Bright Lines

I’m often working on some kind of self-improvement: changing my diet, exercising right, or adjusting my work-life balance. But changing my behavior is difficult and I had many failures before any successes. In 2012 I tried to reduce the amount of meat in my diet, from 1-2 times per…

X.509 Certificates in Kotlin

I learned most of what I know about TLS certificates through reading APIs, source code, and specs. My instincts from dealing with ASN.1, X.509, and TLS as a user is that it the APIs are complex, and I should stay away️ from the even more complex implementations. But…

Christmas Breaks

Deploying early & often is addictive. Frequent deploys make it easier to identify regressions, tighten feedback loops, and get fixes to customers sooner. So I’m happy that the Cash App team has tests & tools for frequent deploys. All this deploying has a catch: we don’t notice slow…

Synonyms are Bad

I’ve been working on TLS lately. The specs, the APIs, and even the docs make me feel dumb. Why is this so hard?! I struggle when it takes 2 hours to do something that should take 20 minutes. One thing that makes TLS difficult is the jargon and acronyms.…

Sandwiches & GC Pauses

Being a software developer has changed how I understand lunch. SandwichesOn Saturday I made myself a sandwich, and then my kids wanted one, and then my partner wanted one. For each: Get bread, toppings, knives, plates, cutting boardWash veggies, slice cheese, assemble sandwichDeliver sandwich!Return unused toppingsWash & return dishesMaking…

OkHttp + Restricted APIs

Certain TLS features like Server Name Indication (SNI) and Application-Layer Protocol Negotiation (ALPN) existed in Android before they had public APIs. The code was there; there just wasn’t a good way to use it. OkHttp hacks around such limitations with reflection. Our internal platform package integrates both Android and…

KitKat and TLSv1.2

TLSv1.2 came out in 2008 but Android didn’t get support for it until Android 5 in 2014. Previous releases including Android 4.4 KitKat support up to TLSv1.1 by default. KitKat’s old TLSv1.1 isn’t secure enough and so its retirement has been planned for…

Modeling States vs. Facts

Lots of object models primarily track application state. For example, OkHttp’s Http2Connection.kt has state for whether a ping’s reply is outstanding: private var awaitingPong = false This is set to true each time a ping is sent and then false again when its reply is received. I’ve…