The number 65,536 is an awkward figure to everyone except a hacker, who recognizes it more readily than his own mother’s date of birth
– Snow Crash, Neil Stephenson

A question which I like to use when interviewing C++ programmers: what is the range of a 32-bit integer?

I don’t use this question very often anymore, or at least I don’t let it influence my decision very much (which is why I don’t mind spilling the beans here), because the correlation with other technical skills turns out to be not as strong as I thought it would be. Still, there are some interesting patterns in the kind of people who know the answer versus those who do not.

Among the people who do not know the answer, some of them react quite affronted that they would even be expected to. What is the point, they will ask, in having memorized some little piece of trivia which they could Google up in a few seconds? Isn’t “knowing where to find it” a much more useful skill? Ask me about architecture! Ask me about design patterns and data structures! All of these objections have some validity, and indeed we will certainly ask about those other things during the interview. Still, I believe that it is perfectly reasonable to expect a good developer to know the answer to the above question by heart.
(more…)

With my subscription to XS4ALL, I received a Thomson Speedtouch 716 ADSL/Wifi router, currently running software release 6.1.9.6. Behind that router, I have a Linux server which serves as the webserver for the blog you’re reading right now, as well as my mailserver and a few other things. The Linux server also acts as a firewall for the rest of my network:

As you can see, the ADSL router and anything connected to it through the WiFi is considered untrusted: the real access point to my internal network is the Linux machine.

Among other things, the Speedtouch has the ability to support Voice-Over-IP by attaching an analog phone. Unfortunately, this functionality does not work in combination with the “assign public IP to a machine on the local network” setting. Which is a pity, because behind the router is my Linux server, running a web- and mailserver among other things, and I really want that server to have my public IP address. Partly because having the server NATted could cause problems with mail, in particular, in the sense that when I send out mail to another server, some suspicious spamblocker software may take offense if the address reported in the headers of my outgoing mail does not match my actual IP. But mostly because having a web/mail/FTP/whatever server hidden behind a NAT, just feels wrong.

(more…)

In response to my article about using the recent IPTables module to fight brute-force password attacks, based on an idea from Andrew Pollock, a reader worked out the idea into a complete firewall script, with configurable whitelisting, the ability to block multiple ports, and several other enhancements. Read his post for the details.

You can download his firewall script here. You can contact the author at the address meetscott at the domain netscape.net.

Like everybody who has a Linux server running an SSH daemon connected to the Internet, I regularly get attacked by people (well, botnets probably) trying to do a brute-force attack against the server. Such attempts can take many hours, during which they simply try many thousands of possible username/password combinations.

As long as you have your SSH server configured properly, the most important thing being to only allow SSH access to accounts which actually need it, this is more an annoyance than a problem. Nonetheless, it is an annoyance, if only because of all the crap in your logfiles.

There are many ways to detect and block such attacks. sshdfilter works well, and a good detailed overview of the various options can be found here. One that particularly appealed to me, however, was a very simple netfilter-based technique consisting of only two lines of iptables code. It uses the recent netfilter extension, and the idea of using it to combat SSH attacks was apparently first conceived by Andrew Pollock.

(more…)

Well, I must say I’m quite pleased with Wordpress so far.

I did some customizations, and ran into some minor problems:

Spam Karma

I didn’t want to enable comments and pingbacks before I had some good spam protection. I have that now: Jeroen pointed me to Spam Karma 2. Although the installation and configuration were easy enough, I ran into one snag: it did not display captcha images correctly.

(more…)

A few years ago, I was on a train from Eindhoven to Utrecht; this should have been a ride of less than an hour, but thanks to various mishaps (”ladies and gentlemen, it turns out that the replacement engine is also broken, so we’ll be here a little longer”), it took me almost five hours to get home that day.

Fortunately I had my laptop with me, so to while away the time I wrote a very simple Lisp interpreter in Perl. Recently, while looking through some old back-ups, I came across it again.

Here it is: the interpreter and a test file. To run the test program, execute:
perl minilisp.pl test.l

Needless to say, this is a toy. If, for any reason, you need a real Lisp interpreter in Perl, check out perl-lisp on CPAN, by Gisle Aas.