A Simple explanation of the CIDR IP address scheme

I really struggled to find an explanation of CIDR addresses that used plain language and didn’t assume a lot of esoteric knowledge, so I’m writing some simple notes here.
With a CIDR address, you get something that looks like an IP address but then you get /nn at the end.

Like this: 123.231.145.0/24

Instead of specifying one IP address, this represents a range of IP addresses.

Decoding a CIDR address

If you want to decode a CIDR address, you can use this useful tool. If you give it your CIDR address, it will tell you the first IP in the range, the last IP, the total number of hosts and more.

Reading a CIDR address

So what does it mean?

The number at the end specifies how many bits of the IP address will be used for the network address. The rest of the bits will be used for host addresses.

There are always 32 bits available, because the highest IP address is 255.255.255.255. If those numbers were written in binary instead of decimal, each of the 255s would require 8 bits (255 is 11111111).

In the example above (123.231.145.0/24), 24 bits are used for the network address and this leaves 8 bits (32 minus 24) for the host addresses.

The range of numbers you can create when you have 8 bits is 256 (from 0000000 to 11111111), so if you have 8 bits available for host addresses, the number of host addresses is 256.

This means that in our example, the actual range of IP addresses described is 123.231.145.0 to 123.231.145.255.

The first three decimals (123.231.145) are the fixed network address, and will use up 24 bits when expressed in binary. The last decimal (which in our example will take values ranging from 0 to 255) uses up the last 8 bits.

A useful table

You can use the table below (via) to find out how many IP addresses are represented by the number after the forward slash (in our case, that number is 24).

The “decimal” column is telling you how many IP addresses will be in the range.

The “class” refers to the old way of allocating IP addresses, where class A was a range of over 16 million addresses, class B was a range of 65,535 addresses and class C was a range of 254 addresses. More here: https://www.keycdn.com/support/what-is-cidr

The “mask” refers to bit multiplication / bitwise operations, which is a whole other topic.

Pentagon Intrigue

Pentagon Intrigue

I wrote this post recently about some idle maths I did while trying to doodle regular pentagons and pentagrams.

My parents (both mathematicians) were immediately interested, and started trying to create pentagons on paper via origami.

We found these videos on YouTube and had fun making the apparent regular pentagon and pentagram, but discovered the maths was slightly out, and they weren’t quite regular. As my dad said, “The cosine of the double angle (that’s the first one you make) is 1/square root of 10, but it should be 1/4(root 5 – 1). So the actual angle, which should be 72 degrees, is … (gets out old Casio calculator, dusts it, Oh it’s dead, my phone’s not charged, where’s the calculator on my computer?) … oh, you do it. It would be right if the square root of 5 was 2.200 instead of 2.236.”

I had a dim memory that I was taught how to fold a pentagon from an A4 sheet when I was doing my maths teacher training. I went hunting in some folders in a corner of my study, and found this:

Start with a sheet of A4 and fold along the diagonal:
Now fold that in half along a vertical axis:
Now open it out again:
You now have a new slanted fold across the middle:
Fold along this new fold:
You’re now going to create two new folds on either side:
You’ll do this by bringing the edges into the centre:
Turn it over to get a slightly better view of the pentagon:
Whether this is really a regular pentagon, I don’t know, I haven’t tried to do the maths yet.
It’s an exercise for the reader!
Edit: Look away now if you want to work it out for yourself…
According to my dad, “No, that’s not a regular pentagon. The angle at the top has cosine —1/3 but it ought to be — (sqrt{5} — 1)/4. Close, but …”
Also Colin Wright (@ColinTheMathmo) spotted that “It’s very close, but the angle where the first corners are folded to meet is not 108 degrees.”
So if you want to make something that looks like a pentagon, the above solution is pretty neat.
But if you want an accurate pentagon, we think this solution is probably right.
Pentagons, Pentagrams, Doodles and Trigonometry

Pentagons, Pentagrams, Doodles and Trigonometry

I was in a workshop the other day and I started a doodle which I often do (or some version of it) when I’m in meetings and such:

I Iove drawing pentagrams because they’re so satisfying – five quick lines is all you need, without lifting your pen from the paper.

But whenever I do this doodle, it always bothers me that these are not really pentagrams, and the contained shapes are not pentagons. I often wonder what would happen to the tesselation if I was drawing real pentagons. I also wonder how I could draw proper pentagrams without a protractor.

(For clarity, a pentagram is a five-pointed star. A pentagon is a five-sided shape. And when I say “real” I mean “regular” – ie shapes with rotational symmetry, where every point, every angle, every side is equal. And “tesselation” is a word that describes the way different shapes slot together side by side, with no gaps (I learnt that word in primary school, in relation to Roman mozaics):

 ).

So during this workshop I did some trigonometry to work it all out. For those of you who were there with me, this is what I was scribbling in the breaks when I was being so antisocial:

The conclusion I came to was that on lined paper, I could get a reasonable approximation of a pentagram using the following proportions:

If you’re wondering what w represents, I drew it on a different diagram when I realised that G and w were not the same distance – they only appeared to be because I was drawing non-regular pentagrams:

Based on these proportions and the dots that each horizontal line was made of, I came up with the following not-bad pentagrams (they’d probably be better if I had a ruler available instead of drawing freehand):

…and now the pentagons are all regular pentagons, and the pentagrams are regular too, but they’re forced to collide with each other as a result.

For the sake of aesthetics I think I prefer the non-regular versions at the top of this post, but the mathematician in me is now happy. 🙂

Paired Programming: Useful Articles, Resources and Research

Paired Programming: Useful Articles, Resources and Research

During my talk at NDC London this week, I promised to publish a list of resources you can use if you are trying to persuade people of the efficacy of paired programming as a software development technique. Here it is!

(incidentally, the image is of Sal Freudenberg and me doing some remote pairing – we use Zoom and we find it works really well – I often forget we are not in the same room).

How to know whether it’s safe to click a button in an email

How to know whether it’s safe to click a button in an email

When I got an “urgent” email the other day from a colleague asking me to enter some data in a Google form, my warning bells started to go off. Whenever I’m told that something is urgent, I get suspicious.

It turned out to be kosher, but it made me realise I don’t know how to verify whether a request to complete a Google form is valid or not.

The email contained an embedded “Continue” button. I couldn’t hover over it to find what url it was visiting. I tried “View Source” in the browser, but what I got contained several different urls, none of which were easy to recognise, and the whole html chunk was difficult to parse.

When I finally did throw caution to the winds and click on the button, I got a warning: “You are submitting information to an external page. Are you sure?”… but still, I had no idea how to verify that it was safe.

But of course, the great thing about working for ThoughtWorks is that I have access to a global pool of talented technologists, and it didn’t take long for someone (my colleague Andy Yates: https://twitter.com/yrnclndym) to answer my query.

Big proviso: it’s not a simple business to verify these things. If you are not technical, and even if you are, you should report any suspicions to the relevant people in your organisation. They will be happy to help and would rather have a false alarm than miss a malicious phishing campaign targeting your company.

Here is Andy’s advice:

“I believe there are a couple of things that help show that it’s a genuine request:

– the email address that the form is from is thoughtworks.com (and checking the ‘show original’ confirms it really is the from / return-to address, and that there is an SPFand DKIM pass)

– at the top of the email there is a link ‘having trouble: fill out in google forms’ – this *can* be hovered over, and from here you can see it’s a genuine google forms URL

– (personally, if I was suspicious, I’d follow that link, and skip the button, which doesn’t help speed things up anyway)

– if you have developer tools enabled, you can use ‘inspect element’ to see the form that the submit button is attached to, and you can check the domain of the URL from here too – I find this is a bit easier than doing ‘view source’ because it navigates to the right spot

– if / as you do click through, at the very bottom of the form it states “This form was created inside of ThoughtWorks.” (for other domains it would write out the domain in full)

– (you can also check this by trying to open the same form from an incognito window, where (in this case) you won’t be able to access it, as it’s private to our domain)

– (I put this last one in brackets, because I’m not convinced that it is proof of a legitimate message. I think it *might* be possible to create a form for a similar domain and share it to our domain – so it would look to someone incognito like it was domain-private, but it would in fact say something like “This form was created inside of Th0ughtworks.com” instead of “… ThoughtWorks.” to us)”

New Domain Host – Subscribers Moving

I’m about to move subscribers from the old domain host to the new one. The url remains the same, it’s just that the domain is now self-hosted.

Email subscribers will continue to receive email notifications of new posts as before, but WordPress.com followers will only see new posts in the Reader. They will not receive email updates unless they subscribe to receive those on the new site, which they can do via the Subscriptions widget at the bottom of the sidebar.

Yak shaving

Yak shaving

There are some words and phrases whose precise meanings just won’t stick in my head. “Yak shaving” is one of them.

So I want to thank the author of this blog post, Yevgeniy Brikman, first of all for writing a great post about infrastructure, but also for providing a great visual aid to remind me what yak shaving is.

And I’m putting it here so that I can look it up, the next time I forget.

Here is a great visual example of yak shaving.

(Apologies, I would have embedded the giphy but I’m still using the web version of WordPress, which doesn’t seem to allow it. I will hopefully sort this out soonish).