Today Ruby On Rails went 1.0. Lovely!

No Comments | By Ola Bini | In: Uncategorized | tags: Uncategorized. | #

We have an internal project called ITDoc, which should be used by the IT department to document internal resources. This system was created a few years ago by me, with a quite complex database, strange homegrown DAO and a very nondeterministic homebuilt cache. As always the prototype became the system and now we sit here with code that really don’t scale and crash way to often.

But due to lack of resources (and time) we can’t fix the code right now. So I had the idea that I would try something not-so-radical. I remodeled the database into a better shape, cut away all the DAO and cache code, and I had myself some model objects ripe for hibernation. But after I begun writing some xml definitions I found my mind drifting and thinking about how I would convert the old database to the new format. And the xml-writing went slow, even though it was light years faster than writing DAO code from scratch.

Enter Rails. I decided – after making sure that the hibernate approach could work – to write a spike in Ruby instead. Said and done. After an hour I had a rudimentary migration script written with ActiveRecord. Since the data model was quite complex this was the hardest part to write. But after that was done the Rails writing went extremely easy. In one hour more I had the basic functionality that was so hard to actually manage in the original system, and the code was probably less than 50 lines long.

But now comes the decision time, when other people decide which approach to choose. Since I’m not going to be doing this project it’s not sure the choice will be Rails. Even so, it was an interesting endevour and I once again reinforced my opinion that Ruby is a fun language to write in.

No Comments | By Ola Bini | In: Uncategorized | tags: Uncategorized. | #

I’ve always known that keytool is a very limited program. But right now I’m once again amazed about how few things that are actually doable in it.

I’ve spent some time this weekend debugging our (that is, KI’s) setup of a system called CWAA (common web authentication architecture). It can be found here. It’s based on the idea of using certificates so that one university can guarantee the identity of an entity to another university. In our case it’s used to make it possible for KI students to login to the wireless network services at Stockholm University, with their KI identity.

As it is certificate expiry time, there was some work to be done. No problem, I thought. I proceeded to update KI’s CWAA certificate and add it to the correct places. It should be noted that we use PKCS12 keystores. As I looked inside the old p12-file, I couldn’t find any other cert that should be updated, so I went ahead and tried the installation. No luck. After much time I noticed that when using openssl to view the p12 file, it contained more certificates than keytool showed. It turns out that keytool can only view ONE entry in a PKCS12 keystore, and can’t edit it at all. This limitation was not known to me until now. Once I found this out it was easy to update the rest of the certificates and everything is working.

But right now I’m strongly considering either finding a better keytool (maybe bouncycastle have a client program?) or writing myself a new one. Apparently the JDK version is unusable for all professional use.

No Comments | By Ola Bini | In: Uncategorized | tags: Uncategorized. | #