Change is required. Atlassian engineer's blog

  Hi, the community! Today, I would like to speak about configuration for the RDBMS (like MySQL, PostgreSQL, MS SQL, Oracle) and I will be happy to read your feedback. That article will have 4 parts (overview, use cases, specific products, deadlock). Many times as I see into different environments, installations with Atlassian Suite, as most of the configs are defaults. Therefore I want to share with small tips and tricks, which is used by me for a long time.   Based on that maybe someone will be interested in the short links, for first the configuration before starting to go deep into ANALYZE, EXPLAIN utils. Let’s start it.    PostgreSQL   My favorite tool is  https://pgtune.leopard.in.ua/#/ Via that service, I can easy to set the first parameters. I do recommend you check the DB pool connections in dbconfig.xml ( KB of dbconfig.xml ) + add a few extra connections (typically I add +10 it depends on replication/bi/other connections), otherwise, you can’t lo...

  Hi!    Nowadays, we see Java releases starting to be faster, which was motivated by Oracle. Maybe it's good for new systems, maybe bad for  "blood"  ;) Enterprise. It is mostly funny research of installed plugins in our Jira installation.   JVM is going forward, but what about the  Bytecode ? Is this updated by app vendor? What about dependencies? As we know a few things about Java:  1. A Jar file can be unpacked 2. Java class file has the  magic number  in the first 4 bytes block of file "0xCAFEBABE". The story you can read here  https://www.artima.com/insidejvm/whyCAFEBABE.html 3. And 6th and 7th bytes reserved for the  major and minor version number of the class file format being used.   https://en.wikipedia.org/wiki/Java_class_file   Let's investigate just for fun:  1. Just prepare files from production a latest snapshot of installed plugins tar -czvf apps.tgz {jira_home}/plugins/installed-plugins...

  Hi!  Nowadays. security and trust is a very important aspect. I was wondering a lot of administrators, security specialists, security researches and attackers investigate installed components on the production system, e.g. Jira opened through the internet.  To minimize the risk you can investigate the jar files in directory installed plugins, the same thing I can do for every Atlassian product installed in your company. I'd like to share very small tip and trick related dependency checker and I hope you will check your set of installed apps or developed apps.  next part you can find ( here PART-2 )  1. Introduction Just a small quote which shows important from  OWASP site .  Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities Also, keep in your mind it is not deep analysis, instead of using static code analyzers Sonar, PVS studio, but it provides a good overview and...

  Hi awesome community, In this article, I would like to share with you a small tips and tricks related to analyzing heap dump using Yourkit. First of all, disclaimer: all things should be tested on test environment.    Let's do investigation.  1. You need to take a heap dump. Let's follow  https://dzone.com/articles/how-to-capture-java-heap-dumps-7-options  Actually, I use jcmd for take heap_dump. Because jmap is mostly affected my prod instance. ;)  Time to time JVisualVM helps to me as well. 2. Then upload to your PC. (scp, rsync, nc) 2. Let's Open snapshot    3. Let's click to Class and package in Right Sidebar and check your apps just for double check.    And easier you can investigate your classes and packages. Also, you can see Check which objects mostly used and wasted.  That article helps to me   https://dzone.com/articles/preventing-your-java-collections-from-wasting-memo 4. Well, let's investigate a biggest obje...