Android troubles on OS X

Posted on October 15, 2014 by jxc876 Leave a comment

I recently purchased a Macbook, I blogged about this getting adjusted to my new development environment. I decided to take another look at Android programming, I was able to get the environment setup on my windows machine without much trouble. However I struggled for 2 days with errors when I tried to get things running on my macbook 😦

Errors occurred

After unzipping the Eclipse ADT bundle, I kept receiving cryptic messages whenever I tried to create an Android project:

    Errors occurred during the build.
    Errors running builder 'Android Resource Manager' on project 'MyFirstApp'.
    java.lang.NullPointerException

I google and found out I was the only one:

I found a few guides written by people who experienced the same issues:

In the end I got my project to build by creating my Activity from outside the Wizard, I also downgraded to Java 6.

Posted in Uncategorized

OS X for Java Developers

Posted on October 15, 2014 by jxc876 Leave a comment

Welcome to OS X

I recently purchased a Mac (a Macbook Pro Retina), I had previously worked on Windows (XP/7) and Linux (Ubuntu). Making the switch took some getting used to, these are some of my tips for new developers.

dmg archives

In the Windows world applications are distributed and installed using the .exe format, on OS X we use .dmg files.  These .dmg files are archives, double clicking on them mounts the file system and usually launches an installation wizard. Sometimes installation consists of simply dragging a file to the /Applications directory. In addition to .dmg we also have .app files, these can be launched by double clicking on them or using the open command from the terminal.

Installing Java

The latest versions of Java (Java 7 & Java 8) can be downloaded from Oracle’s website. However older version like Java 6 are no longer available, these can be found on Apple’s developer website.

Java Location

In Windows the common installation location for Java is under ‘Program Files’ or ‘Program Files (x86)’. On OS X you can find the JDKs under the following directories:

  • Java 7 : /Library/Java/JavaVirtualMachines/jdk1.7.0_55.jdk/Contents/Home
  • Java 6 : /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home

Update your ~/.profile

On windows we need to update the System PATH variables, on Unix environments we normally sent environment variables. After installing Java update your .profile to set any needed variables and point to the correct installations, ex:

echo "executing .profile"

# JAVA
export JAVA_HOME=`/usr/libexec/java_home`
export GROOVY_HOME=/usr/local/opt/groovy/libexec

# MYSQL
PATH=${PATH}:/usr/local/mysql/bin

Tools

  • On Windows, Notepad++ is great lightweight editor that supports multiples languages, however the editor is not available for OS X. A great alternative is Sublime Text, this editor cross platform and servers as a great replacement.
    • Sublime includes a command line editor: subl
  • Eclipse seems to work fine on every operations system (Windows, Linux, OS X).
  • Git / Svn / Maven – These tools can be installed independently or we can use a package manager like HomeBrew. HomeBrew is ‘The missing package manager for OS X’, similar to apt / aptitude on Ubuntu.
Posted in Java, Mac, OS X

Remote Connections to mysql

Posted on June 10, 2014 by jxc876 Leave a comment

By default remote access to the MySQL database server is disabled for security reasons. The standard configuration of MySQL is intended to be as fast as possible, so encrypted connections are not used by default.

If we want to allow remote connections then we need to follow these steps:

  • Edit /etc/my.cnf
  • Comment out the following options:
skip-networking
bind-address
  • Restart the mysql daemon (sudo service mysql restart)
  • GRANT access to the remote IP (see GRANT, SHOW GRANTS, REVOKE)
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'ThePasswordGoesHere' WITH GRANT OPTION;
FLUSH PRIVILEGES;
  • We can see current grants using: SHOW GRANTS
  • The GRANT can be limited to a specific IP

Alternatives

Allow remote connections doesn’t seem like such a great idea because the traffic will be unencrypted. Instead of allowing remote connections we have the following options:

  • Setup a VPN, see: OpenVPN
    • Complicated setup, but easy for users to connect to and transparent for applications
    • Setting OpenVPN is a bit complex, see this guide. To summarize:
      • install openvpn package
      • Generate a master Certificate Authority (CA) – used to sign Server & Client certificates
      • Generate Server certificates
      • Generate Client certificates
      • Configure the Client (OpenVPN GUI)

References

Posted in Linux, MySQL, Security

Java Plugin architecture

Posted on June 8, 2014 by jxc876 Leave a comment

Today I was interested in learning how to implement a Java plugin architecture. Plugins allow extra functionality to be added to an application (usually by other developers) without having to recompile. Eclipse IDE & Firefox are two notable applications that support plugins.

Posted in Java

SSH fingerprints

Posted on May 28, 2014 by jxc876 Leave a comment

Whenever we use SSH to connect to a new host, we usually see the following prompt asking us to confirm the fingerprint:

$ ssh user1@somedomain.com

The authenticity of host 'somedomain.com' (99.99.99.101) can't be establised
ECDSA key fingerprint is c8:2c:22:6d:13:.....29:b4:86:8d:13.
Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'somedomain.com,99.99.99.101' (ECDSA) to the list of known hosts

That series of characters (c8:2c:22:6d:13:…..29:b4:86:8d:13) is known as a SSH fingerprint.

  • A fingerprint is a hash of a public key
  • We use this hash to authenticate the public key of the sever we connect to

How do we find out if that fingerprint is actually valid ?

  • Login into the server you want to SSH into
  • Run ssh-keygen -lf <path to public key> # l => list, f => file
  • The public key files are located at: /etc/ssh/
  • There is 1 file for dsa, ecdsa, and rsa
  • My server was using the ecdsa file: /etc/ssh/ssh_host_ecdsa.pub
  • If the output from ssh-keygen matches up with the ssh output we are good to go!

The fingerprint is much shorter than the actual key, thus we can easily transmit it and use it to verify the public key.

If we accept the key, it gets added to ~/.ssh/known_hosts

———–

In certain cases it is beneficial to automatically accept the public key, for example when we automate a script.

We can use ssh-keyscan to do this:

ssh-keyscan -H <ip-address> >> ~/.ssh/known_hosts 
ssh-keyscan -H <hostname> >> ~/.ssh/known_hosts

There is also a ssh -oStrictHostKeyChecking=no option to turn off it. The GIT_SSH variable can be used to pass ssh options to git.

References:

Tagged with: ,
Posted in Linux, Security

Tomcat Virtual Hosts

Posted on February 14, 2014 by jxc876 Leave a comment

I added http://www.ramkitech.com to my bookmarks, its a website by Rama Krishnnan that contains lots of useful information for configuring Tomcat.

Some of my favorites articles include:

On a related note, the wikipedia article on ‘Reverse Proxy is interesting.

  • Reverse proxies can operate whenever multiple web-servers must be accessible via a single public IP address
  • A reverse proxy can distribute the load from incoming requests to several servers

Tagged with: , ,
Posted in Java, Tomcat, Web

Network troubleshooting

Posted on February 5, 2014 by jxc876 Leave a comment

Here are some basic commands to trouble shoot networking issues:

ping

ping <hostname>
  • send ICMP ECHO_REQUEST to network hosts
  • ping uses ICMP protocol (ports are only for TCP/UDP)
  • Check to see if a host is reachable from our computer

nmap

nmap -PN <hostname> -p <port(s>

netstat

netstat [--tcp] -p -l <hostname> 
sudo netstat -tapen | grep ":8000 " # find the process using port 8000
  • Print network connections
  • Find which process is using a certain port number

telnet

telnet <hostname> <port>
  • user interface to the TELNET protocol
  • Great for checking if a port is accepting connections
  • Possible to check login and send email through an smtp server

.

Tagged with: ,
Posted in Linux, Networking

Fabric API

Posted on January 31, 2014 by jxc876 Leave a comment

Fabric is made up of Core API + Contrib API.

Operations is part of the core api:

  • local – Run a command on the local system.
  • run – Run a shell command on a remote host.
  • sudo – Run a shell command on a remote host, with superuser privileges.
  • put – Upload one or more files to a remote host.
  • get – Download one or more files from a remote host.
  • prompt – Prompt user with text and return the input
  • reboot – Reboot the remote system.

Basic Usage:

fab [-f fabfile.py] [-H hostname] [-p password123] deploy_task:parameter1=xxx,...

Reference:

Posted in Fabric, Python

Fabric (SSH & passwords)

Posted on January 31, 2014 by jxc876 Leave a comment

Option 1 – provide password with -p flag

fab -H hostname -p password123 ...
  • Downside: password will show up in process listing
  • Downside: password will show up in command history

Option 2 – get prompted for password

fab -I
Initial value for env.password: *****
  • prevents password from showing up in command history

Options 3 – use ssh key with -i flag

fab -H hostname -i ~/.ssh/keyfile ...
  • Note: this succeeds in connecting, but sudo() will still prompt for password

Option 4 – password inside file

fabric.api import env
env.password = 'yourpassword'

Option 5 – use ssh key inside fabfile.

env.key_filename = '/path/to/keyfile.pem'

Option 6 – piggy back off ssh config.

env.use_ssh_config = True

Option 7 – mess with /etc/sudoers

  • add username for fabric
  • remove need to provide password for specific commands

.

Posted in Fabric, Linux, Python, Security

Users & Groups

Posted on January 30, 2014 by jxc876 Leave a comment

Create User (usermod):

  • Note: useradd cannot be used to modify an existing user
useradd <username>
 -c comment, any text, usually user's name
 -d home-directory
 -g primary group; must exist, if not specified a default group is created
 -G group-list (secondary; must exist), definitive not additive (-a)
 -m create home dir
 -M do not create home dir
 -s login shell

passwd <username>

useradd:

  • low level binary compiled into system

adduser:

  • perl script which uses the useradd binary
  • adduser & addgroup are friendlier front end to the low level tools like useradd, groupadd and usermod programs
  • By default gives each user a corresponding group name with same name
  • creates home directory, can be overwritten with –home option, overwrite shell with –shell
  • copies skeleton files into home directory
  • prompts for password
adduser --home ... --shell ... --add_extra_groups username

Modify User (usermod):

usermod [options] <username>
-g primary group
-a append to supplementary groups, use with -G
-G list of groups, comma-separated, must exist
-s login shell (also see chsh)
-d / -m move home director

usermod -a -G secondarygroup username

gpasswd:

gpasswd groupname -a john

Check Groups:

groups username

Create Group:

groupadd - create new group

Files:

  • /etc/passwd – user login information primary group
    • username
    • password(x)
    • uid
    • guid
    • comment-field
    • home-dir
    • login-shell
  • /etc/group – supplementary groups
    • group_name
    • password (blank) :
    • guid :
    • group-list (users who are members)
  • /etc/shadow – stores encrypted passwords + password expiration details

Reference:

Posted in Linux