Technology Stir Fry, the blog

This is Technology Stir Fry: the blog.

The most recent ten posts are shown below. For older material, you might like to browse by tag or by date using the menus to the left.


Ant fixcrlf and UTF-8 on Windows

I've been working on a large XML processing system in which a sequence of steps implemented in Java and other technologies are orchestrated using Apache Ant. It has to run on Mac OS, Linux and Windows. It has been pretty stable for some time, but I recently set up a new Windows system and started seeing errors like this:

Exception in thread "main" org.xml.sax.SAXParseException:
    Invalid byte 3 of 3-byte UTF-8 sequence.

REEP Key Ceremony

The key ceremony for the REEP service took place on 2014-05-18 after the REFEDS meeting in Dublin, Ireland.

I witnessed this ceremony and was convinced that the key attached to this post as a self-signed X.509 certificate was generated during the ceremony within the hardware security module in Sweden that will be used by the REEP service to sign metadata served by it. To certify this, I have generated a detached signature file for reep.pem using my PGP key.

To the extent that you trust me to have taken care while witnessing the ceremony, you may find that validating my signature on reep.pem gives you some comfort that metadata documents signed by the private key associated with reep.pem are, indeed, legitimate outputs of the REEP service.

As an aside about the ceremony itself, proof that a particular computational event has occurred in a particular way is almost impossible in a world of networking and virtual machines. We've known this for a long time: the paranoia goes back at least as far as Ken Thomson's Reflections on Trusting Trust. We're not quite living in The Matrix, but the evidence of ones senses doesn't really go very far towards absolute proof. So what the other witnesses and I did during the ceremony — all we could do, really — was gain confidence by asking questions, taking photographs of the steps and trying to think of ways to validate them. For example, I was later able to verify that the pkcs11-tool command being used was indeed the one which would be installed on a system running 64-bit Ubuntu 12.04. Unless, of course, Leif foresaw that trick and subverted the md5sum command as well. It's turtles all the way down.

Feedly

There are only a couple of weeks left until Google Reader shuts down. Like many other people (the "loyal but declining" following the product had certainly numbered in the millions) I've been looking at alternatives for a while now. I've finally settled on feedly.

Tags:

RFC 6919

I'm in the middle of several fairly large spec-writing projects at the moment, so this year's April Fool's RFC 6919 seemed particularly apt:

The key words "MUST (BUT WE KNOW YOU WON'T)", "SHOULD CONSIDER", "REALLY SHOULD NOT", "OUGHT TO", "WOULD PROBABLY", "MAY WISH TO", "COULD", "POSSIBLE", and "MIGHT" in this document are to be interpreted as described in RFC 6919.

I briefly considered making use of this and waiting to see if anyone noticed. So far, I have resisted the temptation, and am sticking with RFC 2119.

Tags:

Balloon Animal

giant balloon sculpture shaped like a spiral sea-shell

No, not that one. This one is a sculpture by Jason Hackenwerth called Pisces. It's made out of 10,000 balloons; apparently, the artist and his assistants had to wear earplugs during construction to protect themselves against the squeaky noises.

The sculpture is in the Grand Gallery, National Museum of Scotland until April 14th; it's well worth a visit if you're in town.

Many Twelves

Well, you don't see that every day.

Pretty Fly

Network selection dialog with "Pretty Fly For a WiFi" as an option.

Seen on my phone while in a hotel in Philadelphia last week. If you're wondering why I think this is funny, you probably need to view this reference video.

Future of Federations

I'm speaking later today as part of a session on the Future of Federations at the Internet2 Fall Member Meeting in Philadelphia.

Here is a PDF version of my slides. They are really just a list of the emerging technologies I think may affect identity federations in the short to medium term future; I think things are changing quickly enough that looking further forward than a couple of years is just too difficult.

Tags:

UK federation Metadata Aggregation

diagram full of boxes and arrows

One of the systems I work on is the back end of the UK federation's metadata system. Although I've talked about this in several presentations, the bare structural diagram isn't very informative on its own. Here, I present a snapshot of the architecture, and go into a lot more depth on the what, how and why than you'd get from just the slide on its own (click on the image to get a larger version).

I hope that this article can perform double duty as a case study for the Shibboleth metadata aggregator tool, which acts as the engine behind the metadata system and to which I also contribute as a developer.

Tags:

Use Maturity Fruits

Use Maturity Fruits.

Cut the top of the lemon, introduce the part of the tool with the teeths and tur it down.

Your left hand hold the cup, while the right hand twist the lemon and press her softly at variable points.

Serve her directly at the table, squeeze the lemon softly and enjoy the juice wherever you want.

At least put the lemon down in her ceramics vessel.

Tags:

Subscribe to Technology Stir Fry