Andrew Marlow's Web Log
Andrew's random technical ramblings.
Sunday, February 18, 2024
Jenkins, git and ssh in a corporate environment
Friday, June 23, 2023
How to display markdown files from the linux command line
Monday, August 29, 2022
Many forks on github projects
Monday, August 01, 2022
Windows and directories that cannot be (easily) deleted
Sunday, March 27, 2022
Function parameters that are fundamental types passed by value and const
Windows, X11, cygwin, fonts and Xming
Monday, May 31, 2021
Software Development links and comments
Intro
I am in the process of decommissioning my website and moving my notes on software development and suchlike to my blog here.ACCU
I am an active member of ACCU (the Association of C and C++ Users). It's been a long time since I had anything published by them. There are a couple of articles a few book reviews.C++ Coding Guidelines
Many years ago I started to write a book on this. It was never published. I did discuss an early draft with Addison Wesley but they did not show any interest. I discussed this with some ACCU people and the theory put forward was that maybe they had been approached by other authors on the same subject. About a year later Sutter and Alexandrescu had their guidelines published. Their book is very good and I recommend it. Their book is much better than what I was working on. In a corporate environment I would never bother with a coding guidelines document these days. They are never read, never enforced, and can become out of date very quickly. They are also a rich source of arguments and ill-feeling. There has to be a better way. There is. It is called clang. I would have a jenkins job to use clang-format to format the code. That would take care of all whitespace and brace arguments. And I would use clang-tidy static code analysis (SCA) to find the more serious coding issues. There would be a jenkins job to ensure that the code was always SCA-clean. clang-tidy is not the easiest program to run since it needs to know what compiler options are used and that includes macros and the places where to look for include files. I have found that it helps to write a python script to take care of these things. It is worth the effort.Sourceforge
Here are my own projects, hosted on SourceForge. They are old and have fallen into disuse really. If I was going to maintain them I would probably start by relocating them to github.- LAUM - Development has stalled. I hoped it would eventually it will be a suite of applications to help in the administration of groups of machines. The whole thing has been made a bit obsolete by docker and kubernetes.
- FRUCTOSE - wrote an LGPL'd C++ unit test framework. The main motivation was a simple, header-only framework that does not depend on boost. However, these days I recommend that people go with the Google unit test framework (gtest).
- Cyclic Logs - wrote a GPL'd package to provide cyclic logfiles. I think this does still have a practical use in environments where the disk space is constrained.
- DepDot - wrote a GPL'd command (perl script) to show cyclic dependencies among libraries.
TeX
I am a keen user of TeX, via the LaTeX variant created by Leslie Lamport. I have been a member of the UK branch of the Tex Users Group for several years. I tend to produce most of my documentation using LaTeX. This allows me to produce PDF and postscript files (via DVI conversion programs) and RTF files (via latex2rtf). The RTF format is an open format but due to its close integration with Microsoft Word for Windows it is useful for people that require documents to be in a Microsoft format. I used to use latex2html to create web pages from my LaTex documents, but have now found that HeVeA does a better job and is much faster. It is written in oCamL. For many years I experimented with alternatives to using LaTeX directly, flirting briefly with DocBook, and other approaches. I now conclude that there is just no substitute for writing in LaTeX directly.CORBA
I feel great nostalgia when I think of CORBA. I liked it for a very long time. I was interested in CORBA right from the beginning (i.e. when the standard was so embryonic, CORBA would not even interoperate with itself!). Despite the complexity of the standard, I still think CORBA had a lot to offer. I have used several ORBs, some open source, some proprietary. My favourite used to be MICO but unfortunately the support for multithreading is still not finished and development petered out around 2017, so TAO (the ACE ORB) is now the winner. I have also looked at JacORB by Gerald Brose. The best proprietary ORB (IMO) was Orbix from IONA (now owned by Progress). For those interested in CORBA I recommend heading over to the web site of Ciaran McHale (, a former IONA consultant whom I have worked with before. He has a free book there which I think provides a great practical introduction to programming with CORBA. However, despite the nostalgia I have to admit that CORBA has had its day. The Rise and Fall are well documented by Michi Henning, see https://cacm.acm.org/magazines/2008/8/5336-the-rise-and-fall-of-corba/fulltext. Unfortunately there does not seem to be anything trying to replace it, except possibly ICE from ZeroC. It is Open Source, which is obviously a good thing, but be advised that the the license is GPL and so does not permit use in proprietary products (a separate license agreement is available with a purchase cost). If I was ever asked to work on a project where there was a need for some kind of service interface I would probably make it a web interface. That's the current fashion at the time of writing (2021) and there are umpteen frameworks. I would probably choose gRPC with Web Assembly. I would never use SOAP and I would be wary of REST.Free Software and Open Source
Projects that I have contributed to include:- DoxyPress
- PoCo
- ACE
- OpenSSL
- I did some work on ESNACC, an extended version of SNACC, an old ASN.1 compiler. ESNACC started because SNACC was an old orphaned project with no support for either C++ or DER and PER (SNACC was old BER only). Sadly, work on ESNACC gradually fizzled out.
ASN.1
I really like ASN.1. I was first introduced to it way back in 1984 when the encoding standard was called .X409. It was used on Prime Computers for some of its client/server software and proved to be a boon when the protocol had to change, due to the use of sets and version numbers. Sadly, I have not seen it used much since, except of course in a few standard internet protocols. I found out there is effectively a replacement for ESNACC, asn1c, which seems to be significantly better than either SNACC or ESNACC. I haven't played with it yet. I wonder if I ever will. There is a useful book on ASN.1 that you might find interesting.Heroes of software
There are so many potential heroes for a computer geek to look up to, but my favourite is Alan Turing. He is regarded by many as the father of computer science. He is particularly admired by many of us in the UK for his work at Bletchley Park. Turing's work there was part of the outstanding effort in decrypting German messages during the Second World War.Thursday, October 22, 2020
Java has finally got strong crypto
For a long time now America has treated strong crypto as akin to munitions; a deadly weapon that must not be allowed to fall into the wrong hands. For the background to this, see the wikipedia page at https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States
The wikipedia page indicates that this attitude was significantly lessened in 1992 but the sad fact is that is persisted well beyond that for java. The Oracle release notes for JDK8 at https://www.oracle.com/java/technologies/javase/8all-relnotes.html say that the restricton was removed in January 2018, in update 161. The change was also backported to JDK7 in update 171.
This means that java projects using JDK8 had better move to at least this update version if they have not already. Of course, users of OpenJDK probably never had a problem and certainly don't now.
The way I ran into this problem was during work on a trade feed that uses the FIX protocol. The FIX session was secured with TLS1.2. everything was fine until one day the remote side changed from a weak crypto algorithm to a strong one. Our side failed with a mysterious SSL handshake error. This came from the mina package, as used by quickfixj. Mina which doesn't seem to handle this situation well at all. We had to turn on packet level logging via the JVM option -Djavax.net.debug=all to see what was happening. The log showed that the remote side wanted to use a strong algorithm but that many algorithms on our side were disabled. At the time the latest JDK8 update from Oracle was update 251. I switched to that and then all those messages about unknown algorithms disappeared and the algorithm preferred by the remote side was accepted. Everything started working again.