From Zero to HTTPS in an afternoon
By Matt Vollrath
November 20, 2017
I’ve been hosting my own humble personal web site since 2012. I had never bothered setting up HTTPS for my domain, but after hearing about the Let’s Encrypt project, I was completely out of excuses.
For the unfamiliar, Let’s Encrypt offers free and fully automatic HTTPS certificates. The web cares about HTTPS now more than ever. Deeply interactive interfaces like geolocation and user media (camera, microphone) are too sensitive to trust an insecure transport. By leveraging the security features present in modern browsers, users can expect a reasonable safety from attacks that would exploit the weaknesses of HTTP.
To take the security mission even further, I decided to completely containerize my server and expose only a couple of ports. Using a Docker composition made it very easy to deploy up-to-date nginx and keep it isolated from the rest of my host shard.
The first mission was to set up certificates with certbot, the EFF’s free certificate tool. certbot has a plugin that writes nginx configuration for you, but in this case I didn’t want nginx installed on my host at all. Instead of following the nginx-specific instructions for my platform, I opted for the webroot plugin to just …
hosting security tls nginx
President of UN General Assembly Thanks End Point
By Jonathan Blessing
November 17, 2017
The President of UN General Assembly, Peter Thomson, thanked End Point for supporting the Ocean Conference, which was held at the United Nations Headquarters this past summer to bring attention and action to saving the world’s oceans.
End Point’s Liquid Galaxy helped bring to life “Reconnecting Humanity to the Sea,” an exhibition meant to showcase the beauty of the ocean and the challenges it faces today. End Point created the presentation’s content and showcased it at the conference.
“We were very pleased to see End Point’s Liquid Galaxy used to promote a hopeful future for the world’s oceans. It’s very satisfying to see our technology used to make an important story that much more compelling.”
Rick Peltzman
CEO, End Point
This UN press release explains more about the conference and its results:
“UN Ocean Conference wraps up with actions to restore ocean health, protect marine life”
company visionport event
Using GitHub for Blog Comments
By Phineas Jensen
November 14, 2017
Last Saturday, November 11, we rolled out a new website that we’ve been working on for a few months. Part of this update was moving from Blogger as our blogging platform to static HTML generated by Middleman. We were more than happy to move away from Blogger for a variety of reasons, including its lack of HTTPS support for custom domains and how difficult it was to keep its templating and styling up to date with our main website. We were also able to move from blog.endpoint.com to www.endpoint.com/blog.
The most obvious thing that is missing from Middleman’s blog extension is the lack of a commenting system. After exploring some options for comments, we settled on using GitHub issues and comments, inspired by Don Williamson’s post about doing the same thing. It’s a bit of an unconventional approach, so this post will explain how to use our commenting system and how we implemented it.
Commenting requires a GitHub account, which is easy to sign up for and free, and the general target audience of our blog will often already have a GitHub account. At the bottom of each post will be a link to a GitHub issue at the top of the list of comments, if there are any. Click on the issue, write …
javascript community api static-site-generator
A Collaborative Timezone Utility
By Joe Marrero
October 30, 2017
Try It Out Yourself
The code for this project is hosted on GitHub and can be cloned from here.
At End Point Corporation, our team is spread out across 10 time zones. This gives us the advantage of being able to work around the clock on projects. When one co-worker leaves for day, another can take over. Consider this scenario. It’s Monday evening and Martin needs to continue installing software on that Linux cluster, but it’s already 6pm and his wife is going to murder him if he’s not ready to go out for their anniversary dinner. Let’s see who can take over… Ah, yes, Sanjay in Bangalore can continue with the maintenance. Tuesday morning, the client wakes up to be surprised that 16 hours of work was completed in a day. With respect to software development, the same efficiencies can be realized by parallelizing tasks across time-zones. Code reviews and further development can be continued after normal business hours.
With all the blessings of a distributed engineering team, collaborating with co-workers can be, occasionally, challenging. Some of these challenges stem from complexities of our system of time. Every co-worker may be …
linux open-source tools c
Hot-deploy Java classes and assets in Wildfly 8/9/10
By Piotr Hankiewicz
October 27, 2017
Introduction
Java development can be really frustrating when you need to re-build your project and restart a server every time you change something. I know about JRebel, but while it’s a good tool, it’s also pretty expensive. You can use the open-source version, but then you need to send project statistics to the JRebel server, which is not a viable option for your more serious projects.
Fortunately, there is an open-source project called HotSwapAgent and it does the same thing as JRebel, for free (thank you, guys!).
I will explain how to combine it with Widlfly in order to hot-deploy Java classes as well as how to hot-deploy other resources (JavaScript, CSS, images).
Wildfly configuration
Let’s assume that we use the standalone-full.xml configuration file.
We need to use exploded deployment instead of deploying WAR or EAR. You can do this in production as well to allow for application changes with zero downtime.
Start by configuring the metaspace size; we had to increase defaults for our application, but it’s possible that it will be just fine in your case. It’s encouraged that you play with these values after completing all steps.
In:
WILDFLY_DIR/bin/standalone.conf
set: …
java intellij-idea
Using tail_n_mail after hours
By Greg Sabino Mullane
October 23, 2017
(Photo of Turtle Island by Edwin Poon)
Someone recently asked me something about
tail_n_mail, a program that watches over your log files, scans for certain patterns,
and sends out an email if matches are found. It is frequently used to watch over
Postgres logs so you can receive an automatic email alert when Bad Things start happening
to your database. The questioner wanted to know if it was possible
for tail_n_mail to change its behavior based on the time of day—would it be able
to do things differently outside of “business hours”? Although tail_n_mail cannot
do so directly, a simple solution is to use alternate configuration files—which
get swapped by cron—and the INHERIT keyword.
To demonstrate the solution, let’s spin up a Postgres 10 instance, route the logs to syslog, setup tail_n_mail, and then create separate configuration files for different times of the week. First, some setup:
$ initdb --version
initdb (PostgreSQL) 10.0
$ initdb --data-checksums data
$ cat >> data/postgresql.conf << EOT
log_line_prefix=''
log_destination='syslog'
EOT
$ echo 'local0.* /var/log/postgres.log' | sudo tee -a /etc/rsyslog.conf > /dev/null
$ sudo …postgres monitoring
Liquid Galaxy at ASTC 2017
By Ben Witten
October 18, 2017
End Point is pleased to be participating in ASTC 2017, alongside our partners BWC Visual Technology. ASTC, which stands for the Association of Science-Technology Centers, is holding their annual conference at The Tech Museum of Innovation, located in San Jose, CA. We were excited to hear that the conference takes place at The Tech Museum, as we have a Liquid Galaxy set up in the museum!
A 3-screen desktop Liquid Galaxy display will be set up by Liquid Galaxy Engineer Josh Ausborne at Booth 1103. This display will be showcasing content that includes Sketchfab and Unity 3D Models, Cesium content with interactive weather data, 360 panoramic video, Google Earth/Google Streetview content, and engaging presentations about National Parks and National Marine Sanctuaries.
We are very excited to be showcasing our technology with BWC Visual Technology. BWC is a distributor and licensed re-seller of state-of-the-art, interactive exhibit technology for museums and science centers. We have great respect for their team and technologies, and are excited to be showcasing Liquid Galaxy with them.
Liquid Galaxy is currently featured in many science and technology centers around the world. Please …
conference event visionport
PKIX path validation failed — Debugging
By Selvakumar Arumugam
October 4, 2017
I recently ran into a case working on an application with a PKIX path validation error on a site that had a valid certificate. I was able to solve the issue using OpenSSL to debug.
Typically, the PKIX path validation error arises due to SSL certificate expiry, but I ran into the same error even when the system was configured with a valid certificate. There are two web applications in our scenario, AppX and AppY. AppX uses AppY’s authentication mechanism to allow the users to login with same user account. AppX sends a POST request using HttpClient with necessary arguments to SSL enabled AppY and allows the user to login based on the response.
HttpClient httpclient = new DefaultHttpClient();
// ...
HttpPost httppost = new HttpPost("https://app2domain.com/sessions");
try {
resp = httpclient.execute(httppost);
}
catch (Exception e) {
throw new Exception("Exception: ", e);
}Error
The AppX was isolated to new server and it started throwing PKIX path validation failed error while sending requests to AppY.
Exception: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path validation failed: …java tls