Skip to main content


Free automated TLS certificates on k8s

Cross posted from At N1 Analytics we use Kubernetes for running experiments, continuous integration testing and deployment. In this post I document setting up a Kubernetes cluster to automatically provision TLS certificates from Let’s Encrypt using Jetstack ’s Certificate Manager , the helm package manager and the nginx-ingress controller. I wrote this after migrating our cluster from traefik to use cert manager and nginx-ingress. The end state will be one where we can create Kubernetes ingress with a TLS certificate with only a set of annotations in the respective helm template. I’m going to assume some background knowlege for this post, if you haven’t heard of Let’s Encrypt and Kubernetes - you may want to read up on those first! To follow along you will need access to a kubernetes cluster and the kubectl tool. There are a lot of moving pieces in the Kubernetes landscape, one of the most common methods of provisioning TLS certificates was kube-lego -
Recent posts

Driveby contribution to Python Cryptography

While at PyConAU 2016 I attended the Monday sprints and spent some time looking at a proposed feature I hoped would soon be part of cryptography . As most readers of this blog will know, cryptography is a very respected project within the Python ecosystem and it was an interesting experience to see how such a prominent open source project handles contributions and reviews. The feature in question is the Diffie-Hellman Key Exchange algorithm used in many cryptography applications. Diffie-Helman Key Exchange is a way of generating a shared secret between two parties where the secret can't be determined by an eavesdropper observing the communication. DHE is extremely common - it is one of the primary methods used to provide "perfect forward secrecy" every time you initiate a TLS connection to an HTTPS website. Mathematically it is extremely elegant and the inventors were the recipients of the 2015 Turing award . I wanted to write about this particular contribution becau

Open Source Paillier Libraries

The Confidential Computing team at Data61 has been looking at novel methods of using privacy preserving computation - with the lofty long term goal of increasing users' privacy while still allowing modern analytical insights. One of the principals we've been relying on is partially homomorphic encryption - the ability to carry out some basic mathematical operations on encrypted data, usually this property is either addition or multiplication. Take a quick look at my previous post on  Homomorphic Encryption . My team has looked at multiple homomorphic systems and settled on using the Paillier Crypto system for some of our confidential computing projects. The homomorphic properties of the Paillier Crypto system are: An encrypted number can be multiplied by a non encrypted scalar. Encrypted numbers can be added together. Encrypted numbers can be added to non encrypted scalars. Everything else (such as multiplying encrypted numbers together) is either extremely difficul

My setup for downloading & streaming movies and tv

I recently signed up for Netflix and am retiring my headless home media pc. This blog will have to serve as its obituary. The box spent about half of its life running FreeNAS , and half running Archlinux . I’ll briefly talk about my experience with FreeNAS, the migration, and then I’ll get to the robust setup I ended up with. The machine itself cost around $1000 in 2014. Powered by an AMD A4-7300 3.8GHz cpu with 8GB of memory. A SilverStone DS380 case is both functional, quiet and looks great. The hard drives have been updated over the last two years until it had a full compliment of 6  WD Green 4TiB drives - all spinning bits of metal though. Initially I had the BSD based FreeNAS operating system installed. I had a single hard drive in its own ZFS pool for TV and Movies, and a second ZFS pool comprised of 5 hard drives for documents and photos. FreeNAS is straight forward to use and setup, provided you only want to do things supported out of the box or by plugins. Each plugi

Single Server Web App Deployment

Deploying small web applications can take up more time than creating the application itself, for this reason I've put together this small guide to document how I go about deploying applications. I've used this method for things like small business sites, demo sites and application prototypes. Although we will go through a Python Flask application the same method would apply to other micro web apps. The final running application will have a few moving parts, here is how it will handle two incoming requests: Our final implementation will comprise three Docker containers: - Our frontend reverse proxy server - nginx - Our WSGI server Gunicorn and application server Flask - An example ancillary service - a redis cache To follow along grab the code from In this post we’ll create a small standalone flask application that uses redis for a cache. The same deployment method works for applications that require services like mem

Markdown Editor Component for Angular2

Thought I'd share a component I've been hacking on for angular2: a syntax highlighted markdown editor with rendered preview. The code including a basic example is available on github . Because Angular2 hasn't yet been released this is really just me kicking the tyres. This component relies on two libraries: -  marked  for rendering markdown as html - and  ace editor  for editing markdown Basic Usage Example Add to your html template: < markdown-editor ( save )= "updatedText($event)" [ initial-text ]= "markdownContent" > </ markdown-editor > Remember to include the Markdown directive in your @Component annotation: @Component ({ selector: 'about' , directives: [ CORE_DIRECTIVES , Markdown ] }) Another Example You can also control the component with external ui: < button ( click )= "md.editMode = true" > Custom Edit Button </ button > < markdown-editor [ init

Why learn programming

Why would you set off to study the art of computer programming? Programming certainly seems like the most complex way to interface with today’s increasingly complex machines. Programming, much like knitting , isn't for everybody; you have to have a curious mind and not be afraid of getting into the nitty gritty. Learning to program is also not something to rush into, it will take a significant investment of time . But here are my top few reasons when asked: Programming is fun! As with all creative outlets you experience the sheer joy of making things. You start with nothing but an idea and only your imagination limits what you can create. Programming is a useful tool! To better be able to analyse raw data, automate boring repetitive tasks, or create interactive websites. Programming teaches a new way of thinking . The process of creating programs is quite different from most things we humans do. Gaining a skill that changes how you think about other things. Gain a deeper