Thursday, January 5, 2017

Google I/O 2008 - Open Source Projects and Poisonous People

Every project runs into people who are selfish, uncooperative, and disrespectful. These people can silently poison the atmosphere of a happy developer community. Come learn how to identify these people and peacefully de-fuse them before they derail your project. Told through a series of (often amusing) real-life anecdotes and experiences.

Thursday, December 22, 2016

Forbid outbound connections to a certain port from a Linux user

Done on Ubuntu 14.04.

By default there are no netfilter rules:
admin@host:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

We will use `iptables-apply` to enable the rule to be sure we are not locked out because of bad netfilter rules:
admin@host:~$ cat it.sh
iptables -A OUTPUT -o eth0 -p tcp --dport 27017 -m owner --uid-owner user -j REJECT
admin@host:~$ sudo iptables-apply -c ./it.sh
Running command './it.sh'... done.
Can you establish NEW connections to the machine? (y/N) y
... then my job is done. See you next time.

Now check that `user`  cannot make outbound connections on the port `27017`:
user@host:~$ telnet mongodb0.host 27017
Trying *.*.*.*...
telnet: Unable to connect to remote host: Connection refused

The new netfilter rule is there:
admin@host:~$ sudo iptables -L --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination
1    REJECT     tcp  --  anywhere             anywhere             tcp dpt:27017 owner UID match user reject-with icmp-port-unreachable

The rule will not survive server restart. So we will use `iptables-persistent`.

admin@host:~$ sudo apt install iptables-persistent

You answer "Yes" during installation when prompted to save current IPv4 rules or do:

admin@host:~$ sudo sh -c "iptables-save > /etc/iptables/rules.v4"

Restart the server and check that the rules are still active.

Tuesday, December 6, 2016

Did you know about `raise .. from ...` in Python 3?


Python 3.5.2 (default, Oct 11 2016, 04:59:56)
[GCC 4.2.1 Compatible Apple LLVM 8.0.0 (clang-800.0.38)] on darwin

>>> try:
...     1/0
... except Exception as exc:
...     raise RuntimeError('Something bad happened')
...
Traceback (most recent call last):
  File "<stdin>", line 2, in <module>
ZeroDivisionError: division by zero

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<stdin>", line 4, in <module>
RuntimeError: Something bad happened
>>> try:
...     1/0
... except Exception as exc:
...     raise RuntimeError('Something bad happened') from exc
...
Traceback (most recent call last):
  File "<stdin>", line 2, in <module>
ZeroDivisionError: division by zero

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "<stdin>", line 4, in <module>
RuntimeError: Something bad happened
>>> try:
...     1/0
... except Exception as exc:
...     raise RuntimeError('Something bad happened') from None
...
Traceback (most recent call last):
  File "<stdin>", line 4, in <module>
RuntimeError: Something bad happened
>>>

Related info:

Wednesday, November 9, 2016

Goodies in Python 3.6!

Python 3.6 is around the corner!

Reading the new features I am excited to see these:

Formatted string literals.

>>> name = "Fred"
>>> f"He said his name is {name}."
'He said his name is Fred.'
>>>

The dict type now uses a “compact” representation pioneered by PyPy. The memory usage of the new dict() is between 20% and 25% smaller compared to Python 3.5. Dictionaries are now ordered!

Python 3.6.0b4 (v3.6.0b4:18496abdb3d5, Nov 21 2016, 20:44:47)
[GCC 4.2.1 (Apple Inc. build 5666) (dot 3)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> def f(**kwargs):
...     print(kwargs)
...
>>> f(a=1, b=2, c=3, d=4)
{'a': 1, 'b': 2, 'c': 3, 'd': 4}
>>> {'a': 1, 'b': 2, 'c': 3, 'd': 4}
{'a': 1, 'b': 2, 'c': 3, 'd': 4}
>>> d = {'a': 1, 'b': 2, 'c': 3, 'd': 4}
>>> d.keys()
dict_keys(['a', 'b', 'c', 'd'])
>>> d.values()
dict_values([1, 2, 3, 4])
>>> d.items()
dict_items([('a', 1), ('b', 2), ('c', 3), ('d', 4)])
>>>

Import now raises the new exception ModuleNotFoundError (subclass of ImportError) when it cannot find a module. Code that current checks for ImportError (in try-except) will still work.


Friday, June 24, 2016

Scott Sanderson, Joe Jevnik - Playing with Python Bytecode - PyCon 2016

Ever wondered what Python is actually doing when it executes your code? Want to learn to hand-craft artisanal Python bytecode? In this talk, we explain CPython's internal code representation, and we demonstrate techniques for modifying code objects for fun and profit.

Thursday, June 23, 2016

Matt Bachmann - Better Testing With Less Code: Property Based Testing With Python - PyCon 2016

Standard unit tests have developers test specific inputs and outputs. This works, but often what breaks code are the cases we did not think about. Property based testing has developers define properties of output and has the computer explore the possible inputs to verify these properties. This talk will introduce property based testing and provide real world examples and patterns.

Wednesday, June 15, 2016

Brett Slatkin - Refactoring Python: Why and how to restructure your code - PyCon 2016

As programs gain complexity, it becomes harder to add features and fix bugs. Reorganizing code is an effective way to make programs more manageable. This talk will show you Pythonic ways to do the most imporant ""refactorings"": Extract variables with __nonzero__; Change signatures with *args and **kwargs; Extract fields and classes with @property; Create stateful closures with __call__; and more!