Tag Archives: ACL

SSH tunnel on OS X

Posted by on April 16, 2010 No comments

Many companies nowadays provide a SSH tunnel to connect remotely into servers. This is a great feature as you will have your internet connectivity wherever you are and still enjoy the benefit of select tunnels.

On OS X and Linux this is really straight forward. The example below establishes a SSH tunnel via tunnel.company.co.za into an Oracle server hosted on the network at 10.0.0.10:

ssh -C -p 22 -l myuserid -N -o ConnectTimeout=5 -o TCPKeepAlive=yes -o NumberOfPasswordPrompts=1 -o ControlMaster=no -o PreferredAuthentications=publickey -i /Users/Me/.ssh/id_rsa -L 15211:10.0.0.10:1521 tunnel.company.co.za

Explanation of the above:

  • -C: Uses compression over SSH
  • -l myuserid: Connects via userid “myuserid”
  • -o ControlMaster=no: disables the reuse of connections. Setting it to “auto” increases performance as it allows multiplexing, but might introduce problems. I play safe here.
  • -o PreferredAuthentications=publickey -i /Users/Me/.ssh/id_rsa: connect to SSH via certificate
  • -L 15211:10.0.0.10:1521: tunnels from local-port 15211 into remote port 1521 at 10.0.0.10

There are different opinions on ControlMaster (read some experience here). Some users say, that setting it to “auto” is reliable and will improve speed significantly. If you want to use it, do the following:

  1. Create a directory: mkdir ~/.ssh/cm_socket
  2. Add -o ControlPath ~/.ssh/cm_socket/%r@%h:%p to the arguments


VN:F [1.9.17_1161]
Rating: 7.0/10 (1 vote cast)
VN:F [1.9.17_1161]
Rating: +1 (from 1 vote)

OS X: Install JDeveloper 11g on OS X 10.6

Posted by on November 27, 2009 7 comments

If you start development against the Oracle Fusion middleware set, it only makes sense to pick an IDE which supports those middleware products out of the box. While I still enjoy Eclipse and MyEclipseIDE, JDeveloper 11g becomes the natural choice for Oracle development. The JDeveloper 11g download is free and supports the main distributions such as Windows, Linux and Mac. The download itself weighs in at a hefty 1,4GB.

The installation on OS X is however not straightforward and running on OS X 10.6.2, I had to make the following adjustments to make the install work:

  1. Ensure that you are running JDK 1.6: Pop into a terminal session and the command java -version should show you:
    java version "1.6.0_15"
    Java(TM) SE Runtime Environment (build 1.6.0_15-b03-219)
    Java HotSpot(TM) 64-Bit Server VM (build 14.1-b02-90, mixed mode)
  2. If the 1.6 JVM is not your default, open the Java Preferences (via /Applications/Utilities/Java) and move the Java SE (64 Bit) to the top of the Java application versions list.
  3. JDeveloper will stil not install as it requires a symbolic link in your Java directory. Execute the following commands from terminal:
    cd /System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/
    sudo mkdir jre
    cd jre
    sudo mkdir lib
    cd lib
    sudo ln -s ../../Classes/classes.jar rt.jar
  4. Once the symlink has been created, start the JDeveloper installer and select the following the directory “/System/Library/Frameworks/JavaVM.framework/Versions/1.6.0″ in the JDK selection:
  5. Installation will start and as a last action, drag the JDeveloper runtime from $HOME/Oracle/Middleware/JDeveloper onto your quickstart bar
  6. There seems to be another installation issue, and although the install knows about the JDK selection, JDeveloper requires a further config file. From the terminal issue the following:
    echo /System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home >~/.jdev_jdk
     (This will configure the default JDK for JDevloper – don’t ask, I was equally stunned about this)
  7. Oracle also managed to stuff up the JDeveloper package and it’s Info.plist. Go to ~/Oracle/Middleware and right click on JDeveloper and then “Show Package Contents”. Edit the Info.plist and replace with content below:

    <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CFBundleInfoDictionaryVersion</key> <string>6.0</string> <key>CFBundleDevelopmentRegion</key> <string>English</string> <key>CFBundlePackageType</key> <string>APPL</string> <key>CFBundleName</key> <string>JDeveloper</string> <key>CFBundleShortVersionString</key> <string>11g</string> <key>CFBundleGetInfoString</key> <string>JDeveloper 11g</string> <key>CFBundleExecutable</key> <string>JDeveloper</string> <key>CFBundleIconFile</key> <string>JDeveloperIcons.icns</string> <key>CFBundleIdentifier</key> <string>oracle.ide.boot.Launcher</string> <key>CFBundleSignature</key> <string>JDEV</string> <key>CFBundleVersion</key> <string>11.1.1.0</string> <key>Java</key> <dict> <key>ClassPath</key> <string>../../ide/lib/ide-boot.jar</string> <key>JVMVersion</key> <string>1.6+</string> <key>MainClass</key> <string>oracle.ide.boot.Launcher</string> <key>VMOptions</key> <string>-Xmx512M -Xms256M -Xverify:none -XX:JavaPriority10_To_OSPriority=10 -XX:JavaPriority9_To_OSPriority=9 -XX:MaxPermSize=256M -Xbootclasspath/p:../lib/lwawt.jar -Dsun.awt.keepWorkingSetOnMinimize=true -Doracle.macosx.disableWebBrowser=true -Xdock:name=JDeveloper -Xdock:icon=JDeveloperIcons.icns -Xbootclasspath/a:../../rdbms/jlib/ojdi.jar -Dide.conf=../bin/jdev.conf -Dide.startingcwd=.</string> <key>WorkingDirectory</key> <string>$APP_PACKAGE/Contents/Resources/jdev/jdeveloper/jdev/bin</string> <key>Properties</key> <dict> <key>apple.awt.textantialiasing</key> <string>true</string> <key>apple.laf.useScreenMenuBar</key> <string>true</string> <key>apple.awt.antialiasing</key> <string>true</string> </dict> </dict> </dict> </plist>

     

  8. The above will fix the installation and JDeveloper will now start normally (you will also be able to use the Info.plist to adjust JVM arguments)
VN:F [1.9.17_1161]
Rating: 10.0/10 (1 vote cast)
VN:F [1.9.17_1161]
Rating: +1 (from 1 vote)

Squid: Restrict access to websites

Posted by on December 23, 2008 1 comment

If you have followed my guidelines on how to install Squid, you might have noticed that the assumption was, that your home-user base would not abuse the net.

You add a ten-year old on school-holidays and YouTube to the mix and you will realise that spending 2GB on Youtube in a few hours is nothing …. eeek.

I needed a quick fix, without denying the young padawan access to the internet. After some research, I found that I could implement access-controls on a source-IP basis via Squid resulting in the following page:

The implementation is really simple and sufficient for my means – read the details after the jump.
Continue reading “Squid: Restrict access to websites” »

VN:F [1.9.17_1161]
Rating: 8.0/10 (1 vote cast)
VN:F [1.9.17_1161]
Rating: +1 (from 1 vote)