Wednesday, February 4. 2009
I can remember back to last years php|tek. The morning of my web services workshop I found out that I was going to be a Dad. Needless to say that is one presentation I will never forget. It has been a long 9 months, but I am happy to say that I am now officially a father. My son Dean was born at 1:03 am on Jan 27th. Both Julie and Dean are doing well, though Dean gets to sleep much more than we do. Life sure is going to change dramatically, but none of us would have it any other way. Dean, if you happen to be reading this years from now, pulled from the archives of some search engine, I just have to say that you are the most precious thing to your mother and I (seeing you don't have any siblings....yet).
Tuesday, January 13. 2009
As many people have found out, entity handling in ext/xml is broken when used with libxml2 2.7.0-2.7.2. The problem lies with the way pre-defined entities are handled; or rather not handled when used with one of the newer libxml2 versions. The entities, &, < , >, ' and " never get passed to the user's callbacks, causing a big problem in quite a number of applications out there. Needless to say, I've received a good amount of hate mail over this problem. Got to love people. You never hear how grateful anyone ever is, but sure as hell once there is a problem they are all over you. Anyways, I digress.
Although I have been telling people for a few years now that they should use XMLReader rather than ext/xml, this breakage was not intentional; no matter what anyone says – Yes, I've had a few throw that out there. The good news is that the problem has finally been fixed, but will require both an updated PHP (5.2.9+) and libxml2-2.7.3, although none of them have yet been released. Until things are available, the available options are to either compile your own builds using the code from the libxml2 and PHP repositories, don't upgrade to libxml2 2.7.x yet if you haven't yet done so, build ext/xml with expat rather than libxml2, or lastly, convert your PHP code to use XMLReader.
My parting thought on this to everyone is just switch to the XMLReader extension. It's faster, easier to use and much more powerful.
Wednesday, January 7. 2009
While working on OAuth implementations for our clients at Mashery, one of the biggest issues I see developers running into is how to debug and fix invalid signature errors. There are numerous OAuth libraries out there, in fact we even have our own, so how do you determine which side is really generating the correct signature and which has a flaw in the logic? I find that using a third party library is a great way to quickly zero in on which side is at the root of the issue. The problem, however, is there are no readily available tools to do this. I have found a number of test applications, but they pretty much are for testing wether a consumer library/app is working correctly against them.
We mostly deal with providing the service provider side of OAuth, meaning numerous different endpoints, so these tools were of little help. I ended up writing a down and dirty signature generation app using the C# OAuth library (so Windows only folks). It will generate a signature based on the different OAuth parameters you enter. You can use this to compare the signature it generates to that from your consumer app or service provider. Full source code and more detailed information can be found on the Mashery Customer Solutions site. Time permitting, I may continue to add features to this tool. Hopefully others find this useful as well.
Source and Binaries: OAuth Signature Validation Tool
Monday, September 22. 2008
Slides have been posted for the latest version of my Digital Identity talk.
This talk has evolved since I first starting giving it, but the latest version simple needed more time to present. I was asked to combine all the topics (OAuth was to be its own presentation) into one, which I probably won't do again. Even just only covering the absolute basics, I found that there just isn't enough time to cover them all in the short amount of time, so some material was skimmed over. If anyone has any questions on any of the material, please feel free to contact me.
I've been getting a number of emails asking if I'm still alive and kicking. The answer is yes, just have had a lot of things going on lately. Those of you who were at php|tek in Chicago this year know that my wife and I are having our first baby. We've been busy doing the doctor's visits, shopping, getting nursery ready, shopping, wondering if we have everything we need, and did I mention shopping. Never realized how expensive babies are and he's not even here yet (Yes, I said "he", we are having a boy).
On the flip side, work has been very hectic. Things are going well and we are very busy. For the past 5-6 months, on top of my regular work on our proxy, I have been living and breathing OAuth. Unlike OpenID, which is really only found in the social networking/blogging areas, and Information Cards which is still new and has some ways to go for more widespread adoption, companies have started actively adopting and implementing OAuth for use with their APIs. Things should start getting interesting once they start rolling these out to the general public.
I'm still involved with my xmlseclibs project, PHP and libxml2/libxslt. I just haven't had as much time over the past few months. I try to fix what I can when I get a chance, but my participation really has been slacking. With fall having started and winter on the way, I'll have more free time to work on these things. Hope to hit some of the feature requests I've gotten in the XML/PHP areas, as well as soon add some additional functionality to xmlseclibs to work with WS-BPEL (just needs some additional testing). If there are any additional feature requests or bugs I haven't looked at yet (I got a number via email that aren't in any of the bug systems - so may have forgotten about them), let me know and I'll make sure they make my TODO list.
Friday, July 18. 2008
My buddies over at AITCOM did it again. On July 10th, around 5:45 pm EST my server went mia. Being a Friday and occasionally experiencing the minor outages (< 5 minutes), I didn't give it much thought and left it for the night. The outage wasn't as minor as I had thought, the next morning I go to check email and nothing... The server was dead in the water. Calls to AIT pretty much fell on deaf ears. They performed a reboot and called it fixed. Of course they test things really well. After my forever long wait on hold back on the phone with them and once again my outage report falls on deaf ears. They tell me that they went ahead and found no hardware failure, so this must be my fault and I have to pay them to look into it. Their admins much be morons, after a couple of minutes, without any access to their network, I was able to determine that my IP addresses had been re-assigned elsewhere. Would you believe that even after telling them this, they said there is no hardware problem and that I had to pay them to get this issue resolved. WTF?!?!?!
After a few deep breaths, I said fine as long as once they found out that the problem was theirs that I wasn't going to be charged. Day after day, no progress. I spent many hours on the phone ripping their customer service people new ones. I hate dealing with customer service people. Their roll is simply to be cannon fodder for the times serious issues arise. All they can say is that they are sorry, someone is working on it and no one else there can help, so I have to be patient. Between that and their incompetent engineers, I am surprised they are still in business. Finally after 5 days, they come back and tell me things are fixed and I wont be charged because it was due to a hardware failure on their end. It took 5 frickin days to figure out there was a hardware failure somewhere (that only was affecting my server of course) and they even knew where to start looking from? Things didn't sound right to me. At least I was able to get my mail back online along with my blog. The problem is that I still don't have 6 of my IP addresses. I am now on day 7 of this and my server is only limping along. The only saving grace here is that the server isn't running anything critical. Imagine being a business customer and having a complete outage for 5 days and after 7 days you still are only partially online. I think it might be time to look for a new provider :/
Tuesday, July 8. 2008
The long awaited 1.2.1 release finally sees the light of day.
It can be downloaded from:
Changes include the following:
- Attempt to use mhash when hash extension is not present. (Alfredo Cubitos).
- Add fallback to built-in sha1 if both hash and mhash are not available and
throw error for other for other missing hashes. (patch by Olav Morken).
- Add getX509Certificate method to retrieve the x509 cert used for Key.
(patch by Olav Morken).
- Add getValidatedNodes method to retrieve the elements signed by the
signature. (patch by Olav Morken).
- Add insertSignature method for precision signature insertion. Merge
functionality from appendSignature in the process. (Olav Morken, Rob).
- Finally add some tests
- Fix canonicalization for Document node when using PHP < 5.2.
- Add padding for RSA_SHA1. (patch by Olav Morken).
This library has undergone extensive testing prior to release so, please
let me know if anyone runs into any issues.
Tuesday, May 27. 2008
I had a good number of requests for write-ups of the material I presented in the Streaming XML session, so will try to put something together over the next couple of days. The session went over by just a bit so if I missed addressing any questions, please feel free to email me with them.
Working with Web Services
Who Am I?
Did you ever think you would have to worry about your data while visiting the grocery store? Less than 3 months ago, I was one of the victims of the Hannaford data breach where my credit card number was stolen and fraudulently used. This is kind of ironic. I talk about the digital identities and keeping your data safe. I never thought I would end up on the receiving end of this. Discover card has an excellent fraud department, imo, and immediately of detecting fraudulent use, contacted me. I was issued a new card and it was sent overnight. On Saturday, while in Chicago for php|tek, I received another message from Discover card about fraudulent use. It really sucks when this happens while traveling because the card gets shut-off. I was leaving on Sunday morning, so an overnight delivery wouldn't even reach me. Anyways, I got things settled and was able to check out of the hotel - even paying my bill .
Continue reading "Brick & Mortar No Safer Than Online"
Friday, March 28. 2008
Now that I've settled into my job at Mashery, I've starting getting a chance to get back to some of my side projects. On the information card and openinfocard front, I am currently looking at getting the selector to export and import cards so that I can synch up my cards amongst my different selectors. More importantly though, I will be in San Francisco for work in little over a week, allowing me to attend and participate in the OSIS User-Centric Identity Interop event at the RSA Conference. While I only play an insignificant role in the openinfocard project, I will be there as part of that project as well as representing my own information card code.
We even have our own logos . Axel did a great job coming up with a logo for openinfocard. As I was up at the PHP Quebec conference when they asked for logos, Julie was kind enough to quickly pull one together for me. With under 24 hours to get it done, no graphic utilitities installed on her new macbook and extremely bad internet bandwidth to even try to download any applications, I think she did a fantastic job.
Anyone interested in participating or seeing demonstration of the identity technologies should be sure to check it out on April 8th and 9th from 11am - 6pm. As I am out there primarily for work, I will most likely will be there later in the day. If you can't make it but are interested in getting involved, interoperability testing is currently underway.
Updated 04-03-2008: The openinfocard logo has been changed to the one now displayed
I can be reached via my i-name: =Rob.Richards