Meet Jafer, a backend engineer tasked with ensuring the new microservice they are building can handle high traffic smoothly. The microservice is a Flask application that needs to be accessed over TCP, and Jafer decided to use HAProxy to act as a TCP proxy to manage incoming traffic.

This guide will walk you through how Jafer sets up HAProxy to work as a TCP proxy for a sample Flask application.

Why Use HAProxy as a TCP Proxy?

HAProxy as a TCP proxy operates at Layer 4 (Transport Layer) of the OSI model. It forwards raw TCP connections from clients to backend servers without inspecting the contents of the packets. This is ideal for scenarios where:

• You need to handle non-HTTP traffic, such as databases or other TCP-based applications.
• You want to perform load balancing without application-level inspection.
• Your services are using protocols other than HTTP/HTTPS.

In this layer, it can’t read the packets but can identify the ip address of the client.

Step 1: Set Up a Sample Flask Application

First, Jafer created a simple Flask application that listens on a TCP port. Let’s create a file named app.py

from flask import Flask, request

app = Flask(__name__)

@app.route('/', methods=['GET'])
def home():
    return "Hello from Flask over TCP!"

if __name__ == "__main__":
    app.run(host='0.0.0.0', port=5000)  # Run the app on port 5000

Step 2: Dockerize the Flask Application

To make the Flask app easy to deploy, Jafer decided to containerize it using Docker.

Create a Dockerfile

# Use an official Python runtime as a parent image
FROM python:3.9-slim

# Set the working directory
WORKDIR /app

# Copy the current directory contents into the container at /app
COPY . /app

# Install any needed packages specified in requirements.txt
RUN pip install flask

# Make port 5000 available to the world outside this container
EXPOSE 5000

# Run app.py when the container launches
CMD ["python", "app.py"]

To build and run the Docker container, use the following commands

docker build -t flask-app .
docker run -d -p 5000:5000 flask-app

This will start the Flask application on port 5000.

Step 3: Configure HAProxy as a TCP Proxy

Now, Jafer needs to configure HAProxy to act as a TCP proxy for the Flask application.

Create an HAProxy configuration file named haproxy.cfg

global
    log stdout format raw local0
    maxconn 4096

defaults
    mode tcp  # Operating in TCP mode
    log global
    option tcplog
    timeout connect 5000ms
    timeout client  50000ms
    timeout server  50000ms

frontend tcp_front
    bind *:4000  # Bind to port 4000 for incoming TCP traffic
    default_backend flask_backend

backend flask_backend
    balance roundrobin  # Use round-robin load balancing
    server flask1 127.0.0.1:5000 check  # Proxy to Flask app running on port 5000

In this configuration:

• Mode TCP: HAProxy is set to work in TCP mode.
• Frontend: Listens on port 4000 and forwards incoming TCP traffic to the backend.
• Backend: Contains a single server (flask1) where the Flask app is running.

Step 4: Run HAProxy with the Configuration

To start HAProxy with the above configuration, you can use Docker to run HAProxy in a container.

Create a Dockerfile for HAProxy

FROM haproxy:2.4

# Copy the HAProxy configuration file to the container
COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg

Build and run the HAProxy Docker container

docker build -t haproxy-tcp .
docker run -d -p 4000:4000 haproxy-tcp

This will start HAProxy on port 4000, which is configured to proxy TCP traffic to the Flask application running on port 5000.

Step 5: Test the TCP Proxy Setup

To test the setup, open a web browser or use curl to send a request to the HAProxy server

curl http://localhost:4000/

You should see the response

Hello from Flask over TCP!

This confirms that HAProxy is successfully proxying TCP traffic to the Flask application.

Step 6: Scaling Up

If Jafer wants to scale the application to handle more traffic, he can add more backend servers to the haproxy.cfg file

backend flask_backend
    balance roundrobin
    server flask1 127.0.0.1:5000 check
    server flask2 127.0.0.1:5001 check

Jafer could run another instance of the Flask application on a different port (5001), and HAProxy would balance the TCP traffic between the two instances.

Conclusion

By configuring HAProxy as a TCP proxy, Jafer could efficiently manage and balance incoming traffic to their Flask application. This setup ensures scalability and reliability for any TCP-based service, not just HTTP-based ones.

The Secure Boot Case Study

Attackers can break through the Secure Boot process on millions of computers using Intel and ARM processors due to a leaked cryptographic key that many manufacturers used during the startup process. This key, called the Platform Key (PK), is meant to verify the authenticity of a device’s firmware and boot software.

Unfortunately, this key was leaked back in 2018. It seems that some manufacturers used this key in their devices instead of replacing it with a secure one, as was intended. As a result, millions of devices from brands like Lenovo, HP, Asus, and SuperMicro are vulnerable to attacks.

If an attacker has access to this leaked key, they can easily bypass Secure Boot, allowing them to install malicious software that can take control of the device. To fix this problem, manufacturers need to replace the compromised key and update the firmware on affected devices. Some have already started doing this, but it might take time for all devices to be updated, especially those in critical systems.

The problem is serious because the leaked key is like a master key that can unlock many devices. This issue highlights poor cryptographic key management practices, which have been a problem for many years.

What Are “Not Replaced Constants”?

In software, constants are values that are not meant to change during the execution of a program. They are often used to define configuration settings, cryptographic keys, and other critical values.

When these constants are hard-coded into a system and not updated or replaced when necessary, they become a code smell known as “Not Replaced Constants.”

Why Are They a Problem?

When constants are not replaced or updated:

1. Security Risks: Outdated or exposed constants, such as cryptographic keys, can become security vulnerabilities. If these constants are publicly leaked or discovered by attackers, they can be exploited to gain unauthorized access or control over a system.
2. Maintainability Issues: Hard-coded constants can make a codebase less maintainable. Changes to these values require code modifications, which can be error-prone and time-consuming.
3. Flexibility Limitations: Systems with hard-coded constants lack flexibility, making it difficult to adapt to new requirements or configurations without altering the source code.

The Secure Boot Case Study

The recent Secure Boot vulnerability is a perfect example of the dangers posed by “Not Replaced Constants.” Here’s a breakdown of what happened:

The Vulnerability

Researchers discovered that a cryptographic key used in the Secure Boot process of millions of devices was leaked publicly. This key, known as the Platform Key (PK), serves as the root of trust during the Secure Boot process, verifying the authenticity of a device’s firmware and boot software.

What Went Wrong

The leaked PK was originally intended as a test key by American Megatrends International (AMI). However, it was not replaced by some manufacturers when producing devices for the market. As a result, the same compromised key was used across millions of devices, leaving them vulnerable to attacks.

The Consequences

Attackers with access to the leaked key can bypass Secure Boot protections, allowing them to install persistent malware and gain control over affected devices. This vulnerability highlights the critical importance of replacing test keys and securely managing cryptographic constants.

Sample Code:

Wrong

def generate_pk() -> str:
    return "DO NOT TRUST"

# Vendor forgets to replace PK
def use_default_pk() -> str:
    pk = generate_pk()
    return pk  # "DO NOT TRUST" PK used in production

Right

def generate_pk() -> str:
    # The documentation tells vendors to replace this value
    return "DO NOT TRUST"

def use_default_pk() -> str:
    pk = generate_pk()

    if pk == "DO NOT TRUST":
        raise ValueError("Error: PK must be replaced before use.")

    return pk  # Valid PK used in production

Ignoring important security steps, like changing default keys, can create big security holes. This ongoing problem shows how important it is to follow security procedures carefully. Instead of just relying on written instructions, make sure to test everything thoroughly to ensure it works as expected.

Creating a simple alarm clock application can be a fun project to develop programming skills. Here are the steps, input ideas, and additional features you might consider when building your alarm clock

Game Steps

1. Define the Requirements:
   • Determine the basic functionality your alarm clock should have (e.g., set alarm, snooze, dismiss).
2. Choose a Programming Language:
   • Select a language you are comfortable with, such as Python, JavaScript, or Java.
3. Design the User Interface:
   • Decide if you want a graphical user interface (GUI) or a command-line interface (CLI).
4. Implement Core Features:
   • Set Alarm: Allow users to set an alarm for a specific time.
   • Trigger Alarm: Play a sound or display a message when the alarm time is reached.
   • Snooze Functionality: Enable users to snooze the alarm for a set period.
   • Dismiss Alarm: Allow users to turn off the alarm once it’s triggered.
5. Test the Alarm Clock:
   • Ensure that all functions work as expected and fix any bugs.
6. Refine and Enhance:
   • Improve the interface and add additional features based on user feedback.

Input Ideas

• Set Alarm Time:
  • Input format: “HHAM/PM” or 24-hour format “HH”.
• Snooze Duration:
  • Allow users to input a snooze time in minutes.
• Alarm Sound:
  • Let users choose from a list of available alarm sounds.
• Repeat Alarm:
  • Options for repeating alarms (e.g., daily, weekdays, weekends).
• Custom Alarm Message:
  • Input a custom message to display when the alarm goes off.

Additional Features

• Multiple Alarms:
  • Allow users to set multiple alarms for different times and days.
• Customizable Alarm Sounds:
  • Let users upload their own alarm sounds.
• Volume Control:
  • Add an option to control the alarm sound volume.
• Alarm Labels:
  • Enable users to label their alarms (e.g., “Wake Up,” “Meeting Reminder”).
• Weather and Time Display:
  • Show current weather information and time on the main screen.
• Recurring Alarms:
  • Allow users to set recurring alarms on specific days.
• Dark Mode:
  • Implement a dark mode for the UI.
• Integration with Calendars:
  • Sync alarms with calendar events or reminders.
• Voice Control:
  • Add support for voice commands to set, snooze, or dismiss alarms.
• Smart Alarm:
  • Implement a smart alarm feature that wakes the user at an optimal time based on their sleep cycle (e.g., using a sleep tracking app).

Implementing a simple grocery list management tool can be a fun and practical project. Here’s a detailed approach including game steps, input ideas, and additional features:

Game Steps

1. Introduction: Provide a brief introduction to the grocery list tool, explaining its purpose and how it can help manage shopping lists.
2. Menu Options: Present a menu with options to add, view, update, delete items, and clear the entire list.
3. User Interaction: Allow the user to select an option from the menu and perform the corresponding operation.
4. Perform Operations: Implement functionality to add items, view the list, update quantities, delete items, or clear the list.
5. Display Results: Show the updated grocery list and confirmation of any operations performed.
6. Repeat or Exit: Allow the user to perform additional operations or exit the program.

Input Ideas

1. Item Name: Allow the user to enter the name of the grocery item.
2. Quantity: Prompt the user to specify the quantity of each item (optional).
3. Operation Choice: Provide options to add, view, update, delete, or clear items from the list.
4. Item Update: For updating, allow the user to specify the item and new quantity.
5. Clear List Confirmation: Ask for confirmation before clearing the entire list.

Additional Features

1. Persistent Storage: Save the grocery list to a file (e.g., JSON or CSV) and load it on program startup.
2. GUI Interface: Create a graphical user interface using Tkinter or another library for a more user-friendly experience.
3. Search Functionality: Implement a search feature to find items in the list quickly.
4. Sort and Filter: Allow sorting the list by item name or quantity, and filtering by categories or availability.
5. Notification System: Add notifications or reminders for items that are running low or need to be purchased.
6. Multi-user Support: Implement features to manage multiple lists for different users or households.
7. Export/Import: Allow users to export the grocery list to a file or import from a file.
8. Item Categories: Organize items into categories (e.g., dairy, produce) for better management.
9. Undo Feature: Implement an undo feature to revert the last operation.
10. Statistics: Provide statistics on the number of items, total quantity, or other relevant data.

Implementing a simple key-value storage system is a great way to practice data handling and basic file operations in Python. Here’s a detailed approach including game steps, input ideas, and additional features:

Game Steps

1. Introduction: Provide an introduction explaining what a key-value storage system is and its uses.
2. Menu Options: Present a menu with options to add, retrieve, update, and delete key-value pairs.
3. User Interaction: Allow the user to interact with the system based on their choice from the menu.
4. Perform Operations: Implement functionality to perform the chosen operations (add, retrieve, update, delete).
5. Display Results: Show the results of the operations (e.g., value retrieved or confirmation of deletion).
6. Repeat or Exit: Allow the user to perform additional operations or exit the program.

Input Ideas

1. Key Input: Allow the user to enter a key for operations. Ensure that keys are unique for storage operations.
2. Value Input: Prompt the user to enter a value associated with a key. Values can be strings or numbers.
3. Operation Choice: Present options to add, retrieve, update, or delete key-value pairs.
4. File Handling: Optionally, allow users to specify a file to save and load the key-value pairs.
5. Validation: Ensure that keys and values are entered correctly and handle any errors (e.g., missing keys).

Additional Features

1. Persistent Storage: Save key-value pairs to a file (e.g., JSON or CSV) and load them on program startup.
2. Data Validation: Implement checks to validate the format of keys and values.
3. GUI Interface: Create a graphical user interface using Tkinter or another library for a more user-friendly experience.
4. Search Functionality: Add a feature to search for keys or values based on user input.
5. Data Backup: Implement a backup system to periodically save the key-value pairs.
6. Data Encryption: Encrypt the stored data for security purposes.
7. Command-Line Arguments: Allow users to perform operations via command-line arguments.
8. Multi-key Operations: Support operations on multiple keys at once (e.g., batch updates).
9. Undo Feature: Implement an undo feature to revert the last operation.
10. User Authentication: Add user authentication to secure access to the key-value storage system.

Implementing a Pomodoro technique timer is a practical way to manage time effectively using a simple and proven productivity method. Here’s a detailed approach for creating a Pomodoro timer, including game steps, input ideas, and additional features.

Game Steps

1. Introduction: Provide an introduction to the Pomodoro Technique, explaining that it involves working in 25-minute intervals (Pomodoros) followed by a short break, with longer breaks after several intervals.
2. Start Timer: Allow the user to start the timer for a Pomodoro session.
3. Timer Countdown: Display a countdown for the Pomodoro session and break periods.
4. Notify Completion: Alert the user when the Pomodoro session or break is complete.
5. Record Sessions: Track the number of Pomodoros completed and breaks taken.
6. End Session: Allow the user to end the session or reset the timer if needed.
7. Play Again Option: Offer the user the option to start a new session or stop the timer.

Input Ideas

1. Session Duration: Allow users to set the duration for Pomodoro sessions and breaks. The default is 25 minutes for work and 5 minutes for short breaks, with a longer break (e.g., 15 minutes) after a set number of Pomodoros (e.g., 4).
2. Custom Durations: Enable users to customize the duration of work sessions and breaks.
3. Notification Preferences: Allow users to choose how they want to be notified (e.g., sound alert, visual alert, or popup message).
4. Number of Pomodoros: Ask how many Pomodoro cycles the user wants to complete before taking a longer break.
5. Reset and Stop Options: Provide options to reset the timer or stop it if needed.

Additional Features

1. GUI Interface: Create a graphical user interface using Tkinter or another library for a more user-friendly experience.
2. Notifications: Implement system notifications or sound alerts to notify the user when a Pomodoro or break is over.
3. Progress Tracking: Track and display the number of completed Pomodoros and breaks, providing visual feedback on progress.
4. Task Management: Allow users to input and track tasks they want to accomplish during each Pomodoro session.
5. Statistics: Provide statistics on time spent working and taking breaks, possibly with visual charts or graphs.
6. Customizable Alerts: Enable users to set custom alert sounds or messages for different stages (start, end of Pomodoro, end of break).
7. Integration with Calendars: Integrate with calendar applications to schedule Pomodoro sessions and breaks automatically.
8. Desktop Widgets: Create desktop widgets or applets that display the remaining time for the current session and next break.
9. Focus Mode: Implement a focus mode that minimizes distractions by blocking certain apps or websites during Pomodoro sessions.
10. Daily/Weekly Goals: Allow users to set and track daily or weekly productivity goals based on completed Pomodoros.

Caesar Cipher: https://en.wikipedia.org/wiki/Caesar_cipher

Game Steps

1. Introduction: Provide a brief introduction to the Caesar Cipher, explaining that it’s a substitution cipher where each letter in the plaintext is shifted a fixed number of places down or up the alphabet.
2. Choose Operation: Ask the user whether they want to encrypt or decrypt a message.
3. Input Text: Prompt the user to enter the text they want to encrypt or decrypt.
4. Input Shift Value: Request the shift value (key) for the cipher. Ensure the value is within a valid range (typically 1 to 25).
5. Perform Operation: Apply the Caesar Cipher algorithm to the input text based on the user’s choice of encryption or decryption.
6. Display Result: Show the resulting encrypted or decrypted text to the user.
7. Play Again Option: Ask the user if they want to perform another encryption or decryption with new inputs.

Input Ideas

1. Text Input: Allow the user to input any string of text. Handle both uppercase and lowercase letters. Decide how to treat non-alphabetic characters (e.g., spaces, punctuation).
2. Shift Value: Ask the user for an integer shift value. Ensure it is within a reasonable range (1 to 25). Handle cases where the shift value is negative or greater than 25 by normalizing it.
3. Mode Selection: Provide options to select between encryption and decryption. For encryption, the shift will be added; for decryption, the shift will be subtracted.
4. Case Sensitivity: Handle uppercase and lowercase letters differently or consistently based on user preference.
5. Special Characters: Decide whether to include special characters and spaces in the encrypted/decrypted text. Define how these characters should be treated.

Additional Features

1. Input Validation: Implement checks to ensure the shift value is an integer and falls within the expected range. Validate that text input does not contain unsupported characters (if needed).
2. Help/Instructions: Provide an option for users to view help or instructions on how to use the tool, explaining the Caesar Cipher and how to enter inputs.
3. GUI Interface: Create a graphical user interface using Tkinter or another library to make the tool more accessible and user-friendly.
4. File Operations: Allow users to read from and write to text files for encryption and decryption. This is useful for larger amounts of text.
5. Brute Force Attack: Implement a brute force mode that tries all possible shifts for decryption and displays all possible plaintexts, useful for educational purposes or cracking simple ciphers.
6. Custom Alphabet: Allow users to define a custom alphabet or set of characters for the cipher, making it more flexible and adaptable.
7. Save and Load Settings: Implement functionality to save and load encryption/decryption settings, such as shift values or custom alphabets, for future use.

Creating a simple version of Hangman is a fun way to practice programming and game logic.

Here’s a structured approach to building this game, including game steps, input ideas, and additional features to enhance it.

Game Steps (Workflow)

1. Introduction:
   • Start with a welcome message explaining the rules of Hangman.
   • Provide brief instructions on how to play (guessing letters, how many guesses are allowed, etc.).
2. Word Selection:
   • Choose a word for the player to guess. This can be randomly selected from a predefined list or from a file.
3. Display State:
   • Show the current state of the word with guessed letters and placeholders for remaining letters.
   • Display the number of incorrect guesses left (hangman stages).
4. User Input:
   • Prompt the player to guess a letter.
   • Check if the letter is in the word.
5. Update Game State:
   • Update the display with the correct guesses.
   • Keep track of incorrect guesses and update the hangman drawing if applicable.
6. Check for Win/Loss:
   • Determine if the player has guessed the word or used all allowed guesses.
   • Display a win or loss message based on the result.
7. Replay Option:
   • Offer the player the option to play again or exit the game.

Input Ideas

1. Guess Input:
   • Prompt the player to enter a single letter.
   • Validate that the input is a single alphabetic character.
2. Replay Input:
   • After a game ends, ask the player if they want to play again (e.g., y for yes, n for no).
3. Word List:
   • Provide a list of words to choose from, which can be hardcoded or read from a file.

Additional Features

1. Difficulty Levels:
   • Implement difficulty levels by varying word length or allowing more or fewer incorrect guesses.
2. Hangman Drawing:
   • Add a visual representation of the hangman that updates with each incorrect guess.
3. Hints:
   • Offer hints if the player is struggling (e.g., reveal a letter or provide a clue).
4. Word Categories:
   • Categorize words into themes (e.g., animals, movies) and allow players to choose a category.
5. Score Tracking:
   • Keep track of the player’s score across multiple games and display statistics.
6. Save and Load:
   • Allow players to save their progress and load a game later.
7. Custom Words:
   • Allow players to input their own words for the game.
8. Leaderboard:
   • Create a leaderboard to track high scores and player achievements.

Creating a command-line to-do list application is a fantastic way to practice Python programming and work with basic data management. Here’s a structured approach to building this application, including game steps, input ideas, and additional features:

Game Steps (Workflow)

1. Introduction:
   • Start with a welcome message and brief instructions on how to use the application.
   • Explain the available commands and how to perform actions like adding, removing, and viewing tasks.
2. Main Menu:
   • Present a main menu with options for different actions:
     • Add a task
     • View all tasks
     • Mark a task as complete
     • Remove a task
     • Exit the application
3. Task Management:
   • Implement functionality to add, view, update, and remove tasks.
   • Store tasks with details such as title, description, and completion status.
4. Data Persistence:
   • Save tasks to a file or database so that they persist between sessions.
   • Load tasks from the file/database when the application starts.
5. User Interaction:
   • Use input prompts to interact with the user and execute their commands.
   • Provide feedback and confirmation messages for actions taken.
6. Exit and Save:
   • Save the current state of tasks when the user exits the application.
   • Confirm that tasks are saved and provide an exit message.

Input Ideas

1. Command Input:
   • Use text commands to navigate the menu and perform actions (e.g., add, view, complete, remove, exit).
2. Task Details:
   • For adding tasks, prompt the user for details like title and description.
   • Use input fields for the task details:
     • Title: Enter task title:
     • Description: Enter task description:
3. Task Identification:
   • Use a unique identifier (like a number) or task title to reference tasks for actions such as marking complete or removing.
4. Confirmation:
   • Prompt the user to confirm actions such as removing a task or marking it as complete.

Additional Features

1. Task Prioritization:
   • Allow users to set priorities (e.g., low, medium, high) for tasks.
   • Implement sorting or filtering by priority.
2. Due Dates:
   • Add due dates to tasks and provide options to view tasks by date or sort by due date.
3. Search and Filter:
   • Implement search functionality to find tasks by title or description.
   • Add filters to view tasks by status (e.g., completed, pending) or priority.
4. Task Categories:
   • Allow users to categorize tasks into different groups or projects.
5. Export and Import:
   • Provide options to export tasks to a file (e.g., CSV or JSON) and import tasks from a file.
6. User Authentication:
   • Add user authentication if multiple users need to manage their own tasks.
7. Reminders and Notifications:
   • Implement reminders or notifications for tasks with upcoming due dates.
8. Statistics:
   • Show statistics such as the number of completed tasks, pending tasks, or tasks by priority.

In the bustling city of Chennai, young coder Alex discovered an ancient laptop in the attic of their new home. The laptop, covered in dust and cobwebs, intrigued Alex. It held secrets from a bygone era, waiting to be unlocked.

Determined to unravel the mystery, Alex powered on the laptop. To their surprise, it booted up with a retro operating system that presented a list of files in an archaic directory. One file caught Alex’s attention: secrets.txt.

Opening the File

Eagerly, Alex opened the file using their Python skills:

file = open('secrets.txt', 'r')

Reading from the File

Inside, they found lines of cryptic messages and coordinates that promised to lead to a hidden treasure:

with open('secrets.txt', 'r') as file:
    content = file.readlines()
    for line in content:
        print(line.strip())

Writing to a File

Excited by the discovery, Alex decided to keep notes on the clues they deciphered. They created a new file, notes.txt, to jot down their findings:

with open('notes.txt', 'w') as file:
    file.write('Clue 1: Follow the stars.\n')
    file.write('Clue 2: Seek the golden path.\n')

Appending to the File

As Alex decoded more clues, they added them to their notes:

with open('notes.txt', 'a') as file:
    file.write('Clue 3: Trust the wise owl.\n')

Checking File Existence

One clue suggested checking for a specific file that might have more information. Alex verified its existence before proceeding:

import os

if os.path.exists('coordinates.txt'):
    print('Coordinates found!')
else:
    print('Coordinates file is missing.')

Working with Binary Files

The final clue hinted at a binary file, map.bin, containing the treasure map. Alex knew this required a different approach:

with open('map.bin', 'rb') as file:
    map_data = file.read()
    print(map_data)

Deleting a File

After successfully extracting the map, Alex realized that the secrets.txt file could fall into the wrong hands. To protect the treasure, they deleted it:

import os

if os.path.exists('secrets.txt'):
    os.remove('secrets.txt')
    print('Secrets erased.')

The Treasure

Following the map’s instructions, Alex ventured into the heart of Chennai, navigating through bustling streets and hidden alleys. Finally, they arrived at an abandoned warehouse. Inside, they found a chest filled with vintage tech gadgets and historical artifacts, the treasure of Chennai.