The Truth About Java Libraries

In one the speeches of Mike Cannon Brooks, he tried to summarize his experience with:

  • it is not a problem if you use a lot of libraries; it is a problem if you don’t manage your dependencies
  • don’t use libraries superficially, but study them in deep and explore all their functionalities
  • find and take advantage of their extension point
  • perfer lightweight libraries
  • don’t write too much code; most times it is enough to glue existing libraries
  • extend your libraries; if it is not enough, be brave and change them

Fascism

During these days, while working with a Japanese software company, the word “fascism” sometimes comes up on my mind unintentionally. I thought of it as some kind of nazism, yet they are different. I eventually ends up with the web site that makes me more clearer about the differenes between them. To quote the web site:

Nazism is a political party platform that embraces a combination of a military dictatorship, socialism and fascism. It is not a government structure. Fascism is a government structure. The most notable characteristic of a fascist country is the separation and persecution or denial of equality to a specific segment of the population based upon superficial qualities or belief systems.

And my thought still goes on….

XScreenSave Lock Window

I use xscreensaver not to prevent the pixels from my monitor from burning, but for eye-candy. The only thing that looks ugly is its password window presented during unlocking. But it’s not anymore, after I’ve applied the patch by Alan Swanson. Please refer to his site for instructions on how to patch. To quote him:

So what I’m providing here is a framework for creating built-in themes. (Note that themes are not run time changeable – only one can be included at any time.) The default theme is shown in the first screenshot below and other themes are available. Creating a new theme requires some graphical talent (of which I have none) for the frame and logo and some programming experience if you wish to adjust the interior. Please feel free to submit themes and I will include them on this page.

XSS

Happy Theming XSS 😉

Poor Man’s VPN

SSLtunnel is one of the ways to setup PPP session over SSL. Its README says…

1. What is it?
==============

ssltunnel allows to mount a PPP session encapsulated into SSL. That allows
to make a poor man’s VPN between two Unix machines or two networks, without
requiring to set up an IPsec technology.

2. Why?
=======

For a simple reason: I often move, and I very often have, in a hotel or in a
corporate network, only a limited access to Internet, i.e.:
. through address translation (NAT)
. or worse, through only an HTTP or HTTPS relay.

In all these situations, it is impossible to use a protocol like IPsec,
which will be pitilessly filtered at the exit of the network.

I for a long time used PPP over SSH, even while passing through HTTPS relay
(by using a program like corkscrew or https-relay
(http://www.rominet.net/https-relay), but SSH has several problems:

. it isn’t SSL, and some HTTPS relays start to check that what cross-piece
them is definitely SSL.
. it inevitably asks to have an Unix account at the other end, which is
not inevitably ideal for the management of the authentications

I thus decided to write a “PPP over SSL” tunnel, by obviously using OpenSSL.
I could have made a “do-it-yourself” with stunnel, but I preferred to do
something clean.

3. How?
=======

The principle is to use the SSL client certificates, as in HTTPS:

– the server listens on port 443 of the destination machine;
– the client connects himself (if need be, through a relay like Squid,
ISA-Server, the proxy does not have *ANY* mean to check if it is a
navigator < - > HTTPS Web server session, because the beginning of the
not crypted session and the SSL negotiation are exactly identical);
– at the establishment of the connection, the server forks;
– the server sends its certificate, the client checks that it is well
signed by an authority it trusts;
– the client sends his certificate;
– the server checks this certificate and seeks if it corresponds to a
certificate declared in its base;
– the crypted session starts;
– the server sends its banner with its version number and its protocol
version;
– the client receives the banner, checks and sends his;
– the client forks, opens a pty, launches pppd in client mode on this pty,
without specifying which IP address it wants;
– the server gets PPP parameters from the user file, changes its identity,
opens a pty, forks and launches pppd on this pty with the options given
by the file;
– the PPP session is established between the two ends, the program at each
end cyphers/uncyphers and reads/sends the data in the pty connected to
pppd.