tech

Amazon LightSail: Simple Virtual Private Servers on AWS

Amazon introduced LightSail today in a move that might signal the slow death of “Cloud Hosting Providers” such as Digital Ocean, Vultr, and Linode.

Blast off with Lightsail; Everything you need to jump start your project on AWS—compute, storage, and networking—for a low, predictable price.

Source: Amazon LightSail: Simple Virtual Private Servers on AWS

Users of these services have historically been frustrated by AWS’s unpredictable pay as you go pricing that can at times reach astronomical rates. A good example is network transfer; the other day we moved a 120GB image from one server to another data center and it cost upwards of $17 for the transfer itself. This would have been free on the lowest plan of any other smaller cloud hosting provider.

You can check out an excellent run down of LightSail on the Linux Academy Blog.

LightSail is somewhat competitively priced, but Linode and Vultr are both still better deals for now. I think this is great from a competitive perspective. Smaller companies will need to up their game in order to compete with Amazons mind and market share. I am looking forward to seeing how this plays out.

Standard
programming

Getting Started with Laravel on Ubuntu

I’ve really been digging Laravel lately. Especially due to the wonderful documentation and amazing resources provided by Laracasts. Below are some notes on getting going on a local Ubuntu install. I am running Ubuntu 16.10 and these notes assume a fresh install.

Install PHP 7.0 and additional dependencies

sudo apt install php7.0 php7.0-zip php7.0-mbstring phpunit

Install Composer (Globally)

curl -sS https://getcomposer.org/installer | php
sudo mv composer.phar /usr/local/bin/composer

Install the Laravel CLI (Globally)

composer global require "laravel/installer"

Add globally installed composer commands to the PATH

Add the following to the end of your ~/.bashrc file

# Add Composer to the PATH
export PATH=$HOME/.config/composer/vendor/bin:$PATH

You can either source the ~/.bashrc file or open a new terminal window.

Verify everything works

You can do this by running laravel new test_project. Then go to the directory where the new test_project is created with cd test_project. Once you are in the new project directory install all local dependencies with composer install and then run it with php artisan serve. I ran into an issue right away that had to do with the APP_KEY. The error manifested itself as:

The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct key lengths.

A great explanation is shown here but the steps to get a fully functional base install going are:

# Copy the .env.example file to .env
cp .env.example .env

# Generate App Key
php artisan key:generate

Now if you run php artisan serve you will see a fully running Laravel app. Happy Hacking!

Standard
software

Polarr; Professional Photo Editing on Linux

One of the most frustrating things about being a desktop Linux user is that a lot of software is either:

  1. Half Baked, Buggy, and Free
  2. Half Baked, Buggy, and Completely Overpriced
  3. Unavailable

This is why I was so pleased when Aosheng introduced me to Polarr. This app is written in Electron and is a very simple and powerful tool. As I continue to make abundantly clear, I am not an artist, designer or photographer. Despite this, I keep taking a ton of photos during my adventures and I need a tool to edit them with.

On Ubuntu the choices are either to use the built in Shotwell app which is just OK. You can fumble through GIMPs incomprehensible menus and feature sets, or you can move sliders around in darktable. I don’t mean to poke fun at these tools. I truly appreciate all of the hard work that has gone into developing them, and I am certian that for a professional designer who actually understands what they are doing they are worth learning. But for someone like me, who just wants to click a button and make a photo not look awful nothing on Linux comes close to Polarr.

I love how Electron has made creating cross platform desktop applications completely painless. I think it allows application developers to enable Linux support by default and opens them up to a huge and often overlooked market.

Polarr is free to use with a basic feature set, and you can get the full version for an astonishingly low price of $9.99. If you do anything with Photos on Linux, go buy this right now.

Standard
linux

Whatever hacky script you are writing already exists in GNU Core Utilities

When I think of bash, I think of writing hacky scripts that do random things utilizing “bash commands”. It turns out that the parts of bash that “do stuff” such as echo, cut, cat are part of a larger program called GNU Core Utilities.

The GNU Core Utilities are the basic file, shell and text manipulation utilities of the GNU operating system.These are the core utilities which are expected to exist on every operating system.

Source: Coreutils – GNU core utilities I am working on a general purpose backup utility and this evening I was moments away from writing something like this: perl -e (print split("/\//", "/foo/bar/baz.tar.gz")

My goal was to try to extract the base file name from a given directory (I recognize that that code does not actually do that). Then I realized that this was pure madness and there had to be a better way. This is when I discovered the handy basename program. It simply does the needful. GNU Core Utilities is full of all sorts of gems such as this one. My main takeaway from this is to read the entire GNU Core Utilities manual so I can stop writing horrible things.

Standard
programming

That UI Bug with Missing Data is a Security Issue

This is (sometimes) a development blog, so I am going to write about some failed development of mine since writing about success is much less interesting. You know that UI bug that someone added to your GitHub Issues where there is some missing data? You know the one, it only happens in production, all of your tests pass, and you marked it as a low priority. Yeah, that one. It’s probably a security bug and you should look into it right away. At least, that is the lesson I taught  myself yet again when I began to research this bugBefore

<a id="shared_note.id)" href=""{{">
{{current_user.notes.filter_by(id=shared_note.id).first().title}}
</a>

After

<a href="{{ url_for('main.note', id=shared_note.note_id) }}">
{{current_user.notes.filter_by(id=shared_note.note_id).first().title}}
</a>

The difference is very subtle, but the key issue here is shared_note.idvs shared_note.note_id; I released a feature a few weeks ago that showed you all of the notes that you have shared. Locally everything worked fine, but I noticed later on, once it was in production, that the note title was not showing up. This is, of course, due to the fact that rather than showing the title of the note with the ID shared_note.note_id (the foreign key linking to the note) I was showing the title for the note with the primary key of shared_note.id. The reason why this is a security issue is because this allows someone to share a bunch of notes and start seeing the titles for notes that they do not own. The reason why this worked locally is because I am only testing with a single user, with a single notebook, with a single note, and with a single shared note. This means that in this specific case all of the Primary Keys and Foreign Keys are usually “1” so everything just happens to work.

Key Takeaways

  • Always test with multiple users, make your local environment as similar to production as possible
  • Consider using UUID instead of Auto Incrementing Integers, this would have been immediately caught if that was the case.
  • “Partial Missing Data” == Security Bug (most of the time)
Standard
programming

Laravel Homestead on Ubuntu 16.04

Yesterday I wrote about my first steps with Laravel and Homestead and complained about how I had some trouble getting started. It turns out this has nothing to do with Laravel and instead has to do with a Vagrant bug in the version that is shipped by default with Ubuntu 16.04 LTS.

vagrant up throws The following SSH command responded with a non-zero exit status error for Laravel Homestead

Source: 16.04 – vagrant up throws The following SSH command responded with a non-zero exit status error for Laravel Homestead – Ask Ubuntu

Installing Vagrant manually did the trick and everything worked like a charm. I am so impressed so far, the bootstrapped Laravel project is elegant, well structured, and beautiful by default. I am almost afraid to write any code because I will probably ruin it.

Standard
tech

Ubuntu 16.04 on an Intel NUC

I have too many computers.

The other day I installed Ubuntu on my Alienware PC because I needed to get some work done and I got tired of fighting with Vagrant on Windows. Everything was perfect until I rebooted. The screen did not come back on, and I got tired of fighting with Nvidia drivers.

Next, I pulled my Mac Mini from the closet and started hacking on that. I was encrypting the hard drive, and since it was a spinny disk it took upwards of 22 hours to get it done. This made me sad. Recently, I discovered that I can be a lazy recluse in my apartment thanks to Amazon Prime Now.

In the time that it took for the Mac Mini to finish encrypting the disk, I ordered, received, configured, installed, and encrypted Ubuntu 16.04 LTS on an Intel NUC. I could not be happier with this computer. Its small, quiet, cheap and fast.

I now have a stack of computers on my desk. If I ever get around to writing an electron app, I am golden will three computers with a dedicated OS.

Standard
programming

First Steps with Laravel and Homestead

I’m checking out Laravel for the first time. I think they have a very nice web site, but slightly confusing documentation. First I tried to get composer working but the whole experience felt weird. Once I got it sorted out, I had some other issues with my local environment so then I went ahead and started to read about Homestead.

Laravel strives to make the entire PHP development experience delightful, including your local development environment. Vagrant provides a simple, elegant way to manage and provision Virtual Machines.

Source: Laravel Homestead – Laravel – The PHP Framework For Web Artisans

This was a bit more promising, since Vagrant makes everything dead simple. I was a bit surprised that the docs suggested creating a single Homestead box and sharing it across all of your Laravel projects since this is a practice that I have not seen before.

I went ahead and did what I usually do and create a Vagrant box for my specific project. It’s been many years since I have written any “real” PHP, looking forward to seeing what Laravel has to offer.

Standard
databases

Tunnel to Production PostgreSQL Database

As any responsible sys admin, I only allow local connections to my production database server. This means that if I need to access my DB from my local machine I would most likely need to use an SSH tunnel in order to connect.

For some reason, pgadmin3 no longer seems happy on Ubuntu 16.04 LTS and I am not able to make an SSH tunnel. In addition, it is a bit annoying that you are not able to save passwords with an SSH tunnel by default in pgadmin3, especially since my password is a long and random 50 character string.

The solution is pretty simple using the -L SSH flag.

ssh -L 15432:localhost:5432 $USER@$SERVER

This command creates a tunnel on my  production server, and forwards port 5432 (the default PostgreSQL port) to my local port 15432. This allows me to connect using pgadmin3 as if the database were running on my local machine.

Standard