ryukware

In the last article of mine about SSL-related programming, the API to handle SSL transaction for the DICE was the SSPI (Security Support Provider Interface) that is one of the standard API sets provided by Microsoft Windows. Though I outlined why I chose SSPI over OpenSSL in the article, recently I replaced SSPI with OpenSSL in the latest version of the DICE that was released with HTTPS implemented. The rationale behind the switch of the SSL engine was not so straightforward.

For me, the main concern about OpenSSL had been its putative close relationship with the BSD socket architecture that is not compatible with asynchronous sockets and I/O completion ports. Another concern was about OpenSSL’s vulnerabilities against security breaches. OpenSSL has been an active target by crackers and one of the most scrutinized library. Not that Microsoft’s implementation is any better, but as far as I know OpenSSL gets many security advisories about it through its update history.
続きを読む

Microsoft Windows 2000 and later have a very useful system function to make an asynchronous function call: QueueUserWorkItem. With this function and its thread pool that is aware of what Windows is actually doing at a given time, Windows takes care of all asynchronous function call complicatedness for you in the simplest form. This high-level function is a god-send for lazy programmers who would concentrate on what an application can do in a reasonable performance range rather than bothering about how it does things with the smallest performance hit.

But people can never be lazy enough, setting it up with context information each time will soon become a boring task especially when you want to asynchronously call a member function of a C++ object. But it’s not possible to make it completelly dynamic, either. You have to manually write a wrapper function, since QueueUserWorkItem is a mere C function that knows jack about C++. This article introduces a minimalistic toolkit AsyncDelegate.h that lends itself to solving this issue by using C++ templates.
続きを読む

For the first half of this article the main topic is multithreading in the 2 scripting languages, Perl and Ruby. By writing a multithreaded download manager application in Perl and then porting it to Ruby, it’ll show you how to write a multithread application in the both languages and show you how different they are in this area. This section should be fairly easy and doesn’t require much knowledge about these scripting languages, but it’s expected that you have basic grasp of multithread programming.

The second half is for a bit more advanced programming topic; it’s about how to write a C++ application with an embedded Perl or Ruby interpreter. Just embedding them is not rocket science, but using them in an effective manner is not a very easy task right now because of the implementations of these languages. If you are familiar with .NET you might know it’s embedded-friendly with AppDomain and COM interfaces, on the other hand you have only raw C interfaces for these scripting languages, let alone scarce documents. As for Perl embedding, the sample code is based on the one I actually implemented in the web server of the DICE. Since it’s realized by the mixture of C++ code and Perl hack, it requires some knowledge of C/C++, advanced Perl programming, and Perl internals. But don’t worry, I’ll annotate most lines in the code to make it useful for as many people as possible because it’s the very purpose of this article! Last but not least, the platform for those experiments is Microsoft Windows XP and Visual C++ 7.1, but due to the platform-neutral nature of these scripting languages most things should be applicable to any platforms.
続きを読む

When you have to write a secure network application, cryptography is one of topics you can’t escape from. In most cases there are high-level packages such as SSL available, but it’s not always like that and you may have to go lower-level. Besides, even if you don’t program a custom security solution by yourself, it’s not a bad idea to know how these secure protocols actually work as it helps you to choose a right solution for your problem. This article provides a basic idea of secure communication by illustrating C++ and C# code examples. Also this article will be useful for those who want to write a custom secure protocol between a C++ application and a C# application. (Disclaimer: but don’t use the example explained here as is in your mission-critical application! This article is only for the education purpose. Realworld secure communication libraries implement countermeasures for many kinds of known cryptographic attacks and this sample doesn’t.)
続きを読む

When I started the development of the DICE, a multi-protocol network server, in late 2001, one of the planned features was secure authenticated connection across the web for server administrators. I implemented it with SSPI (Security Support Provider Interface Architecture) found in Microsoft Platform SDK. SSPI is an abstraction framework through which you can control 3 (or more) different secure authentication/communication protocols including SSL (Secure Sockets Layer).

Among the protocols supported in SSPI, I chose SSL because others (NTLM and Kerberos) were useless in my context over the internet without involved in ActiveDirectory and related mess. But SSL in SSPI has some caveats before use – Since SSL is an inefficient streamed protocol unlike others and the abstraction done in SSPI is not in high-level, your code starts to look nasty if you attempt to make it conform to the streaming nature of the protocol, especially when your application is constructed around asynchronous sockets. Besides, you need a server certificate prior to negotiation.
続きを読む

About 2 years ago, I opened an IRC channel on a small IRC network. I’d been hanging out in EFnet, Undernet, or DALnet, but the accessibility to those large networks from Japan was not decent and it’s somewhat true even today. In some networks you are just kicked because you are from the .jp domain. As a consequence I chose a small but reliable place among many networks. It had nickserv and chanserv. One of the largest networks known in Japan, IRCnet, lacks those services.
続きを読む