In my prior post, I introduced several abstractions — Cryptographic Service Providers, cryptographic contexts and key containers — that are part of Windows CryptoAPI and promised to look at cryptographic keys next.
Well, I changed my mind, figuring it might be better to first talk about simpler operations that do not require the use of keys at all. This post thus describes the generation of hashes, message digests and message integrity codes using Windows CryptoAPI and TWAPI.
This is the second in a series of posts on the use of cryptography on Windows. The previous blog post introduced the basic concepts related to cryptography. Here we delve into how those concepts are implemented in Windows at a system or architectural level and of course, how one accesses them from Tcl. This will lay the ground for discussing the actual cryptographic operations in future posts.
Security is currently the No. 1 priority for the software industry; and if that's not the case, it should be, given the current state of affairs with daily reports of major computer break-ins, credit card fraud, identity theft etc. It is important for applications, and application writers, to be aware of these issues and make use of all available technologies to protect against attacks.
In a series of prior posts, I had introduced the promise abstraction along with the promise Tcl package and how it can greatly simplify certain forms of asynchronous computation. As mentioned there, the Tcl package is roughly based on the promise framework implemented in ES6 (ECMAScript, aka Javascript). ES7 introduced the async and await functions which further simplify asynchronous programming with promises in certain scenarios. Accordingly, the Tcl promise package has been updated to include the equivalent commands. This post introduces their use.
Many programming tasks are very simply expressed and implemented through recursive algorithms, traversing a tree data structure being just one example. The primary reason recursion simplifies implementation is that the state of the computation is implicitly maintained, freeing the programmer from the burden of explicitly tracking the computational state of the program. For example, in a recursive tree walking implementation, the "current location" in the tree is implicitly tracked.
However, there are situations where a recursive model does not fit the needs of an application. For example, the application may want to traverse a tree in iterative fashion, retrieving one node at a time, operating on it and then potentially doing some unrelated computation before retrieving the next node at some unknown point in the future.
Here is where coroutines can bridge the impedance mismatch, presenting an iterative interface to a naturally recursive algorithm.
This post is about US encryption controls on open source software and what programmers need to do to comply with those regulations.
I must start with a caveat because I know practically nothing about the subject! Treat it as one person's understanding of the matter, not legal advice. I am not a lawyer, don't play one on TV or even actually know a real lawyer. I am writing this as an aid to others writing open source software in the hope it will make them aware of the concerned regulations.
A previous blog post described the representation command and its use for introspecting Tcl's internal structures for storing data. I promised a follow-up post that talked about Tcl's compiled byte code and the disassemble command for inspecting it. Well, only two years later, here is that post as promised.
In a prior post I had illustrated the use of the Tcl promise package for asynchronous computing with some examples. There we had ignored the possibility of errors and exceptions and how they are handled in promise-based code. In this post, we build on the examples in that post to illustrate how promises greatly simplify handling of errors in async code.
I had previously described an experimental implementation of promises for Tcl. On re-reading my earlier post, I was somewhat dissatisfied with the treatment there in that I did not feel it fully reflected the value of the promise abstraction, getting somewhat caught up in the details. This post takes a somewhat different approach, concentrating more on examples and refraining from going into detail about each command or method. Here I am more interested giving you a flavor of programming with promises and motivating you to explore further.
This post is obsoleted by the promise package (based on the code is this post) and by newer posts on the topic. Nevertheless it may still hold some tutorial benefit.
There is quite a bit of hoopla in the Javascript world around the promise abstraction for asynchronous code. Implemented in various forms in third party libraries, it proved sufficiently useful to be formally defined and incorporated into ECMAScript 6.
Other languages, from Python and Scala to C#, C++ and Java, have implementations of promises in various flavors (sometimes separated into promises and futures). Not finding one for Tcl (we cannot let Tcl lag!), I started on an experimental implementation described in this post.