Small shouldn’t mean primitive

David Ireland wrote “The internet of things seems to be coming any day now, but the state of embedded development seems to be deplorable. Almost everything is written in C or C++. Device drivers are written over and over, once for each RTOS, or worse. When high level languages are available, they seem to be implemented directly on…”

Zabbix security incidents

David Ireland wrote “Someone discovered a vulnerability in Zabbix recently, and there’s this lovely, detailed description of an exploit based in it on Corelan Team. It’s lovely because it contains all the information I need to tell if my site is vulnerable, and to what extent. There’s also a really useless advisory on Packet Storm Security. Why is…”

The great GC vs reference counting debate

David Ireland wrote “I read a blog post post recently to the effect that GC is too expensive in mobile devices, Steve Jobs was right, reference counting is the way. It’s titled ‘why mobile web apps are slow’. I’m inclined to take issue with this: It’s a long since resolved dispute, and GC won. I don’t want Steve…”

Android app security

David Ireland wrote “Reading Japanese govt: Use operator-run app stores, not Google Play reminded me of an app that I use a lot, but who’s permissions are a cause for concern: Ocado on the Go. The Ocado app wants to use your phone’s video camera, so it can scan bar codes. This is a legitimate requirement: there’s no way…”

Secure communication in the Cloud

David Ireland wrote “The internet does reliability end to end. That is, when a node A sends a message to node B, the message travels through many other nodes. These intervening nodes make a best effort at delivery, but if they don’t succeed, they just forget about it. B must confirm receipt, and A must try again if…”

Fast ACID persistence manager for Jackrabbit

David Ireland wrote “I tend to think of Oracles BDB java edition as the solution to all storage performance problems: The least performance sacrifice you can possibly make to get ACID storage in java. So when as our automated configuration import for Magnolia got slower and slower, it was naturally what I turned to. Its particularly suited in…”

Mix and match version control

David Ireland wrote “LShift’s standard version control platform these days is Mercurial, but just before we adopted it, I started a project using Trac and Subversion, mostly because that’s what Trac does out of the box. Later, we branched the project to add a large new project, and during that branch we converted from using ant to Maven…”

Adventures with the Fisher Price My First Firewall

David Ireland wrote “I’m writing this blog entry for therapeutic reasons. Everything you need to know is in the link below. Readers are invited to share the worst anti-features they have found in network devices by posting a comment. I had a strange problem sending email from a host. I first discovered that trac couldn’t send messages via…”

Trac custom workflow

David Ireland wrote “I’ve been experimenting with Trac’s new customisable work-flow. This hasn’t made it into a stable release yet – I’m using the trunk source. Hopefully Trac 0.11 is not far away. The first beta has been released. It looks very promising: plug-ins may return lists of actions they allow, given the current state of the ticket.…”

Google Web Toolkit

David Ireland wrote “Writing client javascript is, as far as I am concerned, an intensely irritating, and almost futile exercise. That’s presumably why everyone uses flash (what other explanation can there be?). It almost makes we wish applets had taken off. GWT to the rescue then – I should love it. And I have played with it for…”

Ambient authority and Sleepycat Java Edition and stateful services

David Ireland wrote “I’ve recently written an RMI service which has state – transactions. The service is implemented using Sleepycat Java Edition collections, and the transactions map to sleepycat transactions. The StoredMap class depends on ambient authority: it determines the current transaction from the thread. The methods will all be invoked in on separate threads, so we need…”

Java equality for testing

David Ireland wrote “I wanted to define equality functions for unit testing purposes. The general pattern is that I'll call a method that returns a complex data structure. I'll want to test if the data structure matches the sample data structure in my test. Frequently the definition of Object.equals() won't test equality in the way I wants to - it will depend on identity. I've defined an equality function that generally provides what I need, and can be easily specialised. There are quite a few things to consider, so I thought I'd write this article about it.”