week 03, 2021

Use postgresql for authorization layer

Postgresql is my favorite relational database. There are a lot of cool things that Postgresql can do and one of those is to handle the authorization layer. Some people argue that putting authorization logic into the database makes the application code harder to read, and that’s actually true if there is only 1 code base connecting to a database. However, if there are more than 1 code bases communicating with a database, having a centralized authorization logic starts to make more sense. In this blog post, I am not going to discuss the pros and cons of having the authorization logic inside the database, but instead I am going to describe how I put all my authorization logic into postgresql.

Source: Use postgresql for authorization layer, an article by Tan Nguyen.

Tutorial: Troubleshooting Linux SSH Login Delay

I’ll start from a relatively simple problem - logging in to a server via SSH always takes 10 seconds. The delay seems to be pretty constant, there don’t seem to be major network problems and the server is not overloaded. Yet, remote logins always take 10 seconds.

If you’be been around, you probably already know a couple of likely causes for this, but I want to approach this problem systematically. How to troubleshoot such issues without relying on lucky guesses or having previous experience with usual suspects. You never know, next time the root cause may be different - or you have to troubleshoot a completely different application.

Source: Tutorial: Troubleshooting Linux SSH Login Delay - Why does logging in always take 10 seconds?, an article by Tanel Põder.

Monoids etc

Monoids are simpler than categories. A monoid is defined by a collection (set) of elements and an operation that allows us to combine two element and produce a third one of the same kind.

Source: Category Theory Illustrated - Monoids, an article by Boris Marinov

Command PATH security in Go

Today’s Go security release fixes an issue involving PATH lookups in untrusted directories that can lead to remote execution during the go get command. We expect people to have questions about what exactly this means and whether they might have issues in their own programs. This post details the bug, the fixes we have applied, how to decide whether your own programs are vulnerable to similar problems, and what you can do if they are.

Source: Command PATH security in Go, an article by Russ Cox.

Raspberry Pi Enters Microcontroller Game With $4 Pico

Raspberry Pi was synonymous with single-board Linux computers. No longer. The $4 Raspberry Pi Pico board is their attempt to break into the crowded microcontroller module market.

The microcontroller in question, the RP2040, is also Raspberry Pi’s first foray into custom silicon, and it’s got a dual-core Cortex M0+ with luxurious amounts of SRAM and some very interesting custom I/O peripheral hardware that will likely mean that you never have to bit-bang again. But a bare microcontroller is no fun without a dev board, and the Raspberry Pi Pico adds 2 MB of flash, USB connectivity, and nice power management.

Source: Raspberry Pi Enters Microcontroller Game With $4 Pico, an article by Elliot Williams.

How We Ported Linux to the M1

So when Apple decided to allow installing custom kernels on the Macs with M1 processor, we were very happy to try building another Linux port to further our understanding of the hardware platform. As we were creating a model of the processor for our security research product, we were working on the Linux port in parallel.

Source: How We Ported Linux to the M1.

A Tour of Go 1.16's io/fs package

The upcoming Go 1.16 release has a lot of exciting updates in it, but my most anticipated addition to the Go standard library is the new io/fs and testing/testfs packages.

Go’s io.Reader, io.Writer, and os.File interfaces go a long way in abstracting common operations on opened files. However, until now there hasn’t been a great story for abstracting an entire filesystem.

Source: A Tour of Go 1.16's io/fs package, an article by Ben Congdon.

A Second-Hand Router and a New Gigabit Switch

Last Saturday my brother helped me with placing a wired ethernet connection in my home office. Somehow directly connecting my late 2014 Mac mini to the wall ethernet jack didn't work; no ethernet. In the evening he dropped a 4 port switch at my place. Using this 4 port switch to connect the Mac mini did work. When I tested the Internet speed I got 10Mbps so I suspected that the switch was nog a gigabit switch and ordered a TP-Link TL-SG108 with 8 ports yesterday.

8-port gigabit desktop switch TP-Link TL-SG108
8-port gigabit desktop switch TP-Link TL-SG108.

I also have a lot of networking issues with Wi-Fi and suspect the router, a TP-Link TL-WDR4300 N750 which I flashed with OpenWrt. So last Monday I browsed a Dutch website for second hand products; Marktplaats, and placed an offer of €15 on a TP-Link TL-WDR4300, the same model as I already owned since I know it works very well with OpenWrt. The offer was accepted and with shipping to my home the total was €22.25.

TP-Link TL-WDR4300 N750
Router TP-Link TL-WDR4300 N750.

Both items arrived today in the morning. I had also ordered two UTP cables with the desktop switch, one meter each, but those probably arrive tomorrow.

Today, when I did a speed test with the old switch in order to compare it with the new one I was surprised to get a speed way above 10Mbps. At times I even got close to 100Mbps. When I checked underneath the switch it stated it was a 1Gb switch 😫.

Speedtest result old router and old switch
Speedtest result old router and old switch.

When I tested the new switch I had the same problem as with the Mac Mini: the switch didn't detect a network on the incoming side. So now I suspect something is wrong with the cable that goes all the way down to the router, and my brother will soon drop by to have a look at it.

I also want to check if the router I ordered is going to make any difference with the wireless network connection.

Common kestrel

In the afternoon what I believe to be a common kestrel, Falco tinnunculus, landed on our fence. I was too slow with my iPhone 6S to take a photo of the bird.

Container networking is simple

Working with containers always feels like magic. In a good way for those who understand the internals and in a terrifying - for those who don't. Luckily, we've been looking under the hood of the containerization technology for quite some time already and even managed to uncover that containers are just isolated and restricted Linux processes, that images aren't really needed to run containers, and on the contrary - to build an image we need to run some containers.

Now comes a time to tackle the container networking problem. Or, more precisely, a single-host container networking problem. In this article, we are going to answer the following questions:

  • How to virtualize network resources to make containers think each of them has a dedicated network stack?
  • How to turn containers into friendly neighbors, prevent them from interfering, and teach to communicate well?
  • How to reach the outside world (e.g. the Internet) from inside the container?
  • How to reach containers running on a machine from the outside world (aka port publishing)?

Source: Container networking is simple, an article by Ivan Velichko.

Non-Blocking Parallelism for Services in Go

Go has plenty of useful builtin functionality for safe, concurrent and parallel code. However neat those features may be, they cannot write your program for you. As is the case for many languagges, the most important morsels of knowledge are not in the features of the language, but in the well-known patterns that compose those features into solutions that can address frequently reoccurring problems. I’m relatively new to using Go as my daily bread-and-butter language and recently encountered a useful pattern that I thought worth sharing. I’m told that at Palantir it is called the tickler pattern.

Source: Non-Blocking Parallelism for Services in Go, an article by Peter Goldsborough.

Again on 0-based vs. 1-based indexing

André Garzia made a nice blog post called “Lua, a misunderstood language” recently, and unfortunately (but perhaps unsurprisingly) a bulk of HN comments on it was about the age-old 0-based vs. 1-based indexing debate. You see, Lua uses 1-based indexing, and lots of programmers claimed this is unnatural because “every other language out there” uses 0-based indexing.

I’ll brush aside quickly the fact that this is not true — 1-based indexing has a long history, all the way from Fortran, COBOL, Pascal, Ada, Smalltalk, etc. — and I’ll grant that the vast majority of popular languages in the industry nowadays are 0-based. So, let’s avoid the popularity contest and address the claim that 0-based indexing is “inherently better”, or worse, “more natural”.

Source: Again on 0-based vs. 1-based indexing, an article by Hisham H. Muhammad.

That XOR Trick

There are a whole bunch of popular interview questions that can be solved in one of two ways: Either using common data structures and algorithms in a sensible manner, or by using some properties of XOR in a seemingly hard to understand way.

While it seems unreasonable to expect the XOR solutions in interviews, it is quite fun to figure out how they work. As it turns out, they are all based on the same fundamental trick, which we will derive in a bottom-up way in this post.

Source: That XOR Trick, an article by Florian Hartmann.