article archive

traefik: a powerful reverse proxy

In a systems infrastructure, it is common that a single physical hosts presents many different services to the world. For example, one can have https://app1.my.domain/ and https://app2.my.domain/ point to the same host, whereas the actual services inside the organization reside on different physical or virtual machines. A typical way to handle this is to use Apache or NGinx as a reverse proxy, and configure it to handle virtual hosts and redirects.

Over time, the configuration can become increasingly hard to maintain: when a service changes, a new server is added or changes location, the configuration must be updated. Furthermore, the management of TLS connections, even though made easier thanks to letsencrypt, still requires the handling and renewal of certificates.

traefik is a modern reverse-proxy tool that strives to make the publishing of services easier, featuring notably:

  • simple tool, easy to install (single binary);
  • automatic configuration by inspecting the infrastructure to discover services (suports Docker, Kubernetes, etc.);
  • letsencrypt support with automatic renewal.

Without going into details, traefik’s architecture is organized with the following components:

  • Entrypoints define the incoming traffic (ports to listen to).
  • Routers apply rules to analyze the requests and determine where they belong.
  • Middleware can transform the requests (e.g. limit rate, rewrite, authenticate).
  • Services forward the requests to the actual services, possibly applying round-robin or load balancing.

Besides HTTP, TCP, Websocket and GRPC connections are all supported.

The C4DT manages several services in its infrastructure, currently handled with Apache. We are planning to use traefik in the hope to make our systems maintenance easier.

 

On the road to general quantum computers

From an engineering point of view, quantum computers are very interesting beasts. It’s something new, shiny, you don’t understand it, but it seems to be the future. So you must go there! This is a collection of links that I found very helpful in understanding how quantum computers work and what they can do.

First of all, you need to read this: https://www.smbc-comics.com/comic/the-talk-3

Now you’re ready to learn that qubits alone are not very much fun, what you need are gates to make these qubits interact with each other – put 1 qubit into a superposition of 0 and 1, and entangle two or more qubits. Of course Wikipedia is your friend, but I found this lecture from Anuj Dawar to be specially appealing to my need of understanding without getting into all the gory details.

Digging the Bloch-sphere? Know how to say “Hadamard Gate”? When you read “Toffoli Gate”, do you know it’s enough to build an universal quantum computer? OK, let’s move on to some real quantum computers. First of all, according to Federico Carminati from CERN Openlab, none of the existing technologies at here will actually make it into the universal quantum computer! Except, perhaps, the topological qubits from Microsoft. But so far they only exist on paper…

IBM is making progress and replacing the qubit-race with a quantum-volume race. Their goal: doubling the quantum-volume every year. They have a quantum-computer with some qubits readily available on the cloud, so you can play with it. But what does it actually use for the qubits? How are the gates made? I found this explanation a nice level that helped me quench my thirst for understanding.

TLDR: you create a transmon qubit by trapping a Cooper Pair of electrons in a superconductor, control it by applying a certain frequency (5-20GHz) to it. Depending on the frequency you can reset the qubit or apply single-qubit gates to it. The qubits are only linked to their neighbors, and this link is also controlled with the applied frequency. If you want to create an entanglement between two qubits that are far away, you need to use intermediate qubits. So the IBM quantum chips don’t link all qubits with all other qubits, only some direct connections are available. But they are enough to implement a general quantum computer. Their biggest universal quantum computer has 20 qubits.

And Google’s quantum supremacy? Well, as far as I understand, they got 52 qubits together for a PR stunt. But from what I understand, they don’t have a universal quantum computer with 53 qubits.

DWave says they have 1000’s of qubits – what about this? Well, they don’t have a universal quantum computer. “Only” the possibility to do simulated annealing, which is interesting if you want to make a gradient descent in big datasets.

What would you need to crack Ed25519 encryption that is used in current https-connections? With high-quality qubits, 1530 seem to be enough. If you don’t have those (nobody has them yet), then you need something like 20 million noisy qubits. Of them, IBM currently has 20. So if IBM doubles the qubits every year, in 20 years ed25519 can be cracked…

Monday Meeting Sharings

Every Monday the C4DT Factory team comes together for a meet’n share. Somebody from the team presents something he saw on the internet that is somewhat related to the work we’re doing. This can be technical, organisational, recreational (we didn’t have the “best cat pics” yet). Here is a list of the subjects we had so far:

  • 2020-10-19 – TLDR for “Managing Technical Quality” – Summary of an article on how to improve technical quality in code
  • 2020-02-17 – golang code analysis – Review of common and new code checkers for golang
  • 2020-02-03 – crypto-ts – How to use crypto in typescript
  • 2020-01-27 – traefik – A powerful reverse proxy
  • 2020-01-13 – Kubernetes – Container orchestrator aimed at data-centers
  • 2020-01-06 – The Mind – Game-night: become one
  • 2019-12-16 – PipeViewer – One of those nice bash-tools
  • 2019-12-09 – DevTODO – TODO list for the CLI

Calypso

Calypso is an auditable data-management framework that allows decentralize sharing and life-cycle management of private data. It is describe in this paper: https://eprint.iacr.org/2018/209.pdf.

We use Calypso to store private data on the blockchain. DARCs describe the access to this private data. We use it in an example game of rock-paper-scissors in our example mobile application. Our next target is to implement a GDPR compliant data storage with tracking of sensitive data. It will also include transparent disposal of sensitive data.

The implementation of Calypso can be found here: https://github.com/dedis/cothority/tree/master/calypso

C4DT partner login through OmniLedger

C4DT is working on bringing software from the labs to the real world. As part of this effort, we’re working on implementing use-cases for OmniLedger. OmniLedger is a novel blockchain that offers several new features. For example it works as a decentralised login service. This means that there is no central service deciding on who has access or not. At C4DT we’re using this login service to give access to restricted resources to our partners. Currently we have the following resources protected with this login service:

  • C4DT partner login containing the archive of newsletters
  • Matrix chat service to interact with engineers and during workshops
  • Demonstrators: OmniLedger and Stainless, and soon Drynx

How to Use

Instead of a username and a password, you will receive an account and a private key. This private key will be stored in the browser of your device. Every time you want to log in to a protected resource, the browser will use this private key to prove you hold your account. It is also possible to add other devices to your account, like a smartphone, or another desktop computer.

Requesting an Account

To request an account, you need to contact info@c4dt.org. Ask for a new account and give your affiliation: the name of the partner, or the EPFL lab you’re working in. If you are eligible to receive an account, we will send you an activation link:

https://demo.c4dt.org/omniledger//register?ephemeral=c4d767e0fae6ac31efa1c31698442211980b20e912128112341ba99d85c2c4d7

Activating an Account

Clicking on this link will open the account in your browser. First you will have to confirm that you want to activate this account. Then the browser will create a private key to secure your account and write the corresponding public key to the blockchain. After that your account is ready.

Using your Account

Now you can do one of the following:

Losing your Account

It happens to the best: the browser crashes and removes the account. Your phone gets stolen with the account in it. Or a malfunction in the demonstrator destroys your account. Fear not! We built in a recovery algorithm, where we can restore your account and give you a new private key. It is based on DARCs, so more complicated recovery systems are also possible.

More Advanced Usage

There are two things that might be interesting to you: first, how to add more devices, secondly, peek into the blockchain as it is updated.

Add and Remove Devices

If you want to use your account on a second device, you need to create this yourself. Go to devices and click on Add Device. Then you need to add the name of the new device. Now the system creates a new private key, and stores the corresponding public key on the blockchain. Once this is done, you will be shown a QRCode and a link. You can either scan the QRCode with your phone, or copy the link and send it through email to your other desktop computer.

The link and the QRCode are only valid for one activation. If you want to add more devices, you need to click on Add Device a second time.

If you lose a device, you can click on Delete located to the right.

Be careful not to remove the recovery account, else we cannot help you recovering your account.

Peek Into the Blockchain

At the bottom of your account, you will find a very simple blockchain explorer. You can peek through the entries that are stored on the blockchain. As a starting point, you will find four blocks. Clicking on one of the blocks will show you the content of this block. Each block contains transactions that define a request to change the blockchain. In addition to this, you find also the links to previous and next blocks. For more details, you can have a look here: https://github.com/dedis/cothority/tree/master/byzcoin