2014 - Philipp's Tech Blog

Oct 30 / 2014
1

Snippet 0x08: HTTP Basic Auth for secure WebSocket connections (with Undertow)

For my open source file sync software Syncany, I use the embedded web server and web socket server Undertow to provide a websocket and REST based interface by the Syncany daemon. Syncany clients (such as the GUI, or potentially a web interface) connect to this daemon, send requests and receive asynchronous events. Syncany’s GUI client also uses the Undertow websocket client to connect to the above mentioned daemon.

To authenticate the websocket client with the daemon, the simple HTTP basic authentication mechanism over HTTPS is used. This tiny post shows you how to authenticate against a websocket server with HTTP basic auth using the Undertow websocket client.

Oct 25 / 2014
Comments Off on Snippet 0x07: Restart Docky from a cronjob (when it crashed)

Code Snippets, Scripting

Snippet 0x07: Restart Docky from a cronjob (when it crashed)

I recently updated from Linux Mint 16 Petra to Linux Mint 17 Qiana. Everything went smoothly, except for my dock Docky. For some reason, Docky decides to crash every once in a while with some error message.

Instead of fixing this error or reporting it, I decided to find the easy way out and simple set up a cronjob to restart Docky every minute (if it has crashed).

Oct 17 / 2014
Comments Off on Snippet 0x06: Disable SSLv3 in Firefox to protect against POODLE attack

Code Snippets, Security

Snippet 0x06: Disable SSLv3 in Firefox to protect against POODLE attack

The recent POODLE attack (Padding Oracle On Downgraded Legacy Encryption) exploits a vulnerability of an older version of SSL (SSLv3) by performing a padding oracle attack — and thereby allowing a man-in-the-middle scenario.

To be vulnerable, both client (browser) and server have to support SSLv3. If either one does not support or has disabled the protocol, this vulnerability cannot be exploited. This tiny article shows you how to disable SSLv3 in Firefox — thereby effectively making your browser POODLE-safe.

Aug 07 / 2014
4

Code Snippets, Programming, Scripting

Snippet 0x05: Windows .bat: Checking if process is running by PID file

Batch (.bat) files are an MS-DOS legacy technology and I don’t know a single person who loves writing them — and yet, to this day, many people have to do it. In order to run Java programs, start daemons or check if a process is running, batch files have to be used. For my open source file sync tool Syncany, I had to do just that:

The Syncany daemon runs in the background and is started by a batch script. To check if the daemon is already running, the batch script needs to read a PID file and determine if a process with this PID is running.

Since it took me an enormeous amount of time to figure out how to do that (I am a Linux guy!), I wanted to share that little script in this code snippet.

Jun 22 / 2014
4

Code Snippets, Programming

Snippet 0x04: Run .sql-scripts from Java (on HSQLDB, Derby, MySQL, etc.)

Java is sometimes harder than it should be. Oftentimes, very easy things are made hard for no apparent reason. Running SQL scripts (.sql) from inside Java is one of those cases. I really expected this to be easy. And it should be, right? Simply take your JDBC connection and do connection.executeScript() or something. After all, a .sql-script is just a file with many statements.

Turns out there is no easy way to do it without writing some code yourself — at least not to my knowledge. Please enlighten me if there is. In the meantime, checkout my SqlRunner class — a class that reads SQL script files and executes the statements.

Jun 17 / 2014
7

Code Snippets, Programming

Snippet 0x03: Recursively watch folders on Java (using the Java 7 WatchService)

The “new” Java 7 WatchService provides a mechanism to easily monitor a single folder for file system events. Java uses the underlying OS mechanisms to realize that (inotifiy on Linux, and ReadDirectoryChanges* on Windows). What the WatchService cannot do, however, is monitor a folder recursively — meaning monitoring all sub-folders and register new folders if created. This tiny code snippet article shows you how.

Jun 14 / 2014
2

Code Snippets, Programming

Snippet 0x02: Getting the Java process PID and managing PID files (Linux/Windows)

To the best of my knowledge, Java doesn’t offer a good way to get the OS-dependent PID of its own process. Sure, there are libraries to do that — but do you really want to add a heavy library for this simple task? Well I didn’t. Syncany already has so many dependencies, I don’t want to introduce a new one just for this simple task.

Jun 14 / 2014
1

Code Snippets, Programming

Snippet 0x01: Undertow, an embeddable Java HTTP / WebSocket / REST server

Undertow is a lightweight HTTP and WebSocket server for Java. It’s super simple to set up and works with Java SE. I tried using it in my open source file sync tool Syncany and it works beautifully.

May 29 / 2014
3

Programming

The magic of Gradle: create Windows installers, Debian packages, manage a PPA, and optional sub-projects

Gradle is great build tool. Compared to Ant or Maven, it’s so much easier to use and write proper code for it — it’s unbelievable at times. A little while ago, I switched from an ugly Ant/Maven installation to Gradle with my open source project Syncany. Ever since then, I am simply amazed about what Gradle can do. Granted, it’s not always easy to understand and the lack of proper documentation and IDE support makes things more like a trial-and-error-based packaging experience. However, the amount of time that it saves is worth it.

Since I really like Gradle and I myself often have a hard time finding proper answers for the questions I have, I’d like to demonstrate a few solutions that I have come up with. In particular, I’ll describe how to create a Windows installer using Inno Setup under Linux, create Debian packages and manage a PPA (debuild/dput) as well as how to add an optional Gradle sub-project.

Mar 01 / 2014
8

Programming, Security

CipherInputStream for AEAD modes is insecure in JDK7 (GCM, EAX, etc.)

If you have a little bit of cryptography know-how, you’ve heard of GCM, EAX and other Authenticated Encryption with Associated Data (AEAD) block cipher modes of operation. If you haven’t, AEAD modes not only encrypt data, but also authenticate it so that the ciphertext cannot be tampered without detection. In addition to that, AEAD modes can addionally authenticate additional (unencrypted) data — header data for example.

Java’s cryptography interface abstracts the underlying cipher very neatly. If you don’t have any associated data, using an AEAD mode is just like using a mode that doesn’t protect ciphertext integrity: Independent of the actual cipher and mode you are using, the Cipher class behaves identical once it has been initialized. For stream processing, the JDK additionally offers a CipherOutputStream and CipherInputStream. Input and output streams are very easy to nest so that one can compress, encrypt and sign data just by chaining different streams.

So far so good. So what’s the problem? The problem is that the CipherInputStream is terribly broken when used with an AEAD mode. In this post, I’d like to demonstrate how.

Yearly Archives / 2014

Snippet 0x08: HTTP Basic Auth for secure WebSocket connections (with Undertow)

Snippet 0x07: Restart Docky from a cronjob (when it crashed)

Snippet 0x06: Disable SSLv3 in Firefox to protect against POODLE attack

Snippet 0x05: Windows .bat: Checking if process is running by PID file

Snippet 0x04: Run .sql-scripts from Java (on HSQLDB, Derby, MySQL, etc.)

Snippet 0x03: Recursively watch folders on Java (using the Java 7 WatchService)

Snippet 0x02: Getting the Java process PID and managing PID files (Linux/Windows)

Snippet 0x01: Undertow, an embeddable Java HTTP / WebSocket / REST server

The magic of Gradle: create Windows installers, Debian packages, manage a PPA, and optional sub-projects

CipherInputStream for AEAD modes is insecure in JDK7 (GCM, EAX, etc.)

Categories

Recent Comments