• Home
  • Site Aliases
    • www.cloud-native.info
    • oracle.cloud-native.info
    • Phil-Wilkins.uk
  • About
    • Background
    • Presenting Activities
    • Internet Profile
      • LinkedIn
    • About
  • Books & Publications
    • Logging in Action with Fluentd, Kubernetes and More
      • Logging in Action with Fluentd – Book
      • Fluentd Book Resources
      • Log Generator
    • API & API Platform
      • API Useful Resources
    • Oracle Integration
      • Book Website
      • Useful Reading Sources
    • Publication Contributions
  • Resources
    • GitHub
    • Mindmaps Index
    • Oracle Integration Site
    • Useful Tech Resources …
      • Oracle Tech Resources inc Open Source
      • Useful Tech Resources
      • Python Setup & related stuff
  • Music

Phil (aka MP3Monster)'s Blog

~ from Technology to Music

Phil (aka MP3Monster)'s Blog

Monthly Archives: July 2014

JDeveloper 12c

29 Tuesday Jul 2014

Posted by mp3monster in General, Oracle, Technology

≈ Leave a comment

Tags

11g, 12c, editor, JDeveloper, Oracle, SOA Suite, XSD

So I have been using JDeveloper 11g for a while and have to admit that I wasn’t a big fan finding a bit flaky and prone to crashing. The biggest driver to using it has been the fact that it offers a lot of XMLSpy like features without the stupidly high XMLSpy license costs.

With JDeveloper 12c arriving I took the opportunity to give it a go. Wow, is it so much better – quicker particularly during the startup cycle and way more reliable. The features around XSD editing haven’t significantly changed but just feels subtly easier to use.

With all the features around working with SOA Suite 12c and Weblogic 12c for core Oracle development I can imagine it is a huge step forward.

With the easier deployment of 12c getting PoC work done should be a lot easier. It’s just a shame still needs that huge 8GB footprint to do anything meaningful and my company laptop being a notebook (great for travelling with) doesn’t pack that punch and Oracle isn’t yet offering low cost SOA Suite deployments in the cloud yet.

Share this:

  • Twitter
  • Facebook
  • LinkedIn
  • Print
  • Pocket
  • Email
  • Tumblr
  • Reddit
  • Pinterest
  • WhatsApp
  • Skype

Like this:

Like Loading...

Evaluating SSL certificates for SaaS

29 Tuesday Jul 2014

Posted by mp3monster in General, Technology

≈ Leave a comment

Tags

cryptography, NIST, SaaS, Security, sophos, SSL

So when looking at SaaS solutions one of the things we consider is the strength of the SSL certificate, and when using a small provider who the Certificate Authority as commercial authorities will provide insurance for a breach which can go to paying some of the cleanup costs (assuming the breach isn’t from negligence).

So how to evaluate SSL certificates in terms of robustness (i.e. cryptographic strength) after all some people will talk. About 128 bit certificates and others such as Google mention 2048 which on the surface don’t seem comparable.

So the bit length is to do with the cryptographic algorithm used of which there are several such as AES, 3DES and so on. No I’m no expert on this so I won’t presume to explain the pros and cons of the different algorithms, there are other resources on the web for that (such as this document).

The point I have been working towards is that NIST (National Institute of Standards and Technology)(aside from being a good resource on security) have tables  that recommends the size of the key used to help build the certificate (the document is here and tables 1 & 2 contain the key details, more here). The tables shown below takes into account the algorithm (therefore a comparator on key size) but also a recommended growth in key size.

 

NISTTable2 NISTTable

 

An alternative representation of the same information can be found here and the 1st table here.

So why grow a key size well one of the factors in driving key size is that as computing power increases the time and effort to brute force crack of a key shrinks. So every time the key size increases so does the effort to brute force the cracking of the key.

This leads to secondary consideration – that of the certificate life i.e. how long the certificate is valid for. This is in effect to potentially greatest period of exposure based on the fact that someone may brute force your certificate and then simply listen to the traffic so you never know of the compromise. Obviously you can revoke the certificate at any time.

Finally remember the need and level of security should be informed by assessing the data being transferred (in motion). Data security should also be considered for data at rest I.e being stored (data loss from a data store is likely to be far more damaging).

Share this:

  • Twitter
  • Facebook
  • LinkedIn
  • Print
  • Pocket
  • Email
  • Tumblr
  • Reddit
  • Pinterest
  • WhatsApp
  • Skype

Like this:

Like Loading...

Farnborough Airshow

19 Saturday Jul 2014

Posted by mp3monster in General, Photography

≈ Leave a comment

Tags

airshow, farnborough, photos

I couldn’t resist sharing a few shots I got at the Farnborough Airshow (although they look far better in full resolution) …

Red Arrows with jet trails

A380

Typhoon with afterburners on and vapour forming around wings

 

For more photos pop over to ly Flockr account at photos.mp3monster.org

Share this:

  • Twitter
  • Facebook
  • LinkedIn
  • Print
  • Pocket
  • Email
  • Tumblr
  • Reddit
  • Pinterest
  • WhatsApp
  • Skype

Like this:

Like Loading...

Review of Creating Flat Design Websites

18 Friday Jul 2014

Posted by mp3monster in Books, General, Technology

≈ Leave a comment

Tags

book, Bootstrap, Design, Designmodo, HTML, Packt, review, skeuomorphic, UI, website

I always find when looking at book if I encounter early in the book comments such as “…eventually I found out that design is not about the answers, it’s about asking the right questions …” as Antonio Pratas does in the Acknowledgement of Creating Flat Design Websites that the book feels like I can trust the author as this sort of thing is both an honest observation and one that reflects some more considered thinking. The book beards this point out. For example rather than pitching the technology or approach as a tool for all things as many IT books have habit if doing, even in the first couple of chapters we are clearly informed that flat design isn’t necessarily correct approach in all cases and examples are given to illustrate the point.

The opening chapter explains the ideas of flat design vs skeuomorphic, and a brief history of the design approaches and “flat’s” ruse in popularity. Even providing an incredibly simple illustration that doesn’t demand that you be a graphic artist to achieve to show the differences and how you might move from skeuomorphic to flat.

The following chapters look at the consideration for usability, referencing Jakob Neilsen’s work (and if design piques your interest I’d highly recommend the work of Neilsen’s partner at NN/g – Don Norman with writing such as the Design of Everyday Things). The only criticism I might make here is with UI design, and specifically web there are legal (in the UK this cones presently as part if disability discrimination) and industry standards (particularly W3C’s WCAG standard/guidelines) aren’t really mentioned. But if you start digging into good usability material you will encounter these aspects.

From this point when are then guided through a design approach with plenty of recommendations on how to approach the design phase (from the basics of considering your target audience onwards).  It is only chapter 5 that really get stuck into web tech with HTML and the Designmodo framework built on Twitter’s Bootstrap and chapter 6 covers building your own flat UI framework. So this book maybe pitched at web app development, but actually the bulk of the books content holds true whether you’re working on web solutions, thick apps for the desktop or the mobile variety as it embodies the principles if good interface design.

Not only does it successfully talk about good design it bridges the gap between techies and graphic artists without the sense it is trying to address either skills base. No mean feat.

Rather than stealing the book’s wealth of useful resources, I’ll point you at links relevant the book and it’s author. From there you’ll find a cast array of helpful resources. The references :

  • Packt Book webpage
  • Antonio Pratas’ website
  • Antonio Pratas on LinkedIn
  • An article on skeuomorphic design
  • Twitter Bootstrap
  • Designmodo framework

CreatingFlatDesignWebsite

Share this:

  • Twitter
  • Facebook
  • LinkedIn
  • Print
  • Pocket
  • Email
  • Tumblr
  • Reddit
  • Pinterest
  • WhatsApp
  • Skype

Like this:

Like Loading...

Pure REST is not always a good thing

05 Saturday Jul 2014

Posted by mp3monster in General, Technology

≈ 2 Comments

Tags

DPA, JSON, REST, Security, Web Service, WSDL

So following REST web service best practice is not always a good thing, but of a controversial statement. That said I came across a situation that beautifully illustrated it.

I was recently asked for my opinion on a web solution that had to interact with customer data. The developers concerned implemented the functionality using REST web services and followed the principles to the letter. Except one of the services needed to locate a unique customer object. To do this the service enough customer details are provided in the URL to obtain a unique record.

So regardless of the security Implemented using strong SSL and payload encryption in the solution implementation we have just exposed every element in the network that can log URIs to DPA levels of security (not to mention information commissioner requests). That is before you consider man in the middle and packet URL attacks.

What to do, such sensitive web services need to be delivered without personal data in the URL, we could go via WSDL (but our use case points to REST being a better approach) or we follow the object creation pattern for REST (and pay the price of not caching the results on the web tier although if we are concerned about security then this isn’t such a bad thing and we can still get performance on the DB tier. Using the payload is probably the right thing to do.

Share this:

  • Twitter
  • Facebook
  • LinkedIn
  • Print
  • Pocket
  • Email
  • Tumblr
  • Reddit
  • Pinterest
  • WhatsApp
  • Skype

Like this:

Like Loading...

Aliases

  • phil-wilkins.uk
  • cloud-native.info
  • oracle.cloud-native.info

I work for Oracle, all opinions here are my own & do not necessarily reflect the views of Oracle

Oracle Ace Director Alumni

TOGAF 9

Logging in Action

Oracle Cloud Integration Book

API Platform Book


Oracle Dev Meetup London

Categories

  • App Ideas
  • Books
    • Book Reviews
    • manning
    • Oracle Press
    • Packt
  • Enterprise architecture
  • General
    • economy
    • LinkedIn
    • Website
  • Music
    • Music Resources
    • Music Reviews
  • Photography
  • Podcasts
  • Technology
    • APIs & microservices
    • chatbots
    • Cloud
    • Cloud Native
    • Dev Meetup
    • development
      • languages
        • node.js
    • drone
    • Fluentd
    • logsimulator
    • mindmap
    • OMESA
    • Oracle
      • API Platform CS
        • tools
      • Helidon
      • ITSO & OEAF
      • Java Cloud
      • NodeJS Cloud
      • OIC – ICS
      • Oracle Cloud Native
      • OUG
    • railroad diagrams
    • TOGAF
  • xxRetired

My Other Web Content & Contributions

  • Amazon Author entry
  • API Platform
  • Dev Meetup (co-managed)
  • Fluentd Book
  • ICS Book Website
  • OMESA
  • Ora World
  • Oracle Community Directory
  • Packt Author Bio
  • Phil on Blogs.Oracle.com
  • Sessionize Profile

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 2,541 other subscribers

RSS

RSS Feed RSS - Posts

RSS Feed RSS - Comments

July 2014
M T W T F S S
 123456
78910111213
14151617181920
21222324252627
28293031  
« Jun   Aug »

Twitter

  • File system replication is now available as a fully managed solution for your enterprise workloads with #OCI File S… twitter.com/i/web/status/1…Next Tweet: 4 days ago
  • Find out how NIBIO's Smart Forest research center utilizes @OracleCloud to store, process, and apply #AI to data to… twitter.com/i/web/status/1…Next Tweet: 4 days ago
  • .@TechArena's latest ebook "Seven Strategies for Maximizing Organizational Return” highlights #OCI. Bev Crair discu… twitter.com/i/web/status/1…Next Tweet: 5 days ago
  • Clever use of SSH tunnelling, Applies to multiple Linux flavours and Windows .... blogs.oracle.com/developers/pos…Next Tweet: 5 days ago
  • 25% done with Let's Do It, by Bob Stanley goodreads.com/user_status/sh…Next Tweet: 5 days ago
Follow @mp3monster

History

Speaker Recognition

Open Source Summit Speaker

Flickr Pics

Pembroke CastleSeven Bridge Crossing
More Photos

    Social

    • View @mp3monster’s profile on Twitter
    • View philwilkins’s profile on LinkedIn
    • View mp3monster’s profile on GitHub
    • View mp3monster’s profile on Flickr
    • View philmp3monster’s profile on Twitch
    Follow Phil (aka MP3Monster)'s Blog on WordPress.com

    Blog at WordPress.com.

    • Follow Following
      • Phil (aka MP3Monster)'s Blog
      • Join 217 other followers
      • Already have a WordPress.com account? Log in now.
      • Phil (aka MP3Monster)'s Blog
      • Customize
      • Follow Following
      • Sign up
      • Log in
      • Report this content
      • View site in Reader
      • Manage subscriptions
      • Collapse this bar
     

    Loading Comments...
     

    You must be logged in to post a comment.

      Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
      To find out more, including how to control cookies, see here: Our Cookie Policy
      %d bloggers like this: