Hacktoberfest 2021 — Week 1
As an Android developer, open-source software underpins everything I do. So it only seems fair I commit personal time in October (and throughout the rest of the year) to the open-source community.
For the last few years, I’ve taken part in Hacktoberfest as it helps me focus on my open-source endeavours and encourage some of my peers to take part for the first time.
This year I thought it would be interesting to write about what I’ve been doing.
One of the first things I tackle with my open source projects is its (usually outdated) dependencies. The work generally includes moving to the latest versions of Kotlin and Gradle along with other dependencies.
Certificate Transparency
Certificate transparency for Android and JVM
Working together to detect maliciously or mistakenly issued certificates — https://certificate.transparency.dev
Replacing GSON with Kotlin Serialization
The project has been using GSON for some time. However, this was often the cause of random crashes, not helped by how GSON ignores data class null-safety and default values.
I decided it was time to replace it with Kotlin serialization. The library doesn’t parse JSON data very frequently, so I have little concern about differences in performance. Besides, network calls are far more costly.
Switching to Kotlin serialization was relatively painless, simply requiring a re-write of custom deserializers and changing the annotations used throughout.
Jetpack Compose
Given the release of Jetpack Compose, it felt natural to update the sample app to use it. While it is sad to no longer use the excellent Groupie library, having no XML layouts felt terrific.
Rules
When I first wrote the certificate transparency library, I made it opt-in. Thus, you had to explicitly add an inclusion rule for any domains you wanted to check. However, on reflection, this can lead to subtle bugs, where mistyping a domain name would mean the library wouldn’t perform the checks.
Watching AppSec is too hard!?, from this year’s OWASP 20th anniversary event, made me rethink the approach and ensure that the library is secure by default.
So now, with the release of v1.0.0, the library enforces checks on all domains and requires you to opt-out of domain names that are incompatible with certificate transparency checks.
KotlinFixture
A tool to generate well-defined, but essentially random, input following the idea of constrained non-determinism.
HashSets
Initially, when requesting KotlinFixture to generate a Set, the library used a TreeSet which forced the user to require Comparable objects. Now the library has been updated to use LinkedHashSet, so this is no longer a requirement.
KTorm
While I may not use Ktorm currently, I’m always willing to expand KotlinFixtures auto-generation code for better support.
And so, the latest release now adds support for Ktorm Entity interfaces.
CryptoHash
A Kotlin Multiplatform Mobile library to provide a set of cryptographic (and not so cryptographic) hashing functions.
Publicising
This little known project was one of my first Kotlin Multiplatform mobile projects.
The library has more hashing algorithms than, dare I say it, BouncyCastle, yet I know I need to do more to promote the library.
As a start, I’ve added the tool to the Awesome KMM project, but I will be looking at better ways to ensure its visibility over the coming weeks.
Please let me know if you have any suggestions on better promoting this and my other projects.
Open-source software is there for all of us to use, and there are plenty of ways to contribute even without writing a single line of code.
Join medium to read all of my articles or subscribe for e-mail updates.
