Interview with David Halasz

Intro

Our guest for this special occasion is David Halasz, a Senior Software Engineer from Brno, the Czech Republic who works on and is passionate about the Ruby-based, Rails-based Cloud Management Platform named ManageIQ.

Thanks to Alexey Vasiliev, who arranged a podcast to talk with David about his projects.
Here we present a reading copy of the interview.

***

Alexey Vasiliev: Hello everyone! Hello, David. Could you please introduce yourself and tell us more about what are you currently doing?

David Halasz: Hello, everyone. I’m David Halasz and I’m a software engineer from Brno, Czech Republic. I’m currently working on the Ruby-based, Rails-based cloud management platform named ManageIQ, as an open-source engineer.

Alexey: This open-source project works with a web interface? Or some kind of Kubernetes or Docker?

David: It’s a Rails-based application with a web interface where users can add their credentials to all the supported cloud providers such as Amazon, Google Cloud, etc. Additionally, users can manage on-premise elements such as Kubernetes or OpenStack. It manages an entire hybrid infrastructure from one single location.

Alexey: Got it. I think I’m going to revisit this later during our interview. We know you as a very active and committed member of the Ruby community. You give and present lectures and participate in many conferences such as the RubyConf Minsk, Ruby Unconf Hamburg, RubyC in Ukraine, and many more. What have you learned from these conferences? Which one is your favorite one?

David: Well, I get to meet a lot of people. Most of the speakers are people that I already know, so it’s great to travel together. I also do non-Ruby conferences that are more related to things I’m working on such as Cloud Management, open-source projects in general, and more. So it’s not only Ruby, but I’m also promoting other interesting stuff.

Alexey: That’s cool. By the way, do you feel there is any difference between communities? For example, Ruby or the general open-source community, in terms of code or development. Or is mostly the same type of community?

David: Well, it’s definitely not the same type of community. In Ruby, we come together because of the language. While in the open-source the main driver is to meet other non-technical people such as community managers, designers, etc. The open-source is broader.

Alexey: That’s interesting because you can meet a lot of different people. What conference topics, apart from Ruby, do you think that you could take part in? Perhaps, design?

David: I’m not doing that yet. Recently, I participated in a talk where two designers presented how we work together and why you need both sides, but I wasn’t part of the design side.

Alexey: You seem to be a very active traveler. What countries have you visited this year?

David: This year, I started in Belgium then I went to Australia, Singapur, Poland, Minsk, Sweden, Belarus, Moldova, Germany...it’s kind of hard to follow.

Alexey: Definitely! How do you manage such a travel-packed lifestyle? What are your tips or life hacks?

David: Conferences in Europe typically happen during the weekend, so I don’t really use working days to be at the conference. For the rest of the available days, I try to take vacation time to explore.

Alexey: Right, sounds good - thank you for sharing. According to your GitHub, you are currently working on three projects. Taking into account all your traveling and conference schedule, how do you manage all of this successfully?

David: Well, I don’t really think of work as work. For me, it’s something fun, interesting and motivating which is why I don’t even notice sometimes that I’m working. It’s a bad habit for the weekends, I know I shouldn’t do that, but sometimes I wake up in the middle of the night with a great idea and I start implementing it. Previously, my former manager used to tell me to not do that, and now, I’m trying to hide this bad habit from my current employer.

Alexey: That’s funny! By the way, your most popular project is the Purr solution. Can you describe how the idea for Purr came about and what’s in store for the future?

David: Right, Purr is an acronym that stands for Protocol Upgrade Raw Request. I was implementing web-socket related items, removing consoles in ManageIQ where you can access Virtual Machines (VMs) through a browser, and we needed web sockets for it. Because of this, I was looking into how Action Cable is implemented into Rails, and after talking with some colleagues I discovered socket hijacking, which is the way to implement in direct middleware. Then, I started thinking about how we could do a little bit more with it - and that was the inspiration for Purr. It’s not fully ready yet, only certain parts are working well, so I’m planning to integrate it into ManageIQ, hopefully soon. My problem is the JavaScript part that runs in the browser, which is also ready but I need a way to distribute it effectively, probably by using installer packages for various operating systems.

Alexey: I see, from what I can tell, it is built with different languages: Ruby, Go, JavaScript, etc.

David: Yes, we are trying to put together everything from the past - the Ruby part that runs on the server, the Go part where I wanted to make the most portable code with concurrency support for the client so I could compile it with Windows, Linux, OSX, etcetera, so the same code runs everywhere without any modifications or special macros, and last but not least, I needed something to run smoothly on the browser, which is where JavaScript comes in.

Alexey: You have been promoted to Senior Software Engineer at Red Hat. What has changed for you since then? What are you working on at the moment?

David: Thank you. Not much has changed since being appointed Senior Software Engineer - my primary focus on refactoring the code base for ManageIQ. We still have some legacy code and we are trying to push it forward, so I’m one of the people that’s working on this refactoring.

Alexey: Does your codebase have good test coverage?

David: You can go to our GitHub page where you can see the coverage - everything is public.

Alexey: At the upcoming RubyC, you are presenting the topic “How to hijack, proxy and smuggle sockets with Rack/Ruby” What’s the story behind this talk? Why did you choose it? And, what pains does it help to solve?

David: The story behind this topic is the introduction of the idea I had while I was suffering to find an effective way to proxy between two end sockets. Then, about software hijacking and how it can be used as a smuggling technique to solve the problem of accessing remote machines through HTTP. Imagine a situation where your only entry point to a protected environment is a web interface, for example, Manage IQ. And you would like to use SSH or even do a remote console with VNC to your favorite machine from your favored desktop client. You can use your terminal emulator to test your VNC client - using this smuggling technique, you can smuggle through your TCP traffic through an HTTP session. Even if the server has no other ports open, you can do some hacks to get through to your data.

Alexey: How do you secure this? How do you authenticate this to make sure an unwanted party uses the same technique to get into a machine?

David: Well, the trick is that you have an existing application for authentication and security that can inherit all the security features of the web application.

Alexey: I see, good solution. One of the final questions: what’s in your reading list?

David: If I look at the pile of books next to me I would find that there are still a lot of books that I haven’t gotten to. I got “Brave New World” by Aldous Huxley for Christmas but I still haven’t read it. I’m looking for enough free time to read it.

Alexey: As a bonus question, before we wrap up, how do you compare Go and Ruby?

David: Well, I have a strong background in C programming but then I started to like Ruby. Go does the same job as Ruby on Rails and has a great abstraction for variable pointers, but it has disappointing collections. For example, I’ve used Go for the client-side and Ruby for the server-side, that was tricky.

Alexey: Sometimes people say that Ruby is not the best option and suggest to use other languages such as Elixir, Go, or even Rust. What do you think about that?

David: I think Ruby, as a high-level language for controlling something low-level in a readable, single way is still really good. Last year, I was talking with a colleague about how to do proxying and transfer with Ruby and we agreed that performance bottlenecks should be implemented as effectively as possible and because of the interoperability of languages, you can call these things from Ruby or control them from Ruby, for that purpose, I don’t see anything better than Ruby. At the moment I’m experimenting with Crystal as well and I like it very much - it is lovely, I’ll say.

Alexey: Great. Well, thank you very much for your time!

David: Thank you for having me!

• Web page
• Github
• Twitter
• Purr

***

If you enjoyed David’s interview as much as we did, don't miss the chance to meet him in person at the RubyC 2019, which takes place on the 14th and 15th of September, 2019 in Kyiv, Ukraine. Catch your Ruby Bird tickets here until 31.07.2019!