Testing Web services in a development environment over SSL/TLS (HTTPS) can be a problem if your development environment doesn’t have a suitable SSL Cert. In such cases, creating a self-signed cert is usually sufficient, but you have to ensure that your client applications (including browsers) trust the cert you created yourself.
Here’s a recipe for creating a self-signed certificate and installing it into Firefox so that the Developer window doesn’t fill up with warnings (such as about Strict-Transport-Security headers being ignored). The recipe assumes you have keytool (usually in the “bin” of your JDK). This is for Windows, but similar steps apply to other OSs.
keytool.exe -genkey -alias selfsigned -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -validity 3650 -keypass [click title to read more…]
Having been in the network/software business for a long time, it is tempting to assume that certain familiar technologies are essentially stable and don’t need so much as a second glance. Of course, thinking that something is stable is probably the first warning sign. I’m reminded of how character sets had stabilized (mainly US-ASCII) by the mid-80s only to have the boat rocked by this new upstart of the late 80s known as Unicode. Today, ASCII, ANSI and its variants are mere throwbacks.
With this in mind, I cast an eye over the technology stack that has been the mainstay of the Internet and Web for many years to see if there are some new upstarts [click title to read more…]
It’s the first weekend after the announcement of CVE-2014-0160, aka “Heartbleed” and if you were to believe even a small fraction of what’s been written about it you’d think the world had come to an end. There’s a lot of nonsense. A lot of dumbed-down explanations seem to add more confusion (Randall Munroe’s angle is a notable exception). The detailed investigations will be read by many, but only understood properly by those who already understand.
As a consequence of this bug I’ve been particularly busy with many of the systems around the world in which I have a role (always behind the scenes). All is a bit quieter now, so I’ve had a chance to peruse what has been written, [click title to read more…]
How come all the talk about IPv6 comes with illustrations like 2001:db8:1234:abcd::321? When we eventually adopt IPv6, is some person or company going to find all the students, hackers and IT novices hitting the same network addresses just because they were mentioned in the IPv6 text books and cheat sheets? Will the eventual owners of these addresses be like current SlashDot victims, overloaded with unexpected traffic?
No. In fact, you are encouraged to use the 2001:db8 block of IPv6 addresses in your documentation (and possibly some illustrative code) precisely because it is reserved for that purpose. RFC 3849 explains that “the Asia Pacific Network Information Centre (APNIC) allocated a unicast address prefix for documentation purposes”, so we can safely use [click title to read more…]
Windows 7 (and Vista) does not permit a static IP address and DHCP support to co-exist on the same NIC. The registry hack that works for XP does not work on newer Windows. I needed to add an extra local IP address for testing of some server software, but my NIC needs to use DHCP in the office. The solution was to install the Microsoft Loopback Adapter and assign a local IP address to it. Installation was easy:
Run a command prompt as Administrator.
Run the command: hdwwiz.exe
Select the manual installation option.
Select Network adapters and install the Microsoft Loopback Adapter
Configure the new local connection in the Network and Sharing Center
I picked a 10.*.*.* address, [click title to read more…]