Categories
Software development Technology

Java keytool

Reading Time: < 1 minute

Keytool

The Most Common Java Keytool Keystore Commands

import

  • keytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks (or cacerts)

(keytool -keystore $CACERTS_STORE -storepass changeit -importcert -alias jfrog.root -file jfrog.root.cer -noprompt)

list

  • keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts

Install Spring STS on Mac

Drag the STS to the Application may not necessary, as it could not find the vFabric server (need to open the folder to let base_instance know)

Other setup for Maven (3.0.5)
home brew maven30 (stackoverflow thread)

Last but not least

Java dev blogs at Okta

Categories
401k and Personal Finance

Database connection pool

Reading Time: < 1 minute

https://brandur.org/postgres-connections

https://news.ycombinator.com/item?id=18220906

https://github.com/brettwooldridge/HikariCP/wiki/About-Pool-Sizing

Categories
Software development Technology

GCP Data Fusion

Reading Time: < 1 minute

(Update) Tried running couple more pre-set pipelines from google. It took a while to run (don’t know why). More on permissions (IAMs): need to add “Dataproc Worker” role to “Compute Engine default service account”. Continue added Service Account User to “Cloud Data Fusion Service Account / Cloud Data Fusion API Service Agent”

Couple tutorials

Targeting campaign pipeline

Creating a reusable pipeline

Permission issue (note the exact error will depends on the setup of network as well, for example, this DF service account needs to have network access to run the pipeline, and it needs that role if applicable).

Cost: the developer edition for data fusion instance costs 35 cents per hour. The basic edition is 1.80 per hour but comes with first 120 hours free, this is 5 days free usage and recommended. Also, there is ways in GCP to set up budgets and alerts.

Categories
Software development Technology

Terraform

Reading Time: < 1 minute

Doing

Prepare for Certification

Get Started – AWS : below has some issues, cannot find the image. Note I tried to find correct ami image id too (ami-032930428bf1abbff, via AWS console), but it appears there is another issue when a correct ami image id was used.

resource "aws_instance" "example" {
  ami           = "ami-830c94e3"
  instance_type = "t2.micro"
}

Error: Error launching source instance: VPCResourceNotSpecified: The specified instance type can only be used in a VPC. A subnet ID or network interface ID is required to carry out the request.
	status code: 400, request id: c8d85874-93fb-4e48-b515-97b50172826b

  on example.tf line 15, in resource "aws_instance" "example":
  15: resource "aws_instance" "example" {

*Amazon Linux AMI 2018.03.0 (HVM), SSD Volume Type – ami-032930428bf1abbff (from aws console)

Done

Get Started – Google Cloud

Get Started – Azure : one interesting part is it seems the user name and password for Azure in TF script is not checked (or in other words they are stateless?). Not sure why. Was using admin_username=plankton later while it was setup it was Password1234!

Two more comments on Azure: the Store Remote State part did not work perfectly. I believe Azure free tier has one year limit: it shows 6 cents so far for my infrastructure experiment. Also: the detailed cost.

Get Started – Terraform Cloud

Categories
Life Tips Software development Technology

hosts file for productivity

Reading Time: < 1 minute

Sometimes we need to get something done without the distraction of facebook, twitter or for that matter, linkedin (or some other sites you want to stay away). Here is a tip for how to do it on Mac.

sudo vi /etc/hosts
(note you don’t have to use vi, feel free to use nano or other editor of your choice)


referene entries below
====
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost

127.0.0.1 facebook.com
127.0.0.1 www.facebook.com

#127.0.0.1 linkedin.com
#127.0.0.1 www.linkedin.com

127.0.0.1 twitter.com
127.0.0.1 www.twitter.com
====

Then do this in command line.
sudo dscacheutil -flushcache

Reference articles:

How to Edit the Hosts File in Mac OS X with Terminal

How To Edit Hosts File In Linux, Windows, Or Mac

Categories
China iPhone app

WeChat is not banned, at least not yet

Reading Time: 2 minutes

(Update 09-20-2020) It looks like the 9th court temporarily blocked the WeChat ban (NPR). The TikTok ban became irrelevant because there is the new deal with Oracle / Walmart (theverge).

(Original 09-18-2020)

CNN: US will ban WeChat and TikTok downloads on Sunday. Quote: “The only real change as of Sunday night will be [TikTok users] won’t have access to improved apps, updated apps, upgraded apps or maintenance,” Commerce Secretary Wilbur Ross said Friday morning on Fox Business. || Also, quote: “The restrictions targeting WeChat are more extensive. Beginning Sunday, it will be illegal to host or transfer internet traffic associated with WeChat, the Department said in a release. The same will be true for TikTok as of Nov. 12, it said.” I don’t know if this part is doable (again not sure if it’s legal) in the US. Also this part seems contradicts with Wilbur Ross’s comments. Btw, Wilbur Ross made most of his money from coal industry (and coal miners’ pension or healthcare): this part is similar to how his boss got rich…

(Earlier) TechCrunch: Justice Department says WeChat users won’t be penalized under Trump’s executive order : the normal chat / group chat function will continue to work after Sunday September 20. It does seem impact the WeChat pay (financial transaction) as well as the App / Google Play store (workaround later). Also refer to this Ars Technica article.

The workaround for the App store is to change your country / region, for example, change from the US to Canada. You may create a new user if needed. One thing I found out is if I have app store credit on account, I cannot switch. This applies to TikTok users as well.

Workaround

  1. There are ways to download apps even if the apps are no longer available in the US App Store or Google Play Store. The trick is to pick another country / region in the store setting. There is a limit though: if you have balance (credit, money) in the App Store, you cannot switch (have to spend it first). In this case you may have to create another app store id solely for the purpose to download apps (for example, in addition to wechat, there are some other apps only available in China app store).
  2. If the administration decide to block the web traffic (app traffic is a part of web traffic, it’s usually at the http level). One may use VPN service to get around that. This is nothing new.
  3. There is also desktop app (Mac, Windows) and web app on WeChat web site. You may install the desktop app, or use the web app (essentially it’s like a website). Note WeChat still needs the phone app for sign in for those.

Here is a link to the US WeChat User Alliance. They are suing the US government for the unreasonable action (likely illegal as well).

Last but not least, this is mostly a last ditch effort from the current administration to save the re-election (this part if proven, it’s illegal too). Because, in the US the political campaign and governing are separate.

Categories
Fun Technology

Virtual Learning

Reading Time: < 1 minute

I normally use google calendar for kiddos’ Zoom meetings. My older daughter who is going to be FGC dragon knows get to Zoom via Google classroom. I can train her on the google calendar too. But now I am thinking I will take Monday off for the full time support of virtual learning (I feel I need a break from work too). || A bigger question though, this kind of management tool seems like new normal to all of us. In the past I used Google Calendar for all my personal appointments and all my kids activities, this includes my girl’s basketball (time, location), and my volunteer meeting at kids school etc. || Also, a side note, I have not looked into kiddos iPad yet, but I assume everything is setup including google classroom. But I prefer kids not to watching iPad whole day. So I setup bigger monitor with laptops (MacBooks) and webcams. I will need to provide some support for my 1st grader on this…

Categories
Software development Technology Web

API Gateway

Reading Time: < 1 minute

Kong

Kong is a cloud-native, fast, scalable, and distributed Microservice Abstraction Layer (also known as an API Gateway or API Middleware). Made available as an open-source project in 2015, its core values are high performance and extensibility.

Actively maintained, Kong is widely used in production at companies ranging from startups to Global 5000 as well as government organizations.

CA Layer 7 / API Gateway: was owned by CA Technology, formerly Computer Associates. Sold it to Broadcom the chip company in recent years. It used slightly older technology as Kong, apigee and Okta.

documentation:

architecture:

Categories
Java Software development Technology

Spring batch, Spring Scheduler, PCF

Reading Time: < 1 minute

Was experimenting running scheduled job on PCF. One natural choice is PCF scheduler, which comes with the Pivotal Web Services (PAAS). Googled around and found this example on DZone. The spring batch code is here. There was a small typo in the manifest.yaml,

path: build/libs/payment-processing-spring-batch-0.0.1-SNAPSHOT.jar
Note the snapshot.jar file name does not match what’s specified in the build.gradle file.

The correct file name is

spring-batch-job-0.0.1-SNAPSHOT.jar

The rest of the manifest.yml looks good, in fact I used the following options for my spring scheduler app manifest.

no-hostname: true
no-route: true
health-check-type: none

But PCF scheduler is not available in our environment. The Spring Scheduler is used instead. I followed this Get Started Guide from Spring. In my case I need to use Cron Expression, here is the code sample and here is the guide to cron expression.

Last but not least, in my case I need to send out email notification for the cron job conditionally. I used the java email code sample here.

======

Some PCF references

pivotal web serivce

cf login -a https://api.run.pivotal.io/

https://console.run.pivotal.io/tools

https://docs.pivotal.io/pcf-dev/index.html

cf login -a api.local.pcfdev.io --skip-ssl-validation

https://tanzu.vmware.com/tutorials/getting-started/local/deploy-the-sample-app

Categories
401k and Personal Finance

GCP Cloud Storage and PCF

Reading Time: < 1 minute

Tried two two tutorials on my personal GCP.

hello world


cloud storage (upload a file, then return a public url for download; another download link)

I may delete those bucket and files later on, as hosting costs money (app engine, cloud storage). Update: I disabled the app (here is one article talking about disable / delete app engine app). In simple term: I go to project, app engine, go to settings, click disable. Btw, I noticed all 73 cents charges for about 20 hours is from app engine.

From GCP Console Dashboard, I saw Resource

App Engine
2 versions
Storage
4 buckets

GCP Service Broker

For PCF, the approach above did not work (got an error on line 61 on the example above). I followed the steps for GCP service broker and pushed it to our pcf.

Virus Scan

Automating malware scanning for documents uploaded to Cloud Storage

PCF Sample App

It looks like with the VMWare Pivotal acquisition / integration, their hello world sample app website also moved. Here is the new link.