Is Spring RestTemplate Thread Safe

Is Spring RestTemplate Thread Safe?

The only correct answer to this question is: No

A quick look at the source (the link is tied to a specific version so the line number is always correct) on line 230 shows the method “setMessageConverters” which mutates the field messageConverters without proper thread safe access or publishing.

There are multiple incorrect answers to this question found on the web:

All of these incorrect answers are actually answering the question: “Is there a way to use an instance of RestTemplate that is thread safe?” or just quoting other incorrect posts. (Especially disappointing is the blog post on spring.io. But, it was written in 2009, so maybe it was thread safe back then. Since at least 2012 (line 171) it has not been thread safe.) Or, they answer “Yes” then say “But don’t add a MessageConverter, because that is not thread safe”.

“Is there a way to use an instance of RestTemplate that is thread safe?” is a different question, and like all Java objects, the answer of course is: Yes.

If your code avoids the non-thread-safe methods, then you can claim thread safety.
If your code simply doesn’t call any methods on the instance, you can claim thread safety.
If your code only has one thread, you can claim thread safety.

But the actual code of RestTemplate.java shows that it is not thread safe.
And the typical use is to create a singleton instance that is used by multiple threads.
It is a “cross your fingers and hope nothing weird happens” kind of thread safe.

Which, of course, is not thread safe at all.

Posted in Software Engineering | Comments Off on Is Spring RestTemplate Thread Safe

Hadoop Terasort VirtualBox benchmarks

Setup: 3-node hadoop (hdp v2.6.1), installed via Ambari 2.5.1 and running in VirtualBox 5.1 on one physical machine.

The terasort is traditionally run on 1 terabyte of random data (SIZE=10,000,000,000). In 2008, Yahoo! ran terasort on 1TB of data in 209 seconds, on a cluster of 900 nodes.

However, this benchmark is for significantly less data (SIZE=10,000), or 1/1,000,000th the amount of data and significantly fewer nodes (1 physical machine).

teragen: 340 seconds
terasort: 352 seconds
teravalidate: 6 seconds

Each (virtual) node:
8GB RAM, 2CPU, 80GB separate /hadoop/hdfs/data mount, Ubuntu 14.04.2 LTS

Physical machine:
32 GB RAM, 8-core AMD FX-8350 4.0GHz, 1TB WD Black HDD, Ubuntu 16.04 LTS xenial

Posted in Storage | Comments Off on Hadoop Terasort VirtualBox benchmarks

Secret Share 1.4.3 on Maven Central

Secret Share in Java on Maven Central

Just completed a release of the Secret Share in Java project to Maven Central.

Search for it using search.maven.org.
Or, go to SecretShare-1.4.3 directly.

GroupId: com.tiemens
ArtifactId: secretshare
Version: 1.4.3

This release adds a “-paranoid” flag to the combine operation. This is useful if you have more shares than you need and you are not sure if you have typographical errors in the values. The “-paranoid” will try subsets of the shares to recreate the secret, then keep track of which secrets were seen most often.

Sonatype Notes:

The Sonatype instructions were updated. See ReleaseProcess.txt.

Posted in Software Project | Comments Off on Secret Share 1.4.3 on Maven Central

Real World Debugging Exercise

Just completed the Real World Debugging Exercise.

It is a static page on this site (just like the Lot Area Calculator).

Posted in Uncategorized | Comments Off on Real World Debugging Exercise

VirtualBox USB Flash for ZFS

To set up your USB Flash drives as pass-through in VirtualBox, here is what you can do.

Next, plug in your flash drive and record its device. For me, it was /dev/sde. Look in /var/log/syslog, or dmesg output, for the “[sde] Attached SCSI removable disk” line. My device looked like this:

ls -l /dev/sde
brw-rw---- 1 root disk 8, 64 Nov 24 15:22 /dev/sde

If you don’t run virtualbox as root (and you should not), then you’ll need to use the group to access /dev/sde. Above, you can see it is “disk”.
Now, make sure the user that is running virtualbox is in the “disk” group (e.g. ‘tim’ user):

sudo usermod -a G disk tim

After this, you may or may not have to reboot. Run “groups” as your user. Make sure you see “disk” listed. If not, reboot (or maybe just logout and login).

Then, for each USB Flash drive, run this VBoxManage command:
(Note: this command just creates a *.vmdk file that “links” to a raw device. It does not touch or alter the device, but it does make sure your current user has permissions to the device):

VBoxManage internalcommands createrawvmdk -filename usbflash1.vmdk -rawdisk /dev/sde1
chown tim:tim usbflash1.vmdk

Then, in the virtualbox GUI, under settings, choose Storage, then “add hard disk”, then “Choose existing disk”, then select the usbflash1.vmdk file created above.

See the ZFS Fkash Drives on how to create your ZFS volume from the USB Flash drive(s).

Next up: plugging the USB Flash drives into a different ZFS instance.
(In case it is not clear, the trade-off here is between:
1) Two separate USB flash drives, which can be used by just about any computer, but must be manually kept in sync, and manually compared looking for differences, versus
2) Two flash drives as a single ZFS mirror volume, where ZFS makes sure the contents are the same and scrubs them to make sure they stay that way. However, you need a ZFS system to mount and use them.)

The contents of usbflash1.vmdk:

# Disk DescriptorFile
version=1
CID=1d3a8b59
parentCID=ffffffff
createType="fullDevice"

# Extent description
RW 15130017 FLAT "/dev/sde1" 0

# The disk Data Base 
#DDB

ddb.virtualHWVersion = "4"
ddb.adapterType="ide"
ddb.geometry.cylinders="15009"
ddb.geometry.heads="16"
ddb.geometry.sectors="63"
ddb.uuid.image="33234751-eccf-4188-8e3d-a903b8a4ad74"
ddb.uuid.parent="00000000-0000-0000-0000-000000000000"
ddb.uuid.modification="ee7f3673-388e-42ab-9fa6-698cd80fb5bd"
ddb.uuid.parentmodification="00000000-0000-0000-0000-000000000000"
ddb.geometry.biosCylinders="941"
ddb.geometry.biosHeads="255"
ddb.geometry.biosSectors="63"
Posted in ZFS | Comments Off on VirtualBox USB Flash for ZFS

ZFS Flash Drives

As an experiment, I created a small (8GB) ZFS volume in a mirror configuration using two 8GB USB Flash drives.

The purpose was to put “small, but really important things” on this storage system.

It actually ended up being two discrete pieces of work. First, setting up a VirtualBox FreeNas 9 image with “USB passthrough”. Second, running the FreeNas/BSD commands to create the volume by hand, since FreeNas insists on using 2G (fixed) per disk when it creates volumes. 2GB of 1000GB isn’t even a drip; 2GB of 8GB is significant.

So, second things first: creating the partition and volume and getting FreeNas to acknowledge it.

Once you know the two devices in FreeNas (for me it was /dev/ada1 and /dev/ada2), you can run these commands:

gpart create -s gpt /dev/ada1

gpart add -i 1 -t freebsd-zfs /dev/ada1
# now run ls -l /dev/gptid, make note of the new entry,
#   e.g.  d50a7a3b-aeb0-11e6-86a2-080027bed2b8

gpart add -i 1 -t freebsd-zfs /dev/ada2
# make note of that gptid too, 
#    e.g.  e9c860e9-aeb0-11e6-86a2-080027bed2b8

Since my two USB drives were not exactly the same (7.4G versus 7.2G), the zpool create required the “-f” flag:

zpool create -f  usb8 mirror /dev/gptid/d50a7a3b-aeb0-11e6-86a2-080027bed2b8 /dev/gptid/e9c860e9-aeb0-11e6-86a2-080027bed2b8

zpool status
  pool: usb8
 state: ONLINE      
  scan: none requested 
config:   
        NAME                                            STATE     READ WRITE CKSUM  
        usb8                                            ONLINE       0     0     0 
          mirror-0                                      ONLINE       0     0     0    
            gptid/d50a7a3b-aeb0-11e6-86a2-080027bed2b8  ONLINE       0     0     0 
            gptid/e9c860e9-aeb0-11e6-86a2-080027bed2b8  ONLINE       0     0     0  

Then, to get FreeNas to acknowledge it:

zpool export usb8

Finally, in the FreeNas GUI, run “Import Volume”, no encryption, selecting the volume name in the drop-down list. Under “Disks”, you should see two “7.xGiB” entries, not the “5.xGiB” the the 2GB swap partition would have given you.

If you didn’t make note of the gptid as you created the partitions, you can run

gpart list

And look for the “Name: ada1p1” entry to get the “rawuuid” value to use with /dev/gptid/hxhxhx….

Using the gptid/rawuuid, instead of /dev/adaX, is a good idea in general. In this particular case, remember that the device is actually a VirtualBox-created “Disk”, with a VirtualBox serial number, and a VirtualBox gptid.

See the next post on how the “pass-through” was created in VirtualBox.

Posted in ZFS | Comments Off on ZFS Flash Drives

iptables flush and ssh

Fun lesson from today: don’t blindly clear/flush your iptables.

If you are remotely managing a system, then make sure you run this:

sudo iptables -P INPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT

before you run this:

sudo iptables -F

It turns out there are people who will write default block (“policy DROP”) style rules (instead of the using a default “policy ACCEPT” and ending with REJECTs/DROPs at the end that match everything). If the default policy is not ACCEPT, then clearing the rules will immediately remove your ssh access to the machine.

The lack of a default “policy REJECT” is one reason you will see more “policy ACCEPT” – because then, at the end, you can choose between REJECT or DROP. If you write your rules “in the other direction”, you loose the flexibility to choose – you must DROP. There are numerous posts on why DROP is not necessarily better than REJECT. (“Attackers don’t really feel any pain with DROP, but your legitimate users sure do”.)

Posted in Software Engineering, Ubuntu | Comments Off on iptables flush and ssh

Kids Game Build

The goal of this machine was to replace the highly unreliable kids computer (Portable Power Build). First the GPU went, then the HDD started showing errors. Finally the MB voltage started to act up. The net result was that the computer was very unreliable and would just freeze, awaiting a hard reboot.

The goal was to be “reasonable yet not extravagant”.

Some facts on the CPU: the i5-6500 is currently #261 on PassMark [7,042] cpubenchmark.net. At a price of $204, it has a “value” rating of 34.3. It is the first 4-core not 8-core machine in a long time – for a gaming machine, the 4 extra cores don’t pay off. This is the first LGA 1151 CPU build. And along with it, the first DDR4 machine as well. Also a first is the USB-C connector on the motherboard.

All product links are from the actual vendor. Not all pieces were purchased in 2016.

Item Product Cost
CPU Intel Boxed Core I5-6500 FC-LGA14C 3.20 Ghz 6M Processor Cache LGA 1151 BX80662I56500 $204
RAM Corsair Vengeance LPX 16GB (2x8GB) DDR4 DRAM 3000MHz (PC4-24000) C15 Memory Kit – Black $74
Motherboard GIGABYTE GA-Z170XP-SLI LGA 1151 Z170 2-Way SLI UEFI DualBIOS ATX DDR4 ATX DDR4 $126
Power Supply Corsair CX Series, CX500 500 Watt (500W) Power Supply, 80+ Bronze Certified $53
Video Gigabyte GTX 750Ti GV-N75TOC2-2GI GTX 750 Ti GDDR5-2GB 2xHDMI OC Graphics Cards $105
Case Corsair Carbide Series 200R Compact ATX Case $58
SSD Drive Samsung 850 EVO 250GB 2.5-Inch SATA III Internal SSD (MZ-75E250B/AM) $117
HD Drive None
DVD/CD Samsung DVD Burner 24x SATA DVD+RW DVD-Writer Internal Optical Drive (SH-224FB/BSBE) $17
Keyboard/Mouse
OS Microsoft Windows 10 Pro 64 Bit System Builder OEM | PC Disc $125
Total $879
Posted in Computer Builds, Core-i5 | Comments Off on Kids Game Build

Ubuntu 16.04 Vnc and VirtualBox Resolution

As posted for 14.04, here are the steps to getting a larger VNC connection to your Ubuntu 16.04 virtual machine:

Desktop Sharing

Desktop Sharing is back as an item in 16.04 desktop. Just bring up the search, type “Desktop Sharing”.

If for some reason you do not see it, type:
$ vino-preferences

Desktop Sharing Security

When your VNC client fails to connect with an error like “No matching security types” or “No security type suitable for RFB 3.3 supported” (or if you see a log line from vino-server like “Advertising security type 18”) then type:

$ gsettings set org.gnome.Vino require-encryption false

Then connect again with your VNC viewer. No restart or logout required.

Higher Resolution – a little

To get to a decent 1024×768, you can run xdiagnose:
$ sudo xdiagnose
In the dialog box, check all of the options under “Debug” : “Extra graphics debug messages”, “Display boot messages”, and “Enable automatic crash bug reporting”. Push “Apply” then “Close”.
Then, reboot
$ sudo /sbin/shutdown -r now
You can now choose 1024×768 under “Displays”

Higher Resolution – a lot

To get to higher resolutions (e.g. 1600×1200):
1) Insert the VBOX additions (from VirtualBox)
2) cd /media/$(id -nu)/VBOXADDITIONS*
3) sudo ./VBoxLinuxAdditions.run
4) sudo apt-get install virtualbox-guest-x11
and reboot again.
Now, the “Displays” settings window should allow choices from 2560×1600 to 800×600 for the VBX 0″ display.

Posted in Ubuntu | Comments Off on Ubuntu 16.04 Vnc and VirtualBox Resolution

Brother HL-2170W wifi

Having upgraded the wifi device, and changing the SSID and passphrase, the Brother HL-2170W printer needed to be updated.

First, the “easy button” just failed. Never worked. Which I recall happened the last time I set up this printer.

Next was the factory reset to get the wired interface to listen again – turn off power, hold “Go” button, turn on power, press “Go” button 7 times.

Then press “Go” 3 times to print the connection information – see page 3, “Network Configuration”, “IP Settings” – mine said “10.0.0.200 (via DHCP)”.

Then, browse to that address, press “Network Configuration”, (default credentials are user/access and admin/access).

This is where the fun begins…

On the screen find the “* Configure Wireless” link. Press that.
Key Setting: Communication Mode = “1) Infastructure Mode” (do not use ad-hoc)
Setting: Authentication Method = “WPA/WPA2-PSK”
Key Setting: Encryption Mode = “AES”
Skip all the of WEP Key fields.
Setting: Passphrase = “<< enter your SSID password here >>”

Push submit. It says “data submitted”, then says “if ethernet cable plugged in, unplug it”. Unplug ethernet. Wait.

Finally, the printer will print 1 page of “NETWORK CONFIGURATION”.
Check the IP Address and make sure the “Link Status” says “Link OK”.

Browse to the wifi IP address. Confirm everything is working.

Posted in Uncategorized | Comments Off on Brother HL-2170W wifi