LDC Via Cross Post: Why oh why oh why (Part One)

Excerpt from some thoughts on LDC Via, See the full post is here

Alongside this gradual shift in focus away from Domino, has been a recent and fairly rapid rise in “NoSQL” databases. The irony, of course, is that Domino’s NSF data structure is itself a NoSQL database. But it’s an ageing one, with undoubted issues of performance and scalability when compared to some of the younger contenders. And with the rise of these databases has been a parallel rise in acceptance of new development architectures to make the most of them, most notably the “MEAN stack”. Here at LDC Via we opted to develop first against the MongoDb back-end, as that is arguably the most accepted and widespread of these modern NoSQL databases.

Where the Domino NSF database has always been a market-leader is in its security structures. Readers fields, Authors fields, encryption keys, database encryption, etc. There just isn’t anything else like it. Except, well, now there is: LDC Via.

Applet security: a blast from the past

A was asked to solve a little problem the other day (a website that can detect if processes are running on the underlining operating system in a major corporation).

It presented a bit of a quandary, we are so used to the power of modern UI frameworks supplanting the rich client frameworks of the previous web generation, that when you come across something that cant be done in the browser sandbox you have to sit back and have a scratch.

In the end the only practical solution was a Java applet (the client has internal root certificates on their machines that would grant the power necessary to run the commands). not a problem I have written tons of them ….. years ago

When it came to signing everything to do the testing my mind came up a blank and google was not much help, so when I figured it out, I thought perhaps a little aide memoire would not hurt in case I need it again

So the security is quite rightly heavy on the applet sandbox for browsers and you have to sign Jar files that you use in applets (you cant just sign class files you have to export them into a Jar), if they are unsigned then you CANT get them to run, if they are self signed then you can get them to run after the browser has warned you.

The following is me building my self cert so you can do internal testing

1) First I want to build my self a keystore (which will name appletkey), for that I will need a copy of the java JDK installed

D:MyAppletProjectWebContent>"C:Program FilesJavajdk1.7.0_25binkeytool" -genkey -keystore appletkey
Enter keystore password: password
Re-enter new password: password
What is your first and last name?
  [Unknown]:  Jo Bloggs
What is the name of your organizational unit?
  [Unknown]:  stickfight
What is the name of your organization?
  [Unknown]:  stickfight
What is the name of your City or Locality?
  [Unknown]:  London
What is the name of your State or Province?
  [Unknown]:  London
What is the two-letter country code for this unit?
  [Unknown]:  GB
Is CN=Jo Blogs, OU=stickfight, O=stickfight, L=London, ST=London, C=GB correct?
  [no]:  yes
Enter key password for <mykey>
        (RETURN if same as keystore password):

2) Now I have a keystore ( you will see a file called ‘appletkey’ created in the directory you ran the last command in, now I want to generate a self cert.

D:MyAppletProjectWebContent>"C:Program FilesJavajdk1.7.0_25binkeytool" -selfcert -keystore appletkey
Enter keystore password: password

3) Hooray we now have a certificate, you can check its OK (if you want) by entering

D:MyAppletProjectWebContent>"C:Program FilesJavajdk1.7.0_25binkeytool" -list -v -keystore appletkey

4) Now let’s sign the jar files we are using in our applet (yes you have to sign them all not just the one that contains the initial class you are calling)

D:MyAppletProjectWebContent>"C:Program FilesJavajdk1.6.0_45binjarsigner" -keystore appletkey process.jar mykey
Enter Passphrase for keystore: password
Warning:
The signer certificate will expire within six months.

Now you can see that I’m using jdk1.6 for this as the 1.7 goes mad about the alias (the mykey in the previous command), its been driving people and me potty on the internet and the safest way seem to just use the last version of 1.6 to do the sign.
Once this is done you will just be able to run the applet on any web server and as long as you agree to the warnings you can run any code you want.
I think I’ll go and listen to some 80’s rock now.

Mad Friends and Colleagues

My friends and colleagues are strange STRANGE people, but I love them

sillybugger1 [9:55 AM]
I like your style, starting your new world order with vegetables

sillybugger2 [9:56 AM]
Dibs on beetroot. And parsnips

sillybugger3 [9:56 AM]
sigh.. he were go again…

the beetroot must be shared . you can however have the fennel

sillybugger2 [9:56 AM]
Very well

sillybugger2 [9:56 AM]
Neeps? Tatties?

sillybugger3 [9:56 AM]
also celeriac

sillybugger4 [9:56 AM]
The celery can fuck right off.

sillybugger2 [9:56 AM]
Oh yes. Celeriac

sillybugger5 [9:57 AM]
as long as I get the roast spuds I’ll be happy

sillybugger2 [9:57 AM]
Come to papa

sillybugger3 [9:57 AM]
we will be keeping tomatoes.. shut up sillybugger1

sillybugger2 [9:57 AM]
And celery

sillybugger4 [9:57 AM]
Chard. All mine.

sillybugger6 [9:57 AM]
if you take the tomatoes the greeks will invade

sillybugger2 [9:57 AM]
You’re welcome to it

sillybugger3 [9:57 AM]
ooh .. yes you can have “chard” i will have rainbow chard

sillybugger3 [9:57 AM]
ha!

sillybugger2 [9:57 AM]
grabs all the horseradish and mushrooms

sillybugger3 [9:57 AM]
damn.. grabs onions

sillybugger4 [9:57 AM]
Carrots. Got ’em.

sillybugger5 [9:57 AM]
Broccoli here thanks

sillybugger2 [9:58 AM]
shuffles towards the pak choi and smuggles out the garlic

sillybugger3 [9:58 AM]
including spring onions and garlic

slackbot [9:58 AM]
BOING!!!!!

sillybugger2 [9:58 AM]
^^ 🙂

sillybugger3 [9:58 AM]
spring!

slackbot [9:58 AM]
BOING!!!!!

sillybugger3 [9:58 AM]
:grinning:

sillybugger2 [9:58 AM]
eyes up the savoy cabbage

sillybugger3 [9:59 AM]
grabs the savoy cabbage and the greens whilst sillybugger2 is making up his mind

sillybugger2 [9:59 AM]
bugger

sillybugger2 [9:59 AM]
ram-raids the sugarsnap peas aisle and grabs mange tout for good measure

sillybugger3 [9:59 AM]
throws artichokes at him as a distraction

sillybugger2 [9:59 AM]
catches them gratefully

sillybugger5 [9:59 AM]
ooh I almost forgot the peppers

sillybugger3 [9:59 AM]
grabs green beans and fresh peas

sillybugger6 [9:59 AM]
we get the baked beans!!

sillybugger3 [9:59 AM]
damn!

sillybugger4 [9:59 AM]
stuffs the cauliflower up his shirt and backs towards the door

sillybugger3 [9:59 AM]
pulses.. i had no idea we were divvying pulses

sillybugger2 [10:00 AM]
Oh we’re on to legumes and grains now are we?

sillybugger3 [10:00 AM]
grabs chickpeas

sillybugger2 [10:00 AM]
Shit!

sillybugger3 [10:00 AM]
ha!

sillybugger4 [10:00 AM]
The puy lentils are mine, all mine.

sillybugger2 [10:00 AM]
grabs kidney beans for the chilli

sillybugger6 [10:00 AM]
Sooooooyyyyyaaaaaa!!

sillybugger2 [10:00 AM]
GRABS CHILLIS

sillybugger2 [10:00 AM]
GRABS GINGER

sillybugger2 [10:00 AM]
laughs triumphantly with the lemongrass

sillybugger4 [10:00 AM]
grabs the pancetta. That is a vegetable, right?

sillybugger6 [10:00 AM]
ginger slaps sillybugger2 ‘s hands, and goes back to Fred

sillybugger2 [10:01 AM]
slow clap

sillybugger2 [10:02 AM]
peppers the sillybugger6 with maltesers

sillybugger1 [10:02 AM]
After the dust of battle settles there is nothing but a huge pile of coleslaw

…..go out in the midday sun

UK ICON 2014

So what was UK LUG has risen from the grave at the hands of ‘Tim Clark’, and this year was a one day event hosted at IBM South bank.

The location was cool as it not only added an air of authority to the conference its self but cut down on the costs as food/booze and venue are the chief expenses on such a conference (so thanks to IBM for that)

What I don’t know is how Tim managed to get IBM to let him have such a diverse set of session that talked not only about IBM technologies but NON IBM technologies, it made for a conference where there was at least 2 sessions I wanted to go to in every slot and a lot of stunned looking but happy conference attendees.

One of the golden rules of a conference is to have it out the way somewhere where the attendees can’t escape so they can be sold stuff, breaking this rule means you stand a large chance of attendees disappearing during the day as they bugger off to do something more interesting, the fact that the closing session was as full as the opening one at a conference held in the middle of London’s south bank on a sunny Friday says everything that needs to be said about the quality of the conference

Two thumbs up and a lot of thanks to Tim

Speaking of content, here is my short session, there was not a huge number of people (there never is on my fringe tech sessions) but it was the best and most responsive crowd I have ever presented to, most enjoyable.

P.S.

thanks to theo for making me look fat and pissed off during my session Album