Archive for the ‘Coding’ Category

Decrypting OpenSSL AES128CTR using Java

Coding, Security

Using OpenSSL I can apply a symmetric 128 bit AES block cipher (RFC3686) in “counter” mode using “testpwd” as the password to produce a salted encryption of the word “testing” encoded in Base64 as follows:

echo -n testing | openssl enc -e -base64 -aes-128-ctr -pbkdf2 -salt -k testpwd U2FsdGVkX19l6/etNkl585d+Y1XgyPc=

I can then reverse the encryption using the same password as follows:

echo "U2FsdGVkX19l6/etNkl585d+Y1XgyPc=" | openssl enc -d -base64 -aes-128-ctr -pbkdf2 -salt -k testpwd testing

Automated decryption

If I ever need to store a value in secret I can encrypt it like this, and decrypt whenever I need it so long as I remember the password. If an automated process in possession of the password wants to know the secret value, [click title to read more…]

Miserable

Coding, Technology

It’s not often that some piece of software makes me miserable, but over the past few weeks I’ve been subjected to an example of exceptionally bad software and I’m near breaking point. The culprit in the spotlight is EzCad3 (pr. “Easy CAD”), a graphics tool intended to control laser etching/cutting hardware. In fact, the version I have is a slightly customised (i.e. feature deprived) derivative of the official EzCad3 but I won’t mention the name as the suppliers of this kit are not to blame for the shoddy software. That honour belongs to the Beijing JCZ Technology Company, Ltd, who were founded 20 years ago and should know better by now.

EzCad3 is a 64-bit Windows application and it has [click title to read more…]

Sleep

Coding, Operating Systems, Technology, Uncategorized

There are many ways to make a program/script pause for a few seconds. Here are some of my favourites.

Windows

There are two built-in sleep functions you can include in command scripts (.cmd, .bat and PowerShell):

pause

The pause command pauses until you press a key. It has no option to set the period of time. While pausing, it displays the message “Press any key to continue…” (or “Press Enter to continue…:” in PowerShell).

timeout /nobreak /t 20

This will sleep for 20 seconds, displaying a constantly refreshing message saying “Waiting for N seconds”. With the /nobreak option you have to use Ctrl-C to cancel the timer. If you omit the /nobreak then pressing any key will stop the timer.

[click title to read more…]

Free beer is not OK

Coding, Operating Systems, Security, Technology []

The phrase “free, as in beer” is often used in connection with Open Source software, to indicate that the software is being given to users without any expectation of payment. This distinguishes it from “free, as in speech” which might erroneously suggest that the software could do whatever it liked.

Actually, were it not for Andres Freund’s recent discovery, a certain piece of software called xz utils might have actually become free to do whatever it liked (or more correctly, whatever its evil master desired). NIST gives it a criticality of 10/10. Freund announced his discovery a month after the tainted xz had been released, though thankfully before it had worked its way into production systems.

The xz utilities provide [click title to read more…]

Hello World with JAX-RS on Tomcat 10, Jersey and JDK 17

Coding, Protocols & Specs, Technology, Web [ | ]

Sometimes the best place to start a new coding experiment is with “Hello World” (HW), the absolute minimum, often borrowed from someone else who has kindly published it for the benefit of others. The fewer assumptions made by the HW project the more useful it will be to the community. Some HW demos tend to make a lot of assumptions (IDE, build mechanism, dependency management etc.) and this presents problems for those who don’t match.

I recently created a starting point for a JAX-RS API running on Tomcat 10.1 and JDK 17, and when I looked around the Web I noticed that similar demos tended to assume Eclipse, or Maven, or Gradle and so on in the development environment. Here [click title to read more…]