David Sirr's ...stuff

My Day job's  production servers are based on Apple X-Serve and OSX as the operating system.

In a bid to get greater service stability last week we decided to roll out the latest system updates, notably upgrading to OSX 10.5.7

We rolled out first to our staging server which is effectively a mirror of production setup, it went smoothly and we tested our several critical apps and all seemed fine.

So we also ran all the additional system minor updates including Apples Java Update 4, as running this on my dev machine had resolved several issues with the java imaging libraries crashing the server while trying to process images with certain colour profiles etc.

Again all seemed good, so we rolled out to the live server. All went fine, or so we thought.

Co-incidently around this time i was experimenting on my dev machine (also 10.5.7 with java updater 4) with recently released google API components without much luck, i was constantly getting "I/O Exception: peer not authenticate" error when trying to connect to googles API. I thought it's just my machine playing up again...

A few days later clients using two seperate applications reported general application errors, after some digging around i traced both errors to CFHTTP calls in each application.

I tested the urls in the browser on the server and both were responding as expected... strange i thought...

So i noticed that both were SSL URLs and the error was "I/O Exception: peer not authenticate", which i then immediately connected back to the troubles i had connecting to googles API on my dev box. After some research on that error, it appeared that previously this error occured with connections to SSL URLs with certs issued by intermediate CAs which weren't present in the trusted CA keystore in the JVM. But google and our other API providers were using the most expensive CA's (thawte, verisign, etc) top level certs, which were definitely present by JVM 1.6 so this couldn't be the same issue.

At this point i asked a co-worker who was only on Java Update 3 to try the same code, or really a CFHTTP to any SSL URL. It worked as expected without error. Bugger.

Unfortunately apples java updates work via patching so there is no rollback or uninstall! In desperation we tried a developer preview of java update 5 on the also broken staging server, with the result that coldfusion no longer even starts up at all :(

So the only resolution was to restore our 10.5.2 pre-update backup and then re-upgrade to 10.5.7 without applying the java update 4.

This worked. We are happy for now! But i'd love to know the solution for this update 4 issues as my dev machine is still broken until i can find time to format and reinstall everything...

So, is anyone out there running OSX 10.5.7 and applied java update 4 and connect CFHTTP calls to SSL servers?

Please let me know!

We are running coldfusion 8 enterprise in multi-instance mode on JRUN, and we are trying to do auto image processing for uploads to convert to a standard JPG format in thumbnail and large sizes... pretty standard stuff IMHO. The problem is that CF8's new image functions completely barf on certain types of images, including greyscale gifs, jpegs with funny colour profiles or jpegs with non-72 dpi. This would manifest in either jrun bombs or simple resizes of images taking longer than 5 minutes to process instead of the usual < 5secs. This understandably lead to a loss of confidence from the users of the systems when our fancy new upgrade was so painfully slow. After much frustration we fixed some of the complete bombs happening after reading some of the great tips in this post, but we still had the long processing times to deal with. After some trial and error the way we got around it was as follows:

1. Use cfimage to read in the uploaded file
2. Use cfimage to save as PNG. this is the great part! saving as PNG converts the image to 72 dpi and seems to strip the erroneous colour profiles :) and doesnt affect the quality of the image
3. Use cfimage to read in the new PNG
4. Do what needs doing
5. Delete the PNG
6. Celebrate your fast and cool utility

Using this intemediary convert to PNG step literally took the processing time from 5 mins to 10 secs for the worst case JPG file we could find

So i've been using subversion for years at my various jobs and have found it indispensable. So i rightly thought, "how come i'm not just using this at home on my small projects and playground apps?"

It was time to fix this scenario and install SVN server on my home server (which is fine as it has a static internet IP and backup, so it's quite usable).

By far the simplest and most usable option i found for installing SVN server on windows is VisualSVN Server.

It was installed, and with its simple GUI, users created in groups and assigned to new repositories in under 5mins! It even has a secure apache rolled in for websvn that you can easily configure to a non-standard port.

There is really no excuse anymore for not giving yourself all the luxuries that SVN affords you.

So i am googling around looking for a free server monitoring solution to play with and come across this nifty (yet ugly) site: http://www.servermojo.com

Looks aside, it's got some pretty cool functionality such as: free!, can add unlimited sites, has a few monitoring methods (i chose http+keyword), has basic charts, will do email alerts, and even twitter alerts (which translates to free sms alerts via twitter!)

So you could potentially setup a few different pages like ping_apache.htm and ping_coldfusion.cfm both with just a single keyword in the file and then you could easily see if you had an alert on the ping_coldfusion and not the ping_apache that it was a jrun problem and not a server level.

Worth checking out at least, i'll post if i see any negative performance with it