slash dev slash null

stuff about puters

Category: Uncategorized

Rust and Embedded Databases for Paxos 

So far on my spike into Rust we have been on a roll. Next on the bucket list is an embedded disk backed B-tree database to act as the Paxos journal for TRex. This is where I have hit my first bump in the road. Read the rest of this entry »

C# ASP.NET with SQLServer on Docker and Linux is now “A Thing™”

Those of you who have been following along will know that Scala on Linux is my preferred ecosystem. This past few weeks in the office I have been tinkering with the opensource C# ASP.NET ecosystem. What I came across shocked me to the dotnet core. I have posted some evidence of my findings up on GitHubRead the rest of this entry »

Cassandra For Shared Media Libraries

A good friend of mine is working on a project which hosts media libraries in his cloud service. At the end of 2015, I integrated Cassandra into a big financial services platform. Cassandra is a great fit for my friend’s service. In this post, I will outline an appropriate Cassandra data model and along the way outline some of the killer features of Cassandra. Read the rest of this entry »

Designing software for ease of extension and contraction

Today’s Morning Paper post is a must read for software engineers: “Designing software for ease of extension and contraction Parnas, IEEE Transactions on Software Engineering, 1979″

Domain Driven Design: Entities, Value Objects, Aggregates and Roots with JPA (Part 2)

Detour: Why use  JPA in this demo?

For the purposes of this demo, JPA is an officially supported part of the Java ecosystem and is a mature and well documented Java-to-relational mapping tool. Yes, it has quite a few quirks. If you fight it you will probably lose (your mind). If you learn how to do the basics and don’t deviate from that it can be a used as a rapid application tool to support an agile TDD build on Java against a relational database. Read the rest of this entry »

Click Trajectories: End-to-end analysis of the spam value chain

interesting analysis of the world of spam

the morning paper

Click Trajectories: End-to-end analysis of the spam value chain – Levchenko et al. IEEE Symposium on Security and Privacy, 2011

This week we’re going to be looking at some of the less desirable corners of the internet: spam, malvertisements, click-jacking, typosquatting, and friends. To kick things off, today’s paper gives an insight into the end-to-end spam value chain. If we really want to stop spam it turns out, talk to the banks…

As an advertising medium, spam ultimately shares the underlying business model of all advertising. So long as the revenue driven by spam campaigns exceeds their cost, spam remains a profitable enterprise. This glib description belies the complexity of the modern spam business…

How does spam work?

There’s much more to spam than just the email! There are three key stages – advertising, click support, and realization – supported by a whole value chain.

Advertising concerns how…

View original post 1,531 more words

Uncovering bugs in Distributed Storage Systems during Testing (not in production!)

the morning paper

Uncovering bugs in Distributed Storage Systems during Testing (not in production!) – Deligiannis et al. 2016

We interviewed technical leaders and senior managers in Microsoft Azure regarding the top problems in distributed system development. The consensus was that one of the most critical problems today is how to improve testing coverage so that bugs can be uncovered during testing and not in production. The need for better testing techniques is not specific to Microsoft; other companies such as Amazon and Google, have acknowledged that testing methodologies have to improve to be able to reason about the correctness of increasingly more complex distributed systems that are used in production.

The AWS team used formal methods with TLA+, which was highly effective but falls short of checking the actual executable code. The Microsoft IronFleet team used the Dafny language and program verifier to verify system correctness and compile it to…

View original post 1,019 more words

The Secure Remote Password Protocol

The recent Heartbleed debacle had me remember a project a decade ago where the version of weblogic was upgraded but the script failed to deploy the matching version of the apache plugin. Fortunately we contracted a pen test firm who threw a load of custom perl script attacks at the site before we let the public in. They found that the error responses being thrown back to the attack scripts were just like Heartbleed; raw chunks of memory containing whatever was passing through the web server after having been decrypted. Read the rest of this entry »

OpenID Authentication with Socko Webserver

In my last post we took a look at Immutable Session State in Scala. That outlined an immutable SessionState data structure suitable to wrap in an Actor running in the mighty yet diminutive Socko Web Server.  In this post we will pick up where we left off and use the SessionState data structure wrapped in an Actor to implement user registration with openid4java. Read the rest of this entry »

Immutable Session State in Scala

In the servlet world the HttpSession object is a workhorse which few developers could live without. Recently I have been taking a hard look at Socko a minimal webserver which does not come with a session object.

“What!?” I hear you cry “Why would you use a webserver on the JVM that forgot to implement the J2EE standard HttpSession???”. Well Socko is a fresh look at what a JVM webserver needs to be in the age of REST, Websockets and Actors. If you need to write a back-end exposed as websockets to a single-page/mobile app do you really need a HttpSession as a separate concept? Furthermore wasn’t HTTP supposed to be stateless?  Read the rest of this entry »