Thursday, 12 July 2007

Erlang, Amazon Web Services and SSL

I hacked together a test that authenticates to S3 and retrieves the bucket listing. That worked with or without ssl, but couldn't verify the peer when using ssl, so I needed to figure out how to use a CA root certificate with Erlang. I'm certain there are far better ways to do it, but this is what I came up with.

I used my browser to check which root certificate AWS uses (Verisign/RSA Secure Server CA), and picked the certificate from http://curl.haxx.se/ca/cacert.pem. That's a modified version of the ca root certificate bundle that comes with Mozilla based browsers. It contains the certificates in pem-form that Erlang understands. The pem portions in the file look like this.
-----BEGIN CERTIFICATE-----
MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvc
A1UEBhM......
..............CYCPgmc4RKz
1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
-----END CERTIFICATE-----
The correct certificate needs to be copy-pasted to it's own file. I named my copy verisign.pem. An alternative way to obtain the certificate is described here.

A root certificate is useless unless you can be certain that it hasn't been tampered. I ran
openssl x509 -noout -text \
-in verisign.pem -inform pem
and checked that the output matched with my browser's information on that certificate. That's probably nowhere near paranoid enough.

Using the certificate with ibrowse is easy. The last parameter of ibrowse:send_req/5 accepts necessary ssl options. A query using ssl with peer verification looks something like this
ibrowse:send_req(
"https://somehost/path",
[], get, [],
[{is_ssl,true},
{ssl_options,
[{verify,2},
{cacertfile, "verisign.pem"}]}]).
Here, {verify, 2} sets peer verification on and cacertfile provides the path to the root certificate. See the ssl-module documentation to learn more about the options.

I'm interested in learning if the Erlang's strength in distributed programming, fault tolerance and management would be a good fit with Amazon EC2. What do you think?

Sunday, 8 July 2007

Adobe Flex, First Impressions

During the last couple of weeks, I've been working with Flex to see if it would be a better fit for the app I'm working on than AJAX.

It is.

Here's what I like about Flash/Flex:
  • Good support for OOP (OOP is a natural fit for UI development)
  • ActionScript is also a functional language (like Javascript)
  • Binding (a mechanism for stringing UI controls to data structures with minimal effort)
  • The platform is robust, compared to browsers
I don't like the sluggish compilation step during debugging.


It looks like Flash/Flex is pretty well positioned and moving forward in many fronts:
  • Open Sourcing parts of the platform and development tools attracts developers
  • Flash support is getting better on mobile devices (Nokia, Apple)
  • Flex is gaining foothold as an alternative UI for business applications (SAP)
I think Flex is well worth learning.