Devis's blog

NIST hash function competition started in 2007 with "Announcing Request for Candidate Algorithm Nominations for a New Cryptographic Hash Algorithm (SHA–3) Family":

a quest for a new hashing algorithm, less prone to collisions (with respects to MD4/MD5 and SHA-0/SHA-1), even though SHA-2 still resists to this kind of attack.

64 entries received by October 31st 2008, 51 went through to the first round and 14 to the second round in 2009.

Five finalists BLAKE, Grøstl, JH, Keccak, and Skein advanced to the third and final round and the final package was submitted last year in January (2011).

Now, a final SHA-3 Candidate Conference is scheduled for 22-23 March 2012 and will be hel at the Washington Marriott Hotel in Washington DC, where the algorithms will be discussed and public invited to provide further fedback before a winner is selected this year.

Inversion of control is the answer to more maintainable, testable, modular code, a common pattern in OOP adopted by frameworks and enterprise projects.  The main idea is to separate configuration (class names and initialisation parameters) from implementation (class instantiations and static calls), avoiding hard coded class names and parameters, so that they can be replaced by third parties and during tests.

There are at least three common ways of injecting dependencies (see here for a detailed description).

Constructor Injection: injection through constructor parameters

For every object, all the dependencies are passed as constructor arguments.  Constructor injection is fairly straightforward and works quite well on small projects, but as a project and the number of dependecies grow, so do constructors' signatures length.  Complex constructors are eventually refactored to receive an array of dependecies or moving them up in the hierarchy, in some base class, which evolves into a registry of dependencies (among other responsibilities).

Setter Injection: public setters for every dependency

Every dependency is set using a public method inside a class. For instance three classes depending on a Mailer would have each a `setMailer($object)` method.  Fairly simple to implement but leads to duplication and maintainability issues, every time an object is created all the setters must be called.

Service locator: holder/registry of components/services

All the dependencies are provided by a builder, which serves as a registry of dependencies and/or service definitions. The service locator knows how to instantiate each dependency.   Such service exposes methods like `getMailer()`, `getLogger()` etc.  A service locator centralises the configuration detailing classes and parameters involved on objects instantiations.

Select is a static Service Locator implementation with PHP method overloading.  It allows to replace classes and can be used to hold components/services, identified by unique names and automatically exposed with getter methods.

Select is designed to be subclassed with a custom class name, as opposed to the common injection through constructors.  To replace Select you subclass the main class.  For instance: during tests you can either use a different set of definitions (suggested) or use a mocked Service Locator class implementing the same interface iSelect.

This is a quick reference on how to start using Cucumber with PHP, thanks to Cuke4Php.

Cucumber is a Behavioural Driven Development framework written in Ruby.  Using a wire it allows to write BDD steps in PHP to test PHP applications.  Cuke4php is in fact a wire protocol implementation of Cucumber written in PHP.  If you are interested on BDD you might want to have a look at Behat too, which is written entirely in PHP.

As an exercise this guide should guide through the installation of Ruby, Cucumber, Cuke4php, and PHPUnit to implement the classic Calculator's Addition feature example. Please consider this just a demo.  The system used is a Debian 6 Squeeze.  Zend Framework is used only to simulate a real world project scenario.

Here we go! [N.B. working as root]

Drizzle, a lightweight fork of Oracle's MySQL database for cloud computing, has been released by open sourcers. Version 2011.03.13 has been released as general availability version. It comes nearly three years after the project was announced by Brian Aker, one of MySQL's key architects.

Drizzle aims to be different from MySQL, stripping out "unnecessary" features loved by enterprise and OEMs in the name of greater speed and simplicity and for reduced management overhead.

Drizzle has no stored procedures, triggers, or views and, in a blow to a large chunk of the computing and IT establishment, it doesn't run on Microsoft's Windows. Also, there's no embedded server.

Drizzle has been optimized for "massively concurrent" environments and is designed for "modern" POSIX systems, and there aren't any installation scripts.

The GA includes log-based replication, the HailDB relational database engine instead of the Oracle-owned InnoDB, and "easy migration" from MySQL using the Drizzledump.

Constrained Application Protocol (CoAP), is a specialized RESTful (Representational State Transfer) protocol for use with constrained networks and nodes for machine-to-machine applications such as smart energy and building automation.

These constrained nodes often have 8-bit microcontrollers with small amounts of ROM and RAM, while networks such as 6LoWPAN often have high packet error rates and a typical throughput of 10s of kbit/s.

CoAP provides the REST Method/Response interaction model between application end-points, supports built-in resource discovery, and includes key web concepts such as URIs and content-types.

CoAP easily translates to HTTP for integration with the web while meeting specialized requirements such as multicast support, very low overhead and simplicity for constrained environments.

The goal of CoAP is not to blindly compress HTTP, but rather to realize a subset of REST common with HTTP but optimized for M2M applications. Although CoRE could be used for compressing simple HTTP interfaces, it more importantly also offers features for M2M such as built-in discovery, multicast support and asynchronous transactions.

Unlike HTTP, CoAP deals with these REST interchanges asynchronously over a UDP transport with support for both unicast and multicast interactions. This is achieved using transaction messages (CON=Confirmable, NON=Non-Confirmable, ACK=Acknowledgment, RST=Reset) supporting optional reliability (with exponential back-off) and transaction IDs between end-points to carry REST requests and responses. These transactions are transparent to the REST interchanges. The only difference being that responses may arrive asynchronously.

The goal of binding CoAP to UDP is to provide the bare minimum features for the protocol to operate over UDP, without trying to re-create the full feature set of a transport like TCP.

See http://tools.ietf.org/html/draft-ietf-core-coap-01 for the current Internet-Draft and a complete description.

After 24 months of constant development, the Debian Project is proud to present its new stable version 6.0 (code name "Squeeze"). Debian 6.0 is a free operating system, coming for the first time in two flavours. Alongside Debian GNU/Linux, Debian GNU/kFreeBSD is introduced with this version as a "technology preview".

Debian 6.0 includes the KDE Plasma Desktop and Applications, the GNOME, Xfce, and LXDE desktop environments as well as all kinds of server applications.  It also features compatibility with the FHS v2.3 and software developed for version 3.2 of the LSB.

Debian 6.0 "Squeeze" introduces technical previews of two new ports to the kernel of the FreeBSD project using the known Debian/GNU userland: Debian GNU/kFreeBSD for the 32-bit PC (kfreebsd-i386) and the 64-bit PC (kfreebsd-amd64). These ports are the first ones ever to be included in a Debian release which are not based on the Linux kernel.  The support of common server software is strong and combines the existing features of Linux-based Debian versions with the unique features known from the BSD world.

Another first is the completely free Linux kernel, which no longer contains problematic firmware files.  These were split out into separate packages and moved out of the Debian main archive into the non-free area of our archive, which is not enabled by default.  In this way Debian users have the possibility of running a completely free operating system, but may still choose to use non-free firmware files if necessary.

Furthermore, Debian 6.0 introduces a dependency based boot system, making system start-up faster and more robust due to parallel execution of boot scripts and correct dependency tracking between them. Various other changes make Debian more suitable for small form factor notebooks, like the introduction of the KDE Plasma Netbook shell.

Debian 6.0 includes over 10,000 new packages like the browser Chromium, the monitoring solution Icinga, the package management frontend Software Center, the network manager wicd, the Linux container tools lxc and the cluster framework Corosync.

The installation process for Debian GNU/Linux 6.0 has been improved in various ways, including easier selection of language and keyboard settings, and partitioning of logical volumes, RAID and encrypted systems. Support has also been added for the ext4 and Btrfs filesystems and - on the kFreeBSD architecture - the Zettabyte filesystem (ZFS).

As always, Debian GNU/Linux systems may be upgraded painlessly, in place, without any forced downtime, but it is strongly recommended to read the release notes as well as the installation guide for possible issues, and for detailed instructions on installing and upgrading.