Resolving Spring Security ACL deadlock in MySQL

The default JDBCTemplate based implementation of Spring Security ACLs removes and recreates the entire ACL for each update. That requires both deletes and inserts into the same table within the same JPA transaction and is a recipe for deadlock when using the default MySQL transaction isolation level of REPEATABLE_READ. 

Setting your transaction isolation level to READ_COMMITTED is a viable alternative to MySQL's default but be certain you are not using the default bin-log format of Statement as this is not compatible with READ_COMMITTED isolation. You'll need to use Mixed or Row level bin-log format instead. 

Share

Great explanation of the 'The Infamous Loop Problem' in javascript

Thanks Robert Nyman for your apparently timeless explanation of the Infamous Loop Problem that caught me when declaring my callbacks to an asynchronous request tonight.

Share

By popular demand ... my git-aware bash prompt

Pirated from a long forgotten place...apologies to the respective copyright holders. Just paste this in your .bashrc for git-aware goodness:
Loading ....
Share

Configure my Amazon EC2 instances to only accept traffic from the Elastic Load Balancer

The AWS Elastic Load Balancing FAQ has this very relevant question:

Can I configure my Amazon EC2 instances to only accept traffic from the Elastic Load Balancer?

followed by an ever so helpful response:

Yes.

Seriously - no links, no reference to documentation, nothing. With such a tremendous investment in infrastructure you'd think Amazon might spend a day or two on documentation...alas.

Insult to injury it's also not at all obvious what you need to do to configure your Security Group to support this very commonly desired configuration. I'm here to help.

Use the not-so-documented 'amazon-elb/amazon-elb-sg' Security Group name as the Inbound Source for your Security Group rule to filter on traffic coming from your AWS ELB. Enjoy!

Share

Resolving git-gc error on Mac

During today's maintenance run of git-gc on our Mac hosted repo I encountered screenfulls of nasty fatal error messages - but the last two were a clue to the root cause:

fatal: Unable to create temporary file: Too many open files
error: failed to run repack

This related post helped me find a quick cure which involved simply bumping the ulimit up temporarily.

# ulimit -n 10024
> git gc

Easy fix for a potentially bad day.

Share

Play framework on AWS

Steps I took to get a Play framework app up and running on a micro AWS instance running Ubuntu 11.10

  1. sudo add-apt-repository "deb http://archive.canonical.com/ lucid partner"
  2. sudo apt-get update
  3. sudo apt-get install sun-java6-jdk unzip
  4. wget http://download.playframework.org/releases/play-1.2.4.zip
  5. sudo unzip play-1.2.4.zip -d /usr/local/share/
  6. install Dominik Dorn's startup script
    1. wget https://raw.github.com/gist/1290012/a31b1d079705ea7ccf6d1fdc866027b674e62841/...
    2. sudo mv playframework /etc/init/
    3. update the script with proper paths 
  7. useradd username -g www-data -m -d /home/username -s /bin/bash
  8. install your app
  9. initctl start playframework
Share

Install APC on CentOS 5.6

The following resolved a few gotchas I encountered installing APC on an old instance of CentOS 5.6

  1. mount -o remount,exec /tmp
  2. yum install pcre-devel
  3. pecl install apc
  4. mount -o remount,noexec /tmp

Share

Loading Fixtures for FunctionalTest in Play Framework

There are three possible gotchas with FunctionalTest on Play Framework 1.2.4:

  1. Ensure your db is configured for READ_UNCOMMITED transactions. See the release notes for more...
  2. Make certain that you import junit's @Before and **NOT** play.mvc.Before
  3. Load your Fixtures in a Job. See the example below.

 

Loading ....
Share

GAE price increases lead to a hard learned lesson regarding platform lockin

Google's pricing changes for GAE have increased the cost of my two very small applications tenfold.  I'm not alone. As a result, I've dropped them to the free tier on GAE - making them practically useless. So long GAE, I hardly knew thee...

Share

Secure file storage in the 'cloud'

In my quest for the perfect sync for the relatively small set of sensitive files I want available from all my workstations I've tried several cloud based services: Dropbox, JungleDisk, Wuala, and Egnyte just to name a few.

Dropbox and JungleDisk both require custom-rolled workarounds (like using a TrueCrypt volume) to keep sensitive files secured. Egnyt encrypts your data at rest but they use a common key which means you are reliant upon their business practices for data security. Wuala encrypts your data with a private key before transmitting it, but their client is quite cumbersome. I've found SpiderOak to be the best fit for my needs.

  • Native Mac client that starts automatically and runs quietly in the tray
  • Zero-knowledge encryption of all my files
  • Supports a smart folder sync 
  • Free entry-level account with 2G of space

 

Share