You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Need a java component that will encrypt and decrypt a json blob of text that is a few 1000 bytes.
I'd really like this to be done using jasypt which is a well-thought-out approach to the whole process.....configuration for names of encryption algorithms, approaches for getting the 'salt', encryption library dependencies, command line tools for encryption/decryption, etc...
A teacher/administrator must be able to specify a secret encryption key at snail4j startup. This key will be used on the java side to decrypt the encrypted text that the user enters into the GUI.
The teacher/administrator must also have a command line facility that encrypts a workload key given that secret key.
Without this enhancement, the snail4j Angular UI shows the class and method name of the running code/workload.
With this enhancement, the end user will paste an encrypted key into the user interface, and snail4j will run the mystery code specified by the encrypted key. The UI will obscure/hide the name of the class/method name.
Detail:
The teacher will use snail4j to create/assemble a plain-text workload key with the desired java processing.
The teacher will use the command line facility to encrypt the plain-text workload key.
The teacher will distribute the encrypted keys to the student in a plain text document, along with documentation on how to use that key with Snail4j. The doc will also "solicit predictions", as detailed below.
The End user will go to a new screen in snail4j, dial in the encrypted key, and the SUT. Once text is pasted into snail4j, but before the user submits the text to the snail4j agent, the GUI will validate whether the key is "good" -- aka, decryptable using the secret key specified at the snail4j command line uber startup.
Once snail4j GUI sends that key to the snail4j java agent, the snail4j java agent will decrypt the encrypted workload key using the "secret key" specified at snailj startup as a command line parameter.
Once decrypted, snail4j will then run the specified workload.
To avoid spoiling the secret, The snail4j UI will hide/obscure the normal GUI
Use Case: Invalid Encrypted Key.
This use case also needs to handle an invalid key.
For example, say the user doesn't copy all the text of the key from the 'doc' given to them by their teacher. Or, say, the teacher gives them a key, and when the snail4j uber jar was launched, it was not given the "secret key", the one that decrypts the text provided by the end user.
Use Case / Background
Snail4j aims to teach java performance to all java developers. I interview java developers a few times a year, and there just aren't enough of them with basic performance skills. But also, our approaches to teaching performance skills aren't cranking out a lot of skilled pepes.
But snail4j is just software, how exactly will it "teach"? In short, it will solicit predictions from the end user.
Here are a few different approaches, where the user is solicited (asked) to make various predictions.
Which code will run faster, the code that uses technique A or technique B? Given a few encrypted workload keys, the user is asked say one uses technique A, and which uses technique B.
User is asked to use Snail4j to run a particular workload and asked what is taking up most of the time? If the key to specify that workload is opaque/encrypted, the user will be forced to learn how to use tools to discover the problem.
User asked what the developer of workload 2 did to make it so much faster than workload 1.
With an encrypted "workload key", the user won't be able to directly inspect the source code, because the class names in the "workload key" will be opaque/encrypted.
This helps force the user to install/learn/use monitoring/observability tools to build an evidence-based story about what's processing, instead of using the source code as a crutch and taking guesses by peeking at the source code.
Here is an example of a clear text workload key that needs to be encrypted:
Need a java component that will encrypt and decrypt a json blob of text that is a few 1000 bytes.
I'd really like this to be done using jasypt which is a well-thought-out approach to the whole process.....configuration for names of encryption algorithms, approaches for getting the 'salt', encryption library dependencies, command line tools for encryption/decryption, etc...
A teacher/administrator must be able to specify a secret encryption key at snail4j startup. This key will be used on the java side to decrypt the encrypted text that the user enters into the GUI.
The teacher/administrator must also have a command line facility that encrypts a workload key given that secret key.
Without this enhancement, the snail4j Angular UI shows the class and method name of the running code/workload.
With this enhancement, the end user will paste an encrypted key into the user interface, and snail4j will run the mystery code specified by the encrypted key. The UI will obscure/hide the name of the class/method name.
Detail:
Use Case: Invalid Encrypted Key.
This use case also needs to handle an invalid key.
For example, say the user doesn't copy all the text of the key from the 'doc' given to them by their teacher. Or, say, the teacher gives them a key, and when the snail4j uber jar was launched, it was not given the "secret key", the one that decrypts the text provided by the end user.
Use Case / Background
Snail4j aims to teach java performance to all java developers. I interview java developers a few times a year, and there just aren't enough of them with basic performance skills. But also, our approaches to teaching performance skills aren't cranking out a lot of skilled pepes.
But snail4j is just software, how exactly will it "teach"? In short, it will solicit predictions from the end user.
Here are a few different approaches, where the user is solicited (asked) to make various predictions.
With an encrypted "workload key", the user won't be able to directly inspect the source code, because the class names in the "workload key" will be opaque/encrypted.
This helps force the user to install/learn/use monitoring/observability tools to build an evidence-based story about what's processing, instead of using the source code as a crutch and taking guesses by peeking at the source code.
Here is an example of a clear text workload key that needs to be encrypted:
The text was updated successfully, but these errors were encountered: