Wednesday, May 20, 2015

Fixing Logjam for Pound

The recently discovered problem "Logjam" in TLS (or the Diffie Hellman algorithm to be exact) is also present in pound by Apsis. Especially if you're using a pre-build binary via apt-get or rpm, as the DH parameters are built into the pound binary itself.

So, to block the support of DH Export, it is enough to change or specify a "Ciphers" setting:

ListenHTTPS
    ...

    ...
    Ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"

End


However, to be absolutely on the safe side, I'd recommend to compile your own binary with 2048 bit long DH params (the default ones are "just" 1024 bit anyway).




Luckily the steps are quite simple and straight forward:
  1. wget http://www.apsis.ch/pound/Pound-2.7.tgz
  2. tar -xzf Pound-2.7.tgz
  3. cd Pound-2.7
  4. ./configure --with-dh=2048 --prefix= --exec_prefix=/usr
  5. make
  6. make install
This will look for pound.cfg in /etc/pound.cfg (Debian uses /etc/pound/pound.cfg) and install pound in /usr/sbin - just like the Debian/Ubuntu package does - so you can keep / reuse their init.d script.

Also consider adding "Disable SSLv3" (just above Ciphers) to disable SSL3 which is considered insecure.

Using all this will give you a solid A- on https://www.ssllabs.com/ssltest/analyze.html

Tuesday, April 21, 2015

Using Rhino with Java 8

Java brings Nashorn as new JavaScript implementation for JSR 223 (javax.scripting). While this is certainly great news (Nashorn is way faster than Rhino by directly generating Java code), it comes with some challenges: Nashorn is not 100% compatible with Rhino.

Rhino had some extensions and more or less other interpretations on how to combine the Java world with JavaScript. Therefore you cannot simply replace Rhino by Nashorn. One case (which ruined our day) is that you cannot call static methods on instances. Therefore we had to get Rhino up and running in Java 8 until we have our scripts re-written.

Although there is an extensive documentation available in java.net, it is a bit confusing (some URLs are wrong, some steps are missing). So here are the steps which worked for us:

  1. Download Rhino: https://github.com/downloads/mozilla/rhino/rhino1_7R4.zip 
  2. Download JSR-223: svn checkout svn checkout https://svn.java.net/svn/scripting~svn
    Yes that is a ~ in the URL!
  3. cd scripting~svn/trunk/engines/javascript/lib
  4. Copy the js.jar from rhino1_7R4.zip into this directory (replace the existing js.jar)
  5. cd ../make
  6. ant clean all
  7. Copy ../build/js-engine.jar AND js.jar (of Rhino) into your classpath
  8. Now change:

    ScriptEngineManager manager = new ScriptEngineManager();
    ScriptEngine engine = manager.getEngineByName("js");


    to:

    ScriptEngineManager manager = new ScriptEngineManager();
    ScriptEngine engine = manager.getEngineByName("rhino");

That's all you need to backport Rhino to Java 8.

Monday, February 2, 2015

A better MessageFormat for Java

The MessageFormat class is widely used by Java, especially when it comes to internationalisation. At first sight, using it is simple and straight forward. Define a pattern like "There are {0} files on {1}", either in Java - or better in a in a .properties file. Create a new instance of MessageFormat and supply arguments for the two parameters when calling the format method. This create a formatted string like "There are 100 files on /dev/sda".

Couldn't be easier, right? Yep, but there's still room for improvement. One such improvement is replacing parameter indices with names. "There are ${numberOfFiles} on ${disk}", provides way more context to the poor soul having to translate a properties files.

Another improvement are optional sections. Imagine you have to represent a person as string. It can have a salutation, a firstname and a lastname. Depending on what a user entered, the salutation and or the firstname might be empty. Valid combinations could be "Mr. John Foo", "John Foo", "Mr. Foo". Using a pattern like "[${salutation} ][${firstname} ]${lastname}" is enough to create this output if optional patterns are supported. That idea is, that blocks in angular brackets are only output if at least one enclosed parameter is replaced with a non-null value.

All this is implemented by the Formatter class provided by Sirius. Using it is quite simple. For internationalisation, use NLS.fmtr("Property.key").set("paramName", value).format(). Note that Sirius automatically loads all properties files and makes them available using the NLS class. To use the smart formatting capabilities a formatter can be directly instantiated like this: Formatter.create("${foo}[ ${bar}]").set("foo", foo).set("bar", bar).smartFormat().



Thursday, June 12, 2014

JavaMail can be evil (and force you to restart your app server)

JavaMail always had an interesting approach when it comes to its configuration. Basically you have to fill an untyped map or Properties structure and hope for the correct interpretation. Countless tutorials on the net show the minimal properties required to make it work (send / receive mails).

However, as we painfully just learned, there are some lesser known properties you should probably take care of, which is timeout settings for socket IO. By default, JavaMail uses an infinite timeout for all socket operations (connect, IO, ...)!

Now suppose you have a cluster of SMTP servers which handle outgoing mail, accessed via a DNS round robin. If one of those servers fail, which happens to be the one JavaMail wanted to connect to, your mail sending thread will hang - forever! This is exactly what happened to us and we needed to perform some real nasty magic to avoid tragedy.

Therefore, we now set timeouts for all operations:

  String MAIL_SMTP_CONNECTIONTIMEOUT ="mail.smtp.connectiontimeout";
  String MAIL_SMTP_TIMEOUT = "mail.smtp.timeout";
  String MAIL_SMTP_WRITETIMEOUT = "mail.smtp.writetimeout";

  String MAIL_SOCKET_TIMEOUT = "60000";

  // Set a fixed timeout of 60s for all operations - 
  // the default timeout is "infinite"
  props.put(MAIL_SMTP_CONNECTIONTIMEOUT, MAIL_SOCKET_TIMEOUT);
  props.put(MAIL_SMTP_TIMEOUT, MAIL_SOCKET_TIMEOUT);
  props.put(MAIL_SMTP_WRITETIMEOUT, MAIL_SOCKET_TIMEOUT);


Also, if you plan to access DNS round robin based services (like amazon S3) or in our case a mail cluster, don't forget to also configure the DNS cache tiemout of Java (which is also infinite by default):

 // Only cache DNS lookups for 10 seconds
 java.security.Security.setProperty("networkaddress.cache.ttl","10");

And while we're at it, for us it turned out to be a good idea to set all encodings to UTF-8 (independent of the underlying OS) to provide a stable environment:

 System.setProperty("file.encoding", Charsets.UTF_8.name());
 System.setProperty("mail.mime.charset", Charsets.UTF_8.name());


...you don't want to care about stuff like this at all? Feel free to use our open source Java library SIRIUS, which takes care of all that by providing a neat fluet API for sending mails:
Sources on GitHub

An example usage can be found in the cluster manager:

    @Part
    private MailService ms;

    private void alertClusterFailure() {
        ...
        ms.createEmail()

          .useMailTemplate("system-alert", ctx)
          .toEmail(receiver).send();
        ...
    }


Thursday, February 20, 2014

Multithreaded Java - Screencast on the synchronized keyword

synchronized is quite well known in the Java community. Due to its early implementation which had a significant runtime overhead, it has quite a bad image. In modern JVMs this isn't the case anymore - still there's something to look out for.

Watch the screencast to learn more:


Multithreaded Java - Screencast on the volatile keyword

volatile is probably one of the least known keywords in Java. Still it serves an important purpose - an not knowing about it might ruin your day....

Watch this screencast to learn more:


Monday, February 3, 2014

Version Numbering Scheme - Yet another approach


Version numbering schemes are probably one of the few things we software engineers have more than sort algorithms. However, there's always room for one more.










While the classic approach of MAJOR.MINOR.PATCH (e.g. 1.8.2) works quite well for libraries or products which are distributed in a broad manner, it is still not as easy as it seems. What is a major change? What a minor? What comes after 1.9? 2.0 or 1.10? There are tons of examples where this classic approach fails, Java being one of the most prominent examples.

One the other hand, this approach is almost perfectly suited for libraries, as the rules are quite obvious here:
  • increment minor version for every release (2.4 -> 2.5)
  • increment major version when a backward incompatible change was made (2.4 -> 3.0)
  • increment the patch level for each update, which only fixed bugs but didn't add functionality (2.4 -> 2.4.1)
However, for software which runs in the cloud or is only delivered to a number of customers, the distinction is not always this clear. As we do not distinguish between minor or major updates (ask our sales guys, each release is a major step forward), we ended up using the build numbers of our Jenkins build server as version number.

Although this approach works quite well, there are two problems with it:
  1. You need a build server which issues consecutive build numbers
  2. Without looking at the build server, you cannot tell the age of a release (How much older is BUILD-51 compared to BUILD-52?)
Therefore we now started to switch to another approch for our SIRIUS based products: Inspired by date code placed on ICs, we started to use the same codes for our releases. A date code consists of four digits, the first two being the year and the second two being the week number. So this blog post would have 1406 as version.

As we don't perform more than one release per week, a version number is always unique. Furthermore these numbers are quite short and easy to remember (compared to full dates like foo-20130527). Still they provide a rough information concerning the release date.

Now as I said, this scheme is not superior over others. It's just a good solution for our problem. Use it if you like it, ignore it otherwise ;-)