×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Microsoft To Allow Code Contributions To F#

PylonHead Re:Not OCaml, Haskell or SML at most. (100 comments)

Your comment is so bizarre that I almost think you must have attached it to the wrong post.

I programmed in OCaml for many years.

Yes, there is no automatic type conversion in OCaml. I certainly never said there was. Some people see this as a feature (you know exactly what you're dealing with at all times), some as an issue (you have to write tedious conversions that some languages handle for you).

Yes, there are different arithmetic operators for different numeric types. It's a little bizarre when you're used to other languages, but once you get used to it it's not an issue.

Most of my code was compiled so I didn't experience issues with compiled vs interpreted.

It certainly had a few rough edges here and there, perhaps because the community was not as large as more mainstream languages. They probably would have been ironed out if the language had really taken off.

about 8 months ago
top

Microsoft To Allow Code Contributions To F#

PylonHead Re:Wow ... just why? (100 comments)

I haven't looked at it for a while, but it's basically Microsoft's version of OCaml which is an objected oriented ML variant, (and a very slick language with a long development history).

I'm not really seeing it catch on either, but OCaml's sweet spot was writing fast code that dealt with very complex data structures. It enforced static typing, but used type inference to figure out what the types of variables were. It has powerful operators for assembling and splitting up data structures that let you write very concise code that was checked at compile time for correctness.

It is somewhat similar in flavor to Haskell (although it's probably wrong to say they're going in Haskells direction.. more that they have common ancestors).

about 8 months ago
top

BlackBerry Confirms 4,500 Job Cuts, Warns of $950 Million Loss

PylonHead Oh well (120 comments)

40% of their workforce? I guess the worst part of this is that there are still ~6,750 more jobs to lose...

about a year ago
top

Google's BigQuery Vs. Hadoop: a Matchup

PylonHead Re:Hadoop is much better and stable (37 comments)

You understand that that number is flawed, right? He only figures in the average lives of products that Google has killed. It's kind of like looking at all the people who died of heart attacks, finding out they lived to an average of 48 years old, and then telling the general population that, on average, they're going to die of a heart attack when they're 48 years old.

But please, jump on the anti-google circle jerk. It seems to be the thing to do at the moment.

about a year and a half ago
top

HTML5 Storage Bug Can Fill Your Hard Drive

PylonHead Re:So What's The Point (199 comments)

Actually I don't think headers on either side get compressed.. so I'm probably totally wrong on this.

about a year and a half ago
top

HTML5 Storage Bug Can Fill Your Hard Drive

PylonHead Re:So What's The Point (199 comments)

Fair enough. But then you turn on gzip compression and it drops to 1/7th of that...

about a year and a half ago
top

HTML5 Storage Bug Can Fill Your Hard Drive

PylonHead Re:So What's The Point (199 comments)

If you look at what he's saying, you'll see that the javascript only gets downloaded once for all the domains. For each domain you need an html page that just has a script link to the fixed js file (that your browser already has cached). So, think maybe 100 bytes per 5-10MB.

about a year and a half ago
top

Anti-GMO Activist Recants

PylonHead Re:GMO crops (758 comments)

Linking to "Canada's Best Satirical Newspaper". Really sir, an article stating "Cucumbers Cause Genital Baldness" didn't trigger your skepticism?

about 2 years ago
top

Mesa Finally An OpenGL Implementation (On Intel Hardware)

PylonHead Re:Finally (80 comments)

It's been 14 years since I did any graphics programming, and I was thinking back, "Yeah, I remember this being an issue back then."

more than 2 years ago
top

Microsoft Apologizes For Inserting Naughty Phrase Into Linux Kernel

PylonHead Re:0xB16B00B5 (897 comments)

The world is unfair in so many ways. I suppose it's not surprising that people forget that we can strive to make it better.

more than 2 years ago
top

UK Judge: Galaxy Tab "Not Cool" Enough To Infringe iPad

PylonHead Re:Is the judge a member of Anon? (325 comments)

Honestly, I went the other way on this one.

Samsung has just had their product ruled demonstrably inferior by a court of law. Not exactly a marketing message they want celebrate.

more than 2 years ago
top

Gimp 2.8 Finally Released

PylonHead Re:The Name (737 comments)

Unless you've invented a device to transmit people's thoughts and intentions, then their words are all we have to go by.

more than 2 years ago
top

iOS Vs. Android: Which Has the Crashiest Apps?

PylonHead Re:Android ftl? (358 comments)

I came here to say this. Language matters.

more than 2 years ago
top

VGA and DVI Ports To Be Phased Out Over Next 5 Years

PylonHead Re:why phase out DVI? (704 comments)

You have color graphics? I'm still using my monochrome 80 column card...

more than 2 years ago
top

Ask Slashdot: One Framework To Rule Them All?

PylonHead Re:Don't use Cake. Try Yii instead (287 comments)

Another vote for Yii.

We've used it to develop a mission critical B-to-B site for a client, and it's been a pleasure. It's very well architected, and there are extensions out there for handling almost any need you might have (anything we've come up with, in any case).

I anticipate any future PHP work we do will use it.

more than 2 years ago
top

Vim Turns 20

PylonHead Re:I am pleased to say... (271 comments)

emailed Bram on these issues and he was very responsive to my reports

When vim 6 was in testing I ran into a small problem with one of the release candidates. Something minor that probably only affected me and a small set of other users. I emailed bugs@vim.org, and in less than 24 hours I got a personal response from Bram who told me he had replicated it and thanked me for my example. It was fixed in the next candidate.

I would be pleased with that kind of responsiveness from a commercial software vender.

about 3 years ago
top

Things That Turbo Pascal Is Smaller Than

PylonHead Re:So what? (487 comments)

GUI? Dude, I can promise you that there was no GUI in Turbo Pascal back in 1986. Also, it was the most amazing development environment back then. A decent editor tied to a fast compiler that would run on computers with 4Mhz chips, 128k of memory, and a floppy drive. I wrote some cool *@#$ with turbo pascal back then.

That aside, I'm pretty sure nobody here is saying that they want to go back to coding in Turbo Pascal. It's more of a gee wiz fact.

about 3 years ago
top

Feds Call Full-Tilt Poker a 'Global Ponzi Scheme'

PylonHead Re:fractional reserve? (436 comments)

I was skeptical, but my skepticism was misplaced.

Here's a research article from the NY Fed back in 2002 about how banks even avoid the checking account reserve requirements by using "sweep accounts" overnight:
http://www.newyorkfed.org/research/epr/02v08n1/0205benn/0205benn.html

"In the most common form of sweeping, funds in bank customers' retail checking accounts are shifted overnight into savings accounts exempt from reserve requirements and then returned to customers' checking accounts the next business day. "

Personally, I find the zero reserve banking system to be pretty worrisome. I can't help but think that much of the bank deregulation from that last 30 years has gotten us where we are now.

more than 3 years ago

Submissions

PylonHead hasn't submitted any stories.

Journals

top

Restricting HTTPS to 128 bit encryption and up on old jetty

PylonHead PylonHead writes  |  more than 6 years ago We maintain an old JBoss/jetty E-commerce application.  Because of new PCI (credit card company) requirements, you must not allow https connections to your site to use less than 128 bit encryption.

This seems to be a bit of a pain in the ass.  Here is my solution:

In the jetty-[version#].sar/META-INF/jboss-service.xml has a section that creates the https connection:

       <Call name="addListener">
         <Arg>
           <New class="org.mortbay.http.SunJsseListener">
            <Set name="Port">443</Set>
            <Set name="MinThreads">5</Set>
            <Set name="MaxThreads">200</Set>
            <Set name="MaxIdleTimeMs">30000</Set>
            <Set name="LowResourcePersistTimeMs">2000</Set>
            <Set name="Keystore">...</Set>
            <Set name="Password">...</Set>
            <Set name="KeyPassword">...</Set>
           </New>
         </Arg>
       </Call>

I subclassed org.mortbay.http.SunJsseListener to limit the encryption options.  Here is the code for "jetty-[version#].sar/com/mycompany/MyRestrictedSSLListener.java":

package com.mycompany;

import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLServerSocket;
import java.net.ServerSocket;
import java.io.IOException;
import java.net.InetAddress;
import org.mortbay.http.SunJsseListener;

public class MyRestrictedSSLListener extends SunJsseListener
{
    protected SSLServerSocketFactory createFactory()
        throws Exception
    {
       SSLServerSocketFactory ssf =  super.createFactory();
       return new MySSLServerSocketFactory(ssf);
    }
}

class MySSLServerSocketFactory extends SSLServerSocketFactory
{
    protected SSLServerSocketFactory ssf;

    // This is the whole point.. we are limiting our cipher list
    // to at least 128 bit encryption
    static final String [] CIPHER_LIST =
    {
        "SSL_RSA_WITH_RC4_128_MD5",
        "SSL_RSA_WITH_RC4_128_SHA",
        "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
        "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
    };

/*
OPTIONS FROM LIVE SITE:
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_DES_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
*/

    MySSLServerSocketFactory( SSLServerSocketFactory ssf )
    {
        this.ssf = ssf;
    }

    protected ServerSocket setCiphers( ServerSocket ss )
    {
        // used to dump the default list so we could construct our own
        String [] working_ones = ssf.getDefaultCipherSuites();
        for (int i=0; i< working_ones.length; i++)
        {
            System.err.println( working_ones[i]);
        }

        ((SSLServerSocket) ss).setEnabledCipherSuites( CIPHER_LIST );
        return ss;
    }

    public String[] getDefaultCipherSuites()
    {
        return CIPHER_LIST;
    }

    public String[] getSupportedCipherSuites()
    {
        return ssf.getSupportedCipherSuites();
    }

    public ServerSocket createServerSocket()
          throws IOException
    {
        return setCiphers( ssf.createServerSocket() );
    }

    public ServerSocket createServerSocket(int port)
          throws IOException
    {
        return setCiphers( ssf.createServerSocket( port ) );
    }

    public ServerSocket createServerSocket(int port, int backlog)
          throws IOException
    {
        return setCiphers( ssf.createServerSocket( port, backlog ) );
    }

    public ServerSocket createServerSocket(int port, int backlog, InetAddress ifAddress)
          throws IOException
    {
        return setCiphers( ssf.createServerSocket( port, backlog, ifAddress ) );
    }
}

I compiled this from the jetty-[version#].sar directory with a command like:

javac -classpath "../../../../client/jsse.jar;org.mortbay.jetty.jar;." com/mycompany/MyRestrictedSSLListener.java

Then in the jetty-[version#].sar/META-INF/jboss-service.xml file I change:

           <New class="org.mortbay.http.SunJsseListener">

To:

           <New class="com.mycompany.MyRestrictedSSLListener">

and it works.

You may need to change the list of ciphers to enable, different java versions seem to allow different ones.  Check against the list this listener prints during JBoss startup.

You can use http://www.serversniff.net/content.php?do=ssl to check what ciphers you allow.

Slashdot Login

Need an Account?

Forgot your password?