This question has come up a couple of times recently in support/pre-sales queries. Essentially the question is why can’t FusionReactor see the values of variables (eg LOCAL/VARIABLES/REQUEST scope etc)?
FusionReactor is a low-overhead Java production server monitor designed for light-weight 24×7 use. It let’s you see what’s happening on your server right now and the recent past. It has other features that can prevent a server from failing and alerting based on rule-sets etc but that’s out of the scope for this question. If you think about the tool, it really has to be very low overhead to not skew the metrics you’re seeing and be of high value. A page is typically processing and running through many lines of code per second – as that happens, variables are constantly being created and updated. If we were to try and show variables in FusionReactor, the variable would most likely have changed it’s value by the time you’ve read it. One option of course would be to stop processing until further input – but then we’d really be a step-debugger (let me introduce you to FusionDebug now – the first & fastest CFML step-debugger and the only one that works with both Adobe CF and Railo). Another would be to only show variable values at the end of a request, or perhaps when each query executes. If you’re interested in variable values at the end of the request, you’re probably debugging something. This is where a step-debugger would be useful or you can output the value to DB/file/screen. If you’re interested in variable values when a query executes, it’s probably because you want to know what query is going to be run – if that’s the case, you really should just wrap your datasource and have FusionReactor tell you the query (and it’s query params) along with other useful data (like how fast the DB query was, how quickly the resultset travelled over the network, how many rows were returned, etc).
The most worthwhile argument I’ve seen was to capture variable values at the time a request fails – but then this opens another question of what is a failed request? A server 500 error? Well what if you try/catch the error and give the user some other route to continue – how would FusionReactor know to capture the variable values?
Now we’ve dealt with the logical reasons why we should or should not have this feature, the next is to think about the technical overhead – reading, storing and managing these variable values would be very costly – in both execution time and memory. For example, what if your request has a 200MB file in memory? Should FusionReactor take a copy of that memory so that it can display/notify you of it? Of course, these are loaded questions but hopefully they start to explain why this feature isn’t present. However, read on because there’s a very simplistic way to see what you want…
FusionReactor supplies an API. One of the API methods provides a way of giving FusionReactor some information to store & display with the request details. It’s quite simple to include in your code and would let you easily push any information you want for display in FusionReactor. This is most commonly used for things like tracking long running functions (eg: consider a credit card authorization call in an e-commerce application)…
<cfset frapiClass = createObject("java", "com.intergral.fusionreactor.api.FRAPI") / <cfset frapi = frapiClass.getInstance() / !--- Note: The above two lines only need to be done once per request. You could put the variables into request scope and re-use multiple times. --- cfset frapi.trace( "Calling doCCAuth()..." ) / cfset ccAuthResult = doCCAuth(cardNumber, expiryDate, cvv) / cfset frapi.trace( "Completed doCCAuth. Result = #ccAuthResult#" ) / !--- Note: FusionReactor will automatically time-stamp the traces so you know how long the call has taken ---
Taking this idea, we can easily have FusionReactor display all our (simple) variables (eg with LOCAL scope):
<cfset frapiClass = createObject("java", "com.intergral.fusionreactor.api.FRAPI") / cfset frapi = frapiClass.getInstance() / cfloop collection="#LOCAL#" index="key" <cfset frapi.trace( "LOCAL.#key# = #LOCAL[key]#" ) / /cfloop
If your scope contains complex variables (query, array, struct, object, etc) then you could serialize them to JSON or provide a toString() method as preferred.
Then join us for this free webinar with Intergral’s David Stockton and learn how to keep your ColdFusion servers alive and performing to their full potential. And when your server is crashing or running slow find out how to figure out what is going on and solve the problems fast so that your apps can be running reliably.
If your server is slow or sick this is for you! We will look at how to diagnose problems and some common ways to heal a sick ColdFusion server. We will also discuss what tools you can use to prevent problems from occurring.
|This webinar is with David Stockton, technical consultant from the FusionReactor professional JVM and ColdFusion server monitor team. David has been using ColdFusion for more than 10 years and has spoken on server tuning and load testing many times.
He will demonstrate how to:
We will also look at the FusionAnalytics ColdFusion Application and server analysis tool.
We will raffle off one copy of FusionReactor – you must register to enter this raffle.
The webinar on “Preventing and diagnosing ColdFusion server crashes and slow downs” is on Thursday, November 29, 2012 3:00 PM – 4:00 PM EST. The webinar will cover fixing slow servers, performance bottlenecks location and diagnosis tips. It will be approximately 45 minutes including time for Q and A. The webinar is free. You can register athttps://www1.gotomeeting.com/register/242091952 See you there!
David started his career developing desktop applications using Visual Basic. After a period of working on interface design and prototyping for digital television set-top boxes, he made the move to web applications and working with ColdFusion in a variety of fields, from e-commerce to social networking.
In 2006 David joined the team at Intergral Information Solutions, makers of FusionReactor, FusionDebug and FusionAnalytics. David holds a senior consulting position for the Intergral UK team. David graduated from Staffordshire University with a Bachelor of Engineering degree (with honours) in Software Engineering.
The webinar will be hosted by Michael Smith, from TeraTech Inc. Click http://www.teratech.com/blog/index.cfm/2012/11/14/Preventing-and-diagnosing-ColdFusion-server-crashes-and-slow-downs-Thursday-112912-3pm-EST for further details.
Required: Windows® 7, Vista, XP or 2003 Server
Required: Mac OS® X 10.5 or newer
Required: iPhone®, iPad®, Android™ phone or Android tablet
Adobe MAX in LA was a fantastic success this year.
If you attended, you probably met some of our team out there where we launched FusionAnalytics:
FusionAnalytics is the ultimate ColdFusion Application and server analysis tool. FusionAnalytics is all about “Making IT Better” and giving you the information and data to help you make better business decisions, improve application performance and quality of your applications as well as measure exactly how your applications are performing on a continuous day to day basis.
Shortly before MAX, we’d also released FusionReactor v4 with a massive set of new features including the command-line installer for headless systems, AMF decoding, FRAM (for simplified upgrades & administration) and the awesome detailed heap (and other) memory space monitoring.
FusionAnalytics has received a fantastic response from the community including an unprecedented number of pre-sales. We’re hot on the development with new features such as spider/bot analysis on FusionAnalytics so there’s plenty of great things to come.
We also want you to have your say in what features you’d like to see in the product suite. Vote on some of our ideas or even add your own at our uservoice site – http://fusionreactor.uservoice.com/
I just posted a new technote over at http://www.fusion-reactor.com/support/kb/FRS-246.cfm
Hopefully you’ll all find this a good starting point on how to keep your server monitoring solution secure.
We look forward to meeting you at Scotch on the Rocks (SOTR) this Thursday and Friday – 3/4 March in Edinburgh, Scotland!
SOTR ColdFusion conference brings you current informative content and sessions to enhance, enrich and excite you. The wide range of topics and presentations this year is a reflection of the rapidly progressing and growing area of ColdFusion, and includes related development and wider industry topics, so is also suitable for those in the wider development community.
David Tattersall – Managing Director and David Stockton – Technical Consultant will be there to answer any questions you might have about our products and services. In addition, David Stockton will be giving a session on how to sort out your legacy applications. You can read more about the presentation below.
The road to sanity – sorting out your legacy applications
Thursday 3.March 13:30 – 14:30
We can help make your life easier! With our unique tooling combination of FusionReactor, FusionDebug and the jewel of in the crown FusionAnalytics – we will demonstrate how you can quickly focus on and correct your legacy application stability issues and proactively improve quality, performance and reliability over time.
This JVM bug seems to be getting some high-level attention in the IT press so I thought I’d lay out the issue where CF is concerned:
The bug is in the JVM (it has been since ~2001) and so ColdFusion running on Sun JVMs are affected.
Someone out there has obviously made the link between the same issue happening in PHP and brought this issue to light again ( http://bugs.php.net/bug.php?id=53632 ). There’s a Java related discussion happening here: http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/
To have the bug show, you must call the parseDouble() method of the java.lang.Double class. There are several ways this can happen. Many people are discussing this as a vulnerability that can be executed at the HTTP header level like so:
However, this requires a call to HttpServletRequest’s getLocale() method, something that isn’t done trivially on a JRun4, CF 9.0.1 instance (even when calling the ColdFusion function “getLocale()”). Thus, to show this problem, you must do something like…
… within your ColdFusion page.
From our experience, a more likely attack could be performed with code like this:
<cfparam name="URL.pageNum" default="1" /> <cfparam name="URL.itemsPerPage" default="10" /> <cfquery name="qProducts" datasource="mysql_dsn"> SELECT * FROM products LIMIT #((URL.pageNum-1) * URL.itemsPerPage) + 1# , #URL.pageNum * URL.itemsPerPage# </cfquery>
The problem here is “URL.pageNum-1“. This calculation causes a call to parseDouble() behind the scenes which means that if the page were called with “page_name.cfm?pageNum=2.2250738585072012e-308” then the thread would hang in an infinite loop.
Note that in this example, “URL.itemsPerPage” could also cause the issue because it is used in the multiplication calculation. If the variable were not used in any calculations but only output, it would not show the issue. This example does NOT show the problem:
<cfset x = 2.2250738585072012e-308 /> <cfoutput>#x#</cfoutput>
If you have FusionReactor installed and configured with CrashProtection enabled and configured, the threads can be automatically killed by FusionReactor, saving your server from almost certain failure. To do this, enable Crash Protection and configure a “Request Timeout” value and set it to use the “Abort and Notify” strategy. This will cause requests taking longer than this time to quit – even if they are stuck in the infinite loop bug as in this scenario.
For those of you who are wondering, this is NOT the same as the ColdFusion timeout mechanism and so the ColdFusion page timeout alone will not help you in this scenario.
It’s good practice to have FusionReactor installed and Crash Protection enabled because it can save you from a lot of these issues without you needing to do anything.
I’m sure Oracle/Sun will offer a new update in due course. However, you can also download the “Java SE Floating Point Updater Tool”:
Read Me: http://www.oracle.com/technetwork/java/javase/fpupdater-tool-readme-305936.html
If you’re in need of help updating your JVM and/or patching it then we can offer assistance in this area from as little as $800. The FusionReactor product is available from as little as $249 and contains a wealth of other features – the majority of which are not covered by the ColdFusion Server Monitor – http://www.fusion-reactor.com/fr/ for more information.
This article refers to JRun4, CF9 installations. The issue is apparent on a wide variety of Java platforms (we offer consulting for most Java environments) and is more prevalent on Tomcat installations (which includes JBoss).
Official security alert (CVE-2010-4476): http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html
Christmas is still a busy time on the web. With new computers for Christmas and days off work there’s plenty of time for Internet users to be out there surfing your site. But what if your site is down? Perhaps then it’s not such a Happy Christmas!
Through a combination of factors – including our geographically distributed team – we can still offer consulting services over the holiday season.
Having said that, those with a pro-active attitude can save themselves some money, time and stress with some simple tips:
Have a great holiday and we look forward to seeing you in 2011 with our new “jewel in the crown” to the Fusion product suite, FusionAnalytics!
An interesting issue cropped up today which involved taking a trip back in time to look at our old issue tracking software. Back in 2004 we were using a Windows client/server based system which had a MS SQL back-end. From day 1 employees are trained to track track and track again. Emails, calls, suggestions – it all gets tracked. Added to that, most new employees – even senior engineers – get started on support duties. This gets them familiar with their environments, customers and our software – plus familiarity with tracking everything. This means we have a LOT of knowledge built up in our ticket-base.
One of our products at this time (used by some of the worlds largest corporations – HP, Philips, etc) was called “Tornado” – this evolved into a product called ShareDox ( http://www.sharedox.com ). The product is a knowledge management solution built on ColdFusion technology.
At the time there were no monitoring tools and thus this led to the now leading monitoring solution – FusionReactor ( http://www.fusion-reactor.com ). So, during the upgrade process to CFMX 6.1 with one of our customers, we started seeing huge CPU usage, hanging threads and various other nasties. At the time this was all quite serious and a major thorn in our sides. Eventually (I believe with some help from our CTO but don’t quote me on that – this was several years ago!) this got resolved and all was calm again. Until today!
Fast-forward 6 years, a move to JIRA and some changes in our business focus – ie our old tracking system is just a distant memory. I started working with a client and getting very distinct feelings of de-ja-vu… CFMX6.1, MS-SQL DB, high CPU, multiple failures per day, hanging threads – essentially a whole heap of stability issues.
Now, I knew I’d seen this before. I knew it was something to do with problematic DB drivers. What I couldn’t remember is how to solve the issue. As you can imagine from a company that’s been doing ColdFusion consulting for over ten years that brought back a lot of issues. A little bit of date filtering and some extra keywords and… result #1 of #5 “ColdFusion MX 6.1: Updated DataDirect drivers for 100% CPU utilization and other issues”.
Of course there are many questions here… why is the customer still on CFMX6.1 amongst others. However, my real point is that tracking is your saviour. In a consulting company like ours we’re truly able to assist more rapidly to a huge variety of issues because generally – we’ve seen it all before. It’s very common for us to have identified, resolved and documented the problem you’re having. This allows us to give you the best value for money on your consulting investment.
If knowledge is power and the key to results – you want us on your team! For all your consulting needs – whether issues from 2004 or today, we can help, contact us now.
A big hello from CFUnited!
Myself (David Stockton) and my colleagues (Darren Pywell & David Tattersall) are all at CFUnited this week. We have a FREE copy of FusionAnalytics to give away so don’t be shy – come and speak to us for a chance to win!!
Plus, ask nicely and we’ve got FREE goodies for everyone we speak to!
We’re in the vendor area between Adobe & Railo – look for the ShareDox, FusionReactor, FusionAnalytics & Intergral banners… plus this good looking guy:
See you there!
We consult with a lot of different types of company. Sometimes there’s a lot of security process to deal with. This is great when you’re trying to stop un-authorized access but can sometimes hamper the speed of response an outside agency can give.
In one such incident we were trying to identify the IP address of a slow uploading client – this we could then link to a client account and identify where the issue was coming from. At the first stage we weren’t able to access any of the remote clients network. Using good old email the client was able to send me a copy of all the FusionReactor Crash Protection alerts. These fire under certain conditions alerting the recipient of a potential issue. You can read more about crash protection on the FusionReactor website.
Now the emails are a great feature but they’re not very easy to analyse over 100’s of emails. So we created a quick tool to analyse the crash protection emails for just this sort of event. And now we’re making it available to you… FREE!
FusionReactor CrashProtection EMail Analyzer
Now you have a list of all the slow pages (over 60seconds) and which IPs they’ve come from and which page(s) they’ve hit – all without direct access to FusionReactor. Also great if you’ve only got access to the emails (eg your logs have rotated).
Phew – Sound like too much work? Save the hassle and get FusionAnalytics or contact us now!