Why Go is not my favourite language

2013-10-25, Categories: coding

  1. Go has exceptions and return values for error

    Yes it does. Yes, it really really does.

    Read the rest of this entry »

Compiling C++ statically

2013-01-14, Categories: coding

To properly compile a static C++ binary on Linux you have to supply -static, -static-libgcc and -static-libstdc++ when linking.

Read the rest of this entry »

Interesting Arping bug report

2012-10-05, Categories: unix, coding, network, arping

A few months ago I was strolling in the Debian bug tracking system and found a curious bug filed against Arping, a program I maintain.

It said that unlike Arping 2.09, in Arping 2.11 the ARP cache was not updated after successful reply. I thought that was odd, since there's no code to touch the ARP cache, neither read nor write. Surely this behaviour hasn't changed?

Read the rest of this entry »

Shared libraries diamond problem

2012-05-19, Categories: unix, coding

If you split up code into different libraries you can get a diamond dependency problem. That is you have two parts of your code that depend on different incompatible versions of the same library.

Normally you shouldn't get in this situation. Only someone who hates their users makes a non backwards compatible change to a library ABI. You don't hate your users, do you?

Read the rest of this entry »

Be careful with hashmaps

2012-02-07, Categories: security, coding

As you remember from long ago hashes are O(1) best case, but can be O(n) if you get hash collisions. And if you're adding n new entries that means O(n^2).

I thought I'd take a look at the hash_set/hash_map GNU C++ extension.

Read the rest of this entry »

TPM-backed SSL

2012-02-04, Categories: security, network, coding, tpm, hsm

This is a short howto on setting up TPM-backed SSL. This means that the secret key belonging to an SSL cert is protected by the TPM and cannot be copied off of the machine or otherwise inspected.

Meaning even if you get hacked the attackers cannot impersonate you, if you manage to kick them off or just shut down the server. The secret key is safe. It has never been outside the TPM and never will be.

This can be used for both client and server certs.

Read the rest of this entry »

Yubico is awesome

2011-07-17, Categories: security, coding, unix, hsm

Yubico and their products are awesome.

That pretty much sums up this blog post but I'm going to go on anyway. If you're thinking of introducing two-factor authentication to your company, or you're using something that's fundamentally broken (like RSA SecureID) you simply must at least take Yubikeys into consideration.

Read the rest of this entry »

gettimeofday() should never be used to measure time

2010-09-05, Categories: coding, bugs

gettimeofday() and time() should only be used to get the current time if the current wall-clock time is actually what you want. They should never be used to measure time or schedule an event X time into the future.

Read the rest of this entry »

tlssh - a replacement for SSH

2010-08-05, Categories: security, unix, coding, network

I've started writing a replacement for SSH.

Why? Because SSH has some drawbacks that sometimes annoy me. I also wanted an authentication scheme that's more similar to SSL/TLS than what SSH does.

With tlssh you don't specify username or password, you simply connect to the server using a client-side certificate to log in as the user specified in the certificate. No interaction until you reach the shell prompt on the server.

Read the rest of this entry »

Redirecting to the closest site using Javascript

2010-05-13, Categories: coding, web

I'm sure this problem has been solved this way many times before, but I haven't seen it while idly browsing around sites about scalability and load balancing. So here it is, a Javascript solution to the closest-site problem.

Read the rest of this entry »

10 years of maintaining an open source program

2010-04-01, Categories: arping, coding

Arping 0.1 was released 10 years ago last month or so. It's since been included as a package in Debian GNU/Linux, Ubuntu, OpenBSD, FreeBSD and NetBSD, Gentoo and some other smaller and bigger OSs and distributions.

Read the rest of this entry »

Clipboard sniffer

2010-01-26, Categories: security, coding, unix

Yes clipboard, not keyboard. I've made a clipboard sniffer for X called ClipSniff.

It periodically saves whatever is in the clipboard (both the "PRIMARY" and the "CLIPBOARD") into a sqlite database.

git clone http://github.com/ThomasHabets/clipsniff.git

Read the rest of this entry »

Lightwave. Like Google Wave only much less

2009-10-29, Categories: erlang, coding, web

I felt sorry for all those who don't yet have a Google Wave account, and I was impressed with their demo. And I also wanted an Erlang project.

So I killed three birds with one stone. I made Lightwave. It's like Google Wave only:

Read the rest of this entry »

Autotools is nice

2009-10-01, Categories: autotools, coding, unix

I was recently asked why autotools was so good. I thought I might as well post what I answered.

Read the rest of this entry »

Moving a process to another terminal

2009-03-21, Categories: unix, coding, tty

I've always wanted to be able to move a process from one terminal to another. For example if I've started a long-running foreground process (such as irssi or scp) outside of a screen and I have to log out my local terminal. I looked around and there doesn't seem to be any way to do this.

Read the rest of this entry »

Erlang BGP daemon

2008-07-27, Categories: cisco, bgp, erlang, coding, network, bugs

I'm writing a BGP daemon in Erlang. It can connect, parse update packets and announce routes.

Read the rest of this entry »

Buffering in pipes

2008-06-28, Categories: tty, unix, coding, ind

I'm trying to force a program not to buffer its output to stdout. Any program, all programs. It can't involve changing the source code or depending on weird or unportable stuff.

It should be possible. It seems like I'm missing something obvious, but I can't figure out what.

Read the rest of this entry »