I’ve been working on TLS lately. The specs, the APIs, and even the docs make me feel dumb. Why is this so hard?! I struggle when it takes 2 hours to do something that should take 20 minutes. One thing that makes TLS difficult is the jargon and acronyms.…
Being a software developer has changed how I understand lunch. SandwichesOn Saturday I made myself a sandwich, and then my kids wanted one, and then my partner wanted one. For each: Get bread, toppings, knives, plates, cutting boardWash veggies, slice cheese, assemble sandwichDeliver sandwich!Return unused toppingsWash & return dishesMaking…
Certain TLS features like Server Name Indication (SNI) and Application-Layer Protocol Negotiation (ALPN) existed in Android before they had public APIs. The code was there; there just wasn’t a good way to use it. OkHttp hacks around such limitations with reflection. Our internal platform package integrates both Android and…
TLSv1.2 came out in 2008 but Android didn’t get support for it until Android 5 in 2014. Previous releases including Android 4.4 KitKat support up to TLSv1.1 by default. KitKat’s old TLSv1.1 isn’t secure enough and so its retirement has been planned for…
Lots of object models primarily track application state. For example, OkHttp’s Http2Connection.kt has state for whether a ping’s reply is outstanding: private var awaitingPong = false This is set to true each time a ping is sent and then false again when its reply is received. I’ve…
I’m working on some code to sort software versions and it’s tricky. Maven Software that releases to Maven Central should follow Maven’s versioning scheme. This list is sorted by Maven’s scheme: 1.0.0-alpha 1.0.0-beta 1.0.0-rc1 1.0.0-RC2 1.0.0…
OkHttp uses synchronized as an allocation free mutex. Our concurrency model is tricky enough that we’ve documented the rules! And if we forget the rules, we also use runtime assertions to catch mistakes: @Override void flush() { // Make sure we don’t hold a lock while doing I/O! assert…
You can do dependency injection (DI) manually or with a library. Constructing your application’s dependency graph by hand is a cute exercise but not practical beyond toy examples. You’ll eventually find yourself extracting the repetitive manual DI code into your own bespoke library, one that’s likely to…