Tazjin's blog

Reverse-engineering WatchGuard Mobile VPN

Update: WatchGuard has responded to this post on Reddit. If you haven't read the post yet I'd recommend doing that first before reading the response to have the proper context.

One of my current client makes use of WatchGuard Mobile VPN software to provide access to the internal network.

Currently WatchGuard only provides clients for OS X and Windows, neither of which I am very fond of. In addition an OpenVPN configuration file is provided, but it quickly turned out that this was only a piece of the puzzle.

[Read more]

Make Object <T> Again!

A few minutes ago I found myself debugging a strange Java issue related to Jackson, one of the most common Java JSON serialization libraries.

The gist of the issue was that a short wrapper using some types from Javaslang was causing unexpected problems:

public <T> Try<T> readValue(String json, TypeReference type) {
  return Try.of(() -> objectMapper.readValue(json, type));

The signature of this function was based on the original Jackson readValue type signature:

public <T> T readValue(String content, TypeReference valueTypeRef)

While happily using my wrapper function I suddenly got an unexpected error telling me that Object is incompatible with the type I was asking Jackson to de-serialize, which got me to re-evaluate the above type signature again.

Lets look for a second at some code that will happily compile if you are using Jackson's own readValue:

// This shouldn't compile!
Long l = objectMapper.readValue("\"foo\"", new TypeReference<String>(){});

As you can see there we ask Jackson to decode the JSON into a String as enclosed in the TypeReference, but assign the result to a Long. And it compiles. And it failes at runtime with java.lang.ClassCastException: java.lang.String cannot be cast to java.lang.Long. Huh?

Looking at the Jackson readValue implementation it becomes clear what's going on here:

[Read more]

Fully automated TLS certificates with Kubernetes

Recently one of my favourite ways to tackle an infrastructure issue has been to write a Kubernetes controller that deals with the issue.

The idea behind a controller in Kubernetes is quite simple. Your Kubernetes API server contains a description of a desired target state. To get to that target state, a set of controllers constantly run reconciliation loops to take care of whatever small bit of that state is their responsibility.

Recently I've wanted to have a fully automated way of retrieving TLS certificates from Let's Encrypt. This seemed like a perfect fit for a Kubernetes controller, so I got to work and am now presenting release 1.1 of the Kubernetes Letsencrypt Controller.

[Read more]

Kubernetes presentation reloaded

After my last Kubernetes presentation I gave one that was actually recorded. In my opinion Kubernetes is the best way to orchestrate container infrastructure at the moment and I whole-heartedly recommend everyone to look into it.

The video is available here

Servant presentation

A few weeks back I did a short presentation on servant, a Haskell library for defining web APIs at the type level, at the Oslo Haskell meetup.

Just in case somebody is interested you can grab the slides and watch the video.

The project presented in the slides, a little API for finding pubs in Oslo, lives here. I haven't heard back from Untappd about an API key yet so things are a bit slow on that front.

The SMU-problem of messaging apps

After having tested countless messaging apps over the years, being unsatisfied with most of them and finally getting stuck with Telegram I have developed a little theory about messaging apps.

SMU stands for Security, Multi-Device and Usability. Quite like the CAP-theorem I believe that you can - using current models - only solve two out of three things on this list. Let me elaborate what I mean by the individual points:

[Read more]