Skip to main content

Posts

Showing posts from March, 2016

Encrypting and Decrypting with Spring

I was recently working with protecting some sensitive data in a typical Java application with a database underneath. We convert the data on its way out of the application using Spring Security Crypto Utilities . It "was decided" that we'd be doing AES with a key-length of 256 , and this just happens to be the kind of encryption Spring crypto does out of the box. Sweet! The big aber is that whatever JRE is running the application has to be patched with Oracle's JCE  in order to do 256 bits. It's a fascinating story , the short version being that U.S. companies are restricted from exporting various encryption algorithms to certain countries, and some countries are restricted from importing them. Once I had patched my JRE with the JCE, I found it fascinating how straight forward it was to encrypt and decrypt using the Spring Encryptors. So just for fun at the weekend, I threw together a little desktop app that will encrypt and decrypt stuff for the given password

Replacing Boxen with Vanilla Puppet (for setting up a new mac)

I recently got a new MacBook at work and decided to overhaul my personal setup routine. Last time I tried an early version of Boxen , and although I was pretty happy with it there were a few things that bothered me. It is very opinionated, and I had a hard time stopping it from overwriting my .gitconfig and things like that. It also dragged in a series of dependencies I didn't feel the need for, and made Homebrew a bit weird by installing it in the non-standard location /opt/boxen/homebrew . Since Boxen is based on Puppet, and I've used plenty of Puppet on Linux, I wanted to simplify things a bit and see how far standard Puppet on OS X would get me. Warning! Make sure you don't install puppet using brew! It'll install an old version which is not trivial to uninstall. It's fairly straight forward to install Puppet on a Mac , but since there is no standard package manager, like there's yum or apt on Linux, you have to set it up with a provider, in our cas