HTTP Basic Authentication using client SSL certificate's CN

Suppose you have a HTTP service which is able to authenticate users only using Basic HTTP Authentication. On the other side every your client (a real user or a 3dparty system) has its own client SSL certificate and you want them to authenticate using the certificates' CNs.

haproxy is to the rescue!

[Security] Check if your certificate is really revoked

Works for Thawte CA.

The following script accepts certificate in PEM format as input and validates it via OCSP and CRL specified in the certificate.

Requires openssl and curl.

[FreeBSD] How to use HTTP package repository in "pkg_add -r" if FTP is forbidden

On FreeBSD to use "pkg_add -r" when FTP protocol is forbidden in your local network just set PACKETROOT environment variable:

# pkg_add -r <your_favorite_package>

[Erlang] Using fprof() to profile ejabberd

Note! The following approach could be applied for any Erlang application.

1. Start ejabberd in 'live' mode:

ejabberdctl live

[OpenSUSE+PHP] Enable PHP for UserDir in OpenSUSE 12


in OpenSUSE you can easily enable user dir (user/public_html which maps to http://host/~user) but it was non-trivial how to enable PHP scripts within the public_html directory.

[NodeJS] How to set outgoing address in Node.JS socket

Several days ago I faced the problem of setting up outgoing address for socket connections in Node.JS.

Here is the tricky solution:

var local_addr  = ''
var remote_addr = ''

var cli = new net.Socket({ handle: net._createServerHandle(local_addr) })
cli.connect(5222, remote_addr)


[Azure+Ruby] Использование MS Azure Queue из Ruby


Microsoft не зря активно продвигает и развивает Azure - добрался он и до нас. И несмотря на то, что наиболее комфортно в азуре себя чувствуют .NET приложения, иногда возникают задачи интеграции с такими приложениями из платформ, далеких от .NET.

Недавно у нас возникла задача такой интеграции из системы, написанной на Ruby. Интеграционный сценарий просто: необходимо передать в .NET приложение некоторое событие. А как это надежнее всего сделать с .NET приложением, близким к Azure? Правильно! Надо использовать MS Azure Queue.

Сегодня я покажу, как использовать MS Azure Queue из Ruby.

[AWS] Amazon Route 53: Creating many records using command line

I have a domain zone registered in Amazon Route 53. For instance, "".

The initial task is to create 100 sub-domains in this zone in form "<number>". I.e.,, ....

All of them must refer to one machine. For example,

In this post I will describe precise steps to accomplish the task using Linux command line and Route 53 API.

Android SDK Manager via Proxy under Linux

The normal way to use Android SDK is Eclipse platform.

But it has some limitations, particulary it doesn't have the feature to configure your proxy settings.

Under Windows the problem could be solved by running Android SDK Manager outside Eclipse via lanching executable called "Setup.exe" in the SDK directory. The suprise for linux users is that they don't have such a tool and hence can't configure proxy via cute UI interface.

Team Explorer Everywhere Console Quick Start

Today I decided to fetch sources stored in TFS to my Linux laptop. I'm not familiar with TFS source control domain model so I spend some to time to figure out how to accomplish my task.

It seems that the only appropriate tool to work with TFS under Linux is Team Explorer Everywhere which is available here:, download

Suprisely I didn't find some Quick Start tutorials on that tool so I decided to write it here.

Саммит разработчиков Лаборатории Касперского

22-23.11.2010 прошел 1-ый саммит разработчиков ЛК. И т.к. я случайно оказался одним из архитекторов, у кого нашелся непросроченный загран паспорт, мне удалось в нем поучавствовать.

Хотелось бы отметить наиболее интересные факты.