Remove comment lines and empty lines from a file

Sometimes you have a config file with a lot of comments and empty lines, which you don’t need, because they hide the relevant information. So use this to simplify it:

cat your.file | grep -v '^#' | grep -v '^$'


Frequently used commands of firewall-cmd

Reload firewall settings

firewall-cmd --reload


Bind an interface “eth0” to the default zone.

firewall-cmd --add-interface=eth0 --permanent

Bind an interface “eth0” to a specific zone “public”

firewall-cmd --zone=public --add-interface=eth0 --permanent


Add a service to default zone

firewall-cmd --add-service https --permanent

Add a service to a specific zone “public”

firewall-cmd --zone=public --add-service https --permanent


Open a port within the default zone

firewall-cmd --add-port 1521/tcp --permanent

Open a port within a specific zone “public”

firewall-cmd --zone=public --add-port 1521/tcp --permanent

Remove a port from a specific zone “public”

firewall-cmd --remove-port 1521/tcp --permanent

Getting Information

List all defined zones

firewall-cmd --get-zones

Get the default zone

firewall-cmd --get-default-zone

List active zones

firewall-cmd --get-active-zones

Get data of a specific zone “public”

firewall-cmd --info-zone=public



SSH key generation

To authenticate with keys on an SSH session, we need a keypair first. This contains a public and a private key part. The public part must be copied to the SSH server, the private part resides on your user homedir.

ssh-keygen -t rsa -b 4096

This will ask you for the destination of the keyfiles. The file with the extension .pub will be the public key part.

Enter file in which to save the key (/home/<user>/.ssh/id_rsa):
You can leave the default (press Enter-key), of type another file name, i.e. my-ssh-key. Without a path it will be stored into the current working directory.
Now you should secure your private key with an additional keyphrase, which you have to enter on every access to the key. Type it twice and don't forget it.

Enter passphrase (empty for no passphrase):
Enter same passphrase again: 

Your identification has been saved in my-ssh-key
Your public key has been saved in
The key fingerprint is:
SHA256:Kg4elHNG8TwLIYjTfX7yRz7h0dmVHY7FUx5krwwQjEA user@hostname
The key's randomart image is:
+---[RSA 4096]----+
|.o..+E. o. o++|
|+ ...=.. .. .+oo|
| . oo+ . . *.= |
| o .oo. = o * |
| + o .+S+ + o |
| . + .. = o . |
| o . . . . o |
| . + . |
| . . |

You can move both files into /home/<user>/.ssh/. If the folder doesn’t exist, create it:

mkdir -p ~/.ssh
chmod 700 ~/.ssh

mv my-ssh-key ~/.ssh/.
chmod 600 ~/.ssh/my-ssh-key
chmod 644 ~/.ssh/

The file permission must be set correctly. Now its time to copy the public key part to the SSH server. You need a working user account there, which can bee reached with a password login.

ssh-copy-id -i ~/.ssh/my-ssh-key user@ssh-hostname

This will copy the content of the into ~/.ssh/authorized_keys on the SSH server. If you don’t have access to the account (because the SSH server prevents password-based login), ask your administrator. If your keybased login doesn’t work, try on client side

ssh -vvv user@ssh-hostname

to see, what’s going on. It tries some private key names, but the name my-ssh-key (see above) will not used. So we have to configure this in a special file named “config” within ~/.ssh.

cd ~/.ssh
touch config
chmod 644 config

type some SSH parameters into that file.

host <ssh-hostname>
   Hostname <ssh-hostname>
   Port 22
   IdentityFile ~/.ssh/my-ssh-key
   ForwardX11 yes

Replace <ssh-hostname> with the correct name. The important part is IdentityFile, which points to your SSH private key part. ForwardX11 is optional and allows a display redirection from the server to the client for X-based applications. Save the file and try it again:

ssh user@ssh-hostname

This should now ask for the passphrase of the correct key my-ssh-key.

Enter passphrase for key '/home/<user>/.ssh/my-ssh-key':





Install WebObjects/Wonder development environment on Linux

I have tried to install a running development environment for WebObjects applications on Linux (OpenSuse 15.4 and Xubuntu 18.04). There are some little problems to solve.

  1. You need an JDK 1.8 on your computer (in parallel with the current JDK11)
  2. You need an installation of ANT
  3. You need an Eclipse IDE.
  4. You need the WebObjects frameworks.
  5. You need WOLips as plugin to Eclipse.
  6. You need the WOnder source for modern applications.

Let’s start with the installations.

zypper install java-1_8_0-openjdk java-1_8_0-openjdk-devel java-1_8_0-openjdk-javadoc java-1_8_0-openjdk-src java-1_8_0-openjdk-headless java-1_8_0-openjdk-demo
zypper install ant

apt install openjdk-8-jdk openjdk-8-demo openjdk-8-doc  openjdk-8-headless openjdk-8-source
apt install ant

Now you have to download the Eclipse IDE (for Java Developers or for Enterprise Java and Web Developers).

You can install it on /opt (extract the tar.gz there).

I have installed the WebObjects stuff into its own folder called “WODevelopment” within your home folder. There is also the preferred workspace folder for Eclipse.

cd ~
mkdir -p WODevelopment/workspace

Start the IDE with this workspace folder to see any problems. Maybe you have to install some more things you need, like Subclipse.

Now you install the WOLips plugin into Eclipse. Go to Help->Install New Software->Add and create a new location.


Select all options (the WOLips Goodies are not installable on Linux) and install them. After an IDE restart, you can open a new perspective “WOLips”.

The plugin needs a lot of WebObjects frameworks, which you have to install now. Actually there is an install tool, called WOInstaller, but this doesn’t work for me, it always stops with an exception message. I have tried two versions and end up with a manual installation.

curl -O
curl -O
java -jar WOInstaller.jar 5.4.3 ~/WODevelopment/Libraries/WOnder

If you get also an exception, try the following.

  1. Go to the GITHUB project of the installer and look for the
  2. Copy the download link for the latest WebObjects version 5.4.3, which you will find as static value on top of the file
  3. Download the .dmg file (Mac archive)
  4. use 7-zip (7z) to extract the file

You will find a folder “WebObjects Update/Packages”, which contains four further archives (.pkg). These archive files you can also decompress with 7-zip. It generates a “Payload~” archive, which you decompress again.

7z x WebObjectsDevelopment.pkg
7z x Payload~
rm Payload~
7z x WebObjectsDocumentation.pkg
7z x Payload~
rm Payload~
7z x WebObjectsExamples.pkg
7z x Payload~
rm Payload~
7z x WebObjectsRuntime.pkg
7z x Payload~
rm Payload~

Now you have three folders (Developer, Library, System), which you copy into “~/WODevelopment/Libraries/WOnder”.

mkdir -p ~/WODevelopment/Libraries/WOnder
mv Developer ~/WODevelopment/Libraries/WOnder/.
mv Library ~/WODevelopment/Libraries/WOnder/.
mv System ~/WODevelopment/Libraries/WOnder/.

Check the owner of the files and use “chown” if necessary.

Now its time for the global wolips properties file, which contains some settings for the Eclipse plugin and the ANT build pipeline. The file must be on “~/Library/Application Support/WOLips/”.

mkdir -p "~/Library/Application Support/WOLips"

Edit the newly generated file and copy the following properties into it. Change the path prefixes, as necessary, i.e. /home/me/WODevelopment. Don’t use Shortcuts like “~”. Be careful, every path must exist within the filesystem, generate them, if necessary.


The last step is the download and the build of the WOnder source code, the current community extensions to WebObjects.

Go to the GITHUB repository of “WOnder” and download the latest release as ZIP archive.

Extract the downloaded archive file into the “~/WODevelopment/WonderSource”. Use the tar.gz instead of zip, there is a problem with long filenames.

tar xvzf ~/Downloads/wonder-<version>.tar.gz
mv ~/Downloads/wonder-wonder-<version> ~/WODevelopment/WonderSource

Copy the “” file as “” into “~/WODevelopment/WonderSource”. It is the config for the following ANT build process.

cd ~/WODevelopment/WonderSource
cp ~/Library/Application Support/WOLips/

Start the build with JDK1.8 (!). There can be some warnings, but it should end with “BUILD SUCCESSFUL”.

JAVA_HOME=<path to JDK1.8> ant all

Now you can start WebObjects development of your own project within Eclipse. The projects within Eclipse should use Java 1.8 within its Build Path, add this JRE as installed VM.

If you start the first project, you will get an error, that the application cannot be opened within the default browser. Linux is not a supported development platform. So you have to add a special method within your file:

public boolean _isSupportedDevelopmentPlatform() {
   return super._isSupportedDevelopmentPlatform() || "Linux".equals(System.getProperty(""));

After that, WOLips will call /usr/bin/open to execute the dynamic application URI within the default browser. But this will not work within Linux, but you can define a symbolic link (as root) to your preferred browser:

cd /usr/bin
ln -s /usr/bin/firefox open

Now the browser should automatically display your application within Firefox.

Doctrine ORM with Oracle’s OFFSET and LIMIT

To handle LIMIT and OFFSET within Oracle DBs you have to use some magic. There is a Blog post, which describes the general procedure. Doctrine uses this ROWNUM stuff too, it is implemented within OraclePlatform.php. Doctrine needs two integer values for LIMIT and OFFSET. But you can also set both to NULL, the methods of the Query class (setMaxResults() and setFirstResult()) accept NULL values too.

If you think, it is a good idea to send  PHP_INT_MAX as default for LIMIT, it would be a fail. Within the OraclePlatform.php Doctrine must add the given OFFSET (maybe 20) to the LIMIT (maybe PHP_INT_MAX), so you will run into a datatype overflow. This will result into PHP_INT_MIN, a very large negative number. The resulting SQL would try to filter your ResultSet from OFFSET (20) to a large negative number, it would be empty always (except you will set the OFFSET to 0).

Also, if you set a large LIMIT to force getting all records from a query, you force Doctrine to wrap your query with some of the ROWNUM stuff, which results in a more complex query and an increased query time. Let LIMIT = null, if you need all records. Only set OFFSET > 0 (or != null), if you need the next page of the results.


Access private Gitlab repo with Composer

To access a project (like a library) on a private repository within your own Gitlab server, it is necessary to configure Composer right. First add the repository to the composer.json file of the current project (where you need the library code):

"repositories": [{
"type": "gitlab",
"url": "" }]

The type “gitlab” activates some more configuration properties for Composer. So you have to define your private Gitlab server as valid server within Composer:

composer config --global gitlab-domains ""

The –global flag stores the property within ~/.config/composer/config.json (OpenSuse 15.2). It will be activate for every Composer project on the computer.

If your repository is only visible after the login with a user/password, you must generate a unique token within the GitLab. Log into the GitLab UI with your username/password and choose “Preferences”->”Access Tokens”. There you can enter an application name like “PHP composer” and select “read_api” permissions. You get a new token, which you now can use within Composer config.

It is necessary to define the username and the access token for your Gitlab account, to provide access to the repository:

composer config gitlab-token.username "your GitLab username"
composer config "generated token"

Here you could also add –global or leave it and define the token only for the current project. The lines above should generate a file auth.json within your current project:

"gitlab-token": {
"username": "your GitLab username",
"": "generated token"

Now you need a prepared repository on “” (the library project). On the top level of the master branch there must be a composer.json file, which should not contain a version number, but a valid “name” property like (and “require” and “autoload” sections):

"name": "company/private_library"

The possible versions of your library will be extracted from the tags or branches of the project. Some Information about versions you can find on the composer website. The simplest way is to generate a tag of your latest commit and name it like “v1.0.0”. Now it is possible to define the library repository as a requirement within your current project:

"require": {
"company/private_library": "1.0.*"

You can use the version handling of Composer, if your tags will have valid version numbers. It is also possible to use stability constraints like “stable” or “dev”, use it within your tag name like “v1.0.0-dev”

"require": {
"company/private_library": "1.0.*@dev"

A following composer update should clone the repository into your vendor directory and the autoloader can provide the library project classes.

XPath cheats

Get the child element nodes of a book node (without comment nodes and text nodes)


Get the child elements, text and comment nodes of a book node


The following XPath queries return the same nodes:

$xpath-&gt;query("./../bookstore", $contextNode)
$xpath-&gt;query("../bookstore", $contextNode);


You can convert a multipage PDF into multiple PNG files with a simple Bash statement:

convert -density 300 your.pdf -quality 100 -scale 825x1125 your-%d.png

Now you can change the images with a simple GFX application like Kolourpaint. You can also create new images with the same size and reorder your images by the number within the filename.

After you have finished your work, recombine the PNGs into a PDF:

convert your-*.png your-new.pdf

Java Class Versions

  • Java 1.1 uses major version 45
  • Java 1.2 uses major version 46
  • Java 1.3 uses major version 47
  • Java 1.4 uses major version 48
  • Java 5 uses major version 49
  • Java 6 uses major version 50
  • Java 7 uses major version 51
  • Java 8 uses major version 52
  • Java 9 uses major version 53
  • Java 10 uses major version 54
  • Java 11 uses major version 55
  • Java 12 uses major version 56
  • Java 13 uses major version 57
  • Java 14 uses major version 58

Step 7: CORS

Browsers implement a mechanism called Cross-Origin Resource Sharing (CORS). If your application (client) runs on a domain A, it is only possible to send requests on a domain B with a small set of HTTP verbs.

The domains (origins) differ in domain-name, protocol, and port, so i.e. it will not be possible to send DELETE requests from https://my-domain:443 (where the GUI resides) to https://my-domain:8000 (where we will find the web-service). Some simple non-destructive requests like GETs are possible.

Because of our own Content-Type header, our framework will run out of the CORS safelist and our client will not play with our webservice also for simple GET requests.

So we have to implement the mechanism of preflight requests. The browser will send an OPTIONS request just before the real request to the webservice. The webservice must dis-/allow the requested action and send these information as response to the OPTIONS preflight request. Then the browser will send the real request.

CORS on ERRest

ERRest implements the CORS mechanism within the ERXRouteController.optionsAction(). It is a public method, so every sub-class can overwrite the default implementation.

Some global properties control the access:

This can be set to “*” (for all) or a list of specific origins. The content of the property will be set as value of the Access-Control-Allow-Origin header within the response.

The default value of this property is “OPTIONS,GET,HEAD,POST,PUT,DELETE,TRACE,CONNECT”. If you set the property to “” or null, the current requested method will be allowed! The content of the property will be set as value of the Access-Control-Allow-Methods header within the response.

The property contains a comma-separated list of the allowed request headers. If you set the property to “” or null, the requested headers will be allowed! The content of the property will be set as value of the Access-Control-Allow-Headers header within the response.

The property contains a value in seconds for how long the response to the preflight request can be cached for without sending another preflight request. The default value is 1728000 (20 days). The content of the property (must be greater or equals than 0) will be set as value of the Access-Control-Max-Age header within the response

The values will be retrieved by four methods, which are protected and could be overwritten by the sub-classes of ERXRouteController.