Archive for the ‘Cool Tools’ Category

Cool Tools 26: SpeedTest.net

Saturday, April 20th, 2013

This is more of a consumer-grade type of site that I’d recommend to everyone – including my parents when they complain about the “Interwebs being slow”. But, if your IT shop is promising specific Internet bandwidth for your portal servers, there’s nothing to stop you from RDP’ing into your server and navigating to speedtest.net to get a “second opinion”.

It is pretty laden with ads, but they aren’t too distracting. And it does require that virus called Adobe Flash, which isn’t always (and shouldn’t be!) installed on servers. But, if you’re dealing with performance issues that feel like they’re related to the network, and you’ve tested internal network connections, it can be worth temporarily installing Flash.

For example, I’m pretty sure our cloud hosting provider guarantees 10MBps both ways… so I should get on them with these results!
speedtest

It is worth pointing out that despite the joke about getting on our cloud provider, SpeedTest.net shares your Internet connection with every other connection at any given point in time. So just because the above screen shot shows that this machine is only downloading @ 6.31Mbps, that doesn’t mean that the pipe to the Internet offered by our hosting provider isn’t providing 10Mbps. It’s possible that other machines in our infrastructure are burning bandwidth too. And, since this is a production environment, I would HOPE at any given point in time there is activity on our network as pages are served from the portal.

Give it a shot – even if you’re sitting in front of your work computer at this very moment. You may be surprised about the relative speed differences between your home and office.

One surprising little fact is that I pay about $100/month for about 100MB/s from Comcast. But most commercial hosting providers charge up to 10x the cost for 1/10th the speed. Really – that’s a 1000x markup! The difference, of course, is that Comcast doesn’t GUARANTEE these speeds – or even availability. So you couldn’t run a real production web site off Comcast, since it is occasionally down or under-performing. Still, it’s food for thought: at the very highest service levels, costs increase exponentially. Same thing with the “Five 9’s” mandate – but that’s a blog post for another day…

Cool Tools 25: LAN Speed Test

Saturday, March 30th, 2013

Sometimes the coolest tools are the simplest ones.

Today’s Cool Tool is simply called LAN Speed Test, and the tool pretty much does just that – it tests the speed of various connections in your LAN. It does this by simply writing a 20MB file (configurable) to a file share, reading it back, and timing how long the transfers took.

lan-speed-test

The use case for this was pretty simple: our WCI Portal machine (with an alias of PT-PORTAL) was in a DMZ, and the back-end servers (in this case, PT-INTEGRATION and PT-COLLAB) were on a separate sub-net. The NT Crawler web service was acting very strangely, failing to serve up files through the portal, but serving them up locally just fine.

So, using LAN Speed Test, I was able to confirm (and prove to the network team) that the problem was in the switch/firewall connecting the devices. Notice in the above screen shot how PT-INTEGRATION was able to write and read a 20MB file to PT-COLLAB in about .24s and .28s respectively? And how writing the same data to PT-PORTAL was taking 20.6s and 2.2s, respectively?

Yeah, there’s the smoking gun…

Cool Tools 24: SSLLabs.com

Sunday, March 10th, 2013

A couple months back, the security team at a client reported that they used a scanner to generate a security report of their SSL-enabled portal, and the results included this little gem:

The SSL protocol encrypts data by using CBC mode with chained initialization vectors. This allows an attacker, which is has gotten access to an HTTPS session via man-in-the-middle (MITM) attacks or other means, to obtain plain text HTTP headers via a blockwise chosen-boundary attack (BCBA) in conjunction with Javascript code that uses the HTML5 WebSocket API, the Java URLConnection API, or the Silverlight WebClient API. This vulnerability is more commonly referred to as Browser Exploit Against SSL/TLS or “BEAST”.

I knew we were using SSL at the site, and because of that, we were infinitely more secure than our peers who weren’t using SSL. But, I never really focused on the fact that SSL is a complicated “beast”, and there are different grades of security. Enter Qualys SSL Labs’ Analysis Tool, which taught me more than I’d ever known about SSL certificates. It started by giving us a big fat “F”:

ssl-labs

A full analysis of WHY we were getting an “F” is beyond the scope of this post, but if you’re using SSL, I definitely suggest you check out SSL Labs to see how secure you are. The links and recommendations by SSL Lab’s report are phenomenal and it didn’t take much time at all to resolve all of the discovered issues.

In our case, two major things were counting against us:
Certificate Chain
We didn’t have the complete certificate chain installed. Using SSL Shopper’s SSL Checker, we could see where the chain was broken. Because it was a Verisign certificate, the path led use to Verisign’s Certificate Checker. The below screen shot shows a GoDaddy certificate with the proper chain installed.
ssl-checker

Weak Ciphers
Apparently not all SSL is created equally; there are different ciphers that can be used for encryption and transport. And because we were using the default BigIP configuration, we were supporting legacy ciphers that dated back to the IE6 days. By tweaking the Cipher configuration to exclude the less-secure ciphers, we were able to get that SSL Labs report back up to an “A” where it belongs…

big-ip-ssl

Cool Tools 23: Splunk

Monday, June 4th, 2012

Chances are you’re drowning in log data, and aren’t really getting the most out of the information you’ve already got readily stored away on your portal servers. There really is a treasure trove of log information already there, but unless you’ve detected a problem with your infrastructure, you likely don’t even look at that data.

Splunk is touted as “the Engine for Machine Data” and is an incredibly powerful tool for analyzing logs and other activity within your infrastructure in real-time. It has a powerful search capability, the ability to display dashboards, and reporting capabilities that can alert you to problems before they become outages.

It works by indexing data from virtually any source that you have – files, event logs, email, etc. – and allowing you to query or produce all kinds of amazing information.

But don’t take my word for it – check out their site excellent YouTube channel for all kinds of great videos explaining just how powerful a tool this is.

Cool Tools 23: LoadImpact

Wednesday, May 30th, 2012

This is a great one – thanks to Brendan Patterson for this find!

LoadImpact is a load-testing service with a free offering that’s immediately available on their home page with no sign-up necessary. It’s an excellent load testing tool that utilizes the Amazon cloud to stress your site from multiple locations, and it’s got a really slick UI. I haven’t tried the paid version yet but welcome any comments from any of you that have explored some of the more advanced features.

Pro Tip for you portal users utilizing the free version: the URL you enter doesn’t process any JavaScript or some redirections on the URL you provide, so instead of using http://mysite.com/, you should use http://mysite.com/portal/server.pt.

Amazing how just a couple of years ago load testing tools would have costed a fortune (and many that will remain nameless still do!) – kind of like .NET Decompilers

Cool Tools 22: Telerik JustDecompile

Saturday, May 5th, 2012

Years ago we featured some .NET Decompilers, which sparked a discussion about the cost of these tools (OK, it was just commenter Omid stating the Java equivalents were largely free).

Well, it’s time for a refresh on the .NET decompiler landscape – a new (to me at least) tool that I’ve used to successfully decompile and resolve issues with the Plumtree portal is Telerik’s JustDecompile. It’s as simple to use as the other tools we’ve featured and it’s free!

Cool Tools 21: IE Developer Tools

Friday, June 10th, 2011

At Integryst, we do a lot of Plumtree / ALUI / WCI diagnostics. We’ve featured IEWatch, IE Web Developer, and discussed FireBug as fantastic tools to diagnose what’s really going on in the portal from the perspective of the web browser.

Today’s Cool Tool is yet another one you already have but probably didn’t know it: Internet Explorer’s Developer Tools. In an IE8 or IE9 browsing session, just hit F12 to bring it up, and you’ll have virtually all of the functionality offered by those tools other tools – DOM analysis, Javascript debugging, and HTTP traffic monitoring.

Happy Debugging!

Cool Tools 20: New Relic

Saturday, June 4th, 2011

Every once in a while, a wicked cool app comes along that you look at and say “holy cow, that’s AMAZING!”.

Such is the case with New Relic, a code-level monitoring tool provided as a service. It supports Java, .NET, PHP, Rails, and others through the use of client-side agents that report to New Relic servers, which provide an unprecedented level of diagnostic reporting for your monitoring needs. Unlike most monitoring services, New Relic actually instruments your code (or even out-of-the-box applications) with diagnostic capabilities that not only tell you if your app is performing slowly, but exactly where in the code it’s taking the most time:

And that’s just scratching the surface – here’s a chart showing that, for our Atlassian Confluence installation, response time stays flat as load increases (indicating that we’ve got good scalability built into our system):

Cool Tools 19: Frevvo Live Forms (with WCI Integration!)

Friday, May 27th, 2011

We’ve spent some time recently talking about AquaLogic Studio Server, and even got a tip from our buddy Geoff Garcia about the date Oracle officially stopped supporting it (November 2010).

So now what? You still have requirements to easily build forms and workflows and reports, but aren’t planning on a full move to another platform in the short term. Well, at a recent project where we’ve deployed Atlassian’s Confluence (also integrated with WCI), we came across this great form-builder plugin called Frevvo Live Forms.

In a word, it’s awesome – check out this quick demo (more videos here):

That got us thinking: what about using Frevvo as a replacement for Studio? We could develop the integration so that forms could be added as portlets and administered just like Studio. It’d do everything Studio can (integrate with portal security settings, custom-define forms and fields), have great new features (new data types, drag-and-drop form building, workflows), and, well, it wouldn’t suck like Studio.

So, that’s exactly what we did:

Interested in how to dump Studio and move on to a more powerful form-builder with workflows and much cooler reports? Contact us.

Cool Tools 18: HxD Hex Editor

Thursday, May 19th, 2011

Continuing our journey on increasing ALI Studio’s character limit, we’ve now identified the code that needs to change – it’s in com.plumtree. studio.model. data.access.TableDAO.java.

The problem is, Studio is ancient, so while we can easily update the following code:

  protected int mUserColumnWidth = 1000;
  protected int mUserColumnWidthChars = 1000;

… we can’t just recompile the file using the latest JDK without expecting problems.

So, we need to figure out what Java version was originally used to compile this file. To do this, we need today’s Cool Tool: HxD Hex Editor. Why? Because all Java .class files have the same set of bytes at the beginning identifying them as Java files, along with the JDK version used to compile.

HxD allows us to view the actual bytes, and and it does it well. Opening the TableDAO.class file in HxD, we see:

Bytes 6 and 7 are “00 2E”, which represent JDK 1.2.

Once we’ve made our changes and have the correct JDK downloaded, we rebuild the file, making sure to include the proper .jars in the CLASSPATH:

set CLASSPATH= %CLASSPATH%; C:\code\studio\ WEB-INF\lib\log4j-1.2.8.jar
set CLASSPATH= %CLASSPATH%; C:\code\studio\ WEB-INF\lib\jakartaRegexp1dot2.jar

C:\jdk1.2.2\bin\javac -classpath %CLASSPATH% com\plumtree\ studio\model\ data\access\ TableDAO.java

Take the TableDAO.class file, jam it back into your studio.war file, and you’re good to go – assuming you haven’t increased that value over 4,000 characters! There’s still one more glitch in this journey