UA.
--
Mark H. Wood, Lead System
the subscription response or
latest-read message and at least give the user some suggestions.
Rules like no attachments could be acted on by the UA; rules like
no top-posting require human judgment but could be advertized by the
UI.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Machines should
log files is easily done with a simple cron job, if
the application does not trim old files. That operation can be done
just as well externally as internally.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Machines should not be friendly. Machines should be obedient.
signature.asc
On Wed, Jan 29, 2014 at 10:27:13AM -0500, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 1/29/14, 9:49 AM, Mark H. Wood wrote:
On Tue, Jan 28, 2014 at 12:32:22PM -0500, Daniel Mikusa wrote:
On Jan 28, 2014, at 12:05 PM, Vye v...@vye.me wrote:
I
It's probably worth asking what full-fledged enterprise applications
means. I'm not aware of any specification with that title.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Machines should not be friendly. Machines should be obedient.
signature.asc
Description: Digital signature
On Mon, Mar 10, 2014 at 09:32:05PM -0400, Rossen Stoyanchev wrote:
On Mon, Mar 10, 2014 at 3:58 PM, Mark H. Wood mw...@iupui.edu wrote:
It's probably worth asking what full-fledged enterprise applications
means. I'm not aware of any specification with that title.
Indeed
for the product in question if my need is unusual. I'd
probably ask on SO if I couldn't find an ML or the ML proved
unhelpful. Neither of which is true of this list.
But then I'm such an old fossil that I think email is still useful. :-)
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Machines
of the repairman's story of arriving at a site and
discovering he'd been entered in a race: the customer had called two
other repair shops as well, and apparently whoever arrived first got
the job. He was unhappy about that. I can understand why.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
, where a statement
delimiter is needed. It's not part of an SQL statement, so it
probably doesn't belong in a query string.
Commandline tools need a statement delimiter, but statements fed to
the DBMS programmatically are delimited by end-of-string.
--
Mark H. Wood, Lead System Programmer mw
I recommend that, whatever settings you use, don't just set and forget
them. Monitor your memory usage and tune it to match the
characteristics of your load.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Machines should not be friendly. Machines should be obedient.
signature.asc
*very* little experience with AWS, so it's quite possible I'm
missing something.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Machines should not be friendly. Machines should be obedient.
signature.asc
Description: Digital signature
deployment I tried symlinks and it nuked all the sym linked data on
deploy
I would place the content elsewhere -- outside of Tomcat's directories
altogether -- and pass its path in through the environment.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Machines should not be friendly
modifications to the
properties file.
I guess you don't want to just set some Context parameters
https://mhw.ulib.iupui.edu:8443/docs/config/context.html#Context_Parameters
or Environment entries?
https://mhw.ulib.iupui.edu:8443/docs/config/context.html#Environment_Entries
--
Mark H. Wood
intervals for a long session. Most of the
session uses symmetric encryption, which is far, far cheaper.
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu
On Fri, Feb 13, 2015 at 01:21:13PM -0500, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 2/13/15 1:02 PM, Mark H. Wood wrote:
On Fri, Feb 13, 2015 at 11:46:37AM -0500, Christopher Schultz
wrote:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256
about the other commands.
The 'ls' that comes as part of Gnu Coreutils will, when built that
way, add a + to the mask to show that there is an ACL on the
object. (But that's all it does -- I still have to remember to use
'getfacl' to see what the ACL actually *says*.)
--
Mark H. Wood
Lead
to Resource injection. Doing it
this way might be a good quick proof-of-concept for a nicer solution.
In summary: place mail.jar in Tomcat's /lib and NOT in your deployed
application.
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue University Indianapolis
requently getting in my way, embodying invalid assumptions, and
generally resistant to being used in the way I want to operate a host.
Others will have the opposite experience. So, which kind do you have?
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue Un
by root with permissions 600?
> I understand that this is done by starting the tomcat process as root
> and then dropping privileges using setuid() , but was unable to find
> something already built / well documented.
That is what the Commons Daemon tool (jsvc) is for. That should be a
lot simpler
to how many connections it accepts at the same time ?
> or maybe the PostgreSQL server is just overloaded ?
There is. It is in postgresql.conf: max_connections.
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Stree
pful, because I always struggle what directories are
> minimum necessary to start a new instance.
Not in the standard Tomcat kit, I think. Gentoo Linux has its own
tomcat-instance-manager.bash script which does this. You might be
able to adapt it.
https://wiki.gentoo.org/wiki/Apache_Tomcat
--
and CPU power across your user community, the amount of
data to be sent per request, and the shape of traffic over time, you
can make some shrewd guesses, but in the end the best solution is the
one that does the job best, and the only way to know that is to test
and see.
--
Mark H. Wood
Lea
protected resources, drop privilege, run.
This *is* mentioned in RUNNING.txt, but somehow manages to be overlooked.
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
like conf -> /etc/tomcat-7, as Gentoo does it,
to explain the few things that can't be relocated by configuration.
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0
ought to make one
into a function and just call it N times with various arguments, but
this works for me.
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iup
uot; Too much information is better than too little.
o My recollection is that this list does not forward attachments. If
the evidence is too large to simply copy into an email body, you
could post it on something like Pastebin or Github Gist and refer
to the URL in your messages.
--
Mark
> taglibs. Simply look in each JAR file to see if there are any ".tld"
> files.
That's what I thought, too. I looked, and the jstl-api JAR doesn't
contain any TLDs. The corresponding jstl-impl JAR does, though.
--
Mark H. Wood
Lead Technology Analyst
University Library
tays where it was.
I also tend to install the webapp.s elsewhere and just drop in
external Context files to point to them, so copying these is a snap.
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN
>
> It was never merged into Tomcat, but if it got some additional interest and
> testing, perhaps it could be added.
>
> - -chris
There's also this:
https://github.com/mwoodiupui/tomcat-extras
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu
signature.asc
Description: PGP signature
obliterate (not just discard) secrets as soon as you have no
further need for them. That means that, within the JVM, they should
only ever exist in mutable objects (not String, for example).
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue University
recalling that "Apache" is a huge array of various projects
(including Tomcat!), while "Apache HTTP Server" refers to a specific
web server daemon that can front-end Tomcat. One could even link
"Apache HTTP Server" to 'http://httpd.apache.org/'.
--
Mark H. Wood
Lea
u must remove X from all
systemwide truststores of every type, and then configure a custom
truststore for every application except A.
Which is more error-prone?
It shouldn't be difficult to write a script that makes a copy of the
systemwide store and adjusts it to your application's spec
perly
encoded.
I would say it is debatable whether browsers should be "correcting"
hrefs which are handed to them by some site.
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu
signature.asc
Description: PGP signature
t until fixed (or replaced).
o An additional problem with multiple applications per container:
ill-designed dependencies which are only configurable using system
properties, when different applications need different
configurations.
--
Mark H. Wood
Lead Technology Analyst
University Li
hint on my mess I wouldn't mind.)
If this happens to be a project built with Maven then 'mvn
dependency:tree' should tell you which artifacts are pulling in
SLF4J. You may need to run this more than once as you comb out
transitive dependencies one by one.
But it's possible to use multiple loggi
It seems to me that the problem may be, that you are trying to use
Tomcat but cut away most of its raison d'etre. Asking Google for
"embedded web server java" will give you a lot of other possibilities
to explore, some of them extremely simple.
--
Mark H. Wood
Lead Technolo
1 (IPv6 loop back address), whereas IIS connector tries to bind to
> the IPv4 loopback.
Two things I would try:
1. Two connectors, one with address='::1' and the other with
address='127.0.0.1', both with port='8014'.
2. Configure the other end explicitly: tell HTTPD and IIS which
add
thought of. One result is a rather Wild West approach to
using directory services for authentication. (I see this also in
services dedicated to authentication: seemingly no two organizations
use CAS in the same way.)
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana Universi
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu
signature.asc
Description: PGP signature
place to clean it
up anyway.
Sorry for the noise.
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu
signature.asc
Description: PGP signature
ith SHA1 and
then encrypting the hash with the CA's RSA private key.
I just remembered that your browser probably has a way to display
details of a certificate, too.
BTW that certificate above was issued in 1999, when SHA1 was
considered sufficient. Certificates created today should be using a
stronger
org/tomcat-7.0-doc/config/valve.html#Remote_CIDR_Valve
I got so tired of those eye-watering IP address REs that I wrote my
own CIDR-based Valve some years ago, but I'm happy to discover that I
can now throw it away and use one that ships with Tomcat.
--
Mark H. Wood
Lead Technology Analyst
University
osts should be
reachable via each local address. 'connect' should use this to pick
an address that can reach the distant host, assign an unallocated
port, and send SYN to request a connection.
So the answer to your question is "it depends on the service host's
address and what networks t
suppose there's nothing useful in the logs? Can anyone suggest
adjustments that might log relevant observations?
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu
signature.asc
Description: PGP signature
I've appreciated this discussion. It's caused me to think a bit more
about my use of this pattern.
[regarding tests for null references]
This has got me wondering why there is no operator for such an
irritatingly common need:
if (my_reference isNull) { ... }
--
Mark H. Wood
Lead Technology
I decided that just lengthening timeouts was a losing strategy,
because these particular reports can be requested over any portion of
a record set that steadily grows in size, and can thus take longer to
generate every month. Your situation may be different.
--
Mark H. Wood
Lead Technolog
a look at https://stackoverflow.com/a/12160863/2916377
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu
signature.asc
Description: PGP signature
The Gentoo Linux packaging of Tomcat does a nice job of laying out
separate CATALINA_HOME and one or more CATALINA_BASE trees, if you'd
like something to study.
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
uot;5"
> logAbandoned="true"
> username="shoc"
> password="password"
> />
>
>
> className="org.apache.catalina.valves.AccessLogValve"
> prefix="s
simple and straightforward.
>
> Would it make sense to create a solution with less caveats and up to date
> security requirements?
If the OP's cyber security group insists, then maybe they would care
to give him their requirements and suggestions for setting up IPSEC.
--
Mark H. Wood
Lead
well but I
very much prefer the way mod_proxy_ajp integrates with the proxy
configuration in HTTPD.
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu
signature.asc
Description: PGP signature
ere may not
*be* a way to specify "no encryption" of the PKCS12 structure itself,
only ways to express a zero-length password.
Of course I pay strict attention to file and directory permissions.
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue
different means.
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu
signature.asc
Description: PGP signature
101 - 176 of 176 matches
Mail list logo