I recently took to learning Azure and was inspired by my friend and colleague to sign up for the Certification Exam to discipline myself to work towards a deadline.  Well I got to say it worked!

Azure Solutions Architect Expert Certification requires passing two exams :
1. Azure Architect Technologies – AZ-300
2. Azure Architect Design – AZ-301

I have passed the AZ-300. Am yet to pick up speed in learning for AZ-301.

I have tried to capture the materials I had used to prepare for the exam.

Learning Path

1. https://www.linkedin.com/learning/paths/prepare-for-microsoft-azure-architect-technologies-certification-az-300?u=2093116
2. https://learning.oreilly.com/videos/microsoft-az-300-certification/1018947654

Prep Exam Questions

1. https://www.itexams.com/info/AZ-300
2. https://www.udemy.com/course/az-300-azure-architecture-technologies-practice-test/learn/quiz/4609698/results?expanded=264096498#overview (Paid)
3. https://www.whizlabs.com/microsoft-azure-certification-az-300/ (FREE TEST only)

Some parts of Microsoft Learning Online – Free

https://docs.microsoft.com/en-gb/learn/certifications/exams/az-300?wt.mc_id=learningredirect_certs-web-wwl

Authentication and Authorization has been part and parcel of almost every application software that is built.  And as a developer, we spend lot of time and effort in incorporating these two in every application we built.  While I would like to leave the Authorization for another post for some other day in the future, I thought I would share some thoughts on the Authentication.

Typical setup looks like this…

While hand coding the Authentication gives the developer full control,  there are so many problems with this…

• Obviously we end up re-inventing the wheel every time
• Security aspect is always taken for granted
• Support for various authentication approaches and multi factor authentication requirements would soon call for a lot of additional effort to cater to the business.

Thanks to so many authentication solutions available as commodity in today’s world, most of the application developers simply integrate their application code with the authentication solution that has been chosen.  This is certainly a good thing, since now the major responsibility around security aspects is pushed out of your application boundary.

In the above setup, we see that our application is becoming responsible for making the decision asserting whether the user is authenticated or not.  As we all know, authentication is a favourite target for attackers to exploit and get access into the application and hence is the most vulnerable area.  And typically our application is built with dependencies to a whole bunch of 3rd party libraries and frameworks which inturn depends a whole set of other libraries and so on.   This would mean the surface area of the vulnerability is that much bigger and our application is only as secure as the weakest area in the entire codebase.

How about getting rid of authentication logic outside of our application ?  In today’s world, there is almost always a ReverseProxy setup in the DMZ(using Apache/Nginx etc.)   There are many modules available that handle authentication against LDAP/ActiveDirectory, and to make SAML requests and assertions.  Authenticated Requests are forwarded to the application with special headers carrying the Identity Information(username, email id etc.).

The advantage here is that, these libraries are far more visible and are hence far more vetted for vulnerabilities and are actively maintained, when compared to our application code that was handling the authentication logic.

Personally, I have used mod_auth_mellon with Apache and to make SAML integration with SAML based Identity Providers(IdP).  This is how my new setup looks like…

With this above setup, all I will have to check in my application is to ensure the requests are initiated ONLY from a whitelisted IP address and pick up the user context from the special headers passed to it.

I have recently started using Tor Proxy for my browsing needs.   However, there are times where the latency delay seem to test my patience and I end up giving more weight to my browsing experience than the anonymity needs, especially when am trying to search for my work related needs.

But switching Off the Tor Proxy in my browser seemed quite a painful task…hence this script(courtesy: kremalicious.com) but have made minor tweaks for my needs…

!/usr/bin/env bash

# 'Wi-Fi' or 'Ethernet' or 'Display Ethernet'
INTERFACE=Wi-Fi

# Ask for the administrator password upfront
sudo -v

# Keep-alive: update existing `sudo` time stamp until finished
while true; do sudo -n true; sleep 60; kill -0 "$$" || exit; done 2>/dev/null &

# Let's roll

echo 'Switching to Tor Proxy...'
sudo networksetup -setsocksfirewallproxy $INTERFACE 127.0.0.1 9050 off
sudo networksetup -setsocksfirewallproxystate $INTERFACE on

echo 'Starting Tor...'
tor
sudo networksetup -setsocksfirewallproxystate $INTERFACE off

You can confirm if you are using Tor or not by going to this URL in your browser : check.torproject.org

Run this command in your terminal and your Mac’s network interface would switch to use Tor Proxy.  Simply terminate the command to switch back to not using Tor.

I have always preferred to call myself a “Dev” and thats it.

To me, “Architect” is a loaded term. It could mean quite a lot of things in real world :
– Person who keeps himself up-to-date with the various technologies and solutions that is prevailing, trending and emerging
– Person who is not hands-on
– Person who is a power user of PowerPoint 😉
– Person who when needed, may not be able to fold his sleeves and get his hands dirty on a specific code problem, troubleshooting etc.

However, Neal Ford has explained in a much better way here…am atleast able to relate to it well and also able to reflect upon myself…

• Thing Big picture
• Try and “know” various technologies in breadth and try and apply them to solve a business problem, and go “depth” on need basis
• Is able to effectively provide solutions to business problems using Technology
• And yes, “you should not be an ivory tower architect” where you stay too far away from code and become almost untouchable 🙂

Thanks to V1 for this inspirational post.

After a very long time I am hoping to get back to blogging…

Somehow when I looked at my blogger site, it was looking quite dull and was very demoralizing.  I was using Google’s Blogger service.

Somehow, I always wanted to switch to WordPress.  Couple of options I had considered…

1. Setup a local WordPress Site in my home and hook it up on the Internet.
2. Setup a WordPress Site in AWS.  This means I will have to ensure I take care of things like backup etc.
3. Setup a Bitnami Cloudhosting service.
4. Or simply host it on WordPress.com, and go for an upgrade to make my blog.karthiks.in to point to my WordPress Blog

Yes, finally option #4 is what I chose!

I had to export my blogs and comments from Blogger to WordPress.  Based on some googling, I thought I will have to do some work to setup proper redirections between blogger and wordpress to ensure the permalinks are indeed “permanent” and any google search result to my old blog link should take the user to my blog in the new WordPress location, but looks like its taken care of automatically (still trying to figure out how!)

And now it’s all kind of setup and the fact that you are able to read this blog says that all is well 🙂

I am like most of the Ubuntu favorites…awaiting for half-yearly upgrades from Canonical and making sure all my systems are up-to-date.

However my happiness was short lived after upgrading to Maverick(Ubuntu 10.10). Whenever I tried to shutdown or restart using the button in the bottom right corner, all that happens is a log out and back to login screen!!! However, when I call shutdown from terminal or from login screen, it behaves as expected!

Tried all sorts of suggestions after googling for over 3 months now…and YES! I managed to find a solution for my problem TODAY…feeling so relieved… When I executed “ck-list-sessions” in terminal, it showed 2 active sessions, one is mine and the other one is “hsqldb-server”.

I wondered why is HQLDB Server creating a session??? And even if so, why should that prevent the shutdown from happening…that too only when I click the shutdown button.

No idea. So what did I do….obviously, in my case, I did not require “hsqldb server”, so I simply uninstalled the same…and viola! my problem vanished! Hope this will help someone who also is going thru what I did in the last 3 months or so 🙂

May not be a big deal to write it yourself…but I wrote this and was quite useful, where I had to do un-escaping of a Regex Pattern for some reasons…

class Regexp
  def unescape
    source = self.source.split('')
    escape_on = false
    unescaped_string = source.inject([]) {|r, char|
      if char == "\\" and escape_on == false
        escape_on = !escape_on
      else
        r << char
        escape_on = false
      end
      r
    }.join
  end
end

I have got this new Dell Vostro n3500 Laptop, which is really a solid machine. I am very happy to have made this choice.

As a hardcore UBUNTU User, I always liked to have any feature available in Windows to be made available in Ubuntu as well :)…

Recently, I realized that the “Fn+F6” shortcut to disable the Touchpad does not work… I am sure many of you would have encountered the annoying behavior of touchpad moving your cursor to some place while you are typing something…

The most ideal solution I would have liked is that, when I connect an external mouse, the touchpad should automatically be disabled. Apparently, I did not find any solution for this in the current version of Ubuntu 10.04(Lucid Lynx). Google did not help me either.

So, the next thing is, is there any way I can tell Ubuntu to disable touchpad when I start typing. Yes, there is such an option in the “Mouse Preferences”. But that is not working consistently atleast for me.

So, now this is what I did. I wrote a small Ruby script(I am a big big fan of Ruby) that can toggle the Touchpad ON and OFF.

Now, the next thing is to make it hooked to a keyboard shortcut like the one in Windows…Fn+F6. Apparently, I also found that I cannot assign the combination of “Fn” Key and “F6” to the Keyboard shortcut in Ubuntu. So for now, I have simply assigned “F6” key for this toggle switch tool.

The script is not a big deal, but in any case, its here…

touch_pad_setting = `synclient -l | grep TouchpadOff`
new_touch_pad_setting = touch_pad_setting =~ /1/ ? "0" : "1"
`synclient TouchpadOff=#{new_touch_pad_setting}`