Über Christian Speckner

Christian Speckner arbeitet nach seinem früheren Leben als theoretischer Physiker seit vielen Jahren als Webentwickler bei der Mayflower GmbH in Würzburg. Dort entwickelt er in Front- und Backend, unterstützt bei DevOps und beschäftigt sich in seiner Freizeit mit Musik und allerlei abstrusen Themen rund um Software, Hardware und Retrocomputing.

Self-Signed Zertifikate unter iOS (und sonstwo)

Wie bekomme ich ein Self-Signed-Zertifikat auf ein iPhone, einen Androiden und am Besten auch noch auf ein Windows und ein MacOS? Und wie muss das verflixte Ding aussehen, dass es alle anstandslos fressen?

Eine Tragikomödie in vier Akten.

Weiterlesen

Of races and mutexes: synchronizing async operations in JavaScript

While JavaScript is a strictly single-threaded language, the asynchronous nature of its execution model can easily lead to situations in which two or more async operations run at the same time and compete with the program flow depending on which operation succeeds first. The result is a specimen of the dreaded species of race conditions.

Issues of this type can be arbitrarily hard to reproduce, debug and fix, and I guess that every seasoned JavaScript developer can relate one or two horror stories where they literally spent days before finally fixing such an issue for good.

Race conditions are a well-known problem from any language that supports for concurrency, and often a mutex is used as a tool to synchronize such operations. This article shows how to apply the concept of mutexes to JavaScript in order to avoid race conditions.

Weiterlesen

Ten tips for frictionless development with Apache Cordova

Cordova is a framework for developing cross-platform mobile apps using web technology. Develop your application using the technologies you know, deploy to all major platforms without the complications of native development, and tap into a rich ecosystem of plugins for adding native functionality to your app.

Sounds great, doesn’t it? Well, if you have used Cordova before, you may have found the harsh reality of Cordova development to be at least sometimes a bit more gloomy that this. As for us: we use Cordova for delivering a web application as a standalone mobile app for one of our customers. While we succeeded in creating a full-fledged mobile app that scored great reviews with our customer’s user base, the road that took us there was much more stony than we expected, and we often found ourselves hitting walls where we did expect smooth sailing instead. In this blogpost, I want to share ten tips to ease the pain and provide a smooth development experience with Apache Cordova.

Weiterlesen

Go-repro: a rewriting reverse proxy for testing multi-domain setups

Web applications that span multiple domains come with their very own set of challenges. As requesting resources that cross domain boundaries is a pattern common to many different attacks that threaten the security of websites, browsers restrict such requests to conform to with the same-origin policy: most resources (in particular if requested from Javascript via XHR) may only be requested from the domain that served the requesting web page.

However, as there are also completely legitimate reasons for such requests, various techniques exist for circumventing the same-origin policy, for example JsonP or the modern HTML5 CORS standard (Cross Origin Resource Sharing). While these techniques enable cross-domain web applications, the same-origin policy remains a source for subtle and hard-to-debug issues. Therefore, reproducing this setup in development and testing environments is vital to make sure that potential issues can be caught and fixed early before they hit production.

Weiterlesen

Running a secure docker registry

Some time ago, our team decided to deploy the application which we are developing for our customer as a docker container. As docker is a promising but still very young technology, this decision naturally put us on a quest for finding a reliable, secure and maintainable setup — many things are still in flux in the community, and the resulting lack of proven best practices leaves a lot of room for experiments (sometimes frustratingly so).

In this blogpost, I want to share one result of our experiences: how to set up and maintain a secure private docker registry.

Weiterlesen

Salt and Pepper — Running native code within the browser with Google Native Client

When the web started off in 1989 at CERN, it was just a collection of static HTML documents, the first browsers were little more than document viewers, and computing still happend largely on big servers connected to many thin-client workstations. Much has changed over the last 20 years. Computing has moved from a the server-terminal model to the personal computers we know, and as web browsers are rapidly transforming from document viewers into sandboxed Javascript runtime environments, something amazing is happening: computing is moving back to a client-server model, with servers located in the cloud serving web applications running in the browser sandbox.

With browsers transforming into target platforms for general application development, there comes a desire for software running at near-native speed, something which a highly dynamic language like Javascript still has a hard time to deliver (even though Javascript runtimes have improved speed tremendously over the last years). It is not surprising that Google has come up with their own answer to this problem: Google native client (NaCl) allows native C/C++ code to be compiled to run directly in the browser and has been part of Chrome since version 14 (November 2011). In this blog post, I’ll take a closer look at this technology and explore how it works. Weiterlesen