Showing posts from March, 2019

So when we need to adjust configures for RDBMS? Or DB Performance analysis tools through lazy eyes

  Hi, the community! Today, I would like to speak about configuration for the RDBMS (like MySQL, PostgreSQL, MS SQL, Oracle) and I will be happy to read your feedback. That article will have 4 parts (overview, use cases, specific products, deadlock). Many times as I see into different environments, installations with Atlassian Suite, as most of the configs are defaults. Therefore I want to share with small tips and tricks, which is used by me for a long time.   Based on that maybe someone will be interested in the short links, for first the configuration before starting to go deep into ANALYZE, EXPLAIN utils. Let’s start it.    PostgreSQL   My favorite tool is Via that service, I can easy to set the first parameters. I do recommend you check the DB pool connections in dbconfig.xml ( KB of dbconfig.xml ) + add a few extra connections (typically I add +10 it depends on replication/bi/other connections), otherwise, you can’t log in.  You can see one of my

Let's investigate installed apps with which version of JDK compatibility was built

  Hi!    Nowadays, we see Java releases starting to be faster, which was motivated by Oracle. Maybe it's good for new systems, maybe bad for  "blood"  ;) Enterprise. It is mostly funny research of installed plugins in our Jira installation.   JVM is going forward, but what about the  Bytecode ? Is this updated by app vendor? What about dependencies? As we know a few things about Java:  1. A Jar file can be unpacked 2. Java class file has the  magic number  in the first 4 bytes block of file "0xCAFEBABE". The story you can read here 3. And 6th and 7th bytes reserved for the  major and minor version number of the class file format being used.   Let's investigate just for fun:  1. Just prepare files from production a latest snapshot of installed plugins tar -czvf apps.tgz {jira_home}/plugins/installed-plugins scp apps.tgz localpc:/tmp/ 2. And let's extract exi

Let's check installed apps dependency to be compliant for OWASP Dependency-Check

  Hi!  Nowadays. security and trust is a very important aspect. I was wondering a lot of administrators, security specialists, security researches and attackers investigate installed components on the production system, e.g. Jira opened through the internet.  To minimize the risk you can investigate the jar files in directory installed plugins, the same thing I can do for every Atlassian product installed in your company. I'd like to share very small tip and trick related dependency checker and I hope you will check your set of installed apps or developed apps.  next part you can find ( here PART-2 )  1. Introduction Just a small quote which shows important from  OWASP site .  Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities Also, keep in your mind it is not deep analysis, instead of using static code analyzers Sonar, PVS studio, but it provides a good overview and possibility to raise an issue

How to easier define memory wasted stuff and detect your bad scripts/apps

  Hi awesome community, In this article, I would like to share with you a small tips and tricks related to analyzing heap dump using Yourkit. First of all, disclaimer: all things should be tested on test environment.    Let's do investigation.  1. You need to take a heap dump. Let's follow  Actually, I use jcmd for take heap_dump. Because jmap is mostly affected my prod instance. ;)  Time to time JVisualVM helps to me as well. 2. Then upload to your PC. (scp, rsync, nc) 2. Let's Open snapshot    3. Let's click to Class and package in Right Sidebar and check your apps just for double check.    And easier you can investigate your classes and packages. Also, you can see Check which objects mostly used and wasted.  That article helps to me 4. Well, let's investigate a biggest objects   5. Let's investigate what is this?