jblog
toc

Book review: A Tour of C++

2020-10-03, post № 234

C++, book review, programming, #text, #opinion

Avidly writing C as well as golfing in it for over two years, I decided to venture out further in the realm of C-descendent languages, trying to get a foothold in C++.
However, contrary to many other languages with their own closed communities, style guides, best practices and general higher machine abstraction induced ease of use, C++ is a different language. With a rich history spanning multiple decades, millions of users from varying backgrounds and the necessity of enabling low-level hardware communication influencing its design and ability to be used effectively, it is a daunting task to acquire enough knowledge and experience to successfully write a standards-conforming C++ program which accomplishes a desired task.
Adding to this the plethora of textbooks supposedly correctly presenting their selected corner of the language and with that the immense danger of a poorly written textbook supplying a misleading first impression thus wrecking the fundamental knowledge of the language as well as the path ahead, I hoped for and succeeded in finding a thought-through, holistic and internally consistent as well as surely correct presentation of C++ in A Tour of C++, written by the inventor of and therefore a reasonable authority on C++.

What follows are my thoughts on the book A Tour of C++ [1], having begun to read it after only sporadically adjusting single lines in C++ golfs and having used it to facilitate a two thousand line C++ project [2] simulating a ficticious 32-bit architecture [3].
I am in no way affiliated with either the author Bjarne Stroustrup nor the publisher Pearson (Addison-Wesley) and purchased the book on my own.

jblog has moved.

2020-09-05, post № 233

internal, #blog movement, #freedom, #politics

Having read Free as in Freedom [1] and being appalled at the digitalization-driven annihilation of once fought for values paired with de-facto government-mandated acceptance of this new brutal reality, I concluded to no longer be morally capable of supporting the web in its current form and thus began work on my own blogging software in April of 2020.
Now, beginning of September 2020, this project has reached a presentable state; having transferred all 232 jblog posts, reformatting and annotating them as well as improving minor syntactically or grammaticallly uneven sections, I can announce my blog’s movement:

https://www.jfrech.com/blog

If you choose to visit my blog, I can assure you that no trackers, cookies or malicious scripts will be employed against you. I will not try to collect a lot of data about your visit and the few inherently technically required data points in form of non-aggregated system logs will not be shared with third parties.

This 233rd post is the last to be published on https://jonathanfrech.wordpress.com, which will be shut down on the 31st of December 2020.
If you are interested in my blog, you can use my RSS feed to get a full list of my blog posts, updated as new are written. RSS is not like other subscription models — there is no server which knows your details and eagerly sends traffic your way to coerce you to a click. RSS requires you, the user, to request a feed and only then will transmit said feed.

Note that this blog’s content is subject to a clearly defined set of licenses specifying the terms and conditions with which it can be used.

Setting Up a HTTPS Backend Using Go and Let’s Encrypt

2020-08-08, post № 232

Go, programming, #backend, #SSL, #systems administration, #VPS, #web

I recently needed to set up a dynamic web backend to both serve dynamically generated files as well as HTTP POST forms. Thus, I thought long and hard to find a solution that is both modern and versatile yet hassle-free to set up — since my systems administration skills are rather sparse. The solution I found is to write a Go webserver; implicitly concurrent and enabling a high level of control.

Of course, nowadays you cannot run a (esp. dynamic) website without HTTPS; every browser worth its salt will display potential visitors a message framing you as a ruthless criminal. Fortunately, Let’s Encrypt gifts you the required bits: an SSL certificate!
Since I need a URL for the upcoming snippet and am personally thinking of switching my own homepage from a webserver to a self-hosted VPS setup, I chose to use www.jfrech.com as an example domain herein.

% # ... installing certbot (for example via `apt update && apt install certbot`) ...
% certbot certonly --standalone --preferred-challenges http -d www.jfrech.com
% # ... cli certbot interaction ...

% # ... installing Go ... (for example via `apt install golang`) ...

% # ... periodically renewing certificates ...

Once certbot has issued a certificate (the URL has to have a DNS entry linked to the current VPS and port 80 has to be unoccupied), incorporating it into the server is made straight forward by http.ListenAndServeTLS:

func handle(w http.ResponseWriter, r *http.Request) {
    fmt.Fprintln(w, `<!doctype html><html><body><p>ip <code>` + template.HTMLEscapeString(r.RemoteAddr) + `</code> requesting <code>` + template.HTMLEscapeString(r.URL.Path) + `</code></p></body></html>`)
}
func main() {
    http.HandleFunc("/", handle)
    log.Fatal(http.ListenAndServeTLS(":443", "/etc/letsencrypt/live/www.jfrech.com/fullchain.pem", "/etc/letsencrypt/live/www.jfrech.com/privkey.pem", nil))
}

Since now the server only listens on port 443, one can add a HTTP-to-HTTPS redirection on port 80:

func handleHTTP(w http.ResponseWriter, r *http.Request) {
    target := "https://" + r.Host + r.URL.Path
    if len(r.URL.RawQuery) > 0 {
        target += "?" + r.URL.RawQuery
    }
    http.Redirect(w, r, target, http.StatusTemporaryRedirect)
}
func main() {
    http.HandleFunc("/", handle)
    go http.ListenAndServe(":80", http.HandlerFunc(handleHTTP))
    log.Fatal(http.ListenAndServeTLS(":443", "/etc/letsencrypt/live/www.jfrech.com/fullchain.pem", "/etc/letsencrypt/live/www.jfrech.com/privkey.pem", nil))
}

One advantage of writing one’s one web server is full control of how the website behaves. One implication, which can be seen as a downside, is that you have to do everything; even the most basic of logging. However, writing your own log files enables you to confidently follow the logging policy you employ.
From a security standpoint, you can exactly control which files are served and which result in a 404 response; avoiding accidently exposing the whole server’s directory structure for the world to see.

Jonathan Frech's blog; built 2021/04/16 21:21:49 CEST