Dear Lazyweb, how secure is Tomato?

So today I noticed on one of my internal servers the following:

Jul 17 23:53:13 localhost sshd[31847]: Invalid user sales from 123.196.113.11

Jul 17 23:53:13 localhost sshd[31848]: input_userauth_request: invalid user sales

And I also see….

Jul 17 23:47:11 localhost sshd[31690]: reverse mapping checking getaddrinfo for 42.ac.84ae.static.theplanet.com [174.132.172.66] failed - POSSIBLE BREAK-IN ATTEMPT!

Also?

Jul 20 14:56:01 localhost ¿<28>fail2ban.actions: WARNING [ssh-iptables] Ban 121.88.250.208

Huh? Nothing is port forwarded, and the only thing that could be connecting to the box is a Linksys running 1.28 Tomato.

So I am wondering, is Tomato secure right now?

MySQL, Enum, skip the if()

There are a number of different, and very valid patterns for handling objects of different types. This is not about that, this is about how to not mix a pattern.

A very, very common bit of code that is in MySQL (and can therefor be found in Drizzle):

if ((cached_result_type == DECIMAL_RESULT) or (cached_result_type == INT_RESULT))
{
 do_something();
}
else
{
 do_something_else();
}

DECIMAL_RESULT and INT_RESULT are each possible result types.

Are there more?

Why yes there are. In the above bit of code the original author thought about two cases, and assumed all other cases could just be lumped into the else.

I’ve fixed dozens of bugs over the last few years based on similar assumptions.

What assumptions? 

1) The no one would ever add another result type.

2) That no other bug fix might create a case where the else no longer held true.

3) That the else was ever correct in the first place.

Without changing the entire design, what would be better?

Use a switch and make a case for each enum. That way if a new enum is added anywhere in the code where logic is required based on the enum you will catch it when you compile (assuming you have your warning flags turned up in your compiler). 

Also? Skip “default”. Unless you are taking something off the wire/file/etc you can skip default because you aren’t going to end up with an invalid enum. If you are doing one of these actions?

Sanitize the data first, don’t just cast it.

Syncing, Google vs OSX, iPhoto Ate my Father's Wedding Pictures

I don’t really love OSX, as much as I happen to be a UNIX bigot. 

Minus the long grey beard.

Why do I like OSX? 

• Terminal always works.


• WiFi always works.


• I love Toasters

Toasters are awesome. You put bread in, you push the bar down and you get toast.

That is until the toaster starts to burn bread because either the dial has been turned all the way up, or the toaster has become so old that the springs are worn out.

iPhotos? iPhotos burns a lot of bread, I mean, it eats a lot of photos. 

It is really irritating to lose photos, especially in the manner that happens with iPhotos. With iPhotos you can see the icon it made of the photo, but the original? It is long gone. I haven’t done an exhaustive search of all of the meta data, but you certainly can’t export or even view the photos.

A lot of my photos I upload to flickr when I want to store/share them longterm, but I haven’t always done that. 

And when I went to show someone a photo from my father’s wedding? I discovered that it had once again eaten all of the photos from the wedding. 

So what to do about it? I’m going to go with Picasa. I recently acquired a new NAS (I upgraded from my NV+ Readynas, to a Ultra6 ReadyNas). I have been writing scripts that have been extracting all of the pictures from all my computers. It is opening up tarballs of old home directories and pulling images from them and then storing the images to the NAS. If I could figure out how to deal with Spam I would extract all of the images from my email as well.

Picasa has been running for a couple of dates. It has ~15K of headshots it has found. I thought that iPhotos face recognition was pretty gimmicky. The Google one though? It is sharp. It is finding friend’s photos that I didn’t know that I had (so much for anonymity during the Fremont Solstice Parade!). My only real complaint with it so far is that I wish I could share the facial recognition information with friends so that we could collectively parse photos. 

Downside? Picasa image display is not that awesome. Its slow, and for some reason someone thought it would be brilliant to include all of the headshots in one window. Which means I have to do a bunch of scrolling to approve photos that it is finding.

Like all programs Picasa needs a kill file. 

Another downside to Picasa? It is walled garden. I like flickr, I am going to continue to use flickr. It’s annoying that I can’t sync between the two (maybe Google will buy it?).

At the very least you would think that Gmail would be able to extract photos from email, Or make it easy to share photos between my computers. 

iPhoto did an ok job at editing photos, Picasa is really lacking when it comes to this. I’ve been meaning to make more use of Lightroom, I guess this will give me a reason.

Next on my list of problems to solve?

Contacts. 

Can you package up that library for us?

One thing that we, Data Differential, have is a lot of code. We get requests, infrequently, about packing up one or more libraries that we use in our products. 

Our test harness, libtest (uTest), is one that comes up frequently. We use it for all of our products, and there are a handful of open source projects out there that use it as well.

Why have our own, why not just use GoogleTest, or the one built into Boost?

• We have different features. libtest can start, stop, kill, etc a number of types of servers with different options.


• Integration with tools. If you are in vim and type “:make”, if an assertion in a test occurs, you go directly to the error in vim. 


• It is always around, because we ship it in our code. 


• It can rerun collections of tests over and over, with different flags/options. 


• Extended testing with valgrind.


• It gives us a regression report for performance for each test.


• Does C/C++ libraries (which is our bread and butter).

Does it lack things?

• Documentation. Everyone who uses it today, uses it because they have worked for me at some point (or…). It is the network effect.


• CLI applications. It cannot test these at all.

What is the big win? 

We have 50K lines of test cases at the moment, that just we maintain. There is an example for just about anything. The framework has a number of ways it can be extended so it is it is not hard to find an example to show someone (and we receive a couple of test cases a week from users, so we know that the average developer can pick it up rapidly)

So should we package it up?

Probably not.

Is having it be open source a win for us?

Yes.

We can distribute it, we can have our customers distribute it, and we can ship it with each download. We get the benefit of having all of our users install and run it. Because we maintain, developed, and are further developing it, we make testing a core competency. 

So why not package up everything we do? There isn’t the time, and there really isn’t a reason.

ABI compliance? We don’t require it for libtest.

More developers? There is this myth in open source where people believe that if you open source something, i.e. throw it over the wall, people will come. That is not the case at all.

Help with Development? Maybe, but it could also just become a time sync for us. 

We have gotten similar requests for other libraries, like libhashkit. We haven’t bothered there either (though we do ship it, provide ABI, and install it). In its case we have had other companies fund the work, and they just happen to hit us with the requests when we had some free cycles (which is rare for us at the moment).

So will we package up more libraries? 

I think the better question is, do we have a compelling reason to package up a library?