WordPress.com down for a few minutes

On 04-Mar-2019 I shortly experienced a downtime of my two blogs here on WordPress.com. Just a few minutes. Because this is so rare I made a screenshot of this event. See below.

Below two blogs were affected:

  1. Elmar Klausmeier’s Weblog
  2. Collected Links
Advertisements

java.sql.SQLRecoverableException: IO Error: Connection reset by peer, Authentication lapse

I encountered the following error, when I wanted to connect to Oracle v12.2.0.1.0 database with Java 1.8.0_192-b26:

java.sql.SQLRecoverableException: IO Error: Connection reset by peer, Authentication lapse 321631 ms.

This was unexpected as the same program did run absolutely fine on another Linux machine. Program in question is

import java.sql.Connection;
import java.sql.SQLException;

import oracle.jdbc.pool.OracleDataSource;

public class OraSample1 {

        public static void main (String argv[]) {
                System.out.println("Starting...");
                try {
                        OracleDataSource ds = new OracleDataSource();
                        ds.setURL("jdbc:oracle:thin:@nuc:1521:orcl");
                        Connection conn=ds.getConnection("c##klm","klmOpRisk");
                        System.out.println("Connected");
                } catch (SQLException e) {
                        System.out.println(e);
                }
        }

}

Solution: Add the following property setting to command line

java -Djava.security.egd=file:/dev/urandom OraSample1

Also see “java.sql.SQLException: I/O Error: Connection reset” in linux server [duplicate] on Stackoverflow,

Web Interface to Oracle Database

I had to provide access to an Oracle database but the standard port at 1521 was hindered by company firewall and company proxy rules.

In previous times there was iSQL*Plus, but this product no longer seems to be available. I found Adminer as an alternative. It is written by Jakub Vrána. It is very easy to install: it is just one single PHP file consisting of less than 2000 lines. Originally made for MySQL/MariaDB, but it works for Oracle quite well. It provides access to tables and views, although it has problems editing PL/SQL procedures and triggers. It is termed as beta software for Oracle. Nevertheless, I found it to be very useful for Oracle.

To use one must add one file etc/php/conf.d/oci8.ini

extension=oci8.so

Make sure OCI8 is available for PHP, therefore install AUR package php-oci8. When you run php -i (equivalent to calling phpinfo()) you’ll see:

Additional .ini files parsed => /etc/php/conf.d/oci8.ini

oci8

OCI8 Support => enabled
OCI8 DTrace Support => disabled
OCI8 Version => 2.1.8
Revision => $Id: 8a26cf66ca0f9556b6376408c8f71ead69bdbcbf $
Oracle Run-time Client Library Version => 12.2.0.1.0
Oracle Compile-time Instant Client Version => 12.2

Directive => Local Value => Master Value
oci8.connection_class => no value => no value
oci8.default_prefetch => 100 => 100
oci8.events => Off => Off
oci8.max_persistent => -1 => -1
oci8.old_oci_close_semantics => Off => Off
oci8.persistent_timeout => -1 => -1
oci8.ping_interval => 60 => 60
oci8.privileged_connect => Off => Off
oci8.statement_cache_size => 20 => 20

For this you need to install Oracle instant client. In ArchLinux AUR these are the packages oracle-instantclient-basic and oracle-instantclient-sdk. The first package installs

/usr/lib/libclntsh.so

If you encounter “URI too long” error messages, then downgrade to version 4.6.3, see Adminer releases. Latest version 4.7.0 still seems to be unstable, while 4.6.3 is fine.

Blocking Network Attackers

In Using Odroid as IP Router I wrote about using my Odroid as router and firewall. Additionally I inspect who tries to log-in to my machines using the lastb command. Sample output is below:

$ lastb
admin    ssh:notty    202.166.220.10   Mon Oct  1 09:51 - 09:51  (00:00)
admin    ssh:notty    202.166.220.10   Mon Oct  1 09:50 - 09:50  (00:00)
admin    ssh:notty    14.162.42.98     Mon Oct  1 09:50 - 09:50  (00:00)
admin    ssh:notty    14.162.42.98     Mon Oct  1 09:50 - 09:50  (00:00)
telecoma ssh:notty    197.46.98.211    Mon Oct  1 09:50 - 09:50  (00:00)
telecoma ssh:notty    197.46.98.211    Mon Oct  1 09:50 - 09:50  (00:00)
ubnt     ssh:notty    2.235.144.121    Mon Oct  1 09:50 - 09:50  (00:00)
ubnt     ssh:notty    2.235.144.121    Mon Oct  1 09:50 - 09:50  (00:00)
root     ssh:notty    78.111.43.138    Mon Oct  1 09:50 - 09:50  (00:00)
admin    ssh:notty    96.89.181.5      Mon Oct  1 09:50 - 09:50  (00:00)
admin    ssh:notty    96.89.181.5      Mon Oct  1 09:50 - 09:50  (00:00)
Admin    ssh:notty    139.5.159.74     Mon Oct  1 09:50 - 09:50  (00:00)
Admin    ssh:notty    139.5.159.74     Mon Oct  1 09:50 - 09:50  (00:00)
admin    ssh:notty    183.89.73.176    Mon Oct  1 09:50 - 09:50  (00:00)
user     ssh:notty    115.178.98.57    Mon Oct  1 09:50 - 09:50  (00:00)
user     ssh:notty    115.178.98.57    Mon Oct  1 09:50 - 09:50  (00:00)
auxiliar ssh:notty    118.221.123.81   Mon Oct  1 06:53 - 06:53  (00:00)
auxiliar ssh:notty    118.221.123.81   Mon Oct  1 06:53 - 06:53  (00:00)
debian   ssh:notty    180.76.162.111   Mon Oct  1 02:39 - 02:39  (00:00)
debian   ssh:notty    180.76.162.111   Mon Oct  1 02:39 - 02:39  (00:00)
admin    ssh:notty    123.21.175.214   Mon Oct  1 02:24 - 02:24  (00:00)
admin    ssh:notty    123.21.175.214   Mon Oct  1 02:24 - 02:24  (00:00)
admin    ssh:notty    183.157.189.232  Mon Oct  1 02:24 - 02:24  (00:00)
admin    ssh:notty    183.157.189.232  Mon Oct  1 02:24 - 02:24  (00:00)
admin    ssh:notty    181.211.61.234   Mon Oct  1 02:23 - 02:23  (00:00)
admin    ssh:notty    181.211.61.234   Mon Oct  1 02:23 - 02:23  (00:00)
user1    ssh:notty    186.149.47.141   Mon Oct  1 00:34 - 00:34  (00:00)
user1    ssh:notty    186.149.47.141   Mon Oct  1 00:34 - 00:34  (00:00)
support  ssh:notty    42.61.24.202     Mon Oct  1 00:08 - 00:08  (00:00)
support  ssh:notty    42.61.24.202     Mon Oct  1 00:08 - 00:08  (00:00)
support  ssh:notty    42.61.24.202     Mon Oct  1 00:08 - 00:08  (00:00)
support  ssh:notty    42.61.24.202     Mon Oct  1 00:08 - 00:08  (00:00)

Furthermore I use Fail2ban. This way I gather a number of suspicious IP addresses which apparently do not have best intentions, so I better block them completely. Using

$ lastb > L
$ perl -ne 'if (/\s+(\d{1,3}\.\d{1,3}\.\d{1,3})\.\d{1,3}\s+/) { printf("-A PREROUTING -s %s.0/24 -i ethusb0 -j DROP\n",$1); }' L 

Below is my list of addresses which I block. This list is somewhat similar to the list of hosts given in Suppressing Advertisement on Web-Pages a.k.a. Ad-Blocking. Watch out if you use that many iptables rules that a low powered machine like a Raspberry Pi or Odroid will significantly diminish network performance.
Continue reading

Passing HashMap from Java to Java Nashorn

Java Nashorn is the JavaScript engine shipped since Java 8. You can therefore use JavaScript wherever you have at least Java 8. Java 8 also has a standalone interpreter, called jjs.

It is possible to create a Java HashMap and use this structure directly in JavaScript. Here is the code:

import java.util.*;
import java.io.*;
import javax.script.*;


public class HashMapDemo {

        public static void main(String[] args) {
                HashMap hm = new HashMap();

                hm.put("A", new Double(3434.34));
                hm.put("B", new Double(123.22));
                hm.put("C", new Double(1200.34));
                hm.put("D", new Double(99.34));
                hm.put("E", new Double(-19.34));

                for( String name: hm.keySet() )
                        System.out.println(name + ": "+ hm.get(name));

                // Increase A's balance by 1000
                double balance = ((Double)hm.get("A")).doubleValue();
                hm.put("A", new Double(balance + 1000));
                System.out.println("A's new account balance : " + hm.get("A"));

                // Call JavaScript from Java
                try {   
                        ScriptEngine engine = new ScriptEngineManager().getEngineByName("nashorn");
                        engine.eval("print('Hello World');");
                        engine.eval(new FileReader("example.js"));
                        Invocable invocable = (Invocable) engine;
                        Object result = invocable.invokeFunction("sayHello", "John Doe");
                        System.out.println(result);
                        System.out.println(result.getClass());

                        result = invocable.invokeFunction("prtHash", hm);
                        System.out.println(result);
                } catch (FileNotFoundException | NoSuchMethodException | ScriptException e) {
                        e.printStackTrace();
                        System.out.println(e);
                }

        }
}

And here is the corresponding JavaScript file example.js:

var sayHello = function(name) {
        print('Hello, ' + name + '!');
        return 'hello from javascript';
};

var prtHash = function(h) {
        print('h.A = ' + h.A);
        print('h.B = ' + h["B"]);
        print('h.C = ' + h.C);
        print('h.D = ' + h["D"]);
        print('h.E = ' + h.E);
};

Output is:

$ java HashMapDemo
A: 3434.34
B: 123.22
C: 1200.34
D: 99.34
E: -19.34
A's new account balance : 4434.34
Hello World
Hello, John Doe!
hello from javascript
class java.lang.String
h.A = 4434.34
h.B = 123.22
h.C = 1200.34
h.D = 99.34
h.E = -19.34
null

Above example uses sample code from

  1. Riding the Nashorn: Programming JavaScript on the JVM
  2. Simple example for Java HashMap
  3. Nashorn: Run JavaScript on the JVM

Decisive was the statement in https://winterbe.com/posts/2014/04/05/java8-nashorn-tutorial/:

Java objects can be passed without loosing any type information on the javascript side. Since the script runs natively on the JVM we can utilize the full power of the Java API or external libraries on nashorn.

Above program works the same if one changes HashMap to HashMap and populating accordingly, e.g.:

                HashMap hm = new HashMap();

                hm.put("A", new Double(3434.34));
                hm.put("B", new String("Test"));
                hm.put("C", new Date(5000));
                hm.put("D", new Integer(99));
                hm.put("E", new Boolean(Boolean.TRUE));

Output from JavaScript would be

h.A = 4434.34
h.B = Test
h.C = Thu Jan 01 01:00:05 CET 1970
h.D = 99
h.E = true

Entries changed in JavaScript can be returned back to Java. Assume JavaScript program changes values:

var prtHash = function(h,hret) {
        hret.U = 57;
        hret.V = "Some text";
        hret.W = false;
};

Then these changed arguments can be used back in Java program:

HashMap hret = new HashMap();

result = invocable.invokeFunction("prtHash", hm, hret);
System.out.println(result);
System.out.println("hret.U = " + hret.get("U"));
System.out.println("hret.V = " + hret.get("V"));
System.out.println("hret.W = " + hret.get("W"));

Output is then

hret.U = 57
hret.V = Some text
hret.W = false