My day job ran into a situation where we were acquiring an SSL certificate (using the openssl(1) tools), which would be used by a third party in a Glassfish installation. Until recently, that required various hacks to convert the PKCS#10 key/cert files into something keytool(1) could manage, but no more: as of Java 6, keytool(1) can handle PKCS#12 files, which makes it much easier to deal with this.
Read more »
We’re doing an LDAP-for-authentication rollout at my day job – the sort of thing there are lots of docs about already. One of the things we’ve run into is the lack of a single, complete document describing the whole tool ecosystem, from what LDAP is and how it works all the way through to how to use it to authenticate users.
So I thought I’d write one.
This post will cover some introductory knowledge about LDAP. Subsequent posts will introduce some LDAP tools, go into more detail on the data stored in a directory and on the implementation of an authentication system.
“LDAP” is an extensive subject, and I’m not going to try to cover every aspect of it. (For that, see the links at the bottom of this post.) I’ll be demonstrating simple bind authentication, without SASL or Kerberos/GSSAPI, and I won’t be going into too much detail outside of users and groups. In particular, I won’t be covering too much history, and I won’t be covering ActiveDirectory (the other widely-deployed authentication and directory service built on LDAP).
Read more »
In my day job, I’m the gatekeeper for changes to the company’s production databases. We recently ran into an interesting and difficult problem: how do we change a large, heavily-used table without violating our “avoid downtime if possible” mantra?
The following is a slightly expurgated version of the postmortem I sent the team. Table names have been changed to protect the guilty.
Read more »
We all know from painful experience that modifying and extending existing software is far more expensive than creating software from scratch. Whether you call it “refactoring” or “maintenance” or something else, once a software system goes live, suddenly changes become significantly more challenging. However, we don’t often talk about why, so permit me to indulge in an analogy.
Read more »
I did some work on a contract recently that involved creating an OpenLDAP replica of an OpenDirectory database. Here’s what I learned:
Read more »
Everyone who’s worked in a C-derived language has seen a switch statement or two in their lives. There are a few well-known reasons not to use them, but somehow they crop up now and then anyways because they’re just so convenient — initially.
Switch is a holdover from lower-level languages (mostly, various assembly languages) where the destination of a jmp instruction could be computed or looked up in a table. In modern languages, there are usually more appropriate structures for determining which piece of code to jump to: that’s what virtual dispatch does, for example.
Unfortunately, it’s not always obvious how to “fix” code that makes heavy use of switch.
Read more »
The loop
1
2
3
4
5
| < ?php
while ($read < $n && (false !== ($buf = fread($this->sock, $n - $read)))) {
/* ... */
}
?> |
contains a subtle bug. Go ahead, read the relevant function documentation and see if you can spot it.
Read more »
Last time, I wrote about why Singletons get a bad rap, and I wrote some high-level advice for moving away from them sanely. I want to cover a practical (if somewhat idealistic) example using Java and Spring to move a Singleton creation dependency out of a class.
Read more »
One of my colleagues blindsided me the other day with a question about software architecture that I should’ve been able to answer on the spot: “Are singletons really all that bad?”
Read more »
…or, how to give other developers screaming nightmares in 10 seconds flat.
The next time you think to reach for the “reformat source code” button in your IDE, think twice before you press it. Automatic reformatting is a great way to turn a small merge hazard contained to a single method into a huge merge hazard affecting an entire file. Merge tools are relatively stupid: in general, they’re not aware of the syntactic structure of a source file, just the text by lines; as a result, it’s very easy to fool them into thinking a one-line change and a reformat are a conflict covering the entire file.
If you’re using automatic formatting tools, please check with the other developers on your project and make sure that your code formatter settings agree with theirs. If you can’t make that happen, then don’t reformat code unless everyone’s nobody but you is touching those files.
Please, think of the merges.
Examples | Owen | 
January 17, 2012 9:28 pm | 
Comments (2) 
Subscribe