Tuesday, 14 November 2017

Cherry Blossoms with CherryPy

CherryPy is a python web framework which I really like. It is minimalistic in nature, is very pleasant to work with, and still we can accomplish much. Below I will detail a basic web app setup with CherryPy demonstrating basic usage which one can expand further.
# blossoms.py
A blossoms server with CherryPy 

import cherrypy
import os

class CherryBlossom(object):
    """ The server route handler methods """

    def __init__(self):

    def index(self):
        """ The root url, when not mapped to static response, this action will be invoked """
        return self.about()

    def about(self):
        return 'Enjoy cherry blossoms.'

    def get_greeting_message(self, name):
        """ Return greetings to the given name in JSON format """
        return {'msg': 'Greetings %s' % name'}

    @cherrypy.tools.register('before_finalize', priority=60)
    def secureheaders():
        """ Update server response headers """
        headers = cherrypy.response.headers
        headers['X-Frame-Options'] = 'DENY'
        headers['X-XSS-Protection'] = '1; mode=block'
        headers['X-Powered-By'] = 'Cherry Blossoms'
        headers['Server'] = 'Sakura'

class Blossoms(object):
    """ Server configuration and initialisation """

    def __init__(self):

    def start(self):
        """ Start the service """
        blossom = CherryBlossom()
        # routes
        dispatcher = cherrypy.dispatch.RoutesDispatcher()
        dispatcher.explicit = False
        dispatcher.connect('home', '/', blossom.index)
        dispatcher.connect('about', '/about/', controller=blossom, action='about', conditions=dict(method=['GET']))
        dispatcher.connect('greetings', '/greet/{name}/', controller=blossom, action='greet', conditions=dict(method=['GET']))
        # config
        root_dir = os.path.dirname(os.path.abspath(__file__))
        global_conf = root_dir + '/blossoms.conf'
        conf = {
            '/': {
                'request.dispatch' : dispatcher,
                'tools.staticdir.dir': root_dir
        app = cherrypy.tree.mount(None, '/', global_conf)
        if hasattr(cherrypy.engine, "signal_handler"):
        if hasattr(cherrypy.engine, "console_control_handler"):
# pyserver.py
from blossoms import Blossoms

blossom = Blossoms()
The configuration are present in the blossoms.conf file.
server.socket_host: ''
server.socket_port: 1729
server.thread_pool: 8

tools.gzip.on: True
tools.staticdir.on: True
tools.staticdir.index: 'index.html'
tools.staticdir.debug: True,
tools.secureheaders.on = True,
tools.response_headers.on: True,
tools.response.stream: True,
tools.sessions.on = True
tools.sessions.secure = True
tools.sessions.httponly = True
log.screen: True
Calling the /, FQDN alone is configured to serve static content. The GET endpoints are /greet/{name} and /about/. The RoutesDispatcher uses routes package to do the dispatch. The requirements.txt is below.
We load the config and merge it with few updated setting from the code before starting the server. We have a server that handles static content, does REST based routing, custom response headers, JSON, html responses, with configurable settings. Enjoy cherry blossoms.

Saturday, 11 November 2017

Erlang on Android with Termux

Termux is a terminal emulator and Linux environment app for Android. This app, I would say is one of the best things ever happened on an Android platform. It helps us to install packages as in Maemo. The erlang package is available and can be installed using pkg install erlang. It currently installs Erlang/OTP 20, pretty nice.

Wednesday, 8 November 2017

Accessing private functions in Clojure

Nothing in Clojure is truly private. The defn- is more of a way to convey that it is private to the readers. We can access private method by using var quote syntax.
The var special form or the #' reader macro (see Reader) can be used to get an interned Var object instead of its current value.
user=> (ns private)
private=> (defn- secret[] "oops")

private=> (ns user)
user=> (private/secret)
CompilerException java.lang.IllegalStateException: var: #'private/secret is not public, compiling:(NO_SOURCE_PATH:4:1) 

user=> (#'private/secret)

Monday, 6 November 2017

Functional Conf 2017

Functional Conf 2017 is happening in Bangalore this year, which is also hosting the first Erlang & Elixir Factory Lite Conference in India. Also there are separate workshops we can register.

I am attending Reactive Systems & MicroServices Architecture by Francesco Cesarini, along with all Functional Conf sessions with all access pass, and Deep Dive into Erlang Ecosystem by Robert Virding. What better way to meet and talk to the Gods of Erlang! I am so excited about this event. See you at the conference.

Sunday, 5 November 2017

Monkey Patching with Clojure intern Function

The intern function in Clojure is a powerful construct. This is similar to MOP in Groovy. It really comes in handy in many situations. I particularly use it in unit tests to mock (provide override) implementation of data layer methods and to monkey patch third party libraries dynamically.
; com.external.core.clj
(ns com.external.core)

(defn tangle 
  "An internal method which takes an argument but always return the tangle string"
Now let us say that this is a third party library that we included from maven (or clojars) as project dependency. And we found an issue, the issue being it should return "untangle" instead of "tangle" but we do not have the luxury of upgrading the library to the latest version which has the fix. This is where intern comes in handy.
; com.example.init.clj
(ns com.example.init)

(defn untangle
  "Function that fixes a bug in an function that lives in an external namespace"

;; Update the binding, means all callers will see the new patched function, even callers in other any libraries
(intern 'com.external.core 'tangle untangle)
What happens here is that the intern updates the binding of function tangle in the namespace com.external.core to the untangle function defined in com.example.init namespace. From now on any call to the original function will use the updated patched function instead. This is very neat in certain situations where we need to monkey patch. This is not function override, because this change is global as in the entire app sees the new definition. Note that the function signature must be the same. Else it will break the callers.

This is also helpful in unit testing Clojure code. Say we have a service layer and calls into data layer. But we do not want to hit the DB or API methods, as we are not really performing integration tests. So we can provide mock methods inside the deftest with mock results, which will easily help in testing our service layer code.

There is a caveat. This does not work well with Clojure macros, as macros are compile time which generates code. So at runtime, there really is no macro code binding that we can override.

Thursday, 26 October 2017

Use binding as an alternative to passing state around in Clojure

Let's say we have already existing functions (referred to as inner functions) called by another function (outer function) and the inner functions needs some state data so that when exception occurs, that data can be logged. However, this requires passing state around to all these inner functions and modifying the method signature. Which is fine, but depending on the taste, it might not look elegant. There is another way where the state can be bound using binding and does not have to be passed explicitly by the caller. Example follows.
(declare ^:dynamic state)

(defn err []
  ; does many other things
  (println state)
  ; .. return response

(defn process []
  (binding [state 1] 
    (err)  ; 1
    (set! state 2)  ; update value of state
    (err)))  ; 2


; output
; 1
; 2
; nil
This however is an anti-pattern as the state var is being implicit to the function.

Wednesday, 25 October 2017

Unbind Active Directory from OS X

When your enterprise uses Active Directory for identity management, the OS X user account by default will be bound to the AD service. The convenience it brings is that we can change the AD account password by changing the OS X user account password and all services like WiFi, printer authentication will be updated as it will update the keychain as well. If the OS X user account is not bounded, we will have to manually remove/update the necessary cached service password from keychain each time. However, it is problem that the AD will get information on local OS X account activity and will get synced when connected to the internal network. You cannot be a ghost then. Now comes the unbinding part.
1. Check current AD settings
sudo dsconfigad -show
If bounded, it will print something like,
Active Directory Domain          = stalker.weird.org
Computer Account                 = xxx

Advanced Options - User Experience
  Create mobile account at login = Enabled|Disabled
     Require confirmation        = Enabled|Disabled
  Force home to startup disk     = Enabled|Disabled
     Mount home as sharepoint    = Enabled|Disabled
  Use Windows UNC path for home  = Enabled|Disabled
     Network protocol to be used = smb
  Default user Shell             = /bin/bash

Advanced Options - Mappings
  Mapping UID to attribute       = xxx
  Mapping user GID to attribute  = xxx
  Mapping group GID to attribute = xxx
  Generate Kerberos authority    = Enabled|Disabled

Advanced Options - Administrative
  Preferred Domain controller    = xxx
  Allowed admin groups           = xxx
  Authentication from any domain = Enabled|Disabled
  Packet signing                 = xxx
  Packet encryption              = xxx
  Password change interval       = 000
  Restrict Dynamic DNS updates   = xxx
  Namespace mode                 = xxx
2. Install Enterprise Connect app from Apple that will help us to easily reconnect and change AD password. The org IT must support it. You won't find it in the App store.
3. Unbind AD.
dsconfigad -f -r -u <ad_username>
This above command will unbind the OS X user account from the AD server. Check if AD service is active by running the command in step 1 again. It should print nothing.
4. Next if we need to bind to AD, use Enterprise Connect -> Reconnect -> Change Password. Which is easy way. Else we can use dsconfigad utility to do the binding.

Enjoy stealth mode.