mySphere Posts


You can enable Cross Origin Resource Sharing (CORS) for your web applications on a Liberty server.

Enabling CORS will allow JavaScript clients to make requests against your application on the Liberty server even if the client and the server are on two different domains. Web browsers prevent these requests due to same-origin policy.

I create the following configuration on my local machine  on server.xml file:

<cors domain="/ApplicationContext" <-- application context. It will work only for this app.
   allowedOrigins="http://localhost:8080"  <-- this is my local Node.js Server.
   allowedMethods="GET, HEAD, POST, PUT"
   allowedHeaders="Referer, Cache-Control, Pragma, Accept, Accept-Language, Accept-Encoding, Accept-Charset, Content-Type, Content-Length, User-Agent, Authorization, passwd, X-Update-Nonce, X-Shindig-ST, X-IC-CRE-Request-Origin, X-IC-CRE-User, X-LConn-Auth, Accept*, Content*, Access-Control-Allow-Origin*"
exposeHeaders="Content-Type, Last-Modified, etag"
allowCredentials="true" maxAge="3600" />

web WebSphere


A week ago I participated in the Global Legal Hackathon as a mentor to several startups.

The Global Legal Hackathon engages law schools, law firms and in-house departments, legal technology companies, governments, and service providers to the legal industry – across the globe.

It  bring together the best thinkers, doers and practitioners in law in support of a unified vision: rapid development of solutions to improve the legal industry, world-wide.

My city, Belo Horizonte was one of the hosts in Brazil.  Two startups i mentored, to use IBM Watson, was classified in second an third place.

Next week will be the second round to select ideas to the final event in New York.




I received an e-mail from HCL Support  (IBM) about a problem with the interin fix.

The e-mail and later a call from the support told me to download the fix again and if in case i was installed the fix how to remove and install the good one.

The problem was with the fix files from last week. The files was updated with the ones above.

“I would like to notify you because  we found a problem with this Interim Fix. The problem discovered and that the fix can’t be uninstalled properly, which can cause problems later when a new hotfix or interim fix is applied on him.”

1- Download the new IF1 files
W64        901FP10HF66_W64.exe
W32        901FP10HF68_W32.exe

2- Shutdown the Domino server

3 – Copy nstrings.dll to your domino Server

4 – Install the new interin fix.



I start a new java project on eclipse using the SDK for Watson.
When i try to connect on any watson service i got the error:

CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN CN=*, O=International Business Machines Corporation,
L=Armonk, ST=New York, C=US was sent from the target host

This error means, that the local Liberty trust store does not have the correct signer certificate from the remote WATSON website where you tries to connect to.
It’s a certificate error. To solve the problem on my MAC i just do the following:

1 – Download the cetificate. The easy way i found was:

openssl s_client -host -port 443 -prexit -showcerts

2 – Create a text file with the first certificate

3 – Import the certificate on the truststore

keytool -import -alias watsonsigner -file cert1.pem -keystore /Users/[pathto key.jks]/key.jks -storepass password -storetype jks



I use many vm’s in my day to day on my Mac. When I’m on clients and I have to use different networks of my other, always have to be changing the ip’s of virtual servers and this is a big problem.

A friend sent me the following tip : Place a secondary ip in your MAC that belongs to the same network of VM’s.

I don’t find a easy way to put a secondary ip on my wifi connection. The only way i found was duplicating the wifi network and set up fixed ip in the same network of virtual machines .

Now i can connect on any wifi network and my Mac access all vm’s without changing the ip address



I was searching for an article on developerWorks today and found a link pointing to wasdev with the name Watson Application Server

This will be the new name of WebSphere?






Quad9 is a free, recursive, anycast DNS platform that provides end users robust security protections, high-performance, and privacy. 

Security: Quad9 blocks against known malicious domains, preventing your computers and IoT devices from connecting malware or phishing sites. Whenever a Quad9 user clicks on a website link or types in an address into a web browser, Quad9 will check the site against the IBM X-Force threat intelligence database of over 40 billion analyzed web pages and images. Quad9 also taps feeds from 18 additional threat intelligence partners to block a large portion of the threats that present risk to end users and businesses alike. 

Performance: Quad9 systems are distributed worldwide in more than 70 locations at launch, with more than 160 locations in total on schedule for 2018. These servers are located primarily at Internet Exchange points, meaning that the distance and time required to get answers is lower than almost any other solution. These systems are distributed worldwide, not just in high-population areas, meaning users in less well-served areas can see significant improvements in speed on DNS lookups. The systems are “anycast” meaning that queries will automatically be routed to the closest operational system.

More information here

Qualidade segurança


An archive of all O’Reilly data ebooks is available below for free download.

Dive deep into the latest in data science and big data, compiled by O’Reilly editors, authors, and Strata speakers.


Data Science


In the next week Digital Experience products:

• WebSphere Portal
• Web Content Manager
• Digital Experience Patterns
• Digital Experience on Cloud
• Forms Experience Builder
• Forms Experience Builder on Cloud

will use the new IBM Support Community support portal. The interface is clean and you can search for fixes, open Cases (not PMR’s anymore) and talk with Watson on  a chat screen.

WebSphere Portal


Watson™ Explorer Natural Language Querying (NLQ) improves the user search experience by allowing the user to query Watson Explorer using natural language queries such as questions.

This is accomplished through the use of two components: Query Modifier, which modifies user queries before they are executed, and Ontolection Trainer, which provides machine learning tools that can generate ontolections for use in query expansion.

The setup process is not hard you can follow the instructions here.

But how to use it?

If you are using the REST API you must add this to your query:


On WEX applications (using projects) the process is a little different and not well documented. The Knowledge center only tell you about the macro and not were to put the macro.

Log on on the administration interface and go to your project and go to:

Project > Advanced > Misc > section “Other” > option “Query modification macro” > Set it to enhance-project-with-querymodifier



Several weeks ago a customer launch his new WebSphere Portal after  migrating from WPS 7.0.  We change the database server from Db2 to Oracle RAC but…

WebSphere Portal has support for Oracle RAC.  We ask the Oracle DBA team for the connection URL and he sent an URL like this one:


The url for Oracle RAC is like this one:


Using Oracle One Node we have only one active instance.  From Oracle i found this description for Oracle RAC One Node

“The main difference between Oracle RAC One Node and Oracle RAC is that with an Oracle RAC One Node
Database, there is only one instance running at a time under normal operation. Should this one instance be
impacted by unplanned downtime, there is a short period of time during which no database instance is running.
The stack used for Oracle RAC One Node ensures that the database service will be resumed as fast as possible,
but technically and as with any other failover cluster solution, there is a moment of time, during which no instance of
the Oracle RAC One Node Database is available to perform any work. This would not be the case in a multi-node
Oracle RAC system, because multiple instances are already running concurrently, accessing the same database.
For planned downtime Oracle RAC One Node provides a solution superior to any other failover solution on the
market; “Online Database Relocation”. Online Database Relocation is an Oracle RAC One Node-specific feature
that enables an Oracle RAC One Node database instance to be relocated to another server in the cluster without
interrupting the database service. In an Oracle RAC database this feature is not required, as databases instances
are typically running on multiple servers in the cluster already. Relocating a running Oracle RAC database instance
is unnecessary.”

Until last week everithing was fine until the Oracle node fails and switch to the second instance. The switch took more than 20 minutes and the entire WebSphere Portal hung.

We must restart all cluster nodes on WPS.  The 20 minutes time was not spected for the Oracle team and they found a bug and apply a fix provided by Oracle. The “normal” time = 3 minutes.  This is more than the WPS can support.

We open an PMR asking IBM how the WPS can recover from this situation without a reboot and the answer was:

“Oracle RAC One Node” is not explicitly supported by Portal. However I suppose this is transparent for Portal in the sense
that it should operate as usual.”

Portal works well until a failure.

“To your question regarding recovery of Portal if the database is available again: If the database is available again, Portal would connect to the database. However, Portal makes heavy use of caching. If the database is not available for a longer time, it can be that during error handling of requests coming in during this time, some Portal caches come into a state where recovery is difficult or even impossible after the database is available again.
If you are Portal Cache Viewer portlet is available on your system and if this portlet is still available after the database is operational
again, you could try to clear all caches.”

And finally IBM told that this is an unsupported setup.

“Our general approach regarding unsupported environments is that if a customer reports problems when using Portal in an unsupported setup, we will try to fix this problem if the problem is not related to the unsupported setup. This is especially true if the problem can be reproduced by the customer on a supported environment. “

Conclusion: Oracle RAC is for HA and supported by IBM.  Oracle RAC One Node is for FAIL OVER and is not supported by IBM.

WebSphere Portal


A good DNS service is very important for a mail server.

On Linux servers you need to put your DNS servers on a file called resolv.conf. In general you have two entries like this:


If one server does not respond then linux will try the second, but there is a timeout for this:

                     Sets the amount of time the resolver will wait for a
                     response from a remote name server before retrying the
                     query via a different name server. This may not be the
                     total time taken by any resolver API call and there is
                     no guarantee that a single resolver API call maps to a
                     single timeout.  Measured in seconds, the default is
                     RES_TIMEOUT (currently 5, see <resolv.h>).  The value
                     for this option is silently capped to 30.

If you want to speed this resolution change resolv.conf to:

options rotate
options timeout:1

Using the configuration above, both nameserver in rotation and wait max. 1 second for answer before trying the next one.