Blog

Blog

Commercial SSL certificates in general and wildcard certificates in particular are getting more expensive by the day.
And we never bothered to go through the OpenSource project checks that some certificates dealers offer.

But now there's a new player on the field, Let's Encrypt, a community project backed by some of the bigger Internet players.

Let's Encrypt just opened the beta phase to the public a few days ago, so it's time for Clazzes.org to join in.

Due to ....

  • Let's Encrypt's restrictions (no wildcards, only 5 certs per domain per 7 days)
  • fear of using "alternate name" certificates
  • fear of cutting of apt-get, yum, mvn, ...

... we started with the following https sites:

Please feel free to report any related certificate problems you might encounter to admin at iteg dot at.

We just migrated clazzes.org to a larger DC with better connectivity.

Sory for any migration inconveniences.

Why, Debian, why?

Last weekend I updated the SSL certificate used for all VirtualHosts on Clazzes.org, like this very site, and https://deb.clazzes.org and some others.

Unfortunately, Debian's ca-certificates package is not maintained for old-stable. For more details, see debian bug 501123.

Therefore, Tools like apt-get, wget and curl refuse to download GPG keys, packages, or other stuff from Clazzes.org with https, unless special options like wget's --no-check-certificate are used.

We are already thinking about providing updated ca-certificates packages for old-stable versions like squeeze and I just entered the bug discussion.

It was only a matter of time ...

Due to content spamming we were forced to turn off self registration, sorry.

We don't want to discourage contributors, though. Anyone interested in an account please drop an E-Mail to admin at clazzes dot org, or DM us on Twitter: @ClazzesOrg.

 

Introduction

IPv6 has reached Clazzes.org and we are now running in dual stack mode, offering services over IPv4 and the "new" IPv6!

Current Server Status: IPv6 up and running

Two days ago our housing provider offered us to participate in the "friendly user phase" for there ongoing IPv6 introduction.

Technically this means:

  • We have been assigned an official global IPv6 subnet
  • We have full IPv6 connectivity
  • We should get the according reverse lookup zone assigned to use soon
  • But IPv6 operation is not yet part of the SLA, and in case of major connectivity problems IPv4 gets repaired first

Client Applications Status: Tweaking may be required

IPv6 is not that new and there are regions and internet access providers without IPv4 addresses.

Therefore the majority of applications has good dual stack support now: When a server has IPv4 and IPv6 addresses, connections over both channels are attempted, either concurrently (faster one wins) or one after the other. This should allow pretty much all applications to connect to the server, even if the IPv6 setup or connectivity is broken somehow.

If an application fails to connect nevertheless, or if the attempt-both-approach just costs too much time, it is usually possible to tweak the application behaviour. For some details, feel free to read our according KnowHow arcticle on HowTo invite applications to prefer IPv4 or IPv6.

Feedback Welcome!

To provide feedback on Clazzes.org's IPv6 setup, please write to admin@clazzes.org or tweet @ClazzesOrg.

 

Overview

After some more Eclipse frustration and after finding out they dropped numerical versions from downloadable files' names (see our according Tweet), I started Eclipse Hints.

Besides a list of Eclipse Version Codenames I also started to document our Favourite Eclipse Plugin Sites.

Special Hints

GTK confusion in Eclipse 4.4

See Running Eclipse 4.4 Luna under debian wheezy.

 

Atlassian promises major search enhancements for Confluence 5.2, therefore just upgraded confluence.clazzes.org.

Jira got a minor update, to 6.0.6

Enjoy!

It's been on my wishlist for over a decade.

Now we have a solution for one common application architecture: SDS (SQL Directory Service) is released as 1.0.0.

If a 3-tier web app uses a Web 2.0+ client (Capable of using DOJO 1.8), an OSGi container (like Apache Karaf) and a SQL database, SDS provides a stand-alone user (and groups) database and a web interface or maintaining users and groups, which can be used by applications easily facilitating our DomainPasswordLoginService concept.

The SDS_ prefix for it's tables' names allows it to co-exist with the application's tables in a single database.

Together with the multi-auth-backend dispatcher org.clazzes.login.broker it is just as easy to combine sources of authentication: Normal end users might authenticate against LDAP backends like ADS, while other programs (like cronjobs updating a web site) may authenticate towards the SDS tables which may be easier to manage by the application's managers and do not eat up resources and licenses in the ADS infrastructure.
 

@ClazzesOrg

Open source projects should be somewhat "social", therefore Clazzes.org hasjoined Twitter, as @ClazzesOrg

(wink)

 

I finally found time to create a debian package for our JDBC based database tool collection JDBC2XML.

For details take a look at JDBC2XML Installation.

As of yesterday the clazzes.org server has been upgrade from Debian 6 squeeze to Debian 7 wheezy.

Special my.ini settings which had been required by former Confluence versions but are incompatible with MySQL 5.5 caused minor problems, therefore Jira and Confluence have been unusable a bit longer than expected ;-(
We apologize for any inconvenience.

Confluence 5.0.x has a bug making the edtior close to unusuable in Google Chrome 27, which was named stable today.

Therefore we just upgraded clazzes.org to Confluence 5.1.3 which solves the problem right away.

Due to a weird problem of the confluence installer (net not found in java library path), and after good results from upgrading Java on other hosts, I also upgraded Java to 1.7.

Using the momentum, Jira was upgraded too and is now at 6.0.

Unfortunately an OpenSource nightmare scenario has hit FTPSync with 1.3.07: It uploads files even in download mode.

I have fixed the bug #38906 with git commit 65c0a4fed73b719352e5fa00096a4081d9cc3a63, but I actually recommend to use the re-released ftpsync-1.3.06-0.tar.bz2.

Thank You Atlassian (wink)

Last weekend I added links from Confluence to svn and Jira, and from Jira to Confluence.

Today we detected that some Confluence.clazzes.org spaces and all Jira.clazzes.org projects were invisible to anonymous users not logged in. We fixed that!

Furthermore we installed the free Jira-SVN-Plugin so we Jira can now automatically refer from issues to svn commits with comments containing the issue key. Nice.