Quinn Slack

Discovered HPaste, a great Scala DSL for HBase

Quinn Slack — Wed, 25 Apr 2012 22:14:41 +0000

I recently came across HPaste, a Scala DSL for HBase. Once you’ve declared an schema like below, you can run HBase operations and MapReduce jobs on your data much more easily than with the standard HBase Java library.

object EventSchema extends Schema {
 
  implicit val conf = new org.apache.hadoop.hbase.HBaseConfiguration
 
  class EventTable extends HbaseTable[EventTable, String, EventRow](
    tableName = "event",
    rowKeyClass = classOf[String]
  ) {
    def rowBuilder(result: DeserializedResult) = new EventRow(this, result)
 
    val msg       = family[String, String, Any]("msg")
    val msgSender = column(msg, "sender", classOf[String])
    val msgBody   = column(msg, "body", classOf[String])
    val msgDate   = column(msg, "date", classOf[String])
 
    val info      = family[String, String, Any]("info")
    val name      = column(info, "name", classOf[String])
    val startDate = column(info, "startDate", classOf[String])
    val endDate   = column(info, "endDate", classOf[String])
    val body      = column(info, "body", classOf[String])
    val source    = column(info, "source", classOf[String])
    val tags      = column(info, "tags", classOf[String])
  }
 
  class EventRow(table: EventTable, result: DeserializedResult) extends HRow[EventTable, String](result, table)
 
  val EventTable = table(new EventTable)
}

HPaste stops short of being an ORM (like ActiveRecord or DataMapper) on purpose, but I’ve found myself making a number of ad-hoc singletons to wrap common operations against HBase. I’d find it very useful to have an ORM that sits on top of HBase and lets you define the operations and the de/serialization you want for your types. Time permitting, I’ll factor out what I have and post it up on Github. (I also made a Ruby ORM for HBase back in 2008, but I think the way people use HBase has become more sophisticated since then and that ORM design is no longer suitable for heavy use.)

From Quora: Will Linux incorporate tcpcrypt?

Quinn Slack — Fri, 03 Jun 2011 16:03:09 +0000

Someone on Quora just asked: “Will Linux incorporate tcpcrypt?”. I posted a response over there:

I have been working on and off with tcpcrypt for about a year. I believe that if someone puts in the time to polish the Linux kernel implementation, it’d be a likely candidate for inclusion. Andrea Bittau (the lead tcpcrypt guy) told me he would like to work on the kernel implementation himself sometime in the future. Andrea, Mark Handley, and David Mazieres are also working on the Internet Draft.

For now, the userspace implementation works well (and supports Linux, Mac OS X, FreeBSD, and Windows). It has a library so that endpoints can see the tcpcrypt session ID (to perform their own authentication), at https://github.com/sorbo/tcpcrypt/blob/master/user/include/tcpcrypt/tcpcrypt.h, and I made an Apache module that passes the session ID to Web apps, at https://github.com/sqs/mod_tcpcrypt.

On the advantages of tcpcrypt over TLS:

If your system runs tcpcryptd, then existing applications will use tcpcrypt. If the destination host doesn’t support tcpcrypt, then the channel falls back to normal TCP with no communication round-trip overhead. If both sides support tcpcrypt, then the applications get encryption for free (no code changes and minimal overhead). Of course, this only protects against passive attackers; to protect against active attacks, the apps would have to be modified to authenticate using the tcpcrypt session ID. Still, it’s better than cleartext. This, I think, is the key benefit tcpcrypt has over TLS: it makes encrypted-by-default really simple to bring about.

See also the tcpcrypt Internet-Draft and the tcpcrypt Wikipedia page.

What I’ve finished reading, Jan-May 2011

Quinn Slack — Mon, 30 May 2011 03:47:17 +0000

The Devil in the White City by Erik Larson
The Myth of the Rational Voter: Why Democracies Choose Bad Policies by Bryan Caplan
The Great Stagnation: How America Ate All The Low-Hanging Fruit of Modern History, Got Sick, and Will (Eventually) Feel Better by Tyler Cowen
Ayn Rand and the World She Made by Anne Heller
In The Plex by Stephen Levy (about Google)
The Immortal Life of Henrietta Lacks by Rebecca Skloot
The Greatest Trade Ever: The Behind-the-Scenes Story of How John Paulson Defied Wall Street and Made Financial History by Gregory Zuckerman
“The Use of Knowledge in Society” by F. A. Hayek
The Machinery of Freedom: Guide to a Radical Capitalism by David Friedman (son of Milton Friedman)

I enjoyed all of them–or else I wouldn’t have finished reading them.

Reading “Sum: Forty Tales from the Afterlives” by David Eagleman

Quinn Slack — Mon, 30 May 2011 03:32:23 +0000

Just started reading Sum: Forty Tales from the Afterlives by David Eagleman. I heard about the book from an interesting New Yorker profile of him.

I’ll update this post when (or if) I finish reading the book.

Update (May 31): Just finished reading it. Very thought-provoking. My favorite was the one where people wait in the afterlife until the last utterance of their name.

Python 3.3 patch for TLS-SRP support

Quinn Slack — Wed, 27 Apr 2011 22:35:34 +0000

I just posted a patch for Python 3.3 to add TLS-SRP support (Issue #11943). This patch adds support for TLS-SRP (RFC 5054) to Python ssl.SSLSocket, _ssl.c, http, and urllib. TLS-SRP lets a client and server establish a mutually authenticated SSL channel using only a username and password (a certificate may also be used to supplement authentication). Two Python-specific use cases for TLS-SRP are calling HTTP APIs that require auth, and writing test suites in Python for networked software (e.g., how Chromium uses TLSLite for network testing). More info at http://trustedhttp.org/wiki/TLS-SRP_in_Python.

TLS-SRP patch for Apache 2 mod_ssl

Quinn Slack — Sun, 17 Apr 2011 21:53:09 +0000

I just posted a patch for TLS-SRP support in Apache 2 mod_ssl on the wiki and as ASF Bugzilla #51075.

Updated Steffen Schulz’s NSS patch for TLS-SRP support

Quinn Slack — Sat, 16 Apr 2011 21:44:10 +0000

I updated Steffen Schulz’s NSS patch for TLS-SRP support and posted it to Bugzilla #405155. NSS (Network Security Services) is a Mozilla library that provides SSL and crypto routines to Firefox, Chrome, and lots of other apps.

I modified Steffen Schulz’s patch to:

use the same format for the SRP passwd and group param file as libsrp, so
that the standard srptool (provided by libsrp or GnuTLS) can be used. This
means that srputil (which duplicated srptool’s functionality) is no longer
necessary to include in this patch. (This means either libsrp or GnuTLS are
required to generate SRP passwd files. Is this OK, or does NSS need to be fully
self-contained? For the test suite, I have included pre-generated SRP passwd
files.)
implement TLS-SRP in selfserv instead of SSLsample.
include TLS-SRP tests. (These currently fail because of a memory leak;
ignoring that, they pass.)
apply cleanly against nss-3.12.9.

See “TLS-SRP in NSS” on the wiki for more usage instructions, but here’s a quick example:

tstclnt usage:
tstclnt -l jsmith -k abc -h tls-srp.test.trustedhttp.org -d /tmp/certs/ -c
:C01D -o -3 -2
# then GET /

selfserv usage:
cd $NSS/mozilla/security/nss/tests
selfserv -n localhost -p 4443 -v -H ssl/tpasswd.conf -K ssl/tpasswd -d
/tmp/certs/
tstclnt -p 4443 -h localhost -f -d /tmp/certs -v -l TestUser -k nss -2 -c :C01D

This patch still needs a lot more work before it’s ready for serious review, but I wanted to get some feedback on it now.

TLS-SRP in Chrome announcement

Quinn Slack — Thu, 07 Apr 2011 17:39:27 +0000

I just posted an in-progress patch that adds TLS-SRP support to Chrome over at the Chromium code review site. I also posted a Chromium-discuss message announcing my progress.

To install it yourself, see the TLS-SRP in Chrome wiki page.

Chrome TLS-SRP login (preliminary)

Chrome TLS-SRP Web page

Patch: RFC 5054-compliant TLS-SRP support for TLS Lite

Quinn Slack — Mon, 04 Apr 2011 20:48:59 +0000

I submitted a patch to TLS Lite that updates its TLS-SRP support to comply with RFC 5054. Read the email message to tlslite-users or download the the patch (tlslite+tls-srp-rfc5054.patch). I’ve also applied this patch to my tlslite git repository.

TLS-SRP patch (probably) accepted into OpenSSL 1.0.1

Quinn Slack — Fri, 25 Mar 2011 20:00:10 +0000

Looks like TLS-SRP will be in OpenSSL 1.0.1. Tom Wu’s patch at http://cvs.openssl.org/chngview?cn=20484 was finally accepted.

(HT: Tom Wu and Daniel Stenberg)