Tushar Kapila

Ranch Hand
+ Follow
since Dec 23, 2007
Tushar likes ...
Chrome Java Linux
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
5
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Tushar Kapila

this is the product https://youtu.be/DhMeg3VUFWs that the movie is based on? i backed the project, good luck. Will learn more about this. many people in rural India still use wood. i wonder if they will benefit

-Tushar Kapila
1 month ago
3000 TPS with one server node? that does not sound very optimistic. there are limits on harware too - sockets a server can use, ram, cpu ... 150 seems to be pretty good.

most of the profilers i have used work better with java 6, so maybe you could look at migrating.

when we had we used selenoium to make a test suite for the web app, a few unit tests, migrated to java 6, then ran the suite again. we did not have any issues except for some entries in the jvm as we use a hsm server ...

but automated testing helped verify that.

we use a lot of cached data too - in static hash maps - they are okay as long as they are load once or load occsaionally read many times. but you mentioned " concurrent hashmap for session management,there is lot of static data being cached in servletcontext"

do you start any threads/ java timers or use jms in the same jvm -> should be fine as long as other threads dont write to the same context or maps. again a profiler would help if there are issues.

9 years ago
hi

we have a working component that does data encryption. it talks to a hsm. so its client-webapp-jvm ---talks-to--> component-in-its-own-jvm ---talks-to--> hsm

We use it via a custom home grown client library that uses a socket cache to connect to the component deployed on another system on our lan built using quickserver.org

Works great for 3-4 TPS for a few days and then we have memory and occasionally socket issues.

we are right now mostly on windows and slowly migrating to linux (next 6-8 months hope to be all linux)


We are trying to improve performance, one idea is to put the component in our own jvm.

As a fall back - want to improve the component. does anyone have bench marks ? should we use a plain GenericServlet under jboss since its all in the same lan - and is there any open source client out there for that?

or use ejb or rmi?

FYI java 1.6 with the client web app on jboss 4

thank you



9 years ago
its to test a specific vulnerability. the newer java's our supposed to have fixed it. just want a way to test our own UAT (old version and new) ...
9 years ago
https://wiki.mozilla.org/Security:Renegotiation has some background information

i guess the code to re negotiate is there in firefox - i need help for someone to identify a utility that can do that on demand!
9 years ago
did you include all the jars from http://commons.apache.org/net/download_net.cgi in your classpath?


From http://commons.apache.org/net/download_net.cgi download a version like http://apache.techartifact.com/mirror//commons/net/binaries/commons-net-3.1-bin.zip
, extract zip/ tar, include commons-net-3.1.jar in your classpath besides other jars if you use them later (like log4j)


you could use ant to make a classpath jar ... look at http://ant.apache.org/manual/Tasks/manifestclasspath.html
9 years ago
what is the full output you get? is the time zone there? maybe the default time zone of java is different than your local?

also use this new java.util.Date() //print it

Do you get the same output?

---

just saw your answer to eclipse had a different default time zone?

you could test by calling your program from the command line. then you would know if the issue is with the java install
9 years ago
like i said it did not work in ff too. read my strike out text i gave a guess there:

* some browsers wont delete cookies until you close the tab or open a new tab.

* and most web servers will log you out once the client (browser) does not send cookies. so you will have to tell users to delete cookies, then open a new tab and paste the same URL


* I dont think you can do anything else as the cookies are sent by the browser and server wont know if they have been deleted from the browser jar or not.

* i guess the browser tab keeps a copy of the cookies even if they are removed from the main storage place -and only new tabs use that.

---

so just test your app your self in different browsers and you will know
9 years ago
most browsers wont delete cookies until you close the tab or open a new tab.

and most web servers will log you out once the client (browser) does not send cookies. so you will have to tell users to delete cookies, then open a new tab and paste the same URL


I dont think you can do anything else as the cookies are sent by the browser and server wont know if they have been deleted from the browser jar or not.

i guess the browser tab keeps a copy of the cookies even if they are removed from the main storage place -and only new tabs use that.


i just tested this with the coderanch website and it worked. i guess there is a way but not sure how. i deleted cookies on this page using firefox / page info/ security / cookies

and when i refreshed the page it had logged me out!

* It did not work with IE so maybe this is just fixed in firefox. I know it used to not work in FF a few months before
9 years ago
you want to run an independent jvm or dynamically load some clases from jar to existing jvm (that is running applet) ?

if independent jvm - just point the exe to java.exe and pass parameters - class-path, main class name etc

but you will need to sign applet if running on others systems as Runtime is a special permission.

For dynamically loading classes you will need the URL to the jar, see URL class loader and you will need parameters to the main class and method to invoke (via reflection)



9 years ago
while true only loops endlessly - not recursion. if you made a new object (and references it in an array list or other way then you would run out of memory here too)

where as a fn calling it self is recursion and java makes a new set of local variables etc and adds each function call to the stack - taking up memory....
9 years ago
* do you have a list of properties that you want to load in to both jvms?

can load them from a java properties file and add them to the system properties

* do you want to send a new property added in jvm 1 to jvm 2?
9 years ago
Using java 1.6.14 with jboss 4.3 ( i think server does not matter ) -

read about that the ssl vulnerability :

http://stackoverflow.com/questions/1623676/suns-java-ssl-implementation-is-leaking-memory

http://nuxx.net/blog/2012/02/20/ms12-006-and-http-408-errors/

http://support.microsoft.com/kb/2638806

http://technet.microsoft.com/en-us/security/bulletin/ms12-006



http://stackoverflow.com/questions/1623676/suns-java-ssl-implementation-is-leaking-memory

http://www-01.ibm.com/support/docview.wss?uid=swg1PK16095
http://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#descPhase2

what i want : a java or php script - that directly calls it self or a new java process (the new process will start a class based on your code too)
to make connections to the server that ask it to make a new SSL session, this increasing the RAM used by the JVM and crashing it eventually


Do not want a simple DOS attack. Each hit of this kind should increase the memory used by the JVM by a MB
So if the server has a max of 1GB, in about 800 or so hits it should max out. thanks

i tried making a simple ssl connection using :
1. URL
2. Socket
3. apache http client

but no go - ran it all night from 2 desktops hitting the server every second and memory is fine.

changing program to call a process - maybe if its a new jvm a new session is made. but out of ideas after that! any help will be appreciated. (looked at owasp and googled but did not find any thing like a test program to re create)
9 years ago
maybe you can use http client instead of URL to make connections and read server pages/ objects http://hc.apache.org/httpclient-3.x/sslguide.html
we have 9 windows servers & 2 linux that talk to each other and to outside servers too (they talk to around 110 external ports as we have many clients and when a user does some actions we need to talk to 1-3 apps)

but a lot of communication is internal too - encrption, db, services

questions:

1. will be benefit by installing SDP on windows? { http://en.wikipedia.org/wiki/Sockets_Direct_Protocol }

2. how does one do that in Vista (testing), windows server 2003 ?

thanks