On Costing NFRs

Mike Cohn made a very interesting point on how to estimate the cost of NFRs.

Basically, there are two types of cost to consider. Firstly there is an initial cost to enable your software and set up a basic framework for performance testing. Secondly, there is a cost to remain compliant with a requirement once it has been committed to. So, as new features are added to a software effort is required to remain within the defined performance standards. Mike compares this to an ongoing tax that needs to be paid throughout the project.

So pay you taxes if you do not want to build up (technical debt). ;)

The most important software architecture skill is the ability to cope with limited ressources and suprises.

Stefan Toth in Java Magazin 5.2014. I agree. :D

OpenConnect instead of Cisco AnyConnect on OSX

I learned a lot about networks and routing recently. Basically, all I wanted to do was have a VPN connection established and work with a local VM through the network at the same time. The VPN endpoint I wanted to connect to used CISCO AnyConnect SSL VPN. Additionally, since I wanted to establish the VPN connection from a clients VPN only WiFi network the VPN connection had to act as gateway for all network traffic. The one thing I noticed whenever I had a VPN connection established was that I could no longer connect to my VM. Which made sense because of the GW configuration of the VPN connection.

My first thought was, ‘well this is easy, I just an additional route and I am good to go again’. This is a line from my routing table before running AnyConnect:

As soon as a VPN connection is established things turn really weired. This is what the routing table looks afterwards:

Yup, thats right, basically everything goes through utun0. And now it gets interesting. Yiou cannot modify the routing table while a VPN connection is established through AnyConnect. Basically, the routing table is baby-sitted by AnyConnect and as soon as a modification is detected it is reverted. You will see something similar to this in your log:

Seems like there is a bunch of other people with the same issue. Like them, I could not figure out how to prevent AnyCOnnect from fiddling with the routing table. If you have found a way, kindly let me know. :)

While trying to find a solution I stumbled across OpenConnect. This is basically a open source implementation of AnyConnect and lets you do exactly what I want.

So here is what you need to do to get OpenConnect running on OSX 10.8:

First thing you need to do is to install OpenConnect obviously. I did so through MacPorts. I guess you can also compile from source or use a different repository. Using MacPorts the following command will do the job:

Next, you need to install the TUN/TAP drivers for OSX. After the installation either reboot of execute the following to load the kernel extension manually:

Do yourself the favor and create a configuration file for OpenConnect:

Here is the contents of my file:

authgroup is what you select in the AnyConnect drop-down menu. certificate is your user certificate. cafile is the server’s certificate. Of course those are only required when your server uses certificate based authentication. script is the path to the vpnc-script that is installed when you install anyconnect through MacPorts. This script takes care of all the routing configuration when you connect / disconnect the vpn.

You can then connect with the following command:

Finally, if you do not want certain connections to go through the VPN GW follow these instructions.

So far this is working quite well. What is currently not working is DNS for some networks that I connect to from the VPN destination. I fixed this by putting those machines to my hosts file.

Let me know when you have success getting this to work.


RaspSlider: A RaspberryPi based digital Picture Frame: Proof of concept

In a previous post I outlined a project for using a RaspberryPi board as digital picture frame that can receive new images through email.

I figured that it would probably be a good idea to to a PoC before going out and buying all the hardware. Let’s review the basic requirements again:

  • Receiving (single for now) pictures as email attachments from an IMAP enabled email account.
  • Downloading the message including attachments.
  • Storing attachments and email message to disk.
  • Annotating pictures with corresponding short message.
  • Display images as sideshow.

I decided on python as a language since I have not been playing with the language in a while and it was recommended by a friend for RaspberryPi related projects.

So, how to get them pictures? A quick Google search got me this. So, it seemed extremely straightforward to accomplish what I wanted. The one place where I run into trouble was the following snippet of code:

The IMAP select basically let’s you select the folder you want to get messages from. The linked code suggetsts this to be “[Gmail]/someLabel”. As it turns out “someLabel” is sufficient. Also, please do yourself the favor of printing out the exceptions in case any where caught (or however you would put that in python lingo, I am Java person).

I got this working nicely, attachments where downloaded and stored in a folder. So what a about adding the text of the email as a little message to the image. From previous projects I was familiar with ImageMagick so I did a quick Google search and ended up with this. So, IM supports annotations and you can do stuff like the following easily:

After above results what I have in mind seemed totally doable and I fired up amazon and got the hardware. I am really excited where this will go and will add posts to report on the progress.

RaspSlider: A RaspberryPi based digital Picture Frame: Motivation

So, I recently visited a friend who got himself one of those nice RaspberryPi boards. It was pretty much immediately clear that I also needed one. You know, just because. :) To give this whole endeavor a it of a direction I also needed a project.

So, ever since my dad got an iphone, family and friends got sent pictures of what is going on through Email, WhatsApp and what not. So also me and my brother got into the habit of sending pictures back to our parents about what is going on in our life. While I think this is really cool there is one thing that is bothering me.

All this new technology pretty much leaves out the elderly. Now until a year back I was actually toying with the idea of getting my grandmother an inexpensive Android tablet to include her in all this. However, I am pretty sure that it would not work out. The screen is small, it is complicated and something new to learn. The thing would just end up on a shelf somewhere. I can also hear some people say, ‘Why don’t you just print the friggin’ pictures and send through snail mail?’. Well first of all that is tedious and you cannot incorporate a RaspberryPi in the process.

So I toyed around with the following idea for the last couple of days:

  1. Set up a dedicated email address that I can send pictures as attachments to that I want to share with my granny.
  2. The text of the message should go into the picture so I can let her know what is going on.
  3. The pictures should be automatically to a RaspberryPi that is connected to her TV and acts as sort of a Slideshow channel. Whenever she wishes to see some pictures she just presses a button on her clicker.

I will share the progress on this project through a series of posts. I really hope we are going to end up with something that works!

privateinternetaccess.com and Tunnelblick on OSX

I recently signed up for above VPN provider and set up Tunnelblick on my machine. PIA provides a set of openvpn configuration files that have to be renamed and can then be imported to Tunnelblick individually. Instead, you may download the following zip file: pia.tblk. By importing this file to Tunnelblick you can import all openvpn configurations for their access points in one go.

I hope this saves somebody some time. Now I only need to find a way around the silly UDP buffer overflows that occur every once in a while. Suggestions?


PIA also provides openvpn configuration files for connecting through TCP. Obviously, with those you will not experience any UDP buffer overflows. I bundled them for Tunnelblick as well: pia-openvpn-tcp.tblk