Java host caching (sun.net.inetaddr.ttl/networkaddress.cache.ttl) on OS X

On my Mac OS X box I was trying to get some round robin DNS working from Java (1.5) but I was the host was always resolving to the same IP. I'd set sun.net.inetaddr.ttl=0, but that didn't seem to help. It seems out of the box a Mac will cache lookups, but you can clean out the cache with the command dscacheutil -flushcache

gitweb - 500 - HEAD ref not found for project

We have some git repositories here at Oxford and a gitweb interface to view them. For some of our projects I was seeing:

500 - HEAD ref not found for project

It turns out this was because the HEAD file ( {git-directoy}/HEAD ) was pointing to ref: refs/heads/master and these projects didn't have a master branch. Changing the HEAD file to point to the correct branch fixed gitweb.

Trimpath error "context._MODIFIERS is undefined"

I was doing a little JavaScript templating with Trimpath today and at one point I was getting a nice error in my console of:

context._MODIFIERS is undefined

Looking through the trimpath code it turned out this was because I was passing in a string rather than an object as my context for the generation of the template. So I was effectively doing:

TrimPath.processDOMTemplate("someNodeId", "some string");

rather than:

TrimPath.processDOMTemplate("someNodeId", {key: "value", otherKey: "value"});

In my case I was getting the error because I forgot to eval some JSON before passing it to trimpath.

Pooling in Sakai LDAP

Here at Oxford we connect to a LDAP server to get details about users for our Sakai service. Previously we had reports of some pages taking a long time to load when lots of users details where requested from the LDAP. One obvious change we could make was to switch to use pooling on our connections to the LDAP server. To check that this was improving the performance I wrote a little test case which attempts to get details about 100 users individually from the LDAP.

• Without pooling - 100 users in 10 sec = 10 users/sec.
• With pooling - 100 users in 5 secs = 20 users/sec.

This is a nice doubling of performance, although I was still expecting to see better performance generally and while the test is running the local load on the machine isn't very high so I suspect any further performance improvements will have to come on the server.

Tomcat UNIX aliases

To make managing development instances of tomcat a little easier I have a few bash aliases (you can add these lines to your ~/.bash_profile):

alias tchome='export CATALINA_HOME=`pwd`; echo CATALINA_HOME=$CATALINA_HOME'
alias tctail='tail -f ${CATALINA_HOME}/logs/catalina.out'
alias tcless='less ${CATALINA_HOME}/logs/catalina.out'
alias tcshow='echo ${CATALINA_HOME}'
alias tc='${CATALINA_HOME}/bin/catalina.sh'

so my typical workflow is cd {tomcat-directory}, tchome and then I move back around the filesystem and use tc start and tctail.

Keep on rolling...

Well after a quite a few weeks of waiting my new set of wheels turned up. A Brompton S6L in apple green. The gears needs a little adjusting but otherwise it's a great ride.

Error: sec_error_bad_signature with Firefox 3

Recently when most of our team upgraded their browsers to Firefox 3 we noticed then when we tried to visit on of our internal websites over a secure connection we would get presented with an error page saying "sec_error_bad_signature". Most of the existing comments on the web seem to be saying that they are seeing this error when visiting a site with an untrusted certificate. However in our case it was a correctly signed certificate obtained through the JANET Server Certificate Service.

The server is just a Ubuntu Linux server with a standard installation of Apache Tomcat 5.5 and another very similar setup was working correctly. But after close inspection it became clear that the server had a public key using the DSA algorithm but the machine that was working correctly was using the RSA algorithm. The certificate work was done with the Java keytool command and I think I probably didn't specify the -keyalg RSA argument. After recreating with RSA the certificate and installing it everything was working correctly. The screenshots are taken with Safari (which worked fine with DSA) and shows the two different certificates.