Somehow lately I have been in numerous discussions about programming languages, and which language is interesting, better, etc. The only consensus, is that there is no consensus. Different people choose different programming languages, and most of the time there are quite opinionated about them. (I do have my personal preferences, which I express them quite vividly ;)). However, there is another point that most people also agree:

If you are a programmer, you can learn and use any language.

I can easily agree with that. If someone knows the basic stuff of programming, and has learned the required discipline, the basic data structures and most important a certain way of thinking, then if it is much easier and faster to learn a new programming language. A programmer also has a large corpus of problems that he already well understands and can use them as playground in order to acquire the nuisances of the new language. It can be more hard if you learn also a new  programming paradigm, but even in this case the odds are much better.

However, the fallacy arrives from the distortion of the above sentence. A lot of people use this sentence in the following way:

You are already a good programmer, so I am sure it will be really easy for you to pick <<insert your worst possible language>> very fast and write code in it.

I regard this as a fallacy,because people mix ability with will. Pardon the improper wording but it sounds like the equivalent of : “You are a guy, I am sure you can have sex with any girl”. The reason that I do have the required skills (equipment in this case) to do something, does not mean that I want to do it. Of course, if I am forced I can certainly do it, but it will be bad performance, miserable, and in the end probably will leave a really bad feeling (sometimes even an trauma).   The reason people fall into this fallacy, is that they do not regard programming as an art, but as a mundane pressing of buttons that produces something useful after a proper level of coffee.

I do regard programming as a form of art, close to writing a prose (with more strict rules). It is not just the solving of a well formed mathematical problem (in many cases), but also a form of expression. This differentiates beautiful code, from ugly one. There is even research that shows programming in the brain activates more the language centers than the mathematical ones (for example here : https://computinged.wordpress.com/2017/01/23/scientists-looking-at-programmers-brains-see-more-language-than-mathematics-the-neuroscience-of-programming/ but I have not looked exhaustively into it).  So different programming languages matter because they are the tools of our expression (like a painter uses different types of brushes). These are very important tools, because as we shape our tools, the tools shape us back. I have seen very few people who are indifferent on the programming language they use, but even in this case most of them have quite strong preferences, but also quite tolerant on what they would use. Each person has different level of tolerance on different things, but it not always wise to test them. 😉

Advertisements

YaaO SSH VPN

May 6, 2015

The title is Yet Another Article On SSH VPN, so this is used as a personal note keeping for creating a SSH VPN using a manual method.

We assume that we have the server.example.com running OpenBSD with ip 192.0.2.1/24 and the client.example.com running Linux with ip 192.0.2.2/24. The tun that we will create will use the IPs 198.51.100.1/24 on the server side and 198.51.100.2/24 on the client side.

  • Enable the support on server side. Put in /etc/ssh/sshd_config:
    PermitTunnel yes
    

    Also in this case point-to-point will be enough.

  • Client side:
    client# ip tuntap add dev tun0 mode tun
    client# ifconfig tun0 198.51.100.2 pointopoint 198.51.100.1
    
  • Server side:
    server# ifconfig tun0 create
    server# ifconfing tun0 198.51.100.1 195.51.100.2
    
  • For the final ssh:
    client$ ssh -w 0:0 server.example.com
    

Since in both machines we use the tun0 interface on the -w option we use the 0:0. If the server was using tun1 then the option whould be -w 0:1.
Then we need the relevant route commands to make the traffic flow this ssh vpn tunnel.

It is Dr. for you, beaches!

February 23, 2015

Yeap!, it seems that finally I did make it. I’ve completed my PhD thesis and now I can add the Dr. in my business card (this is something that is hardly likely to happen, since I don’t like the Dr. title, and I also hate having a business card). So the birds are singing and the sun is shining (that’s the pun about the beaches on the title), at least for me. There is the quote from Randy Pausch

Experience is what you get when you didn’t get what you wanted. And experience is often the most valuable thing you have to offer.

and given that it took me a lot of time to complete it .. I can argue that I have gained a lot of experience. So I can share some of it with my faithful readers (Yeap all the two of you). Following the usual pattern I’ll present an unsorted list of random thoughts. I believe that each one is different so most of the following stuff might not be applicable, but some people might find them interesting.

  • One of the most useful tools is the log book. You have to log everything that you do, or plan to do, and finally all the results. Perhaps this is the MOST important tool in order to complete research successfully. The moment I started to keep a log book with ideas, experiments, results, questions, etc. it was the moment that my work got a lot of boost and I was able to move forward. Document as much as possible, it is better to have more information than lack of information.
  • Also keep the raw results of your experiments, simulations etc. It might be a small waste of space, but you never know when you might have another great idea for further analysis, and realize that all is gone, and you have to redo the whole process (insert double facepalm here).
  • Review the papers that you find important thoroughly.  I was lazy, and I kept only a few notes on each one. In the end when I wanted to write the related work section, I had to redo the whole procedure. If I had kept good notes (see previous bullet) a lot of wasted effort would be avoided
  • Write, write, write. I hate writing (one of the reasons that it took so long), but it is essential. Have a look in this video. Then have another look. The important take away is that we can think more clearly when we write, than when we just think.
  • The supervisor plays a very important role. What you prefer from your supervisor is a matter of personal test. What I valued was freedom to study and try different things. Thankfully, my direct supervisor gave me the freedom I wanted. So choose your supervisor as best as you can, if possible (I was lucky in this regard). Also the supervisor acts as a reality check for your progress.
  • Don’t forget the rest of your life.You are still a student, so you can have a different time management and priorities compared with someone that works in the industry. This doesn’t mean that you can work less (you might work more), but your schedule can be more flexible. PhD is a marathon (ok not as big as i did it) and not a sprint. You need to take care of other aspects of life or you might become out of fuel. Human relationships are able to prevent the tank from emptying permanently
  • Exercise. Helps not only the body, but also the brain
  • Find great teachers and learn from their ways. This plays an important role if you like to teach (I do)
  • Find also another field that interests you and try to learn a bit. This helps to prevent your mind to be hyper focused, making you live only on your own little world. (For some periods this is necessary, but not for the long run). Thankfully, I met people (1,2) who offered their knowledge and bared with me.
  • A small piece of advice: If you feel disappointed at some point, in the end when you see the final version of your Thesis, your disappointment will reduce.  (The supervisor again is important for the reality check in some cases)

Now I can join the rest of you .. on the beaches 😉

Linux T440s lid script

April 11, 2014

I wouldn’t like to start talking about the sorry state about the Linux Power Management in laptops, because the whole situation is at least disappointing.  (Having digged the situation only a little bit, power management is done by systemd-logind, acpid, and pm-utils, and the way all these interact if you add laptop-mode is not clear at all).  I use my new T440s either as is, or as “desktop” replacement using external monitor, keyboard and mouse. In the second case when I “docked” and connected the peripherals, I didn’t want by closing the lid to activate screensaver, or suspending the system, on the other hand, whenever I was using the laptop undocked, when I closed the lid I wanted to be put in sleep mode. After having fiddled a little bit with the configuration I thought that the best way was to create the following script which I put in /etc/acpi/local/lid.sh.pre

#!/bin/sh

# This script affects the way lid behaves. The logic is described
# If the laptop is connected to an external display 
#   If we have a display in the active displays that is not the built in
#       unset everything (do nothing)
# else
#	don't touch anything

#getting the outputs
d=/tmp/.X11-unix
for x in $d/X*; do
    displaynum=${x#$d/X}
    getXuser;
    if [ x$XAUTHORITY != x ]; then
       export DISPLAY=:$displaynum
       connectedOutputs=$(su $XUSER -s /bin/sh -c "xrandr" | grep " connected" | sed -e "s/\([A-Z0-9]\+\) connected.*/\1/")
       activeOutput=$(su $XUSER -s /bin/sh -c "xrandr" | grep -e " connected [^(]" | sed -e "s/\([A-Z0-9]\+\) connected.*/\1/") 
       connected=$(echo $connectedOutputs | wc -w)
    fi
done

#if we have one display do nothing
if [ $connected -gt 1 ]
then
	for display in $activeOutput
	do
		if [ x$display != x$XRANDR_OUTPUT ] 
		then
			LID_SLEEP=""
			LOCK_SCREEN=""
		fi
	done
fi

This scipt is called by /etc/acpi/lid.sh which in turn is called when an lid event is received which is defined in /etc/acpi/events/lidbtn

In one of the projects we had a number of virtual machines that were servicing the same content. The content was duplicated in each of them in the local filesystem. The storage space that was used for the VM infrastructure was getting full, therefore we were asked politely from the VM infrastructure provider if we could do something about it.

The first step was easily decided and we set up a VM that had all the content and was sharing it through NFS with the other web servers. The next part was to resize the disks of the VMs so that the exceeded space could be free. One of the possible ways was to attach a second disk, transfer everything there, change the configuration for the VM and it should work. However, this sounded a good idea to try a few things with LVM. This is a small step by step guide on how to do it.

Read the rest of this entry »

Let’s not have the argument whether tomcat should be run as standalone (with tcnative and APR) or with a web server in the front that proxies the requests back to tomcat, but let’s assume that we have the case of tomcat native.
In this case one issue that comes up regularly when tomcat is also configured to do client certificate authentication is the CRL expiration. When the CRL expires tomcat refuses to do any more authentication and the application comes to a halt. Although this is not a bad thing to do per se (who would like to permit people to login if he is unable to have at least a rough estimate if one of the certificates has been revoked), the problem arises that there is no clean way of making tomcat reload the CRL if the old one expires. So in order to fix this problem a new patch for tcnative was created.
More information about the issues and the patch can be found in : code.uoa.gr link.

The important issue about this patch to me, is that the patch was created without having a test system and debugging was done by code inspection. The test system, and the debugging process where needed afterwards when another issue come up that had to do with the OCSP patch integration to tomcat. ( double apr_poll_destroy()). I was happy since it has been a while since I was able to develop anything without the use of a debugger, and the usual write-compile-debug procedure!

Selective port forwarding

September 18, 2012

A short post to document the solution that was used in a somehow reoccurring situation.
A colleague had a machine in the internal network that he wanted to provide access to someone outside our network. Lets assume that the IP of the internal machine is xxx.xxx.xxx.xxx and the external IP of the other person is yyy.yyy.yyy.yyy.
The solution was to use his machine as a gateway and with port forwarding. The interesting part is what happens if we want to forward a port that a service already listens to. It his case the solution is easily done using iptables, using the following script:

echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -j DNAT -p tcp -s yyy.yyy.yyy.yyy --dport pp --to-destination xxx.xxx.xxx.xxx:pp
iptables -t nat -A POSTROUTING -p tcp -s xxx.xxx.xxx.xxx -j MASQUERADE
iptables -t nat -A POSTROUTING -p tcp -d xxx.xxx.xxx.xxx -j MASQUERADE

In case the default policy for PREROUTING is DROP another rule is needed:

iptables -t nat -A PREROUTING -p tcp --dport pp -j ACCEPT

This way the machine with IP yyy.yyy.yyy.yyy can access the service in the internal machine, whereas the all the other machines will just use the service that runs in the local machine.

I can think a number of usages of this case. It can be done in order to provide a small authentication daemon on that same port, that when someone authenticates he can be added to the port forward chain, or a small service that bans IPs that try to connect to this service if they are not explicitly permitted