Technitribe

interesting problems (and a few solutions, too)

Technitribe
  • About the Authors
  • Log In
  • Log Out
  • Lost Password
  • Register
  • Reset Password
    • 3 Feb 2016

      bitmath-1.3.0 released

      Written by Tim Bielawa

      It’s been quite a while since I’ve posted any bitmath updates (bitmath is a Python module I wrote which simplifies many facets of interacting with file sizes in various units as python objects) . In fact, it seems that the last time I wrote about bitmath here was back in 2014 when 1.0.8 was released! So here is an update covering everything post 1.0.8 up to 1.3.0.

      New Features

      • A command line tool, bitmath, you can use to do simple conversions right in your shell [docs]!
      • New utility function bitmath.parse_string for parsing a human-readable string into a bitmath object
      • New utility: argparse integration: bitmath.BitmathType. Allows you to specify arguments as bitmath types
      • New utility: progressbar integration: bitmath.integrations.BitmathFileTransferSpeed. A more functional file transfer speed widget
      • New bitmath module function: bitmath.query_device_capacity(). Create bitmath.Byte instances representing the capacity of a block device
        • This my favorite enhancement
        • In an upcoming  blog post I’ll talk about just how cool I thought it was learning how to code this feature
        • Conceptual and practical implementation topics included
      • The bitmath.parse_string() function now can parse ‘octet’ based units
        • Enhancement requested in #53 parse french unit names by walidsa3d.
      • New utility function: bitmath.best_prefix()
        • Return an equivalent instance which uses the best human-readable prefix-unit to represent it
        • This is way cooler than it may sound at the surface, I promise you

      Bug Fixes

      • #49 – Fix handling unicode input in the bitmath.parse_string function. Thanks drewbrew!
      • #50 – Update the setup.py script to be python3.x compat. Thanks ssut!
      • #55 “best_prefix for negative values”. Now bitmath.best_prefix() returns correct prefix units for negative values. Thanks mbdm!

      Misc

      To help with the Fedora Python3 Porting project, bitmath now comes in two variants in Fedora/EPEL repositories (BZ1282560). The Fedora and EPEL updates are now in the repos. TIP: python2-bitmath will obsolete the python-bitmath package. Do a dnf/yum ‘update‘ operation just to make sure you catch it.

      The PyPi release has already been pushed to stable.

      Back in bitmath-1.0.8 we had 150 unit tests. The latest release has almost 200! Go testing! :confetti:

      1 Comment
    • 30 Oct 2015

      Streaming the serial numbers from an X509 certificate revocation list

      Written by Alex Wood

      The project I work on uses X509 certificates with custom extensions to manage content access on the Red Hat CDN. The basic idea is that Candlepin issues X509 certificates with an extension saying what content the certificate is good for. Client systems then use that certificate for TLS client authentication when connecting to the CDN. If the content they are requesting (deduced from the request URL) matches the content available to them in the certificate, then access is granted.

      This system works well in practice except for one problem: every time content for a particular product changes, the content data in the X509 extension becomes obsolete. We have to revoke the obsolete certificates and issue new ones. The result is an extremely large certificate revocation list (CRL).

      For our cryptography needs, Candlepin uses the venerable Legion of the Bouncy Castle Java library. This library anticipates normal CRL usage so when building a CRL object from an existing file, the entire structure is read into memory at once. This approach doesn’t scale well with the numbers of revoked certificates we are dealing with, so we needed to devise a way to stream the CRL. Moreover, the only thing we really care about for our purposes is the revoked certificate’s serial number.

      Streaming the CRL means we need to dissect the ASN1 that describes the CRL one piece at a time. RFC 5280 to the rescue! Looking at the description of the ASN1 for a CRL reveals that before the sequence containing the revocation entries, there will be a thisUpdate and optionally nextUpdate field of either type UTCTime or GeneralizedTime. We need to descend in the ASN1 until we get to the thisUpdate field, look for and discard the optional nextUpdate field and then walk through the revokedCertificates sequence reading the serial numbers.

      That procedure is not exactly a walk in the park, so in the hope that someone else may find it useful, here is the solution I came up with. Keep in mind that the code does not check the signature on the CRL so this code should not be used for any CRL that you do not trust implicitly.

      The end results are pretty dramatic. The benchmarking toolkit I’m using shows an improvement in execution time by an order of magnitude (from around 7 seconds to .7 seconds) and memory usage drops by about 30%. You can see the GC statistics in the graph below.
      Visualization of X509CRLStream's benchmarks

      and the benchmarking results are

      Benchmark             Mode Cnt    Score     Error  Units
CRLBenchmark.inMemory avgt  20  7493.602 ± 941.592  ms/op
CRLBenchmark.stream   avgt  20   669.084 ±  91.382  ms/op

      In writing this, A Layman’s Guide to a Subset of ASN.1, BER, and DER was of invaluable assistance to me as was the Wikipedia page on X.690. I recommend reading them both.

      2 Comments
    • 23 Oct 2015

      SSL Renewal And You

      Written by Tim Bielawa

      RapidSSL_SEAL-90x50

      This post is about renewing SSL certificates. There’s not a lot of information I want to communicate here, so I’m going to keep it short.

      Yesterday the SSL certificate for https://blog.lnx.cx expired. I don’t know much about SSL, other than I find it more confusing/complicated than most things. I knew that I needed to renew the SSL certificate for the blog, but I did not know what that exactly meant. When I called my cert provider on the phone to renew, they told me that the renewal process begins with submitting a new Certificate Signing Request, or CSR in crypto parlance. We ended the call shortly thereafter and I set off to get started.

      I still had questions though. If I’m “renewing” my SSL certificate, does that mean my existing certificate is involved in some way? When I began reviewing the CSR generation procedure I saw no references to existing certificates. I did a bit of Internet research to try and figure this out.

      Eventually I found out that the idea of “renewing” a certificate is a bit of a misnomer. That is, nothing you have carries over with you. The process of “renewing” a certificate is actually the exact same process as getting an initial certificate. I’ll say that again for clarity:

      Renewing an SSL certificate is the exact same thing as getting your first SSL certificate.

      I hope this helps out other folks who are as confused as I was about the renewal process.

      0 Comments
    • 18 Sep 2015

      Eclipse Darkness

      Written by Alex Wood

      I’ve made several posts previously about the difficulties I’ve had with Eclipse and Gnome’s Adwaita theme: menu elements that have too little contrast to read, poor color choices, etc. I even took a stab at creating my own GTK3 theme to deal with the problem.

      I’m happy to report that my efforts are now obsolete. Eclipse Mars (now available in Fedora 22) has made significant improvements to the Dark theme (set under Preferences -> General -> Appearance). However, if you’re using Adwaita, the top menu bar is gray text on grey background. The simple fix is to change to the Adwaita Dark theme just for Eclipse. Here’s how:

      1. Open /usr/share/applications/eclipse.desktop in your text editor of choice.
      2. Modify the Exec line to read
        
Exec=env GTK_THEME=Adwaita:dark eclipse
      3. Done!

      The one gotcha is that when you update the eclipse-platform package, it will destroy the changes you’ve made in the desktop file so you’ll have to redo them. But that’s a small price to pay in my opinion.

      Screenshot of Eclipse Mars with Dark theme and Adwaita Dark GTK theme

      Eclipse Mars with the Adwaita Dark GTK theme.

      0 Comments
    • 12 Aug 2015

      Eclipse Graphene

      Written by Alex Wood

      Dear Internet,

      As I noted in an earlier post, Eclipse on Fedora 22 has some usability problems with the colors it uses. Eclipse uses GTK 3 for a lot of the theming of the interface. With the Gnome Adwaita theme, several of the drop-down dialogs (like Content Assist) have very little contrast between the background and foreground of a selected item. The result is the highlighted text is extremely difficult to read. Your only recourse is to mess with GTK settings.

      I had managed to address an issue with the Content Assist drop-down only to run into another issue with the Quick Outline drop-down. Finally I gave up and said, “to heck with it, I’m going to redo the whole thing.” To check out the result I came up with, head over to the Eclipse Graphene repo.

      Here’s an example:

      eclipse-dark

      0 Comments
    • ←
    • →
    Page 2 of 14
    • The Authors

    • Virtual Disk Guide

      Interested in virtualization? Do QCOWs rule your filesystem? Are you a libvirt or KVM+QEMU wizard? I wrote a book about virtual disk management. Check out the The Linux Sysadmin's Guide to Virtual Disks online for free at ScribesGuides.com.

      Consider supporting the author by purchasing a hard copy of the first edition for just $10.00 on Lulu.com.

    • bitmath

      bitmath is a Python library for dealing with file size units (GiB's, kB's, etc) in a sane way. bitmath supports arithmetic, rich comparison, conversion, automatic best human-readable representation, and many other utility functions. Read some examples on the docs site or check out the source on GitHub.

    • latest posts

      • [Updated] GitHub + Gmail — Filtering for Review Requests and Mentions January 20, 2017
      • References in a sub-select January 19, 2017
      • bitmath-1.3.1 released August 24, 2016

    • h4ck teh world

      tbielawatbielawa
      • Watch
        antonmedv/fx
        November 10, 2018 - 2:09 pm UTC
      • Push
        openshift/aos-cd-jobs
        November 7, 2018 - 7:34 pm UTC
      • Pull Request
        openshift/aos-cd-jobs
        November 7, 2018 - 7:34 pm UTC
      • Watch
        wagoodman/dive
        November 1, 2018 - 2:48 pm UTC
      • Fork
        openshift/ocp-build-data
        November 1, 2018 - 1:53 pm UTC

    • popular posts

      • Fedora 20 and the ThinkPad T440s touchpad
        20 Mar 2014
      • Fixing my missing locales
        13 Aug 2009
      • Mac OS X 10.7 - Getting songs off an iPod
        15 Oct 2011

    • tags

      bitmath blog conference css dblatex DNS DocBook eclipse Emacs Erlang Fedora fedora 22 GNU Screen Haiku Introduction java jboss LCSEE Linux locale locales fix slicehost ubuntu Macports module Modulus nist nXML-Mode opengl open source OS X package packaging pki prefix units presentation project pypi Python scholarship si summit Tutorial ubuntu xcode XML XMPP

Creative Commons License
Technitribe by Tim Bielawa is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.