Mar 07
In my car, I spend quite some time listening to podcasts. On the topic of security, the podcasts Security Now and the Dutch podcast “De beveiligingsupdate” are my favourites.
Driven by the suggestions in these podcasts, I have taken a few extra measures to secure my laptop:
- Replace the every leaky Adobe Acrobat PDF Reader with the Foxit reader.
- Set the Security level in Microsoft Internet Explorer to High for every zone. Even when using another browser, IE is used in MS-Office applications.
- Installed the NoScript plug-in in Firefox. NoScript allows to selectively allow the exe
cution of Javascript. Only for a few sites I have allowed Java script permanently. For most sites, I only allow Javascript temporarily. It offers some extra defense against cross-site scripting attacks (XSS).
Disabling Javascript also helps with privacy: it reduces the amount of information exposed for browser fingerprinting. More Firefox add-ons for safer surfing are available here. Next one I’ll try is Better Privacy to automatically remove Flash cookies.
Feb 28
As mentioned in the blog post of Gartner analyst Benoit Lheureux, the market of B2B products keeps moving, e.g. the acquisition of Foresight by Tibco.
Interesting blog post as well on the SAP Developer Network: SAP will increase its stake in Crossgate and SAP sales people will (re-)sell the Crossgate B2B service offering.
Note: I always confuse Crossgate and Northgate. NorthgateArinso is a SAP oriented provider of HR IT services and acquired the Belgian company Arinso.
Feb 23
Elie Crets
22-mrt-1934 / 19-jan-2010
Jan 02
Recently got questions on testing with certificates. Use self-signed certificates or CA signed certs? And how to easily obtain CA signed certs? It was quite a while ago that I had been playing with certs myself. So time to refresh my mind, do some searching + experimenting, and write a blog entry about it.
CA signed
certificates (SSL server and client) are recommended as only the CA cert needs to be imported as a trusted certificate (e.g. in cacerts). First option is to use a free CA like CAcert.
Second option is to setup your own (test) CA. The most obvious option is to use openssl. The command line tool of openssl allows to first create a CA keypair + CA self-signed cert and next sign certificate requests (CSR), thereby creating CA signed certificates.
Alternative tools for a do-it-yourself CA with GUI are:
Played around a bit with this SimpleAuthority, and it looks quite OK. One can import certficate signing requests and export signed cert. A very limited version is free, but to manage an unlimited number of certificates, the cost is $50
(personal) to $240 (commercial). The ease-of-use and consistency of the GUI could be improved, but it does do the job.
Notes:
- To generate and manage keystores, thé recommended tools is Portecle.
- Alternative is Keytool IUI: it has extra features such as signing of files, but less user friendly than Portecle.
- All sorts of links about PKI
Jan 01
The end of the year gives some time to relax, watch television and to read the many blog posts that have piled up in my reader. A lot of cloud stuff obviously, predictions for next year. James Urquhart mentions 7 businesses to watch out for, and on nr 2 is “Enterprise Integration as a Service”. Couldn’t agree more.
Urquhart refers to Boomi as an example of Integration through the cloud. I remember Boomi as a smaller B2B software vendor from around the period the AS2 protocol took off. Boomi’s cloud offering and pricing remain a bit blurry to me. Should play around with the 30-day trial some day. But not today, Dec. 31st 
What I don’t understand is that John M Willis picks RabbitMQ as the “Best Cloud Orchestration Tools in the Cloud”. RabbitMQ is a messaging solution based on the AMQP standard protocol. Maybe I’m overlooking something, but I don’t see any AMQP whatsoever in the B2B integration space.
