In the afternoon I started with the project of flashing the second
hand TP-Link TL-WDR4300 I received last
Wednesday with OpenWrt
version 19.07.6. After a visit to my mother and dinner I continued
with the last bits.
Postgresql is my favorite relational database. There are a lot of
cool things that Postgresql can do and one of those is to handle the
authorization layer. Some people argue that putting authorization
logic into the database makes the application code harder to read,
and that’s actually true if there is only 1 code base connecting to
a database. However, if there are more than 1 code bases
communicating with a database, having a centralized authorization
logic starts to make more sense. In this blog post, I am not going
to discuss the pros and cons of having the authorization logic
inside the database, but instead I am going to describe how I put
all my authorization logic into postgresql.
I’ll start from a relatively simple problem - logging in to a server
via SSH always takes 10 seconds. The delay seems to be pretty
constant, there don’t seem to be major network problems and the
server is not overloaded. Yet, remote logins always take 10 seconds.
If you’be been around, you probably already know a couple of likely
causes for this, but I want to approach this problem
systematically. How to troubleshoot such issues without relying on
lucky guesses or having previous experience with usual suspects. You
never know, next time the root cause may be different - or you have
to troubleshoot a completely different application.
Today’s Go security
release fixes an
issue involving PATH lookups in untrusted directories that can lead
to remote execution during the go get command. We expect people to
have questions about what exactly this means and whether they might
have issues in their own programs. This post details the bug, the
fixes we have applied, how to decide whether your own programs are
vulnerable to similar problems, and what you can do if they are.
Raspberry Pi Enters Microcontroller Game With $4 Pico
Raspberry Pi was synonymous with single-board Linux computers. No
longer. The $4 Raspberry Pi
board is their attempt to break into the crowded microcontroller
The microcontroller in question, the RP2040, is also Raspberry Pi’s
first foray into custom silicon, and it’s got a dual-core Cortex M0+
with luxurious amounts of SRAM and some very interesting custom I/O
peripheral hardware that will likely mean that you never have to
bit-bang again. But a bare microcontroller is no fun without a dev
board, and the Raspberry Pi Pico adds 2 MB of flash, USB
connectivity, and nice power management.
So when Apple decided to allow installing custom kernels on the Macs
with M1 processor, we were very happy to try building another Linux
port to further our understanding of the hardware platform. As we
were creating a model of the processor for our security research
product, we were working on the Linux port in parallel.
The upcoming Go 1.16 release
has a lot of exciting updates in it, but my most anticipated
addition to the Go standard library is the new io/fs and
Go’s io.Reader, io.Writer, and os.File interfaces go a long
way in abstracting common operations on opened files. However, until
now there hasn’t been a great story for abstracting an entire
Last Saturday my brother helped me with placing a wired ethernet
connection in my home office. Somehow directly connecting my late
2014 Mac mini to the wall ethernet jack didn't work; no ethernet. In
the evening he dropped a 4 port switch at my place. Using this 4 port
switch to connect the Mac mini did work. When I tested the Internet
speed I got 10Mbps so I suspected that the switch was nog a gigabit
switch and ordered a TP-Link TL-SG108 with 8 ports yesterday.
I also have a lot of networking issues with Wi-Fi and suspect the
router, a TP-Link TL-WDR4300 N750 which I flashed with
last Monday I browsed a Dutch website for second hand products;
Marktplaats, and placed an offer of €15
on a TP-Link TL-WDR4300, the same model as I already owned since I
know it works very well with OpenWrt. The offer was accepted and with
shipping to my home the total was €22.25.
Both items arrived today in the morning. I had also ordered two UTP
cables with the desktop switch, one meter each, but those probably arrive
Today, when I did a speed test with the
old switch in order to compare it with the new one I was surprised to
get a speed way above 10Mbps. At times I even got close to
100Mbps. When I checked underneath the switch it stated it was a 1Gb
When I tested the new switch I had the same problem as with the Mac
Mini: the switch didn't detect a network on the incoming side. So now
I suspect something is wrong with the cable that goes all the way down
to the router, and my brother will soon drop by to have a look at it.
I also want to check if the router I ordered is going to make any
difference with the wireless network connection.
Porting Firefox to Apple Silicon
The release of Apple Silicon-based Macs at the end of last year
generated a flurry of news coverage and some surprises at the
machine’s performance. This post details some background information
on the experience of porting Firefox to run natively on these CPUs.
Go has plenty of useful builtin functionality for safe, concurrent
and parallel code. However neat those features may be, they cannot
write your program for you. As is the case for many languagges, the
most important morsels of knowledge are not in the features of the
language, but in the well-known patterns that compose those features
into solutions that can address frequently reoccurring problems. I’m
relatively new to using Go as my daily bread-and-butter language and
recently encountered a useful pattern that I thought worth
sharing. I’m told that at Palantir it is called the tickler pattern.
André Garzia made a nice blog post called “Lua, a misunderstood
recently, and unfortunately (but perhaps unsurprisingly) a bulk of
HN comments on it was about the age-old 0-based vs. 1-based indexing
debate. You see, Lua uses 1-based indexing, and lots of programmers
claimed this is unnatural because “every other language out there”
uses 0-based indexing.
I’ll brush aside quickly the fact that this is not true — 1-based
indexing has a long history, all the way from Fortran, COBOL,
Pascal, Ada, Smalltalk, etc. — and I’ll grant that the vast majority
of popular languages in the industry nowadays are 0-based. So, let’s
avoid the popularity contest and address the claim that 0-based
indexing is “inherently better”, or worse, “more natural”.
There are a whole bunch of popular interview questions that can be
solved in one of two ways: Either using common data structures and
algorithms in a sensible manner, or by using some properties of XOR
in a seemingly hard to understand way.
While it seems unreasonable to expect the XOR solutions in
interviews, it is quite fun to figure out how they work. As it turns
out, they are all based on the same fundamental trick, which we will
derive in a bottom-up way in this post.
Today, we know that fungi are not plants, but the botanical history
of fungi provides an interesting perspective on our scientific
biases, on how we classify organisms and how these impact our