12 Parties

A logic test from a job selection process:

A nation’s people can vote for members of parliament from 12 parties. One voter must cast only one vote for one representative. If a party doesn’t get more than 5% of votes, then it won’t get any chairs in the parliament. How many chairs can get (at most) the party which collects 25% of votes?


  1. If V1 == 25%, then Sum(Vi, i=2..12) == 75%

  2. The best for P1 would be that the other parties get 5% of votes, so that they lower the 75% but don’t get any chairs.

    • 5% * 11 = 55% < 75%
      11 other parties cannot get 5% each because there are no parties left to absorb the remaining 20% of votes.

    • 5% * 10 = 50% -> V2 = 75% – 50% == 25%
      10 other parties can get 5% each instead because the remaining party can get the remaining 25% of votes.

  3. Only P1 and P2 will share the parliament, and each of them with 50% of the chairs.

How to connect from SequelPro to an Ubuntu server using Public Key authentication

Connecting from SequelPro to an Ubuntu server using Public Key authentication looks like a very simple setup, and in fact it entails just a few steps, but I had to learn again each of them the hard way. After many months without using SequelPro to access my WordPress database on DigitalOcean, my Ubuntu server was already the second new instance since the last time I had configured SequelPro and I hadn’t the slightest idea of which was the last working configuration and how it was set up.


  • Remote: the machine you want to connect to with SSH
  • Local: the machine you want to connect from with SSH


  1. Remote: Create a group of users with permission to login with SSH
    • Open a terminal window on Local and SSH into Remote using the root user
    • Run # addgroup sshlogin
    • Run # adduser root sshlogin
    • Edit the /etc/ssh/sshd_config file and append a line with AllowGroups sshlogin.
    • Run # systemctl restart ssh
    • Before closing this terminal window, open a new one and try to login with SSH using the root user. If you are denied access, go back to the previous terminal window and try to figure out how to fix root access while you still have root access.
  2. Remote: Create a SequelPro user and add it to the sshlogin group
    • Run # adduser sequel_pro
    • Run # adduser sequel_pro sshlogin

    The SequelPro user is a common user, with its own home directory.

    Set a long password, only used to prevent unauthorised impersonation (without an authorised key).

  3. Local: Generate a key pair

    • Run $ ssh-keygen -b 4096

    I used an empty passphrase to protect the private key.

  4. Remote: Authorise the key for the SequelPro user

    • Edit the /home/sequel_pro/.ssh/authorized_keys file and append a line with the pubic key (one long line).
    • Run # chown -R sequel_pro:sequel_pro /home/sequel_pro/.ssh
    • Run # chmod 0700 /home/sequel_pro/.ssh
    • Run # chmod 0600 /home/sequel_pro/.ssh/authorized_keys


  1. (add the SequelPro user to the sshlogin group and) confirm that you can login
    andrea at Lock-and-Stock in ~
    $ ssh sequel_pro@
    sequel_pro@ Permission denied (publickey).
    andrea at Lock-and-Stock in ~
    $ ssh -i ./.ssh/sequel_pro-id_rsa sequel_pro@
    Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-127-generic x86_64)
  2. remove the SequelPro user from the sshlogin group and confirm that you cannot login
    root@wordpress-1vcpu-2gb-nyc3-01:/etc/ssh# deluser sequel_pro sshlogin
    Removing user `sequel_pro' from group `sshlogin' ...
    andrea at Lock-and-Stock in ~
    $ ssh -i .ssh/sequel_pro-id_rsa sequel_pro@
    sequel_pro@ Permission denied (publickey).


  • On remote
    1. Check owner and permissions of the .ssh directory and its contents.

    2. Make sure that AllowGroups sshlogin is working nicely with Match rules.

      In my case, the former was not working for sequel_pro (i.e. sequel_pro could login both when it belonged to sshlogin and when it did not) because the former appeared just before.

Secreta: a little suite for managing configuration secrets

After learning AWS and Lambda, in the past few weeks I wrote Secreta, which is a set of three tools to manage configuration secrets in AWS Lambda functions.

secreta-generate-aws is a command line utility that creates a pair of keys for asymmetric key encryption, using RSA. It does so by

  1. running the forge module directly in an AWS Lambda function
  2. saving the private key directly in an AWS Parameter, encrypted and protected by an access tag
  3. saving the public key to a local file

secreta-encrypt is a command line utility that encrypts to a local .secreta file the secrets referenced in your configuration files (using a public key).

secreta-decrypt-aws is a NodeJS module that you can install into your AWS Lambda function to decrypt .secreta files in memory (using the corresponding private key, retrieved from the AWS Parameter) and merge them into the rest of the configuration, as if they had never been encrypted.

You can share the public key in your project repository. This will allow any other trusted developer (like yourself) to always have a current public key to keep encrypting configuration secrets. These could be obtained by exchanging GPG email messages, for example.

You can share the .secreta files in your project repository. This will allow any other developer to always have current configuration secrets to keep deploying your AWS Lambda function.

Documentation here.