0 Comments

Recently I had some problems connecting with DataGrip to my Microsoft SQL Server 2012 instance provided as part of purchased web hosting plan.

By some reason my connection was always rejected with following error message:

The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target".

Microsoft’s documentation (available here) turned out to be very helpful. According to it, the initialization is always encrypted with JBDC and I actually should focus on encrypt and trustServerCertificate parameters, setting both to ‘true’. In this configuration client-side (my tool), was expecting SSL traffic and had disabled any checks done over the certificate itself.


Partial success, for now the error message got changed to:

The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.security.cert.CertificateException: Certificates do not conform to algorithm constraints".

This lead to a conclusion that the certificate is invalid in more ways. Little help from stackoverflow.com revealed it might be so old that the latest Java 8 OpenJDK had put it on blacklist due to weaknesses and vulnerabilities of used MD5 signatures. Brutal and effective patch is then restored it back and whitelist ;-)

Edit file: %ProgramFiles%\JetBrains\DataGrip 2017.1.5\jre64\lib\security\java.security

and remove MD5 and MD5withRSA

from those two variables: jdk.certpath.disabledAlgorithms and jdk.tls.disabledAlgorithms.


Now, connection succeeded and we are ready to play with the database.


You are right. At this point I should stop and let them know about the issue and ask about certificate upgrade. Thanks.

0 Comments

It’s been quite a while since I upgraded my machine for daily development. Till four months ago I was still using my 2011’ MacBook Pro with some additional upgrades done down the line (described them here and here). Nevertheless it was more often seen it became older and older and somehow the speed and work comfort was insufficient anymore.  

Once decision was made, for the first time in my life I wanted to buy my next laptop wisely. So I wrote requirements!:

  1. it should be small – 13’’ would be preferable, but 15’’ should go fine too
  2. it should have some brand new processor and 32GB RAM or more
  3. display should support al least FullHD on IPS matrix; 4k resolution is probably unnecessary for 13’’
  4. it should allow to plug-in 2 external monitors simultaneously
  5. must have 1Gbit Ethernet socket (as there is no WiFi inside an office due to security reasons)
  6. should support 2 SSD drives, at least one must be PCIex NVMe
  7. good secondary graphic card will be a huge advantage (as the MacBook had only the build-in Intel HD Graphics 3000 – slow as a 3-wheel kid bike)
  8. doesn’t need DVD drive
  9. should support Windows 10 Pro x64
  10. BT 4.0, TPM module, SD-card reader will be an advantage
  11. not too heavy


And then started looking around for anything matching my wishes. Unfortunately, and I cried about it a lot, Apple was out almost immediately. Since I wanted to max the spec on the day one and never care about an upgrade in the future, MacBooks turned out to be extremely expensive. 2 sometimes even 3 times more than the competition with similar components. That is insane. I like them, but I am not such a fan boy.

Also Lenovo jumped out from the competition, but mostly by my personal preferences. Few years back I had two business editions of T51 and I was using them happy until both died almost at the same time, few months after warranty period. I don’t want to say anything bad about Lenovo’s quality as they were really good hardware. It just kept worrying me at the back of my head.


My final choice became: MSI GE62VR Apache Pro i7-7700HQ/32GB/1TB GTX1060 with Samsung 512GB 960 Pro M.2 2280 NVMe as the main drive. After those four months of usage I am really satisfied with this laptop.


Pros:

  • it’s fast (~9 seconds for cold boot to be logged in in Windows, including PIN typing)
  • the quality of colors of the build-in display in really impressive
  • supports 3 displays simultaneously (2 externals and the build-in), that gives lots of space for developer
  • Steelseries keyboard, which is stunning with key reprogramming (changed Pause/Break into Delete) and customizable colors
  • touchpad can be disabled with a shortcut (Fn+F3)
  • it has GTX 1060 and let play newest games with really good quality and framerate
  • is VR-ready


Cons:

  • it almost can’t work without power supply (1.5h if doing only presentation with only HDMI projector attached; when Visual Studio or similar IDE is running it goes down to less than 1h)
  • the given HDD is extremely noisy, I mean it!
  • playing newest games on ultra might make the center of keyboard really hot (65C or more)
  • chassis bottom is plastic not aluminum


I hope you find it useful.

1 Comments

I really like development in Visual Studio even if I have a feature to implement for other platforms. And anytime I can I try to continue this experience. Period.

This time I had a pleasure to wrap several HTTPS calls using libcurl. But how to make it run on my x64 Windows machine? There is some info on StackOverflow.com, what can be moved to VS2017 in following steps:

  1. Start VS2017 console: "%ProgramFiles(x86)%\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" amd64
  2. Download the curl-7.53.1.zip source-code and unzip it
  3. enter “winbuild” folder
  4. compile with Windows SSL build-in support: nmake /f Makefile.vc mode=static VC=14 ENABLE_IPV6=no MACHINE=AMD64(optionally mode can be set as ‘dll’ to have later one more DLL do deal with in the project)
  5. grab the outcomes from “/builds/libcurl-vc14-AMD64-release-static-sspi-winssl” folder
  6. setup new project’s ‘include’ and ‘lib’ folder (put libcurl_a.lib or libcurl.lib into references)
  7. and remember to take a look at samples!

Thanks!

0 Comments

Recently I described, how to keep in sync with GitLab latest releases on the Raspberry Pi. And of course it lead me to a problem after unsuccessful update to version 8.17-rc3. This release has the PostgreSQL 9.6.2 embedded and apparently everything got broken in the middle of the upgrade process. After all my tries to revert to previous GitLab version, lots of time wasted (yes, each call to apt-get upgrade or install specified GitLab version was taking several hours!), I still stayed with totally unresponsive instance.

Then again I came back to basics.

  1. I rebooted the device
    sudo shutdown –r now
  2. Installed latest GitLab-CE
    sudo apt-get upgrade
  3. Asked it to revert PostgreSQL to previous version
    sudo gitlab-ctl revert-pg-upgrade
  4. At this stage, it was showing some strange errors about inability to connect to psql service via TCP/IP, that was pretty strange.
    So I checked the status.
    sudo gitlab-ctl status

    run: gitlab-workhorse: (pid 3099) 7362s; run: log: (pid 604) 1487541047s
    run: logrotate: (pid 11405) 160s; run: log: (pid 602) 1487541047s
    run: nginx: (pid 1917) 7686s; run: log: (pid 608) 1487541047s
    down: postgresql: 1s
    run: redis: (pid 1930) 7685s; run: log: (pid 603) 1487541047s
    run: sidekiq: (pid 3079) 7364s; run: log: (pid 607) 1487541047s
    run: unicorn: (pid 3257) 7282s; run: log: (pid 606) 1487541047s
  5. And then logs!
    sudo gitlab-ctl tail postgresql
  6. And it was continuously repeating an error, while parsing line 210 of the configuration file, what was all the time stopping the service.
    sudo vi /var/opt/gitlab/postgresql/data/postgresql.con
  7. Since it was about replication, I commented it out and service started normally.
     
  8. Then manually upgraded PostgreSQL
    sudo gitlab-ctl pg-upgrade
  9. This time all went OK.

0 Comments

I recently noticed that my GitLab installed on Raspberry Pi (running Jessy) stopped updating and stick to version 8.7.9, however the latest one as of today is 8.16.4.

Normally apt-get updateand apt-get upgradeshould do the trick. But it turned out there was a change in the build system and newer packages don’t get uploaded into ‘raspbian’ version of repository. For details - take a look on issue #1303. Although quick patch is following and short:

 

Edit configuration file located at: /etc/apt/sources.list.d/gitlab_raspberry-pi2.list

And redirect the repository path from ‘raspbian/’ to ‘debian/’.

 

Done!


EDIT: 2017-03-12:

The broken repository for 'raspbian' was fixed and this trick is no more required to install latest version of GitLab.