Software Engineering

Verifying and Getting the contents of a P7S signed SMIME file

P7S Signatures are fairly common but it is really hard to find the OpenSSL one liner that just gets you the content. So rather than doing something evil with dd (the signature is 171 bytes and the header 3 bytes) lets do it properly with OpenSSL. Read More...

Testing time

One of the fun things about daylight savings time is the need to test your code around the times it changes.

"Time is an illusion, lunchtime doubly so"

Douglas Adams

Firstly let us be clear time does not go backwards or jump forwards in daylight savings … time itself just ticks on like it usually does … the only thing that changes is that the representation of time on the clock changes.

Unfortunately many of the libraries we use do not make it absolutely clear about how they relate to system time and representational time. After all if you live in most places in the world there are only a couple of hours that are affected…

Perhaps we need a way to test this and other changes like leap years … and if it were convenient then we might actually do this regularly


I don't know: 2 ways

"I don't know"

This tiny statement has 2 dichotomous meanings and effects. In its:
  • empowering mode - its an invitation to find out, to learn, to grow - opening future possibilities
  • paralytic mode - it is an invitation to not proceed, to block - closing or limiting possibilities
Which of these are meant by the person saying it and perceived by the person hearing it have massive implications for how the conversation will go. Read More...

Expect the Uexpected

There are certain classes in science and mathematics that computer science and software engineering people don't think they will need in a real job. These include:
  • finite arithmetic,
  • the limits of measurement; and,
  • quantum physics.
Unfortunately if you work with real numbers, measure anything or interact with time your simple straight forward problem turns into a twisty mess of complex cases as you do your best with what information you have.

We frequently drop complexity out by making useful models of the world. This simplification allows us to make a solution. But the next step is add back in the relevant bits where the real world upsets our model.

Be on the look out for places where those difficult cases might turn up and not let them arrive unexpected.

Safari Bypass Certificate Issue

Safari Certificate Issues

A work Around

Much as I like Safari (it really does make web pages look nicer) it's certificate handling is less than optimal. It is quite easy to get stuck in a loop with Safari complaining about the certificate letting you add it and then complaining about the certificate.

This is sometimes caused by automatically generated certificates having expired - but you don't get told this.


DIY CA to allow NRPE-NG to communicate without errors

Whilst playing with NRPE-NG we found that it complains if it does not have SSL Certificates signed by a Certificate Authority.

This article shows how to build a tiny CA specifically targeted at managing certificates in a testing network. Read More...

Not every hour of the day is equal

There are many types of tasks we perform during the work day ranging from mundane semi-automatic tasks through to the highly creative. The hours of a work day have characteristics including the rate of interruption and the mental capacity of the individual at a particular time. Attempting some tasks in a poorly suited hour may not progress the task at all and create waste. Read More...

How to not get the software you want

There is a famous set of drawings that ends with a picture of tire hanging from a tree and the words underneath "What the customer really wanted". It is called the tree swing meme / story. It crops up in many places in project management and software engineering.

Many meanings are taken from this simple diagram including:
  • the problem of Chinese Whispers
  • poor specification
  • the lack of shared understanding

However, above all these individual issues there is one overall truth:

Projects involving groups of people are hard to complete on time and on budget

Knowing this why do we insist on sabotaging projects through poor communication?


Why security by obscurity is a double own goal

We all “know” that security by obscurity is a “bad thing” but why is it? And why is it a double own goal for a security company? Read More...

How do you take your tablets?

It is nice to see that there is some usability data to back up my own usage preferences. In iPad users prefer landscape mode, late-night browsing they claim that there is a preference for using the iPad in landscape mode and late at night. Read More...

Bullets are made from lead

After several years in the commercial world I returned to the ivory tower to help mentor students in software engineering at RMIT. These students were bright, intelligent and enthusiastic. Also, they were leading the way in a novel approach to teaching the art. One major thing stood out from their work - Agile was the future and waterfall was the past (and an almost dirty concept). They tried so hard to be fair to the waterfall model and tried to understand that it had some use, but I was left with the feeling that they really pitied anyone who used it at all, presumed that it would only be considered under duress and really felt that it had no place anywhere.

Let me be clear here this is not a rant against Agile nor a defence of waterfall, my issue is that as a profession we are selling a story of this replaces that because only new is best rather than a story of use this or that depending on what works best. The former is an easy story to sell, but the later is far more powerful in the long run.

Fredrick Brooks claims that there is still no silver bullet. I hope to shift our mindset from looking for one silver bullet that solves all our software problems to a less exciting but more practical position of we have many tools some better suited to some tasks than others and we need to enable our engineers to choose from a menu. If all our bullets are made from lead (Lead is a base metal - a cheap utilitarian material - that gets the job done) then we can select better for the task at hand. Read More...