Posts

subscribe via RSS

  • My morning routine

    I’ve never been a morning person, but over a period of time I have trained myself to start my morning with a routine that helps me setup for the day. Now I must admit, not all my mornings are early but regardless of when I wake up I make it a point to start my day with this routine. The routine consists of guided meditation and affirmation where I start off my day by reciting a few mantras and then remind myself of some of the teachings of Guru Gopal Das and Dandapani that have resonated with me. I am still a work in progress and in no way claim to have mastered all of their teachings but being reminded of them at the beginning of my day, everyday helps me focus on the things that really matter.

  • Kubernetes certificate based mutual auth with different CAs

    Configuring certificate based mutual authentication in Kubernetes using nginx ingress controller is explained pretty well in this post. However, the post assumes that the certificates used for validating the client and the server are issued by the same CA (Certificate Authority). How do you configure client certificate authentication in kubernetes when using client and server certificates issued by different CAs? The current nginx ingress controller docs do not make this absolutely clear either. I recently came across a scenario where we were using our own internal/private CA for issuing client certificates and a publicly trusted CA for server TLS. This post covers configuring kubernetes nginx ingress to use certificates issued by different CAs on the same host to perform mutual authentication.

  • Transformation, what the heck?

    Throughout my consulting career, I’ve frequently encountered the term “transformation” being thrown around excessively in IT circles. Virtually every organization is undergoing some form of transformation, whether it’s related to agility, digitalisation, or cultural change. To gain a genuine understanding of what transformation entails, it’s crucial to delve deeper and clarify some of the commonly used terminology.

  • Six rules for tech leadership

    Over the years I have lead some complex technical pieces of work with teams of varied sizes and location. This has involved optimizing working practices and processes of teams, advising management on building engineering capabilities, agile practices, technical governance and continuous delivery. As a technical leader, I have faced numerous challenges while trying to align team objectives, resolve conflicts, highlighting the importance of cross functional requirements to the business and managing technical risk. Learning from my mistakes I have devised a set of rules to help me overcome these challenges. The following six rules by no means is an exhaustive list but I’m hoping people working in technology will find them useful or at the least something they can relate to.

  • Securing REST APIs

    RESTful services are stateless therefore each request needs to be authenticated individually. State in REST terminology means the state of the resource that the API manages, not session state. There maybe good reasons to build a stateful API but that is going against REST principles. It is important to realize that managing sessions is complex and difficult to do securely, as it is prone to replay and impersonation attacks. So what options do we have to secure RESTful services? This post looks into Basic Authentication, MAC (Message Authentication Code), Digital Signatures and OAuth.

  • Making sense of Blockchain

    Trust is fundamental to commerce. Any business transaction is based upon trust and requires secure way of transferring assets between transacting parties. Banks provide this trust by maintaining a true record of financial transactions. Government agencies provide evidence of land titles, vehicle registration records, health and education records etc by maintaining a transaction log. They provide trust by maintaining a central ledger for recording transactions that can be relied upon to verify each transaction. The onus of maintaining the transactions accurately and securely on the central ledger also lies with the authority owning it. This grants significant responsibility and control to the central authority or intermediary facilitating commerce between transacting parties. The intermediary essentially establishes the rules of commerce that every transacting party must adhere to. While the intermediary often operates effectively, it can occasionally become a single point of failure, as seen in the global financial crash of 2008 where banks were at the epicenter of the economic turmoil.

  • Demonetisation: Surgical strike or carpet bomb

    At 8pm on the 8th of November prime minister Narendra Modi announced that from midnight all 500-rupee and 1,000-rupee notes would cease to be legal tender. This deliberate shock demonetisation policy was announced with the following 3 main objectives:

  • Think Docker! Think Security!

    Docker allows you to completely abstract the underlying operating system and run your app across multiple platforms (local machine, cloud or on-premise data centre) as long as the destination has the Docker runtime (Docker daemon) running. With Docker, the Continuous Delivery philosophy Build once deploy anywhere really comes to the fore. You build your binary artifact as a Docker image that includes all the application stack and requirements once and deploy the same image to various environments. This ensures the binary is built once and the same source code is promoted in subsequent deployments, allowing agile, continuous application delivery.

  • Services, microservices, bounded context, actors.. the lot

    I was at the DDD exchange recently where we had the likes of Udi Dahan, Eric Evans and Scott Wlaschin on the panel. In a post event Q&A session I asked the panel - “Is microservices SOA renamed? “ which triggered an hour long debate. The panelists argued amongst themselves about what exactly a service or a microservice means. By the end of the debate I doubt any one of us was any more wiser. Clearly there was no consensus on the definition of a microservice and what it actually means. It is quite a buzzword these days but none of the panelists could come to a common understanding. This raised a few questions in my head. Disappointed with the expert advice, I decided to look out for a definition of my own.

  • Problem with mutating state

    The purpose of any computer program is to take some inputs and produce an output. Producing an output causes the program to have an effect which means during its execution cycle, the program changes certain values. A live program models the real world where things change frequently over time and in parallel. But while writing programs we only have a static view of the problem domain and with the best of intentions and tools at hand we try to manage state change in our program as it would happen in the real world. This leaves us having to deal with values that change over time. Are OO languages capable of handling this complexity easily or do we need to look further?

  • Are mocks worth it?

    Mocks are widely used in most development teams I’ve worked with practicing TDD. According to Uncle Bob A mock object is a very powerful tool, providing two major benefits: isolation and introspection. But like all power tools, mocks come with a cost. He goes on to list the benefits as well as possible issues of using mocks. Between the two extremes of too many mocks and no mocks I tend to start with no mocks until I absolutely and necessarily need one. Therefore, I am always interested in techniques that allow me the freedom of working without learning an external mocking framework. In statically typed languages like Java and C#, interface based polymorphism allows us to use mocked implementations for tests. Functional programming provides an alternative to interface based polymorphism.

  • How did AAP win the way it did? By saying Sorry!!

    Apart from the well known reasons that have been written about and discussed ad nauseam ranging from AAP’s issue based politics to BJP’s overconfidence, complacency, negative campaign, inability to reign in its communal forces to the Congress’s sheer ineptitude to come to terms with contemporary politics, it is interesting to look beyond these to try and understand the unprecedented mandate received by AAP. So how did a party that was written off after the general elections to such an extent that the BJP did not even deem fit to campaign in Delhi up until the last few weeks, achieve such a resounding victory? By saying the magic word: Sorry!

  • From object to function composition

    Composition is a technique often used to build software by creating cohesive units that interact with each other to form the overall system. At the code level these units mainly consist of functions and objects. A system can be built by composing objects with abstractions that define the rules for communication with other objects. An alternative way of building the system is by composing functions and defining the rules of communication through functional contracts (i.e. passing functions into functions). Coming from an object oriented background I feel this second approach is worth exploring further.

    Using the C# GildedRose kata as an example, an object oriented way of expressing the quality adjustment in a product looks like this

    Now I have a couple of issues with the code above. First there is some repetition and unnecessary noise in the code that declares constructors for various IAdjustQuality implementations. Secondly IAdjustQuality and IProduct are single-method interfaces and I am suspicious of interfaces with single methods. Interfaces are generally created for a bunch of related methods.

    An alternative way to express the quality adjustment in a Product in the GildedRose example would be to compose functions rather than objects. Although C# traditionally has been perceived to be an object oriented language but with lambda expressions it is very much possible to write functional code in C#. Single-method interfaces are easy to replace with the usage of closures and "function pointers" as long as the function has a compatible signature to the method declared in the single-method interface. Lets see how we can replace IAdjustQuality with its functional equivalent.


    Creating the AdjustQuality and AdjustBackstageQuality functions results in the removal of  2 classes and the interface declaration itself. Notice AdjustQuality function uses partial application i.e. it is a function that returns another function. The first function is applied partially to return the actual function. This should be more clear after looking at the Product class now.

    Applying the same technique of replacing an interface with its equivalent function pointer the IProduct interface can also be removed and the resulting code looks like this. 

    So why compose functions rather than objects. One of the benefits as you may have noticed straight away is that functional code is pretty succinct and has less lines of code (less than half of the original object oriented approach). The noise around declaring single-method interfaces and their implementations is no more present. However the functional approach might seem confusing and less readable especially the excessive use of lambda expressions and partial application. But I guess depending on whether you come from the object oriented background or the functional one you could sway either way. There is no right or wrong here. The basic idea is how objects and functions can be used to split your overall system into manageable chunks. The flexibility of achieving that in more than one way is a powerful tool to have.
  • Git Basics

    Git overview

    • Distributed Version Control
    • Data Consistency and Integrity
    • Performance - Diffs are local therefore quicker, do not have to go over the network to perform diffs.
    • Merging - Automatic merge if there are no conflicts (more than one change at the same position of the modified file).
    • Conflicts have to be merged manually.
  • Voice to the Mango People

    A lot has been said and written about the Aam Aadmi Party phenomenon. It originated from an anti corruption movement, had a stupendous electoral performance and is now on the verge of forming a government in Delhi. Before the Delhi election results were announced, the claim to form the government was far from reality even for the most ardent AAP supporter. The emergence of AAP as a political force in the national capital has disrupted conventional politics. Ever since their formation, they have brought the issues of corruption, honesty and political propriety at the forefront of our political discourse. The future of AAP as a political force in India is far from having been realised and will depend a lot upon their administrative performance, but the impact that they are having on India’s political culture and representative democracy is extraordinary.

  • Democrazy

    The time and effort we spend talking about the Indian democracy and how every Indian swears by it comes a cropper when events like what happened in Mumbai following Bal Thackeray’s death occur. The recent arrest of two Mumbai girls for posting an allegedly defamatory comment on Facebook is a case in point. The intolerance of our so called democracy is such that a reasonable opinion expressed in anguish on social media can make you end up in jail and result in a violent attack on your next of kin. The absurdity doesn’t stop here, it also means your friend is arrested too for the heinous crime of liking your Facebook post.