I Guess Im Not A 501 Developer

  By John Lee | 五月 11, 2012 - 15:35 | 文摘摘选
Leave a comment

文章摘自:http://adit.io/posts/2012-04-18-I_guess_Im_not_a_501_Developer.html

When I started reading the 501 Manifesto, I agreed wholeheartedly. Coding jobs (especially in San Francisco) encourage you to have long hours at work, and I don’t enjoy that. I want programming to be fun, and forced long hours make it work. So great job, 501 Developer Manifesto, I’m right behind you.

Then I get to this:

If you:

  • Write a technical blog
  • Contribute to open source projects
  • Attend user groups in your spare time
  • Mostly only read books about coding and productivity
  • Push to GitHub while sitting on the toilet
  • Are committed to maximum awesomeness at all times, or would have us believe it

…we respect you for it. There’s probably some pity in there too, but honestly, it’s mostly respect.

You lost me. Most of these apply to me. You see, programming isn’t a job for me…it’s a passion. I contribute to open source projects, not because I am awesome, but because programming is awesome. Think about it: with a computer, you have the power to make almost anything you want, as long as you can think out the logic. I think that is every nerd’s wet dream.

Open source is a wonderful thing. It gives me projects like Acme::Bleach and Semicolon and Haskell – projects with no real world value that exist because the author wanted them to. All kidding aside, this is the bit that irked me. Open source allows us to innovate at a speed most jobs don’t even dream of. Don’t you see how much technology has changed in just the last 5 years? You have thousands of peers who love making things work better…most vocations should be so lucky.

I was so certain I was a 501 developer. I like spending time with friends, and I like working on my projects at a sustainable pace. I always look for reasonable work hours at any new job. Hell, I’d love to find a job that lets me work less than 40 hours a week. You had me. But I’m also a programmer because I love programming. And maybe that’s not true for you: you became a programmer because you were good at it and it paid well. zacharyvoase on HN put it well:

It’s just 8 hours a day. 5 days a week. Roughly 25% of your life. Another 33.3% is spent asleep.

All the ‘big events’ in your life will be squeezed into the precious little time you have left after survival’s necessary subtractions. Going to school. Getting drunk. Being hungover. Getting married. Buying a house. Attending funerals.

I decided I’m not spending over 25% of my life (37.5% of my waking life) doing something I don’t LOVE.

To which I guess you would say:

To us it is just a job, but we still do it well.

You don’t love programming. I respect that. But the second part makes it sound like your days of learning and creating ended when you got your diploma. I can’t respect that.

P.S. Keep your pity.

Upgrade to Subversion 1.7

  By John Lee | 四月 26, 2012 - 10:21 | 技术积累, 文摘摘选
Leave a comment

This has been tested on Oneiric, and should work all the way down to Lucid. Simply run these commands in a terminal:

echo "deb http://opensource.wandisco.com/ubuntu lucid svn17" | sudo tee /etc/apt/sources.list.d/svn.list
sudo wget -q http://opensource.wandisco.com/wandisco-debian.gpg -O- | sudo apt-key add -
sudo apt-get update
sudo apt-get dist-upgrade

Note: this is the official repository from WANdisco, and should be considered safe.

Also of note: this repository includes a compatible “libsvn-java” package, which you can then use to run Subclipse 1.8 in JavaHL mode.

You will also have to add this line to your eclipse.ini:

-Djava.library.path=/usr/lib/jni

java.security.InvalidKeyException: Illegal key size 解决方法

  By John Lee | 四月 16, 2012 - 12:01 | 文摘摘选
Leave a comment

使用AES加密时,当密钥大于128时,代码会抛出:

java.io.IOException: problem creating RSA private key: java.io.IOException: exception using cipher: java.security.InvalidKeyException: Illegal key size

 

Illegal key size or default parameters是指密钥长度是受限制的,java运行时环境读到的是受限的policy文件。文件位于${java_home}/jre/lib/security

这种限制是因为美国对软件出口的控制。

 

解决办法:

去掉这种限制需要下载Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files.网址如下。

下载包的readme.txt 有安装说明。就是替换${java_home}/jre/lib/security/ 下面的local_policy.jar和US_export_policy.jar

jdk5: http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-java-plat-419418.html#jce_policy-1.5.0-oth-JPR

jdk6: http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html

Import a Private Key Into A Java Keystore

  By John Lee | 四月 16, 2012 - 11:30 | 文摘摘选
Leave a comment

This program will import a private key and associated certficate chain into a Java keystore. Usage is as follows:

java KeyStoreImport keystoreFile certificateFile keyFile alias

keyStoreFile
The file containing the Java keystore
certificateFile
A file containing a chain of concatenated DER-encoded X.509 certificates
keyFile
A file containing a DER-encoded PKCS#8 RSA private key
alias
Alias for the private key and certificate chain in the keystore

Note that the OpenSSL tools may be of help in getting certificates from whatever form you presently have them in into the encodings required by the program.

 

 
//
// KeyStoreImport.java
//
// Adds a specified certificate chain and associated RSA private key
// to a Java keystore.
//
// Usage: java KeyStoreImport KEYSTORE CERTS KEY ALIAS
//
//              KEYSTORE is the name of the file containing the Java keystore
//              CERTS is the name of a file containing a chain of concatenated
//                      DER-encoded X.509 certificates
//              KEY is the name of a file containing a DER-encoded PKCS#8 RSA
//                      private key
//              ALIAS is the alias for the private key entry in the keystore
//
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
//
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStreamReader;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.CertificateFactory;
import java.security.spec.PKCS8EncodedKeySpec;
 
public class KeyStoreImport {
 
	public static void main(String args[]) {
		try {
			// Meaningful variable names for the arguments
			String keyStoreFileName = args[0];
			String certificateChainFileName = args[1];
			String privateKeyFileName = args[2];
			String entryAlias = args[3];
 
			// Get the password for the keystore.
			System.out.println("Keystore password:  ");
 
			String keyStorePassword = (new BufferedReader(
					new InputStreamReader(System.in))).readLine();
 
			// Load the keystore
			KeyStore keyStore = KeyStore.getInstance("jks");
			FileInputStream keyStoreInputStream = new FileInputStream(
					keyStoreFileName);
			keyStore.load(keyStoreInputStream, keyStorePassword.toCharArray());
			keyStoreInputStream.close();
 
			// Load the certificate chain (in X.509 DER encoding).
			FileInputStream certificateStream = new FileInputStream(
					certificateChainFileName);
			CertificateFactory certificateFactory = CertificateFactory
					.getInstance("X.509");
			// Required because Java is STUPID. You can't just cast the result
			// of toArray to Certificate[].
			java.security.cert.Certificate[] chain = {};
			chain = certificateFactory.generateCertificates(certificateStream)
					.toArray(chain);
			certificateStream.close();
 
			// Load the private key (in PKCS#8 DER encoding).
			File keyFile = new File(privateKeyFileName);
			byte[] encodedKey = new byte[(int) keyFile.length()];
			FileInputStream keyInputStream = new FileInputStream(keyFile);
			keyInputStream.read(encodedKey);
			keyInputStream.close();
			KeyFactory rSAKeyFactory = KeyFactory.getInstance("RSA");
			PrivateKey privateKey = rSAKeyFactory
					.generatePrivate(new PKCS8EncodedKeySpec(encodedKey));
 
			// Add the new entry
			System.out.println("Private key entry password:  ");
 
			String privateKeyEntryPassword = (new BufferedReader(
					new InputStreamReader(System.in))).readLine();
			keyStore.setEntry(entryAlias, new KeyStore.PrivateKeyEntry(
					privateKey, chain), new KeyStore.PasswordProtection(
					privateKeyEntryPassword.toCharArray()));
 
			// Write out the keystore
			FileOutputStream keyStoreOutputStream = new FileOutputStream(
					keyStoreFileName);
			keyStore.store(keyStoreOutputStream, keyStorePassword.toCharArray());
			keyStoreOutputStream.close();
		}
 
		catch (Exception e) {
			e.printStackTrace();
			System.exit(1);
		}
	}
}

StartSSL免费证书申请

  By John Lee | 四月 15, 2012 - 20:07 | 技术积累
Leave a comment

www.startssl.com 提供免费证书,支持主流浏览器(Firefox、Chrome、IE、Safari、Oprea),申请的步骤在这里不详细说明了,google上有很多资料。

 

Apache配置示例:

        ServerAdmin webmaster@localhost
        ServerName  www.woolion.com
 
        SSLEngine On
        ServerSignature On
 
        SSLProtocol all -SSLv2
        SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
 
        SSLCertificateChainFile /home/ssl/sub.class1.server.ca.pem
        SSLCACertificateFile  /home/ssl/ca.pem
        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
 
        SSLCertificateFile      /home/ssl/woolion.com.startssl.crt
        SSLCertificateKeyFile   /home/ssl/woolion.com.startssl.key

The Most Common OpenSSL Commands

  By John Lee | 四月 12, 2012 - 15:56 | 文摘摘选
Leave a comment

General OpenSSL Commands

These commands allow you to generate CSRs, Certificates, Private Keys and do other miscellaneous tasks.

  • Generate a new private key and Certificate Signing Request 
    openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key
  • Generate a self-signed certificate 
    openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt
  • Generate a certificate signing request (CSR) for an existing private key 
    openssl req -out CSR.csr -key privateKey.key -new
  • Generate a certificate signing request based on an existing certificate 
    openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key
  • Remove a passphrase from a private key 
    openssl rsa -in privateKey.pem -out newPrivateKey.pem

Checking Using OpenSSL

If you need to check the information within a Certificate, CSR or Private Key, use these commands. You can also check CSRs and check certificates using our online tools.

  • Check a Certificate Signing Request (CSR) 
    openssl req -text -noout -verify -in CSR.csr
  • Check a private key 
    openssl rsa -in privateKey.key -check
  • Check a certificate 
    openssl x509 -in certificate.crt -text -noout
  • Check a PKCS#12 file (.pfx or .p12) 
    openssl pkcs12 -info -in keyStore.p12

Debugging Using OpenSSL

If you are receiving an error that the private doesn’t match the certificate or that a certificate that you installed to a site is not trusted, try one of these commands. If you are trying to verify that an SSL certificate is installed correctly, be sure to check out the SSL Checker.

  • Check an MD5 hash of the public key to ensure that it matches with what is in a CSR or private key 
    openssl x509 -noout -modulus -in certificate.crt | openssl md5
openssl rsa -noout -modulus -in privateKey.key | openssl md5
openssl req -noout -modulus -in CSR.csr | openssl md5
  • Check an SSL connection. All the certificates (including Intermediates) should be displayed 
    openssl s_client -connect www.paypal.com:443

Converting Using OpenSSL

These commands allow you to convert certificates and keys to different formats to make them compatible with specific types of servers or software. For example, you can convert a normal PEM file that would work with Apache to a PFX (PKCS#12) file and use it with Tomcat or IIS.

  • Convert a DER file (.crt .cer .der) to PEM 
    openssl x509 -inform der -in certificate.cer -out certificate.pem
  • Convert a PEM file to DER 
    openssl x509 -outform der -in certificate.pem -out certificate.der
  • Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM 
    openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

    You can add -nocerts to only output the private key or add -nokeys to only output the certificates.

  • Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12) 
    openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

maven deploy to remote repository

  By John Lee | 四月 11, 2012 - 10:06 | 技术积累
Leave a comment

1. config settings.xml

    
 
    <server>
      <id>maven.hidev.net.release</id>
      <username>username</username>
      <password>password</password>
      <filePermissions>664</filePermissions>
      <directoryPermissions>775</directoryPermissions>
    </server>
 
    <server>
      <id>maven.hidev.net.snapshots</id>
      <username>username</username>
      <password>password</password>
      <filePermissions>664</filePermissions>
      <directoryPermissions>775</directoryPermissions>
    </server>

2. config pom.xml

 
    <distributionManagement>
      <repository>
	<id>maven.hidev.net.release</id>
	<url>http://maven.hidev.net/libs-release-local</url>
      </repository>
      <snapshotRepository>
	<id>maven.hidev.net.snapshots</id>
	<url>http://maven.hidev.net/libs-snapshot-local</url>
      </snapshotRepository>
    </distributionManagement>

the distributionManagement.repository.id must be the same as server.id

3. deploy

mvn deploy

or

mvn deploy:deploy-file -Durl=http://maven.hidev.net/libs-release-local \
                       -DrepositoryId=maven.hidev.net.release \
                       -Dfile=./target/tqlab-osgi-nuxeo-1.0.0.jar \
                       -DpomFile=./pom.xml \
                       -Dsources=./target/tqlab-osgi-nuxeo-1.0.0-sources.jar