Wednesday, July 26, 2017

Testing CLCL

Today I am going to focus on writing tests for clcl. I wrote one that tests encryption for private keys. It wasn't working until I remembered that if you encrypt something with a private key you decrypt it with the corresponding public key (I was trying to decrypt it with the private key, you'd think that I would realize after all this time...).

Tuesday, July 25, 2017

CLIPC Resurrected

I was rooting around yesterday when I came across my old SourceForge account.  I looked in on SourceForge and noticed a project that I hadn't done anything with in a long time: CLIPC.

CLIPC stands for the com ltsllc inter-process communication library.  It does shared memory, FIFOs and semaphores.  I stopped working on it when I got a job with Pearson/eCollege.

I have moved it over to gihub (https://github.com/ltsllc-consulting/clipc), where I will try to do something with it.

Sunday, July 23, 2017

CLCL

I was creating a presentation for the Denver/Boulder Cybersecurity meetup and I found myself, as usual, complaining.

I was decrying the state of Java and SSL, in particular, the lack of good tools and libraries for crypto stuff, when I decided to stop complaining and do something about it.  Sigh.  And so CLCL, the com ltsllc crypto library, was born.

CLCL is a collection of classes that I have taken from the Miranda project and put into their own library.  CLCL does actually do anything it just makes it easier to use classes that do all the crypto stuff.  Java and SSL have both been around for over 10 years.  It is about time they got some tools.


Monday, July 17, 2017

The Long Term Vision

The Long Term Software vision boils down doing the things that we are supposed to do, but that haven't been done.

There are certain parts of software engineering that we know are beneficial, but which don't get done. Things like documentation, testing and refactoring.  A person cannot be expected to modify a system correctly, but time and time again, developers are asked to do just that. Adequate documentation solves this problem.

As a system ages, it gradually acquires quirks. Maybe an approach seemed like a good idea at the time but later proved to be a bad idea. Whatever the case may be, systems require refactoring to make them consistent again.

Testing is often times the orphan child of software engineering. All systems should have tests but they often don't have them. This really comes back to bite when a change is made to a system that breaks something else. Without adequate tests, there is no way to know that this has happened.

None of these ideas are Earth-shattering. We know that these things should be done. But for whatever reason they don't get done. Maybe there is some sort of deadline that has to be met and corners have to cut to make it. Perhaps there is some new approach or cost-cutting going on that someone is eager to prove right. Whatever the reason, the things that should get done don't get done.

This problem is not unique to software, it happens across the board. Take a look at the number of people who are overweight. Everyone knows that dieting and exercise are good ideas, but people don't do them.

The Long Term Software approach is to do the things that we know are right but which don't get done. While this is easy in principal, it is hard to do in practice. That is why you need to bring in someone from outside the organization to do it.

Sunday, July 9, 2017

New Utility

In an effort to make it easier to use Miranda, I have created the miradaUtilities project on github (https://github.com/ltsllc-consulting/mirandaUtilities).  Currently, the utility allows creation of new users, but it will include creating CAs, nodes and subscriptions as well.

Thursday, July 6, 2017

Hosting Secure Servlets: Registering Servlets

This post is part of a series about the worlds of Java and SSL.  I hope to do 1 post a day on this topic. The resulting posts will become the basis for another section of a talk that I am scheduled to give on August 10 at the Boulder/Denver Cybersecurity Meetup.

The code that registers servlets:

    HandlerCollection handlerCollection = new HandlerCollection(true);
    handlerCollection.addHandler(resourceHandler);

    jetty.setHandler(handlerCollection);

Then to add servlets:

    servletHandler.addServletWithMapping(, );

Jetty says that a handler can be "mutable at runtime" but I haven't had too much luck with that.