Marcin's Musings

Random bits of stuff

Mac OS X Java and /Library/Java/Extensions Based Woes

| Comments

The kid was asleep, the wife had gone to bed early, so I did what any other sane person would do on a Saturday night – cracked open a beer and decided to brush up on my Java skills.

I’ve never done Java full-time, and while I know the basics of the language – I even got a “Sun Certified Java Programmer 1.4” certification back in the day, just for kicks – I hadn’t explored the newer features like Generics, Annotations and whatever else. So with that in mind I fired up IDEA and started playing around.

I soon ran into some troubles though!

SydJS Presentation: Koa

| Comments

I tweeted about these slides but didn’t actually post them to the blog. I presented at SydJS for the first time this month, about Koa – a generator based web server framework for Node.js.

The slides by themselves probably aren’t the most useful, and if you want to learn about Koa you might just be better off reading the docs!

Koa presentation slides

Continous Integration for CFML Projects

| Comments

I recently took on the task of trying to make the FW/1 test suite run on Travis CI. With a bit of experimentation and hacking it now works! This might be the first open source CFML project with Continous Integration tests, and as a resource for the community I thought it would be good to release the relevant parts as a template of sorts. Presenting the CFML CI project:

The README contains instructions for integrating with your CFML project.

CFCamp 2013 Presentation: Introduction to CoffeeScript

| Comments

Last week I had the opportunity to speak at the CFCamp 2013 conference in Munich. Rather than a CFML topic I proposed a talk on CoffeeScript, as I had been doing a few CoffeeScript projects at work and found the language interesting. Although funnily enough in between proposing the talk and actually giving it I have actually gone off the idea of using CoffeeScript heavily in production.

After attending JSConf EU in September I just feel that there’s too much new stuff coming in JavaScript that clashes with what’s already in CoffeeScript that it might be better to stick to pure JS. Of course CoffeeScript generated JS won’t stop working, but it just sometimes feels like the little bit of nicer syntax isn’t worth the overheads to the process.

So my presentation was very wary in trying to advocate / evangelise CoffeeScript, it was more a case of “Hey, this is what CoffeeScript is and what it looks like. You might want to give it a go, but really be aware of the downsides”!

I’ve put the Introduction to CoffeeScript presentation online – there’s a live CoffeeScript code editor and compiler built into the slides, which was a bit of fun to write.

As for the conference itself, it was a lot of fun! Michael Hnat and the rest of the organising team did a great job, and the venue was excellent. Also loved the drinks on every table in the presentation rooms, and the copious amounts of pretzels for snacks. I met some interesting people, and saw some interesting presentations. It was only good timing with my family holiday that I could make it there this year, which is a shame as I’d happily come back next year if it wasn’t half way around the world.

Implementing Google Authenticator Support in ColdFusion

| Comments

I use the Google Authenticator app as an additional security measure for my Google account. When Dropbox added support I realised it wasn’t just a Google thing. I finally thought I’d look at what it takes to implement a Google Authenticator “compliant” service. Turns out it’s not too hard, and it’s all standards based.

For the impatient, here’s the CF Google Authenticator Github repo.

So for the details: These 2 standards are involved in the Google Authenticator implementation:

  • RFC-6238 TOTP: Time-Based One-Time Password Algorithm
  • RFC-4226 HOTP: An HMAC-Based One-Time Password Algorithm

The first is actually a specific implementation of the second, and what Google Authenticator tokens are based on.

HOTP is conceptually simple – you take the HMAC-SHA-1 of a shared secret key, and a counter. You then do some bit twiddling with the resulting 160-bit (20 byte) hash to get it down to a 4-byte number, from which you then extract a 6-digit number which is your token.

TOTP is a particular implementation of HOTP, where the counter is based on the number of seconds since the UNIX Epoch. Specifically it’s how many X second periods have there been since the epoch, where X is 30 seconds in Google’s case. This is why the number changes every 30 seconds.

So anyway, the actual derivation of the current token value from the secret is only a few lines of code, but there was some additional complexity to implementing this in ColdFusion.

Elastic Beanstalk Post-deployment Scripts

| Comments

Some of this is extracted from an answer I posted to a Stack Overflow question.

Recently I’ve been helping out a friend with a website and we are deploying it to AWS via their Elastic Beanstalk service. I’ve learned a few quirks of the platform in my, albeit brief, time working with it. One of these is that there’s no official way to run a “post deploy” script. You can run “Container Commands”), which are executed in your application directory BEFORE it is deployed (ie. made live), but no way to run a script AFTER your application is deployed (ie. when your application is in /var/app/current and the web server has been restarted).

Why would you need to do this?

Hello World!

| Comments

Hello! Let’s try this blogging thing again. Decided to give Octopress a whirl. Gone are the days of writing your own blogging engine every time you want to start writing a blog again (well, maybe).