background preloader

The First Few Milliseconds of an HTTPS Connection

The First Few Milliseconds of an HTTPS Connection
Convinced from spending hours reading rave reviews, Bob eagerly clicked “Proceed to Checkout” for his gallon of Tuscan Whole Milk and… Whoa! What just happened? In the 220 milliseconds that flew by, a lot of interesting stuff happened to make Firefox change the address bar color and put a lock in the lower right corner. With the help of Wireshark, my favorite network tool, and a slightly modified debug build of Firefox, we can see exactly what’s going on. By agreement of RFC 2818, Firefox knew that “https” meant it should connect to port 443 at Most people associate HTTPS with SSL (Secure Sockets Layer) which was created by Netscape in the mid 90’s. Client Hello TLS wraps all traffic in “records” of different types. The next two bytes are 0x0301 which indicate that this is a version 3.1 record which shows that TLS 1.0 is essentially SSL 3.1. The handshake record is broken out into several messages. Server Hello Checking out the Certificate Why should we trust this certificate? Related:  fundamentals

How Non-Member Functions Improve Encapsulation I'll start with the punchline: If you're writing a function that can be implemented as either a member or as a non-friend non-member, you should prefer to implement it as a non-member function. That decision increases class encapsulation. When you think encapsulation, you should think non-member functions. Surprised? Read on. Background When I wrote the first edition of Effective C++ in 1991, I examined the problem of determining where to declare a function that was related to a class. This algorithm served me well through the years, and when I revised Effective C++ for its second edition in 1997, I made no changes to this part of the book. In 1998, however, I gave a presentation at Actel, where Arun Kundu observed that my algorithm dictated that functions should be member functions even when they could be implemented as non-members that used only C's public interface. They are mistaken. Encapsulation Encapsulation is a means, not an end. Degrees of Encapsulation It's easily done.

Numbers Everyone Should Know Google AppEngine Numbers This group of numbers is from Brett Slatkin in Building Scalable Web Apps with Google App Engine. Writes are expensive! Datastore is transactional: writes require disk accessDisk access means disk seeksRule of thumb: 10ms for a disk seekSimple math: 1s / 10ms = 100 seeks/sec maximumDepends on:* The size and shape of your data* Doing work in batches (batch puts and gets)Reads are cheap! Paging Through Comments How can comments be stored such that they can be paged through in roughly the order they were entered? Under a high write load situation this is a surprisingly hard question to answer. A sharded counter won't work in this situation either because summing the shared counters isn't transactional. Searches in BigTable return data in alphabetical order. A lot of paging algorithms use counts. In the grand old tradition of making unique keys we just keep appending stuff until it becomes unique. Ordering by date is obvious. Related Articles

html - RegEx match open tags except XHTML self-contained tags You aren't gonna need it "You aren't gonna need it"[1][2] (acronym: YAGNI)[3] is a principle of extreme programming (XP) that states a programmer should not add functionality until deemed necessary.[4] Ron Jeffries writes, "Always implement things when you actually need them, never when you just foresee that you need them."[5] The phrase also appears altered as, "You aren't going to need it"[6][7] or sometimes phrased as, "You ain't gonna need it". YAGNI is a principle behind the XP practice of "do the simplest thing that could possibly work" (DTSTTCPW).[2][3] It is meant to be used in combination with several other practices, such as continuous refactoring, continuous automated unit testing and continuous integration. YAGNI is not universally accepted as a valid principle, even in combination with the supporting practices. Rationale[edit] See also[edit] References[edit] Jump up ^ Extreme Programming Installed, Ronald E.

Always Multiply Your Estimates by π Project estimation is a black art, nowhere more so than in game development. I once heard of a mysterious cabal of numerologists that multiplied their time estimates by π. The practice allegedly gave them sufficient buffer for new requirements, testing, iteration, and other arcane changes in scope. This struck me as curious and arbitrary, but I was intrigued. I am now delighted to report that I have been able to put their Circular Estimation Conjecture on a firm mathematical footing. Allow me to explain. Someone — a designer, your lead, the exec producer, a friend, your mom — asks you to do something. But things change. And of course it didn’t all go smoothly. So how long did your journey take compared to your original plan? Now some may question my mathematical rigour, and even dispute what I believe to be the incontrovertible conclusion. Oh, and that to-do list you made last weekend?

web application - when to escape user input EDIT: Luc has pointed out in the concept that I'm unduly slanted towards high-performance solutions. If, in your situation, performance isn't a concern, then it's perfectly acceptable (and preferable, in fact) to store the original data alone and transform it on output. This gives you flexibility to use the data however you need you without maintaining versions. Original answer below ------------------------------------------------------ To some degree, it depends. The two common solutions are: 1) Escape the data before storing it. 2) Store two copies of the data, one escaped, and one raw. In virtually any system the ratio of reads to writes is going to be heavily, heavily canted towards reads. The benefit of storing both formats is that the original author can modify the content as intended, you can re-process it if you like, you can review the original data...It gives you some additional flexibility at the expense of a little additional complexity.

Daily Builds Are Your Friend by Joel Spolsky Saturday, January 27, 2001 In 1982, my family took delivery of the very first IBM-PC in Israel. We actually went down to the warehouse and waited while our PC was delivered from the port. Somehow, I convinced my dad to get the fully-decked out version, with two floppy disks, 128 K memory, and both a dot-matrix printer (for fast drafts) and a Brother Letter-Quality Daisy Wheel printer, which sounds exactly like a machine gun when it is operating, only louder. I think we got almost every accessory available: PC-DOS 1.0, the $75 technical reference manual with a complete source code listing of the BIOS, Macro Assembler, and the stunning IBM Monochrome display with a full 80 columns and ... lower case letters! Now, "everybody" knew that BASIC was a children's language that requires you to write spaghetti code and turns your brain into Camembert cheese. Hmm. Suddenly, I became much more productive. That's when I learned about the concept of the REP loop. Here's how to do them.

The Absolute Minimum Every Software Developer Absolutely, Positively Must Know About Unicode and Character Sets (No Excuses!) by Joel Spolsky Wednesday, October 08, 2003 Ever wonder about that mysterious Content-Type tag? Did you ever get an email from your friends in Bulgaria with the subject line "???? I've been dismayed to discover just how many software developers aren't really completely up to speed on the mysterious world of character sets, encodings, Unicode, all that stuff. But it won't. So I have an announcement to make: if you are a programmer working in 2003 and you don't know the basics of characters, character sets, encodings, and Unicode, and I catch you, I'm going to punish you by making you peel onions for 6 months in a submarine. And one more thing: In this article I'll fill you in on exactly what every working programmer should know. Before I get started, I should warn you that if you are one of those rare people who knows about internationalization, you are going to find my entire discussion a little bit oversimplified. A Historical Perspective Unicode OK, so say we have a string: Hello Encodings

Design Smell: Temporal Coupling This post is the first in a series about Poka-yoke Design - also known as encapsulation. A common problem in API design is temporal coupling, which occurs when there's an implicit relationship between two, or more, members of a class requiring clients to invoke one member before the other. This tightly couples the members in the temporal dimension. The archetypical example is the use of an Initialize method, although copious other examples can be found - even in the BCL. As an example, this usage of EndpointAddressBuilder compiles, but fails at run-time: var b = new EndpointAddressBuilder(); var e = b.ToEndpointAddress(); It turns out that at least an URI is required before an EndpointAddress can be created. b.Uri = new UriBuilder().Uri; The API provides no hint that this is necessary, but there's a temporal coupling between the Uri property and the ToEndpointAddress method. Smell Example This example describes a more abstract code smell, exhibited by the Smell class. public class Smell

Feedback mechanisms and tradeoffs Rapid feedback is one of the cornerstones of agile development. The faster we can get feedback, the less it costs to correct errors. Unit testing is one of the ways to get feedback, but not the only one. Each way we can get feedback comes with its own advantages and disadvantages. In my experience there's a tradeoff between the cost of setting up a feedback mechanism and the level of confidence we can get from it. This is quite intuitive to most people, but I've rarely seen it explicitly described. Compilation In compiled languages, compilation provides the first level of feedback. The level of confidence may not be very high - we tend to laugh at statements like ‘if it compiles, it works'. Code can be designed to take advantage of this verification step. It's also interesting to note that anecdotal evidence seems to suggest that unit testing is more prevalent for interpreted languages. Static code analysis Unit testing Integration testing Subcutaneous testing System testing

From Switch Statement Down to Machine Code - Ranting @ 741 MHz Introduction Most of us know what a switch statement is and have probably been using it very often. No wonder why — switch statement is simple yet extremely expressive. Compilers implement switch as a jump table and it is faster than an average number of conditional branches that the code would have taken otherwise. It all sounds good in theory. We’ll use the two most popular production quality compilers — GCC (version 4.7.2, released 20 Sep 2012) and Clang (version 3.0, released December 01, 2011). In both cases, we will be compiling the code for Intel® Xeon® E5630 CPU with enabled compiler optimizations (either «-O2», «-O3» or «-Os»). The knowledge of x86_64 assembly language is not required but some understanding of what it is and how CPU process low-level instructions might be helpful. Simple Switch Let’s start by looking at a very simple switch statement. It would be logical to assume that the above code would be translated into a jump table. Crafting a Jump Table Trivial Switch Summary Rob Pike's 5 Rules of Programming Rule 1. You can't tell where a program is going to spend its time. Bottlenecks occur in surprising places, so don't try to second guess and put in a speed hack until you've proven that's where the bottleneck is. Pike's rules 1 and 2 restate Tony Hoare's famous maxim "Premature optimization is the root of all evil." AntiPattern bad things · writing tags: Andrew Koenig first coined the term "antipattern" in an article in JOOP[1], which is sadly not available on the internet. The essential idea (as I remember it [2]) was that an antipattern was something that seems like a good idea when you begin, but leads you into trouble. In the paper Koenig said An antipattern is just like a pattern, except that instead of a solution it gives something that looks superficially like a solution but isn't one. -- Andrew Koenig This is what makes a good antipattern something separate to just a bad thing to point and laugh at. When writing a description of an antipattern it's valuable to describe how to get out of trouble if you've taken the bad path. It's useful to remember that the same solution can be a good pattern in some contexts and an antipattern in others.

Big-O Algorithm Complexity Cheat Sheet