Two more stories

Here’s two stories that worked their charm on a not-very-sleepy little boy, turning him into a sleepy one. Bep and the Giant Pumpkin: It is October, the official start of pumpkin season in our house. That means it is time to start talking about pumpkins and where we get them. So mommy, daddy, Elio and Emma got in Bep and went for a drive. They drove up up up to the top of Lausanne and then up up up to Mont sur Lausanne, then up up up more to the little self-service vegetable stand above it. Everyone went in and chose their pumpkins one by one. Emma got a little pumpkin because she needed to hold it between her feet in her maxi-cosi. Elio got a bigger pumpkin because he’s strong (Elio e forte!). Mami chose a good pumpkin for soup because she makes the best pumpkin soup. And daddy chose one to make a yummy pumpkin curry. Daddy was about to pay and go, but Elio asked, “What about Bep?” So they looked but none of the pumpkins were big enough for Bep. They went out back and found a perfect pumpkin, 1 meter across, 3.14 meters around and weighing 200 kg! They went to get Bep and asked, “can you carry it?” Bep said “beep beep vroom vroom, no problem” and drove the whole family home, each with their pumpkin on their lap (except mami, who was driving) and Bep with his pumpkin right in the middle. ...

October 3, 2012 · 3 min · jra

Once upon a time...

My son now needs a bedtime story, whispered in the dark, to go to sleep. My wife and I both love good story telling. She even took a course on it once, and told a story to an audience as the final project. We go to le Nuit des Contes every year here in Lausanne, and I’ve picked up some tips from watching the (literally) professionals there. A key to oral story telling, certainly for small children, is to use a structure with repeating sounds and phrases that they can get wrapped up in. ...

September 10, 2012 · 6 min · jra

Zero Downtime upgrades of TCP servers in Go

A recent post on the golang-nuts mailing list mentioned that Nginx can upgrade on the fly without ever stopping listening to it’s listen socket. The trick is to unset close-on-exec on the listen socket, then fork/exec a new copy of the server (on the upgraded binary) with an argument to tell it to use the inherited file descriptor instead of calling socket() and listen(s). I wanted to see if I could achieve the same thing with Go, and what changes would be necessary to the standard libraries to make this possible. I got it working, without changing the standard library, so I wanted to explain what I did here. ...

May 29, 2012 · 5 min · jra

Testing Go's HTTP server for CVE-2011-3192 vulnerability

The recent DoS attack on Apache is caused by sending in a malformed Range header. I decided to send the same header into Go’s range header parser and see what happened. It passed with flying colors, giving the “invalid range” error, which would result in the Go webserver sending back HTTP response code 416 to the HTTP client. I didn’t test this under load (which is part of what the DoS was doing), but my quick reading of parseRange leads me to believe that the only effect of sending Range headers in like this is that garbage is created under control of the attacker (for example, due to strings.Split(s[len(b):], “,”)). Of course, that’s bad and should be limited. However, this risk is no greater than other places in the server. For example an attacker could send an unlimited number of headers, or headers of unlimited length. This is already mentioned in the net/textproto package’s reader.go. ...

September 15, 2011 · 3 min · jra

I love my Chumby

I have been wanting a digital photo frame for a while, so I could see the same pictures I send to the other digital frames in my family. I post pictures of Elio to Picasaweb, and my family sees them via Toshiba digitical frames with built-in wireless and FrameChannel clients. Here in Switzerland, the digital frames with wireless are super expensive, and don’t even have FrameChannel. Separately, I’ve always liked the Chumby, but considered it’s puny screen kind of pointless. I mean, what’s the point of a Linux machine with a 3 inch screen? If it’s not a phone, I mean. So when I saw the review of the new Chumby 8, I found the solution to my problem! ...

April 20, 2011 · 2 min · jra

No IPv6 from CityCable of Lausanne

My home ISP is CityCable of Lausanne. While I have nothing bad to say about their IPv4 offering (fair price, good service, no noticable speed problems) I’ve got nothing good to say about their IPv6 service… because they don’t support it yet. Shame on you CityCable. You should support IPv6: it’s not so hard, and it’s important to help your customers move forward, at least those of us who want to learn about native IPv6 connectivity before it becomes an emergency. Also, as a not-for-profit service of the city of Lausanne, it’s not like you can argue “there’s no business in it for us”. Part of your job is to enrich the city; that means leading instead of following on technology! Too bad you missed this chance. ...

April 3, 2011 · 2 min · jra

Now with IPv6!

I have been learning about IPv6 for work, and getting it turned on for home and for my server at nella.org. It’s been interesting, and a bit depressing just how hard it is to get people to do something that’s so easy… Anyway, if your web browser is on IPv6, you’ll get a nifty ribbon on the upper right of the page of nella.org. Go give it a try! But don’t complain if you don’t see anything, it just means you are on IPv4, and that you live in the 20th century… you probably also have a bad haircut and a skinny leather tie like I was wearing at my 9th grade end of year school dance… ...

March 26, 2011 · 1 min · jra

A trip down the (split) rabbithole

Note: This post is out of date, and will become increasingly out of date when Go’s new contiguous stacks are implemented. I’m leaving it here because it is still interesting, even if out of date. Go uses split stacks (also called segmented stacks in the literature) in order to allow thousands of stacks in the space that would normally be taken by hundreds of C-style contiguous stacks. There’s a discussion of how to add split stacks to GCC here. Note: it was written by the author of gccgo, around the time he started porting Go to Gcc, so it’s clear that he’s adding split stacks to Gcc to help Go. But if it’s helpful to C programmers as well, then so much the better! ...

February 15, 2011 · 11 min · jra

How to control your HTTP transactions in Go

The Go http pacakge has http.Get and http.Post, which make it easy to do GET and POST operations. They are meant for client use. They implement things from the point of view of a naïve client, one that just wants to give a URL and get back the results. They don’t want to chase redirects, they don’t want to set their headers specially, they just want to, in one line, get the results. ...

February 8, 2011 · 3 min · jra

A rate-limiting HTTP proxy in Go

Hello Go-fans. Missed a week due to a nice little ski vacation, but I promise I was dreaming of Go while riding the ski lifts, so I’ve got something interesting to share with you this week. I’ve worked in Africa and Indonesia in the past. There, I saw first-hand the possibilities of the Internet, but also the difficulties of using it in remote areas, over slow links, etc. I came up with ideas years ago for what I’d like in a proxy in the field that would make the limited bandwidth on a satellite connection go further. I’ve never had a chance to implement it until now, because hacking on Squid or other proxies just involved too much C hacking and core dumping to suit my patience, especially for a prototype to test ideas on. But Go, on the other hand; it’s just made for playing with this kind of thing! ...

February 7, 2011 · 7 min · jra