|
|
|
||||
for latest updates!The TomEE team have released the latest version 1.5.1, building upon the success of the major 1.5.0 release.
Though targeted as a maintenance release, the new version includes some new features such as a Maven Archetype for quickly creating TomEE projects, the ability to reduce JPA scanning overhead, new options in the Arquillian adapters and some enhancements to the TomEE Maven Plugin.
Key upgrades include the use of Apache Tomcat 7.0.34, Apache ActiveMQ 5.7.0, Apache CXF 2.6.3, Apache MyFaces 2.1.10 and Hibernate 4.1.8.
There are also Windows-Installer fixes, CDI changes to better support EARs, increased security for the /tomee webapp, passwordcipher support in tomee-jdbc and increased Java7 support.
For the entire list of 238 bug fixes and 160 improvements/upgrades (!) please see the release notes
David Blevins recently spoke at Devoxx 2012 and JavaOne 2012 discussing the performance benefits and features of TomEE as a Java EE 6 container.
See the full Devoxx video here
TomEE 1.5.1 is now available at Metawerx and runs beautifully on our new HA Cluster.
Metawerx is excited to announce the release of our new HA Java Cluster!
The system has been under construction since April 2012, and now finally after 8 months work, it's alive!
Custom-designed especially for Java hosting, the cluster has been built using a combination of DRBD, a redesigned multi-server version of Heartbeat, heavily upgraded versions of our monitoring software, and new signaling and control software to enable simplified control and ensure each JVM is running on the most suitable server on the cluster.
5 powerful Dell servers are in the current Java cluster, and we can extend this easily or add more clusters as necessary. The systems integrate with Dell's remote-control server hardware to allow automatic rebooting and in-depth monitoring of the health of each server.
How does it work?
How much does it cost?
What does it support?
What are the benefits?
What's next?
We have many other projects in the pipeline. The creation of the HA Java Cluster is a major milestone towards our new java cloud environment. Over the next few weeks we will be performing additional post-release testing and looking for further ways to improve the new platform.
If you have any questions or comments, please don't hesitate to drop us an email!
Tomcat 7.0.33 has been released today and contains the following key changes:
.
Yes, very busy...
It was our 15th birthday last week but we still haven't had a chance to write a News email!
In the last month we have:
in SiteWinder (I'm typing this now in our editor because it's nice) - see News below
for progress notes!
It's been a *huge* month, and a very busy year to date. But we enjoy this sort of stuff, so recommend us to your friends and colleagues! (BTW - you can earn commissions doing that!)
And remember, anything you need, please don't be afraid to ask!
We have activated our new online text-editor in SiteWinder today and are now beta-testing it. I'm actually writing this News Article using the editor in SiteWinder right now!
We imagine the most common uses for online editing would be:
The editor is based on the CodeMirror project which supports the following features and more:
We've also added the following extras:
Anyway, please check it out and let us know what you think!
Click here for more info and screenshots
The new SSL Labs version supports TLS1.2-only servers, so 2 weeks ago (5-Oct-2012) we became the first in the world to score 100 on the Qualys SSLLabs Test
There are 3 other servers that have also reached 100 since then. Congratulations on your hard work!
We first achieved 100 back in May 2012 and received a screenshot from Ivan Ristic (see image below), but haven't mentioned it publicly until now because a version of the SSL Labs test which supported scores of 100 wasn't officially released. Until now, the highest score officially possible was a 98, which is the score we've maintained over the last year.
Our site that has 100 is a test site and is unrealistic except for intranet usage. A perfect score for any internet-based website which uses credit card numbers or other confidential/secret data transmission IMHO is between 88-93, with PCI/FIPS support and cipher selection depending on your financial or institutional compliance requirements. Although if you ever held back in your security due to compliancy guidelines you feel are out of date, we encourage you to complain to the body which writes the guidelines you are attempting to adhere to.
An SSL Labs score of 88 is high enough to prevent simple attacks and 93 is low enough that it still works on Windows XP, mobile devices and any standard PC. It's not terribly difficult to achieve a 93, so we encourage everyone to review their SSL setup and have a quick read over the current attack mitigation techniques on SSL/TLS. If you get confused or stuck, or just can't be bothered, feel free to contact us for help securing your site. Metawerx Managed JVM customers already have the best available public setup configured automatically, and can configure higher security in SiteWinder.
For the crypto-curious, to read a discussion on some of the techniques we used you can read our setup tips on the Metawerx SSL Labs Test Site using the latest version of Opera set in TLS1.2 mode or other browsers that can use TLS1.2. Note that IE 9 and below, current versions of FireFox and Chrome can not currently access TLS1.2 websites, although they are now at TLS1.1 and TLS1.2 should be available soon.
Tomcat 5.5.36 has been released today, primarily a bug fix release.
As per the previous end of life announcement this will almost certainly be the final Apache Tomcat 5.5.x release. Users of the 5.5.x series are strongly encouraged to upgrade to at least 6.0.x and ideally 7.0.x.
Full details of all changes are available in
the Tomcat 5.5 changelog
Tomcat 7.0.32 has been released today and contains the following key changes:
(last release version was 7.0.30).
Metawerx now provides MariaDB 5.5.27 as a database option.
For those that don't know, MariaDB is a 100% open-source drop-in replacement for MySQL, built on top of MySQL Community Edition.
They do monthly merges with the MySQL code base to ensure compatibility and to get all features and bug fixes Oracle adds, but have a number of additional storage engines and performance improvements.
For example, the storage engine Percona XtraDB replaces INNODB and performs much better than MySQL 5.1/5.5 with subqueries.
For a limited time, we will be providing free MariaDB databases for testing purposes. If you want to try it out, let us know and we will copy one of your existing databases over to our new MariaDB cluster.
Our pricing, backups and failover systems are all identical to MySQL, and MySQL tools such as phpMyAdmin all work with MariaDB - since it's based directly on MySQL.
We will also be upgrading MySQL 5.5 to 5.5.28 tonight.
As of 30-Sep-2012, Apache Tomcat 5.5 will reach "End of life".
We will continue to support Tomcat 5.5, but if you are on this older release, now would be a great time to move up to Tomcat 6, or better yet Tomcat 7. With Tomcat 6 and above, more of our new Dashboard Charts are also available, such as RAM usage. If you would like to upgrade, please contact us and we'll arrange it for you at no charge.
For more information, please see the Tomcat 5.5 EOL page.
Importantly, after 30 September 2012:
GoDaddy is experiencing a DDoS (Distributed Denial of Service) attack today. Their DNS services are also affected.
As a result, any customers who rely on GoDaddy DNS services may find their website appears offline today.
Details of the attack and GoDaddy's response are on zdnet and their twitter feed.
To switch to Metawerx DNS, add your Domain Name in Domain Administration in our control panel, then delegate your domain to our DNS servers.
Contact us with any additional requirements such as custom MX records, SPF or Google Apps configuration.
Metawerx DNS is internationally redundant and free for use by Metawerx customers.
Tomcat 7.0.30 has been released today and contains the following key changes:
.
We now have a redundant FTP solution in place, ensuring that FTP is available even in the case of a server restart or failure.
There are now at least 2 servers providing access to the Metawerx File Cloud (redundant filesystem arrays). The secondary server in each DC will become available within a maximum of 20 seconds of any issue with the primary, allowing continuous FTP availability to our customers so they can continue working without interruption.
The new redundant FTP is available at ftpcloud.metawerx.net. We will move all customer-specific addresses to this new address over the next 2 weeks.
This is an important milestone in our HA Java Cloud platform and we are proud to have completed it.
For now you may ask "if the web server is down - what's the point of HA-FTP?". HA-FTP represents 7% of our requirements for moving to a fully redundant Java Hosting platform. When JVMs start moving around the cloud, there will be no guarantee that a specific JVM will be running on any specific server at any specific time. We have a requirement to provide failure-proof FTP so that our customers can connect to their filesystem at all times, even in the case of a complete server outage, and that is now completed. There are other supporting services we need to create HA systems for (RSync, Logging, SSH-Gateways). After those systems are completed, we will be ready to activate our new HA Java Cloud!
You can follow the Metawerx HA Java Cloud Roadmap here
Because of the recent major Java client-side security bug, Oracle has released their 4-monthly security patch release almost 2 months before it's normal expected date.
7u7 and 6u35 bring a series of security patches.
The latest Java 7 exploit affected Windows, Linux and Mac systems, giving the malicious party complete control over affected hardware.
Please remember to update your browsers and OS to the latest 7u7 release ASAP or someone could take complete control of your system if you access an infected web page.
Alternatively, disable Java in your browsers altogether. Despite being the world's most popular programming language, Java is rarely used on the client-side these days (ie: browsers) except by specific websites which require it. Unfortunately, disabling it on IE9 is near-impossible. For that reason and more, we recommend you always set your machines for automatic Java upgrades, automatic OS upgrades (Windows, Linux and Mac), automatic Adobe Reader upgrades, and when your machine asks you to restart - restart it.
For the best protection, always run as a non-admin user. If that is not an easy change-over for all the techies out there, at least remember to set up new machines for your friends, parents and colleagues to use a non-admin user as the default user. For example, if your parents buy a new desktop, set it up so that their username is different to the admin user. Tell them to use the admin user only when installing new printer drivers etc.. but to log in occasionally as admin to run system updates. If you are not running as admin, the chances of losing all your confidential information is reduced dramatically. We live in a world now where 0-day exploits end up affecting millions of computers very quickly. Data theft and data loss are expensive and time-consuming. We have better things to do right?
And of course - back up ;-)
After 3 months of testing and excellent customer feedback, our much awaited dashboard tools are now part of our standard customer control panel.
The dashboard provides 24/7 online historical charting of 14 separate important metrics for each of your JVMs.
If you don't have access to the new Dashboard option, please contact us and we will enable it for your account.
Key advantages:
The dashboard tools are available for:
Systems such as VisualVM are extremely useful in monitoring applications during development. You can view per-second statistics and watch what is happening in real-time. However, in a production environment they fail in 3 critical areas:
Our monitoring runs one snapshot per minute, which is ideal for production systems. It's based on a combination of our ERAI monitoring systems, our traffic recording subsystem, our disk I/O recording subsystems and JMX.
Using our dashboard, customers are able to monitor their live applications in QA or production over extended periods of time.
Chart widget features:
A few comments from our Sneak Preview back in May:
The new charts have already helped identify a number of addressable issues for our customers. For example:
Anyway, enough talk - pictures tell a 1000 words. Here's a repeat of the previous image from the Sneak Preview, including 12 of the per-minute charts from one of our customer accounts. This is a snapshot from a busy retail website which uses Hibernate/Struts. The snapshot was taken after-hours:
The new releases bring a series of small bugfixes and performance enhancements.
Notable changes in the new Java 7 are faster hashing for String keys and JavaFX 2.2 now being included in the JDK.
Tomcat 7.0.30 has been released today and is available at Metawerx.
Key changes:
.
Tomcat 7.0.29 has been released today and contains the following key changes:
Key changes:
.
The following versions are now available at Metawerx:
JDK 6u33 and 7u5 contain Olson time zone data version 2012c and a series of security patches. See the Oracle Java SE Critical Patch Update Advisory - June 2012.
Tomcat 7.0.28 contains various WebSockets improvements, annotation scanning improvements and updates to APR (Apache Portable Runtime). See the Tomcat 7 changelog.
Once again, we're the first hosting provider to be using the new versions, and our own website is already running on 7.0.28 and Java 7u5!
Due to better traffic management and monitoring, we have been able to increase the traffic included in larger plans as follows:
In addition, our overflow rate has been reduced from 1.8c to 1.5c and new Bulk Traffic Packs are available at cheaper rates.
Metawerx Usage Alerts have also been modified to calculate your most efficient upgrades and provide suggestions.
This release features mainly INNODB bugfixes and the following enhancements:
We have added free PermGen RAM and CodeCache RAM allocations to all plans, eliminating the need to use your main RAM for PermGen.
In addition, it will soon be possible to move RAM between different areas on Dedicated JVMs in SiteWinder, allowing you to monitor with our new dashboard meters and allocate your RAM in the most efficient way.
Recently we've invited a few customers to check out our new Enterprise Dashboard tools, soon to be available in our enhanced Control Panel.
Our charts will include at least 14 separate important metrics per JVM displayed as bar-charts, by minute, hour or day and zoomable to full-screen.
Systems such as VisualVM are extremely useful in monitoring applications during development. You can view per-second statistics and watch what is happening in real-time. However, in a production environment they fail in 3 critical areas:
Our monitoring runs one snapshot per minute, which is ideal for production systems. It's based on a combination of our ERAI monitoring systems, our traffic recording subsystem and JMX queries to each customer's JVM.
Using the new charting tools, customers will be able to monitor their live applications in QA or production over extended periods of time.
A few comments so far from our Sneak Preview:
Of the 10 customers using the preview charts over the last week, our new charts have already identified 3 addressable issues:
Anyway, enough talk - pictures tell a 1000 words. Here's a Sneak Preview including 12 of the per-minute charts from one of our customer accounts. This is a snapshot from a busy retail website which uses Hibernate/Struts. The snapshot was taken after-hours:
We monitor over 400 separate subsystems at Metawerx, not including our customer's JVMs and websites.
We get alerts if they slow down, go down or act up, as well as daily alerts just telling us they're happy and for how long they've felt that way. If you have a Dedicate-JVM or a Managed Java Appliance with us, you'd already be familiar with the basic-version of our ERAI alerts. (ERAI: Emergency Restart AI, or in Japanese, "erai" means "well-behaved").
Anyway, we have decided it's time to make our top-level system status available to our customers (and the public) through our website.
Whether your company is big or small and no matter what measures you put into place to prevent them, outages are a fact of life. Denying them is a simply hiding the truth in order to trick new customers into believing a service is bullet-proof.
We have a number of redundant systems in place, and staggering amounts of monitoring, but the unexpected can still occur - and does.
In the case of an outage, disturbance or degradation, full disclosure is the best approach. You need to know what is going on, and timely information provided to your own B2B or B2C customers earns respect and trust.
To that end, we have a new page (www.metawerx.net -> Support -> Service Status) which shows current monitoring results of all our top-level systems.
MySQL 5.5.24 is now available at Metawerx.
This release includes a security fix and some startup bugfixes.
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-24.html
Also great to see Ubuntu 12.04 now includes MySQL 5.5!
JDK1.7.0_04 and JDK1.6.0_32 are now available at Metawerx.
Not much changed for 6u32 but 7u4 has the following highlights:
Tonight at the Melbourne DC there was some work done on the air conditioning system.
Two of our servers alerted us to deviation in temperature, and two more alerted us to some strange voltage fluctuations. We contacted the M2/Primus DC and asked what was going on and were told about the reset of the air conditioning. No other customers of the DC had reported any issues, so I guess we're monitoring more than other customers, the DRAC cards are great for that. We had a total of 4 servers reporting issues, so it raised a definite red-flag. 20-30 minutes later 2 of the servers told us everything was ok again with voltages, and 10 minutes after that the remaining servers reported A-OK on the temperature variance.
Interestingly, during the same period, drive speeds on those servers dropped dramatically down from 240MB/s to around 45MB/s. I haven't seen that before and it was a strange occurrence. If drive speeds reduce dramatically on a server it usually indicates a RAID-battery failure or RAID-array problem. Two servers at the same time though? And it happened to be the same two which had alerted us about voltage fluctuations. After the alert-period finished and everything was ok, drive speeds immediately returned to their normal rate - literally within 1 second - I was watching them at the time while working in another window trying to determine the reason for the degradation. I can't find anything in the Dell documentation to explain why that would happen, but I guess the servers were just being extra careful.
Sensitive little beasts, but we love our Dells.
We've upgraded our MySQL 5.5 instances today to the latest 5.5.23 release.
This release includes a security fix, partitioning and DROP TABLE performance enhancements.
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-23.html
As part of our migration to a new cloud-storage solution, all customer disk-space and all hosting plans have had their disk space doubled in size.
This change is completely automatic and there is no need to re-apply.
We are migrating all customer filesystems to a multi-array cloud-replicated filesystem Friday night. We expect small outages on the following servers during the transition and subsequent reboot-testing: HIMIKO, NAOKO, TANUKI, MIZUKI.
Once completed, these filesystems will be resistant to RAID-Array failure, multi-drive failure and complete server failure, as they will reside on multiple, separate drive arrays at the same time.
Metawerx is designing a cloud platform to protect our Java Hosting and Database Hosting clients against the failure of any single server and provide instant scalability.
Multiple servers will interact seamlessly in the cloud, with Tomcat/TomEE instances and databases floating to available hardware depending on the load and availability of the participating servers. We will also be able to add new servers much more easily, making their resources instantly available to the cloud.
More news will be released on our cloud platform as it comes together.
If you have any suggestions, questions or comments about the new platform, please feel free to contact us.
Today we've been playing with Railo 3.3 on Tomcat 7.0.27, and Lift 2.4 with Scala 2.9.
Both were nice and easy to get running on a Metawerx hosted JVM, so we wrote some quick tutorials.
Other alternatives for CFML are OpenBlueDragon (also Open Source) and of course Adobe ColdFusion (commercial), each of which also run here.
Today we've been able to reduce our RAM upgrade prices to $30/mth per additional 512mb.
Throw massive additional caching power at your Metawerx JVM for $1/day!
Tomcat 7.0.27 has just been released and is now available at metawerx.
This release includes support for the WebSocket protocol (RFC6455). Both streaming and message based APIs are provided and the implementation fully passes the Autobahn test suite. Several examples are also included.
It also includes my patch to the HTTP digest support :-)
See the Tomcat page for details.
In a few months, Metawerx will be 15 years old. We've come a long way since starting to play with Java right from the first release in 1996. Remember ServletExec? The first Java Servlets specification and the wonders of JSP that followed soon after? Tomcat, finally becoming really useful when it hit version 3? MySQL growing from an interesting free open-source DB into the most popular database in the world? So much has happened over the last 15 years, and we're proud to continue to be a part of it all.
Flashback courtesy of Jim Driscoll's blog - "Servlets were originally conceived of by James Gosling in 1995, but put aside for other interests. After some time, the concept was picked up by Pavani Diwanji, who built on the concept to create servlets as part of a project then called Jeeves (from a fictional character). This project was eventually productized into the Java Web Server, which many of us in Java EE land remember fondly to this day. I still have a shirt showing Duke in a Tux holding a platter, the symbol for Java Web Server. And incidently, the first versions of the servlet package were called java.servlet.*, since the javax extension hadn't been invented yet."
I'd like to say it's been a difficult journey, but really it's been a lot of fun learning from and supporting all of our wonderful customers, from the university students who wanted to play with Java on a real server, to the thriving enterprise customers who started small and we've helped grow to international online sales companies and multi-server clusters. Every new customer teaches us something new, and we enjoy the daily challenge of always trying to perform beyond your expectations.
We have focused on Java hosting features, database performance, security and reliability, and we've paid far too little attention to sales and marketing. A good number of our new clients these days come from recommendations, which has been key to our growth over the last 15 years. We would like to thank all our loyal customers, especially the ones that have been with us for over 10 years! Without your support, we would not be where we are today.
But, we're coders - system engineers - linux geeks - java freaks - DB admins - network guys - crypto nerds and sysadmins. Not web designers. I can't even match two colours together when I try to buy clothes.
We have 2 x 1300 numbers, a Collins St address, best-of-breed Java support,
state of the art crypto, highly redundant mail, DNS and backup services, 99.985% provable uptime over the last 5 years and are the only hosting company in the world that supports the latest versions of Tomcat (7.0.26), TomEE (beta-2), JBoss (7.1) and Java (Java SE 7u3). Lately we're even contributing to the Tomcat project, TomEE and OpenJDK7.
However, our website has been looking old, tired, dated and unprofessional since about 2001. It was built in 1997, and has had content-updates, but no redesign or real work done on it. So finally after much ado, we are trashing it and bringing it up-to-date to match our hosting features. Over the coming weeks, with help from some of our web-design and graphic-artist customers, hopefully we'll have a fancy new website we can be proud of again. We've already changed the old frame-based layout and there's a lot more to do.
If you are a designer, SEO expert, have a proposal, suggestion, or just want to help out and get a mention in the credits, please contact us to be part of the change. And for everyone else - please excuse us while we change in front of you.
As with our popular IMAP/SSL hosting, we now provide POP3 over SSL.
We have implemented both the Alternate SSL Port method (on standard port 995) and the new STLS/STARTTLS method (on standard port 110).
Switch to SSL to ensure you are not sending your credentials over plain-text, and also prevent snooping on your email contents while receiving mail.
On Eudora 7, you can enable SSL by using either of the secure methods highlighted below:
On Outlook Express 6, the settings are as follows:
Remember to also use SSL for SMTP, and please contact us if you have any questions or run into any problems.
We provide TLS encryption between our servers and any mail clients or servers which support it. This ensures the transmission and reception of emails between our servers are securely encrypted.
Systems which support Secure SMTP include GMail, Exim, MS-Exchange, Sendmail, most banks and financial institutions, and many popular email clients, including Outlook Express, Thunderbird, Mac Mail and PC-Mail applications on iOS and Android devices. Hotmail does not enable secure SMTP (as of April 2012).
If you use the Metawerx SMTP server for outgoing emails, set your Outgoing mail (SMTP) port to <b>587</b> and enable <b>STARTTLS</b> mode or <b>secure connection (SSL)</b> mode to ensure your emails are not being sent in plaintext.
You can also enable it within your applications if you use JavaMail by setting props.put("mail.smtp.starttls.enable","true") in your JavaMail session.
Here is an example for Eudora 7:
Here is an example for Outlook Express 6 SP1. Note this example uses IMAP SSL as well, if you are using IMAP, set your IMAP port to 993 and tick the secure connection box for IMAP as well:
phpMyAdmin has been upgraded today to version 3.4.10.2. This is a security and bug-fix upgrade.
All servers now support FTPES - FTP with TLS Explicit Encryption, otherwise known as FTP-SSL or FTP-Secure.
It is important that you enable this feature in your FTP client, otherwise malicious parties or software may be able to snoop on your password and gain access to your account.
Be sure to set it to Explicit or FTP with TLS/SSL - not the Implicit mode which uses a separate port.
Here is a screenshot for enabling the feature in WinSCP's login dialog box:
When connecting, a lock image should appear somewhere in your FTP client, like it does in a browser. Once again, an example from WinSCP:
Here is a screenshot for Transmit on the Mac:
Other FTP client software will have a similar feature, and if they don't - then it's time to upgrade your FTP client ;-)
If you have any questions or concerns, please don't hesitate to contact us.
In the interests of increased security, we have started using HTTP Digest Authentication on Tomcat Manager to prevent plaintext passwords being sent over HTTP on accounts where SSL is not used for Tomcat Manager logins. This involves quite a few changes throughout our infrastructure, so is being implemented in a phased approach according to Tomcat version.
The change has been completed for all Tomcat 7 customers. We are working through earlier versions, but due to the size of the customer base, earlier versions will take longer to be transitioned over. If you are on Tomcat 6 or earlier and want to have this addition immediately, please contact support.
If you are on a Self or Semi-Managed VM, you will be converted over last, but of course you already have the ability to change this yourself anyway.
We are personally checking every account that is changed over to DIGEST mode to ensure there are no login problems.
We've also found a series of small issues in Tomcat's implementation of DIGEST support, and have submitted the following patches and fixes to the Tomcat project:
(already approved and fixed in 7.0.27 release onwards)
(fixed for all metawerx customers already)
Quercus 4.0.25 is now available for use on metawerx sites.
JBoss 7.0 and 7.1 are now available at metawerx.
The following upgrades are now available at metawerx:
The following upgrades are now available at metawerx:
This release is primarily a bug fix release and includes numerous bug fixes compared to version 7.0.25. See the http://tomcat.apache.org/ page for details.
The following upgrades are now available:
These releases provide a series of security fixes, see Oracle Java SE Critical Patch Update Advisory - February 2012
The following upgrades are now available:
The following upgrades are now available:
The following upgrades are now available:
