Disqus - Latest Comments for AlainODea

Re: Deep Links in SAML Authenticated Multitenant Applications

Alain O'Dea — Wed, 20 Dec 2017 15:02:34 -0000

Test

Re: Is this stupid? Drop Last Element of Erlang List — Concise Software - Alain O'Dea

Alain O'Dea — Sat, 15 Oct 2016 15:19:54 -0000

Good eye Milton :) lists:droplast/1 was introduced into stdlib in R17.0-rc2. I'll add a caveat for new visitors linking to the doc you shared. Thank you :)

Re: 2016-05-10-a-debugging-horror-story

Alain O'Dea — Thu, 19 May 2016 23:02:03 -0000

Great analysis and a nice clean fix including a good description of the cause. Always fun when you hit the native platform boundary. I ran into something similar, but much simpler with an unexpected POSIX syscall errno of EROFS guaranteed to occur due to Cabal stat'ing /usr/bin/ld on SmartOS.

Your case is much more interesting as it actually results from the lack of type safety in C that allowed it to remain hidden. It is an interesting problem, an interesting discussion, and a cautionary tale for unsafe languages.

Re: Enabling SyntaxHighlighter in Blogger Step-by-Step — Concise Software - Alain O'Dea

Alain O'Dea — Wed, 04 May 2016 22:38:03 -0000

This gets the SyntaxHighlighter to load into your Blogger template. You won't get a SyntaxHighlighter icon, but if you source edit your posts you can add highlighted blocks as described in the SyntaxHighlighter tutorial it should work.

See the bottom of this page where it says "Here’s an example (Please note necessary CDATA tag)":
http://alexgorbatchev.com/S...

This article is a bit ancient so you almost certainly want to include a newer version than the 2.1.364 I wrote here :) The present version is 3.0.83 and may require some tweaks. I know for sure that the newer SyntaxHighlighter versions have a brush loader which cuts out some of the manual script srcing I needed here.

Re: Haskell Programming from First Principles: Part 2 — Concise Software - Alain O'Dea

Alain O'Dea — Thu, 10 Mar 2016 07:45:19 -0000

Fixed.

Re: Haskell Programming from First Principles: Part 2 — Concise Software - Alain O'Dea

Alain O'Dea — Thu, 10 Mar 2016 07:44:53 -0000

Yes. Good catch. I'll fix that.

Re: Web-based Single Sign-On and the Dangers of SAML XML Parsing - SendSafely

Alain O'Dea — Mon, 29 Jun 2015 14:33:12 -0000

It is regrettably trivial to do this for DoS attacks if the XML parsing is vulnerable to XXE. Exfiltration of data like /etc/passwd is trickier since it would rely on the server to echo back parts of the parsed and expanded XML document.

A SAML SP consumer accepts XML that is sent via POST from the user's browser. As a user it is straight-forward to intercept and manipulate a SAML reponse from an IdP before it goes to the SP consumer. An SP consumer vulnerable to XXE could be instructed to map and expand /dev/urandom which would be non-terminating and likely cause memory exhaustion and resulting DoS.

The OpenSAML library was patched in 2.6.1 to include safer default XML parser configurations:
https://shibboleth.net/comm...

Re: Node.JS SSL Certificate Chain

Alain O'Dea — Mon, 30 Sep 2013 12:18:58 -0000

Here's an alternative that you may want to consider.

If you have a cert, its private key, and its chain, convert these to a single PKCS#12 PFX file (example.com.pfx):

openssl pkcs12 -export -out example.com.pfx -inkey example.com.key \
-in example.com.crt -certfile example.com.chain

Leave the export password blank. I haven't figured out how to use encrypted PFX files yet :)

Using the PFX to start a Node HTTPS server:

var fs = require('fs');
var https = require('https');
var httpsOptions = {
pfx: fs.readFileSync('example.com.pfx')
};
var handleRequest = function(req, res) {
res.writeHead(501);
return res.end();
};
var httpsServer = https.createServer(httpsOptions, handleRequest);
httpsServer.listen(443);

Re: Debugging with DTrace

Alain O'Dea — Mon, 03 Jun 2013 22:03:04 -0000

Excellent article Max. This is an incredible pitch for DTrace. I can't wait to show people some of these examples.

Re: Learn Objective-C: Day 4

Alain O'Dea — Mon, 13 May 2013 18:12:20 -0000

Seconded. This code pays no heed to accepted naming conventions for methods and variables Objective C. If you write code like this you will be a burden on your colleagues. It doesn't matter if code like this works or is easy for non-Objective C to understand. It's oddball code that will encourage other novices on your team to write more oddball code.

Re: A Brief Chef Tutorial (From Concentrate)

Alain O'Dea — Tue, 30 Apr 2013 13:14:57 -0000

I had to change:

service "ntpd" do
action[:enable,:start]
end

Into:

service "ntp" do
action[:enable,:start]
end

Otherwise I get:

/usr/sbin/update-rc.d ntpd defaults returned 1, expected 0

From logging into the server interactively I was able to determine the cause:

$ /usr/sbin/update-rc.d ntpd defaults
update-rc.d: /etc/init.d/ntpd: file does not exist
$ ls /etc/init.d/ | grep ntp
ntp

So changing the service name from "ntpd" to "ntp" fixed the problem for me.

Re: A Can of Condensed Chef Documentation

Alain O'Dea — Wed, 10 Apr 2013 09:15:09 -0000

Sean, your post concisely sums up what Chef does and how the pieces fit together. It had largely been a case of people thinking "Chef is pixie dust, apply it and all you problems disappear" to the reality that it is an effective tool that requires learning and talent to apply effectively.

Your post has put me in a significantly better position to apply Chef effectively.

Thank you :)

Re: Deploying Squid HTTP forward proxy in HA on SmartOS

Alain O'Dea — Wed, 06 Mar 2013 15:31:59 -0000

I actually deploy a mirror zone on two separate SmartOS hosts. On the other host's squid zone I run:

vrrpadm -p 127 router0

This is necessary to avoid the two zones warring for the virtual IP.

Re: Making a ZFS 4 disk Mirrored vev zpool on SmartOS on R720xd

Alain O'Dea — Fri, 18 Jan 2013 10:41:48 -0000

I'm not sure why this is the case, but it may be a function of how I configured PERC on the machines. Bear in mind that the PERC H710 does not support JBOD so I'm largely stuck with a static disk configuration unless I reboot in PERC config. It's not a good controller choice for this purpose because I need to manually create a RAID-0 virtual disk per physical disk in PERC config. I want to see how this works with a JBOD controller.

Re: Nearly defect-free software with Erlang — Concise Software - Alain O'Dea

Alain O'Dea — Tue, 30 Oct 2012 14:31:35 -0000

My opinion on this largely hasn't changed. Since then I have managed to take several useful ideas from Erlang and apply them to our Java system to dramatically improve its fault-tolerance. A system like Erlang/OTP encourages fault-tolerance by design. Java makes anything other than imperative step-by-step incredibly hard. As a result programmers follow the path of least resistance and tend to write code with complex temporal coupling that substantially complicates the introduction of fault-tolerance. It took three months of two programmers' concerted effort to get basic fault-tolerance working. It took many more before it would reliably recover after a system power drop. It still has gaps because new code that is unaware of recovery gets built and it is very difficult to provide a framework to support it without rewriting substantial tracts of the system.

Re: How To Play The Marathon Trilogy In Ubuntu 12.04

Alain O'Dea — Sun, 09 Sep 2012 01:09:01 -0000

Works like a charm. I have tried several times previously to do this by compiling manually and it always ends in tears. This time I got it to run from a compile, but the buttons are missing from the main screen dialogs which makes keyboard config etc impossible.

The versions installed using your instructions work seamlessly and even have the added polish of desktop icons. They show up in Unity's search too which is a huge plus when I want a quick escape from whatever frustrating programming problem I have decided to tackle today :)

Re: The Haskell Virtual Machine

Alain O'Dea — Sat, 28 Jul 2012 12:36:17 -0000

This is a insightful analysis of VM deployment. We have run into many of the same issues and questions in deploying a SaaS solution in a colocation setup. Virtualization is essential for manageability, but it has surprising effects on timing. Performance measures are hard to get reliably.

Re: The Haskell Virtual Machine

Alain O'Dea — Sat, 28 Jul 2012 12:33:12 -0000

Would Yesod work on HaLVM?

Re: Agile Software Development and The Mercurial SCM — Concise Software - Alain O'Dea

Alain O'Dea — Wed, 27 Jun 2012 21:21:36 -0000

Alexis, I totally agree. Agile does not work for every company and probably doesn't work for many companies without modification. We modify it substantially to fit our work style at Verafin and I believe we have found a good balance between upfront planning and on-the-fly agility.

Re: Answering Four Key Questions About Operation Ghost Click

Alain O'Dea — Mon, 07 May 2012 12:26:45 -0000

This is an informative article Adam. Thank you :)
One little sentence threw me off badly though:"If it has been infected, there is spyware software right on that site that can fix the problem". That doesn't sound right at all. There is no software offered at that site, only references to solutions and self-help.

Re: Rubicon X: a marathon scenario

Alain O'Dea — Wed, 19 Oct 2011 21:59:53 -0000

I am a die hard Marathon fan. I first played Marathon in 1994 which my brother had gotten for his birthday. I still remember anxiously waiting for the courier delivery for weeks for Marathon II and ∞. Great games and many hours of map-making.

Rubicon is the truest total conversion I have played. Many others are a lot of fun and different, but Rubicon is Marathon. Great game.

Re: Brizzled: Why I dislike Maven

Alain O'Dea — Sun, 18 Sep 2011 11:09:07 -0000

Out of curiosity, what were the barriers you saw for end-users if you choose SBT?

As you point out in http://brizzled.clapper.org... SBT allows you to generate a POM and publish maven artifacts.

For end-users of your library your internal use of SBT should be invisible.

Re: Tightly Coupled Web Frameworks Are Reaching the End of the Road

Alain O'Dea — Sat, 23 Jul 2011 22:31:56 -0000

I totally whole-heartedly agree. When I got into Dojo years ago it made me realise that this was possible, that the web server could be a data service and the user interaction could be almost entirely managed from the client side. It's not that Dojo is necessarily the technology to use, but as you say that it is possible to use any client-side JavaScript that works so long as your server provides the data and services it needs to support the applications work flows.

Cool stuff. You have inspired me.

Re: The Basho Blog: Schema Design in Riak - Introduction

Alain O'Dea — Mon, 17 May 2010 08:21:53 -0000

This is a concise, effective intro to to a rather complex topic. I feel much more confident diving into using Riak now. Thank you Sean.

I am still grappling with how I would implement an effective DataNucleus JDO/JPA mapping and querying layer using Riak as a backend. This article gets me a lot closer to comfort in designing such a beast. My hope is that it will facilitate seamless transition of legacy Java apps from RDBMSs to Riak.

Re: Nick's Blog | Lets create some Erlang standards, part one

Alain O'Dea — Sat, 28 Nov 2009 17:00:36 -0000

What is wrong with Erlware?

It installs Erlang applications and releases from Git repositories as well.