Yeah I know… haven’t posted a blog entry in months… but I had to say this. While zooming through my Google Reader feeds yet another LifeHacker todo hack scrolled by. To this subculture of the uber-organized tech-geek, with your collection of special-purpose Moleskine notebooks and Hipster PDAs, I have to say this: the people in this world who actually have lots of things to do don’t fret about how to manage their todos. They get their ass moving on life.
Today I read up on Webwasher SSL Scanner, an appliance that allows IT departments to intercept SSL communications, scan the traffic, then re-encrypt the traffic. I understand the desire to protect one’s network from malware that may be hiding within an SSL tunnel, but this seems to be really mangling the SSL protocol, from a purely “Alice and Bob want to chat” level.
From the 10-minute podcast, paraphrased:
“we decrypt the SSL on the box, perform anti-spyware, anti-malware, etc., then re-encrypt the traffic back to the client, inserting the cn of the original certificate into a self-signed, on-the-fly, certificate created by the scanner”.
Someone missed the point of SSL and certificates. So this is basically masquerading the cn in the certificate and presenting a phony cert to the internal users. Nice.
Boston Dynamics has released a prototype of an all-terrain robot, BigDog. The quadruped robot is equipped with a computer featuring sensors that aid its movements over harsh terrain. The robot is powered by a gasoline engine that drives the hydraulic system.
I think if I was in the woods and this thing came by, I’d poop right in my pants.
“OpenID Authentication provides a way to prove that an end user controls an Identifier. It does this without the Relying Party needing access to end user credentials such as a password or to other sensitive information such as an email address.”
Pros:
Simplicity, “one-thing” philosophy, easy to convince people that they need it - “don’t keep 30 passwords at 30 different sites”. This is compelling - but only to the naive… read on.
Weaknesses:
Trust: I’m not seeing how Paypal should feel it can trust some random OP. With only a DIffie-Hellman key exchange between the Relying Party and the OP, how do they identify each other? Identification requires trust, in the Web world, this implies certificates signed by a trusted CA.
Security:
WOW!. Read the spec, people: “The Relying Party redirects the end user’s User-Agent to the OP with an OpenID Authentication request (Requesting Authentication).”
Not hard to image a “Relying Party” phishing site that redirects me to a authentication provider look-a-like and steals my password. And that’s one heck of a password!
Privacy:
The OP knows not only my username and password, but sadly, the address of every site I log into, the time of day, etc.
Enterprise:
Not a good story for corporate and enterprise apps. If I’m an IT director, how am I going to explain to Bob in accounts receivables that he needs to tell me what his OpenID is so his own personal provider can authenticate him into the billing system? Well THAT’s not gonna work. I need to furnish Bob a complete solution, and while I’m at it, I need all my corporate users to have the SAME solution. Otherwise it would be like asking your employees to bring their personal cellphones to their cubicles and place business calls using their own equipment.
I guess I just don’t see this as a huge problem to solve. I have like 40 username/passwords. So what? I’m not really that bothered by it. The trust, security, and privacy issues here with OpenID are serious, and I think while the general idea of a SSO solution may be worth pursuing, my opinion is that OpenID is not the solution.
This sequence diagramming tool is AWESOME! I stumbled upon it the other day, needed to diagram something for a specification, and in literally 3 minutes I was pasting a polished looking diagram into my document.
I’d love to know how this works in the backend? Drawing stuff using a diagramming toolkit/API, or is it bare-metal 2D graphics?
This is the kind of stuff I love to find - simple, useful, one-job tools that I can access from anywhere and get results fast. The simple declarative DSL the author created is absolutely perfect for the job.
Nice article from Ars Techica about new DPI gear which can allow ISPs to get down into layer 7, identify the application being used, and potentially packet shape your broadband traffic. This stuff has been going on in corporate networks for years, for IDS, but what makes this interesting it the potential widespread deployment and usage of this gear.
I recently saw this question asked, and on my drive home today worked out a framework for a response:
The question of implementing a SOA to deliver SaaS should be answered only after reviewing three perspectives: objective, strategy, and tactics.
Objective: What is it that you wish to offer as a service? Is it an application suite, like Salesforce.com, or is it a targeted, machine-consumable middleware service like Amazon’s S3? The answer to this question leads one down a more focused discussion of who the audience for the service is, and what the overall ambitions are. You must also understand what your revenue model or general impact of your service will be.
Strategy: SOA is a strategy for achieving a technical objective as well as a business objective. SOA leads a system toward good design patterns of loose coupling and defined interfaces, but the answer to the “objective” question alters the shape the SOA will take. For a full application stack with user interfaces and backend processing, carving out key areas of integration with ecternal systems is the best place to start with SOAs. While breaking the application apart into well defined modules is always a great idea, paying special attention to the external integration points helps you meet your objectives without spending extra time and resources on a “pure”, normalized SOA.
Tactics: When the rubber meets the road, you must think about what SOA really means, in terms of technical implementation. Is it the canonical SOAP/WSDL WebService, or a simple REST implementation. Perhaps, for inter-enterprise application integration, a message queue based interface makes more sense. All of the above qualify as SOA techniques.
So the answer to the question “should I use SOA for SaaS” is: probably. The more interesting part is deciding what your SOA will look like.
Things went pretty well yesterday with my installation of Fedora Core 6 on my D600. The installation was not problematic at all, although I am left with a couple of warts:
Wireless Ethernet not working: It’s a Broadcom bcm4306, and I’ve found some blog and forum entries describing how to get it working using ndiswrapper, so I’m hopeful there. For now, the wired ethernet is working fine while I continue
“Software Updates” (a.k.a. pup) is taking a long time. The first time, after 15 minutes of checking dependancies, it complained about a gaim/pidgin conflict. I am re-running the update with both of those unchecked… really CPU intensive stuff!
having trouble switching from laptop LCD to external monitor. Right now I have my res at the external monitor’s size, and both the Dell LCD and monitor are active. The external monitor did not get a signal until I did a suspend/resume cycle
fonts are rough. there’s some hope to install msstcorefonts and tweak the anti-aliasing
I installed KDE as well as gnome, but I haven’t yet found the switcher program I though I was going to get
All in all, minor stuff, all with hope of resolutions at this point.
yumupdatesd pulled down a new kernel version for Fedora Core 6. unfortunately, ndiswrapper was in the previous kernel’s module dir. Quizzically, removing ndiswrapper and reinstalling (with yum) puts it back in the old kernel dir. For now, then, I am booting to the old kernel manually at the grub bootloader. Gotta find out how to correctly upgrade to the new kernel.
At
this point, after having configured ndiswrapper to use the XP driver, I
can unload the erroneous bcm43xx driver and load in ndiswrapper module,
then activate the wifi using iwconfig. I still have to work on
blacklisting the bcm43xx module. For now I have to do this manual after
startup.
Windows Vista sucks. I installed it on my desktop a few months ago, and all I can say is, thank goodness it isn’t the machine I use 8-10 hours a day to program on. Despite the fact that I have a gig of RAM and I’m only browsing web sites and using iTunes, and Task Manager reports only 300Mb of RAM in use (and yes I understand virtual RAM thank you), it still takes seconds to switch applications. A switch-user operation is a 90 seconds ordeal, and this is after having turned off all the useless and rather unimpressive eye candy (Windows Aero - as in toss it out the window and test for aerodynamics).
If this is the stuff Microsoft has in store, it’s time to pull the plug on my Windows dependance. I’m putting Fedora on my Latitude D600, which I use mostly for couch-browsing, toy projects, and for some light LAMP development. It’s more appropriate to be runnin Linux on there anyway. Wish me luck…
Finally what I love about DOM XML processing and SAX processing pulled together. The Java 6.0 Streaming API for XML has the efficiency of SAX, yet provides what many developers (if you are like me) would prefer from a programming model.
Streaming API for XML, simply called StaX, is an API for reading and writing XML Documents. Why need another XML Parsing API when we already have SAX (Simple API for XML Parsing) and DOM
(Document Object Model)? Both SAX and DOM parsers have their own
advantages and disadvantages and StaX provides a solution for the
disadvantages that are found in both SAX and DOM. It is not that StaX
replaces SAX and DOM.
Instead of surrendering your program’s thread to a SAX event handler and managing fields within the handler class to keep track of your state through the document, you can “walk” through the document, much like moving through a forward-only JDBC resultset, and since your program’s thread is in control, it just feels like a much more straighforward process. And the best part is, there’s no multi-megabyte bloated DOM tree sucking up memory.