Archive for the ‘Software’ Category

SSH-over-HTTPS for fame & profit

Tuesday, April 18th, 2017

In the past, I’ve discussed using SSH to circumvent restricted networks with censoring transparent proxies, but that relied on the restricted network allowing free SSH access on port 22 (what we call in the industry – the single network requirement for getting work done).

Unfortunately, there are restricted networks that don’t even allow that – all you get is the transparent censoring HTTP proxy (which has recently became the case with the free Wi-Fi on the Israeil Railways trains).

But fortunately for us, there is still one protocol which they can’t block, they can’t proxy and they can’t man-in-the-middle  – or else they’d break the internet even for people who only read news, search google and watch YouTube – that is HTTPS.

In this article I’ll cover running SSH-over-HTTPS using ProxyTunnel and Apache. The main consideration is that the target web server is also running some other websites that we can’t interrupt. The main content is based on this article by Mark S. Kolich, but since it only covers using plain HTTP and in addition to some simple changes in the example configurations I also wanted to cover getting an SSL certificate, here’s my version of the tutorial:


Polymer Runtime Application Configuration

Wednesday, January 18th, 2017

When creating web applications, we often need to have some parts of the application configuration for the deployment environment – usually web service API endpoints have different URLs in different environments, such as using a production web service in production and a locally hosted web service during development.

Such a feature is implemented in many web frameworks and building tools for web applications, such as Gulp or Grunt. Unfortunately, when building applications using Google’s Polymer SDK, there are no such features available – reviewing the Polymer documentation one, there isn’t even any mention of how one handles such mundane tasks as configuring API URLs, except hard-coding them(1).

Developers have tried to solve this problem in different ways, from adding “environments” feature for Polymer’s internal build tool; abusing “behavior modules”; or using “app globals” custom element with complex code to share application-level state. None of these features work well or elegantly (except maybe the environments feature, if it ever gets implemented).

Here is the solution I came up with – with many thanks to Daniel Tse that described part of the implementation in this article – just using the core Polymer elements iron-ajax and iron-meta and without any custom code. Its not the most elegant thing that can be done, but it is relatively simple and works well. Its main down-side is that the application configuration is not embedded in the application during build time but loaded from an external file when the application loads – this may even be a required feature in some scenarios but its not the generally accepted practice.


  1. all iron-ajax examples, as an obvious example, use hard-coded URLs []

Googlephobia Paints The World Red

Saturday, June 4th, 2016

This is an open letter to Chris Fisher from Jupiter Broadcasting (and friends) regarding the recent tirade against Google “winning” the court battle against Oracle for the use of the Java APIs.

A short summary for the uninitiated:

After Oracle bought Sun including their Java implementation, they sued Google who implemented (some of) the Java APIs for use in the Android operating system, for copyright infringement in some source code, copyright infringement on the API definitions themselves and a couple of software patents they held about how to implement some Java behavior. Round one: Some source code was ruled infringing, APIs were found non-copyrightable  and patents were found not-infringing. Round two: A federal court (that normally rules on patent issues) held the ruling of copying (for Oracle) and patents (for Google) but ruled APIs copyrightable and Google infringing on that. Third round: a jury found that Google’s use of the Java APIs was fair-use and no damages should be awarded.

After the last jury decision, there was a lot of back and forth on the internet, notably one Ars Technica article (“op-ed”), by an Oracle lawyer claimed that the result boils down to nullifying any and all open source licenses:

if you offer your software on an open and free basis, any use is fair use.

Then we come to Chris Fisher – as the host of his Linux Action Show podcast, he has spoke out against Google many times in the past, but this tirade in the discussion of the Oracle vs. Google action in the most recent Linux Action Show #419, really demonstrates well the extents of his Googlephobia (LAS #419, 0:46:42):


Script day: persistent memoize in bash

Thursday, September 10th, 2015

One type of task that I often find myself implementing as a bash script, is to periodically generate some data and display or operate on it – maybe through a cron job, watch or simply a loop. Sometimes part of the process is an expensive computation (could be network based, IO intensive or simply subject to throttling by another entity). The way to deal with issues like that in modern programming languages is a caching technique known as “memoization” (based on the word “memorandum”) in the results of an expensive call is retained in memory after the first time, and returned for future calls instead of running the expensive calculation. We also need to clear the cache every once in a while, but that’s another issue.

So, how to implement in bash?


Script Day: Cloud-init for MS-Windows, The Poor Man’s Version

Thursday, August 20th, 2015

Cloud-init is a Linux technology that allows easy setup and automation of virtual machines. The concept is very simple – the VM infrastructure provides some way of setting some custom data for each virtual machine (many providers call this “user data”), and when the operating system starts the cloud-init service reads that configuration, loads a bunch of modules to handle various parts and let them configure the system. As a user it is very convenient – you write a setup scenario using the variety of tools offered by cloud-init, you can store the scenario in a source control to allow to develop the scenario further, then just launch a bunch of machines with the specified scenario and watch them configure themselves.

The situation is much worse on the MS-Windows side of the fence: want to have an MS-Windows server configured and ready to go? Start a virtual machine, connect to is using RDP and Next, Next, Finish until your fingers are sore. Need to deploy a new version? either retrofit an existing image (again, manually) and risk deployment side effects, or do the whole process again from scratch.

Here’s a script to try to help a bit with the problem – at least on Amazon Web Services: a poor man’s cloud-init-like for MS-Windows server automation.


Software recommendation: MongoDB UI – Robomongo

Sunday, June 21st, 2015

I’ve been looking a while now for a good way to manage data in MongoDB database servers. The command line tool is OK, but its not really easy to work with, even doing simple stuff like listing the content of a collection.

For a while I’ve been using Genghis, which has an interesting approach to a local graphical interface: it starts a local web server and invokes a web browser to access that server. The UI is pretty nice and very responsive, but it is kind of flaky and lately has stopped working for me entirely. Also the data density you can get from a nice looking web UI is still much lower then you can get in a well designed desktop UI – and when looking at a lot of data records in a database, data density is very important.

Enter Robomongo:


Fix another ‘curl|sh’ bogus installation – Heroku

Friday, June 19th, 2015

The Heroku toolbelt (which I don’t remember if its mentioned in the “curlpipesh” tumbler mentioned by Amir in his response to my “Fix RVM” post), is a CLI to manage applications on the Heroku PaaS platform. As is common (and horrible) in this day and age they also offer a ‘curl|sh’ type install on their home page.

While the Debian/Ubuntu specific installer is not entirely horrible – it basically adds the Heroku Toolbelt debian repository to the APT source list, updates the package list and installs it, the “standalone” version is as horrible as it can get: download an unsigned binary from the internet, get root permissions and then do something.

For users of Fedora and other distributions, or just Ubuntu users who don’t like installing external repositories on their system, here is a simpler method to get the Heroku Toolbelt running on your system without root permissions and downloading scripts off the internet:


The sorry state of the autonomous car discussion

Monday, May 25th, 2015

English: Google driverless car operating on a ...As can be evident across the web (for example in this article), the current discussion fueled by Google’s self driving car news and a the possible development plans of other small and large companies is often concerning itself with the morals of a software driven car(1). Which is, frankly, unfortunate.

I think that the only people that should be really bothered by all this talk of “who should the autonomous car kill (in case of an accident)” discussion are the programmers hard at Google and other companies, who are suddenly held to a much higher moral standard than expected of programmers who are responsible, today, to hundreds of lives in each instances – such as programmers for railway systems and passenger jets flight control software.

When you look at the problem from the perspective of autonomous transport control software, that is right now being used to safely transport millions of humans daily, its obvious that the main concern of the designers is to have quantitatively better response (more consistent and faster, in that order) than a human, for adverse situations, but qualitatively better – that is, the systems will not pretend to make decisions morally better than a human would do at any given situation, just perform better on the exact same actions that the human it replaces will have taken anyway.

So when a Google self-driving car programmer comes answer to the “trolley problem” or the “fat man problem” discussed in the linked article, they should not be held to a higher moral standard than the average driver, because that is who they are replacing.


  1. that is, immediately after the “ooh, technology is so awesome” debate []

Fix RVM “run script from the internet to install”

Friday, May 8th, 2015

On Wednesday I complained about the latest UN*X fad of installing software by running scripts from the internet, without any regard to how your operating system handles software installation.

Docker, that I complained about last time, at least has a script that takes into account the local software management solution (uses apt for Ubuntu, yum for Fedora, etc), but RVM – the Ruby Version Manager which is a popular tool among rubyists everywhere, just downloads a bunch of executable stuff (granted, most of it are scripts, but the difference is lost on most people) into arbitrary location on your file system. At least it doesn’t install system software, oh wait – it does.

While I can’t help with RVM’s desire to install system level software (that it actually needs because one of the things you want RVM to do for you is to compile ruby versions from source), I can try to help you figure out how to install RVM where you want it and use it how you want it.


Docker and the horrible “one line installation” fad

Wednesday, May 6th, 2015

One of the weird things that sane (or some would say “old skool”) system administrators complain about lately is that with the rising popularity of UN*X systems (mostly Mac OS X and Linux) in the world, and in particular in the software development world, people using UN*X system want less and less to understand how to manage their systems and the culmination is the

to install this complicated system level software, just copy and paste simple wget command to your terminal

with Docker being the most horrible example of that behavior. No sane person (who understand UN*X) will ever think that installing Docker by feeding the content of a URL to bash is a good idea, but for some reason this is the documented and recommended way by the Docker people. Other examples are abound, but lets concentrate on fixing the Docker scenario.


Spam prevention powered by Akismet