Python Full Featured Project

Posted on August 4, 2021December 15, 2021 by Marco Antonio Carcano

This is the first of a set of three posts aimed at showing how to create a full featured Python3 project: since the topic is quite massive, I decided to split it into three different posts. In this post we do not only quickly see how to develop a full featured Python application, since I wanted to do something that shows a lot of things, such as:

creating Python objects
put the custom Python objects inside a Python package within the scope of our own namespace
develop accordingly to encapsulation rules, by implementing getters and setters methods that look like regular attributes by exploiting decorators
use the standard Python logging facility, configuring everything with an external settings file
altering the __eq__ comparison so to consider two objects as equal when one of their attribute has the same value
implementing comparison methods and the __iter__ method, so to be able to use Python standard functions such as sorted() to sort it also in reverse order
exploit total_ordering to make an object fully sortable

The next parts of this post will be on the following topics

the second one is about delivering the object as a Python package
the third and last post Packaging a Python Wheel as RPM is about how to pack this project into two RPM packages, also seeing how to digitally sign these RPM packages, and in general how to set up an RPM development environment, with a good overview on how to exploit the RPM building tools

The operating environment used in this post is Red Hat Enterprise Linux 8 or CentOS 8 - using a different environment may lead to having to adapt or even change things.

Product Management Methodologies – an overview of Agile and Lean

Posted on July 5, 2021March 26, 2022 by Marco Antonio Carcano

Skilled professionals nowadays, besides being skilled on technical matters, are supposed to know how to operate according to the principles of modern product management methodologies such as Agile and Lean. The traditional waterfall approach of gathering all the requirements, design everything as a whole, develop everything and test everything before deploying has been superseded since it cannot bear the demand of a quick time to the market of modern times: it is very likely that the delivery comes too late, when the service is no-more needed. The aim of this post is to explain what you should know about Agile and Lean methodologies so as to operate into teams that use them.

Cryptography quick guide – understand symmetric and asymmetric cryptography and how to use it with OpenSSL

Posted on May 20, 2021July 28, 2022 by Marco Antonio Carcano

When it comes to guarantee data confidentiality on the wire or on the disk we cannot be exempt to know how to use cryptography: this post provides a quick guide of both symmetric and asymmetric cryptography along with an overview of their bricks: RSA and DSA keys, Elliptic Curves keys, PGP Keys, Message Digest, HMAC, digital signature and encipherment. The aim is to provide the necessary terms and concepts to understand how to operate with cryptographic tools, providing examples with openssl.

POSIX compliant filesystems

Posted on May 3, 2021June 28, 2021 by Marco Antonio Carcano

Don’t be tempted to skip this post: you would miss something valuable. Of course most of us know how to operate a filesystem, but the underlying details of POSIX filesystems are not broadly known by most of the people. In this post I describe them quite accurately, trying to keep at a level that may intrigue, but avoiding to be too theoretical. Having such an expertise is certainly one of the things that make the difference from a technician and a skilled professional. In addition to that, this skill may really save your life when facing weird things that sometimes may arise.

SPC-3 Persistent Reservations and Fencing

Posted on April 13, 2021May 15, 2021 by Marco Antonio Carcano

Clustered file systems are powerful but they should be carefully implemented to avoid split brains, since it is very likely that these lead to data corruption. A very effective way to cope with this risk is SCSI fencing: this trick denies access to the shared disks from nodes that are considered failed by the majority of the nodes of the cluster. The only requisite to implement SCSI fencing is that the shared storage should support SPC-3 Persistent Reservations. This post talks about this topic and explains how to configure a stonith device that exploits SCSI fencing.

JSON Web Token – JWT

Posted on April 13, 2021June 15, 2021 by Marco Antonio Carcano

JWT provides a convenient and standard way to securely transport claims from an issuer to its audience over HTTP. It can be used for authentication and authorization purposes, as well as non repudiable information exchange. It's easiness of setup along with the pros of being transportable over a simple and plain-text protocol such as HTTP and of being stateless (session data can simply be put inside the claims) made it be broadly adopted by developers, whenever it does not worth to implement more cumbersome frameworks such as OpenID or OAuth. In this post we explore JWT and its related standards JWS and JWE.