Tuesday, April 30, 2019

The best and worst programming languages of 2019

Every few days there is a post on my Google stream that says "best programming languages for 2019"..."worst...", "top 10"... and so on. WHAT A COLOSSAL MESS!

I've been a programmer for over 35 years and so I've seen the birth and death of many languages, operating systems, system designs, and system principles. Just for some scope I have implemented commercial level hardware, firmware, operating systems, UI, scripting, databases, network security, about 30 different languages including internals and so much more. I've seen the birth and death of smalltalk and macro assembler and the COBOLinazation of Java. Maybe I know a thing or two.

A few years ago I started work for a client that wanted report after report after report. None of the languages available have any sort of framework or even best practices that could be used to pull data from a database, analyse it, and then export it to any sort of file. Then there are other needs like scheduling, scaling, monitoring and so on.

At the same time we were looking for some flow based programming based on what we saw with NOFLO and the related projects. Javascript was not the answer because it was still single threaded and given the amount of DB round trips it was not practical to work that problem.

While years earlier I worked for an employer that was heavy into DSLs they got it wrong. They were trying to work inside the likes of Java and C# with all that heavy lifting to create languages that might do all that Touring magic, however, 99 times out of 100 most of the work comes down to simple scripting.

Lastly I carry two bookmarks. The first is tcl. First of all SQLite's testing framework is implemented in a variation of tcl. WHY? Well because the SQLite author was also the tcl author. Second because the tcl interpreter is simple, small, lightweight. While modern tcl is powerful and has plenty of APIs the API syntax can be implemented in about 500 lines of C or Golang code. It's also extensible. And in the case of Golang it's really easy to layer even more 3rd party APIs.

The second bookmark dates back prior to PCI and in the early days of Java when I realized that even though the jar file contained the language bytecode I could also store the source code. And in this way if I received a bug report I know exactly what the state of the source was. I could implement an air gaped patch and preserve the chain of evidence.

I'm not sure why programmers get all wrapped up in ideas like generics. My favorite argument is Object Oriented. For example inheritance is cornerstone themes in OO. The problem is as soon as things they complicated everything starts to fork. For example in the reporting system I designed there is a common set of about 700 SQL queries. For the most part they are thematic.... several based on orders, customer, payments, and so on. The DSL is also divided up by function like "find the first order" and "print orders"; separating work from I/O.

Every once in a while someone will say, I need "customer language" on the customer report. Step [1] is check the work and make sure that the language data is being retrieved and if not add it and check the query performance. This change will now be inherited by all the reports when they are regenerated. Step [2] add the language to the output function. If that's a common function then when the other reports are regenerated they will inherit that change. So now we need to know the impact and whether that's important. So sometimes the output function will be versioned. Sometimes the function is parameter-ized.

And there is a secret 3rd bookmark. Ruby. The syntax is fine but the ability to do modify code at runtime especially inherited code make it impossible to debug. Sure the elite programmers avoid the big mistakes but the crazy Ivans just make a mess.

In conclusion we only need simple syntax like tcl, LUA, even BASIC, COBOL or Fortran; to get the work done. We can add syntax and API for things like databases, user interfaces. One thing for sure is we go not need a complete new syntax to add ideas. For example we did not need to add tabs to perl in order to get python. Instead of forking the perl community to a python they should have made a simple perl that expressed those ideas.

And if you made it this far then there is a fourth bookmark. "readable code" It's an idea put out by Knuth. So my idea is that markdown should be the document container for the next language framework. Markdown is readable in both source and rendered form. While there is something called the python notebook and the R notebook these are almost what I'm referring to. I have not gotten there yet. I'm also not interested in python or R syntax at this point. I also have over 1700 reports that would have to be migrated and that in itself needs some management.

Friday, April 26, 2019


Do you really need a sleeping bag when you are hiking or camping in Florida? That's a tougher question than you would think. First of all sleeping bags provide a certain amount of protection that is only matched by a blanket and bivy combination. But in both cases we are challenged to regulate our temperature, comfort, staying dry and keeping the bugs out.

Klymit Vera Blanket - $79.95; 58x80; 23oz. Special features includes a footbox which doubles as a sack although not compressible (included separately) and small hand pockets in each corner. And snaps.

Alps Dayventure Waterproof Blanket - $49.99; 58x80; 35oz.

Alps Wavelength Blanket - $69.99; 54x80; 36oz.

Sea To Summit Reactor Fleece Liner - $84.99; 15oz. A liner is just that. While it can be used alone it was intended to be used in a sleeping bag. Both to keep it clean and to raise the temp. STS has several models with different temp ranges. One place it fails is that they are not windproof and so temp can be effected if you are using a tarp shelter. (the fleece can be treated with permethrin for extra protection)

Matador Matador Pocket Blanket 2.0 - $29.99; 63x44; 4oz. as blankets go this is more of a sheet than a blanket. It's probably better as a groundsheet even though it's only 63x44.

My ideal shelter system is a hybrid hammock and tarp system. Not everywhere I sleep are there good trees to swing from. And sometimes the ground is just not friendly. So being able to work in both world means some compromise. Carry more weight, carry more volume, carry some stuff you will not use, or carry gear that was not necessarily meant for each function but works.

Why a sleeping bag or blanket at all? I was digging in my closet the other day and I found what looks like a hybrid insulated rain cargo pant. Add a puffer jacket with a hood and you can suffer a lot.

Monday, April 22, 2019

Advice for new car purchase...

If you're having trouble with a new car sale and you happen to get to the GM and he or she makes a statement like....
I want you to be happy so if you're not happy we'll take the car back.
DO IT DO IT DO IT... there is probably something wrong and your better off Uber'ing around for a few days until you can get the right situation. It happened to me and I'm still trying to unpack myself from the contract and what the real cost to my soul was.

Friday, April 12, 2019

ATT good news bad news

It seems that it is well documented that ATT has managed to screw up their Pace Pic model 5268AC with the firmware version While the default mode is DMZ all of the firewall/port forwarding rules are OFF by default. This is normal and fine but if you want to do some advanced work like remote desktop, secure shell, or even hosting your own website or service then you need some advanced knowledge.

Where things get annoying is that if you want to L2TP/ipSec into your home network then you need to be in bridge mode because ipSec requires access to protocols other than just TCP and UDP.

And as I'm tired of this problem ATT customer support was useless. They were clearly working from a script and no grasp of the problem.

Tuesday, April 2, 2019

Edgerouter IPSec Split Tunneling


You have a sever/network behind a Ubiquiti Edgerouter configured to be an IPSec server.

You have an Android or ChromeOS device that you have configured to connect to the IPSec server and the allowed networks/devices behind it.


There are essentially 3 types of configurations an admin or corporate security might specify... and without knowing the exact terms myself...

1. forced no way out. - all network traffic is sent thru the VPN but there is no way back to the public internet.

2. forced tunnel all. - all network traffic is sent thru the VPN and all public access too. This is what many VPN vendors are selling and how some ISPs improve performance to the last mile by compressing data.

3. just the allowed networks. - only packets destined to the allowed IPs and CIDRs will be routed through the tunnel.

This is a bit frustrating because unlike OpenVPN there is no "push" and so the client makes certain decisions about what goes where. While there are so many 3rd party companies describing #3 it seems that they own both the client and server side.

Now what?

Ubiquiti says that all of these configurations are possible, however, they stop there and provide no more. ChromeOS hints at this functionality in their docs however you gotta pay to play. The stock Android IPSec does not offer any hints.


The ERX is do incredibly buggy!!!

Monday, April 1, 2019

Ubiquiti Edgerouter or Netgate pfSense

The average home user should just use the ISPs defacto services. The price is typically reasonable including warranty and support. Simple economics should provide the realization that once you start to add hardware you add to the amount of training, support, attack vectors, and so on.
How many times have you called your ISP for support and they want you to connect directly to the modem, bypassing your router, and test whatever it is you are reporting? For me it's every time.
But once you start to live a mobile or semi-mobile lifestyle you either have to move certain elements into the cloud, everything to the client site, or at home. The first 2 are obvious and the client site is the easiest because you're not likely managing that service making daily life easy. I prefer to function in the cloud but it does leave some systems vulnerable. And phoning home has it's own set of vulnerabilities.

One client is in a constant state of change. It's impossible for me to deploy a dev in a box approach.

One client uses cloud and bare metal services to process millions of phone calls a day. These systems are so busy that the various systems including hardware are reaching EOL.

Another client has a cloud based app that is rock solid but is rarely used. One thing we talk about in risk management is not to create risk when there is none. So this stuff is just aging.

The last client I will mention had to replace my MacBook while I was traveling because it failed in a spectacular way. The battery expanded causing the mouse to stop working. At the time I had all of my projects on the Mac's HDD. That meant my latest changes could be lost or if the laptop was stolen then I could be responsible for the company's secrets. Later that year I started encrypting everything.

So assuming that you're going to commute to the cloud now the question is how? What is he formula for your services. To VPN or not to VPN; or maybe just ssh? Running an ssh server is pretty simple and it limits the attack plane even though it's a thin layer. VPN can open the barn door entirely creating a new set of problems.

Pricing and functionality for Ubiquiti and Netgate hardware varies. pfSense has been around a long time and is open source leaving it open to inspection but also vulnerable to certain attacks. Once you start looking at network traffic/capacity the cost goes up. pfSense does not have a universal app where monitoring the Ubiquiti can be coincidental.

moving on

UPDATE I have two ISP connections.  Both pfSense and Edgerouter support dual WAN. I have one ISP connected to each device. I have not made a decision yet.

UPDATE the ERX is incredibly buggy !!!

another bad day for open source

One of the hallmarks of a good open source project is just how complicated it is to install, configure and maintain. Happily gitlab and the ...