The Symas Blog

Keeping our clients up to date on bug fixes, helpful tips, and more.

Musing on the Future of Computing

Symas has set the pace in the database world with LMDB. The efficiency gains from LMDB's Single Level Store approach make LMDB's performance unmatched by any other technology. LMDB's approach is also ideally positioned to leverage future developments in memory and...

read more

Symas OpenLDAP 2.4.44-5 Available

Symas is continuously striving to provide our customers with excellent products. This on-going pursuit leads us to offer the newest Production release of Symas OpenLDAP. For the first time, Symas OpenLDAP 2.4.44-5  is available for Debian 8 and Ubuntu 16. This release...

read more

No case studies on ABAC?

Don't get me wrong, everyone needs at least RBAC, but it has limitations and doesn't work well with instance data in the authorization expression. This perceived need leads me to look for case studies describing large-scale deployments of ABAC. For example I'd like to...

read more

We Can Stop Looking For That Panacea Now

It seems every year there's a new protocol for handling security.  I was first sucked down into this black hole in the '90's.  Few standards back then.  Now, so many years and protocols have passed... https auth, x.509 auth, CSIv2, spnego, liberty, saml, ws-*, xacml,...

read more

Ahem, it’s called Role-Based Access Control

Of late, on a quest, to educate the info sec community, the definition of RBAC.  Not the first time.  A couple years back, this role-infused rant: Using Roles for Access Control is Not Role-Based Access Control And before that this: An Introduction to Role-Based...

read more

Apache Fortress Role Engineering Tutorial

The goals of this tutorial are to Gain understanding of the Role Based Access Control (RBAC) standard Learn the repeatable steps of the Role Engineering Process Learn about using the Apache Fortress RBAC engine To get started, follow the instructions in the...

read more

Apache Fortress End-to-End Security Tutorial

The tutorial provides a how-to guide for applying end-to-end security enforcement across a sample Java Web environment using Java EE, Spring and Apache Fortress security. Requirements covered include authentication, authorization and confidentiality. Both declarative...

read more

Apache Fortress SAML Demo

Overview The aim of this tutorial is to connect Apache Fortress with Spring Security SAML and a common Identity Provider – SSO Circle.com. It’s not intended to highlight all of the possible locations in code where security checks may be applied.  For that take a look...

read more

Understanding LMDB Database File Sizes and Memory Utilization

The Lightning Memory-mapped Database (LMDB) is designed around the virtual memory facilities found in modern operating systems, Multi-version Concurrency Control (MVCC), and Single-Level Store (SLS) concepts. This design is quite different than those of more traditional databases and, in operation, it can mimic behaviors that system administrators have been trained to recognize as signs of trouble. With LMDB, though, the behaviors are normal, but nonetheless this leads to the following questions:

read more

ApacheDS & Fortress QUICKSTART

As engineers, we are often encouraged to use the right tool for the job. Maybe that is because we tend to grow too attached to the familiar. When we’ve got a hammer, everything looks like a nail.

read more

Apache Fortress 1.0-RC42 Released

Announced just this week: Apache Fortress 1.0-RC42 released. What, is this some kind of joke? Why would a project go thru 42 iterations of release candidates just for a 1.0 designation? No joke here unless you find our efforts to create a simple, useful and robust access management solution funny. Before that 1.0 label gets used, we’re going to make sure it’s deserving.

read more

DROWN Vulnerability with Remediation

Network traffic encrypted using an RSA-based SSL certificate may be decrypted if enough SSLv2 handshake data can be collected. Exploitation of this vulnerability—referred to as DROWN in public reporting—may allow a remote attacker to obtain the private key of a server supporting SSLv2.

read more

The Sad State of C Strings

Character strings are an essential component of any programming language, but C Strings were a bit unusual in not defining an explicit string type. The C standard specifies some standard library functions for operating on C strings, which gives them a de-facto type and standard methods, but the standard library functions were horrible when first invented in the 1970s, and nothing sane has replaced them yet. In honor of the Chinese Lunar New Year, and the 30th anniversary of this rant, I delve once more into these problems.

read more

Anticipating the Future With LMDB

As we've noted before, LMDB was designed to be a data storage solution for both today and especially for tomorrow, not to keep warming over yesterday's problems today. That's why our focus from the beginning was on Solid State storage. While still considered too risky...

read more

Announcement: New Symas Download Site

A new download site is available for our products: https://symas.com/downloads What's new? Better organization and navigation We have redesigned the download page to make what you're looking for faster and easier.  Downloads are clearly organized by product, edition,...

read more

Carrier-Grade Stability and Performance

Early last year our client Acision ran a torture test on Symas OpenLDAP as part of acceptance testing for their telco offerings. These tests were performed on a directory consisting of one master replicating to two consumers, and included a number of crash/recovery tests as well as performance measurements. The short summary of the results: after two weeks of continuous testing, no problems.

read more