Adam Monsen

June 17, 2012

How to securely connect an AWS load balancer to EC2 instances

Filed under: Default — Tags: , — adam @ 2:24 pm PDT

Here’s the magic sauce to securely allow traffic to your webservers only from your load balancer. Run the following:

ec2-authorize --region REGION -C /path/to/cert.pem -K /path/to/key.pem ELB_NAME -u OWNER_ALIAS -o SOURCE_SECURITY_GROUP

The tricky bits for me were:

  • having to generate an X.509 key and cert just for this purpose (there’s gotta be a way to do that from the web console)
  • OWNER_ALIAS above and in the web console equates to SOURCE-OR-DEST-GROUP-USER in the ec2-authorize(1) manpage.
  • SOURCE_SECURITY_GROUP above and in the web console equates to SOURCE-OR-DEST-GROUP in the ec2-authorize(1) manpage.
  • to remember to include --region

The documentation for same is confusing to someone like me who doesn’t know much AWS security group terminology.

As far as I know, there’s no way to perform, view, or manage this special security setting through the web console.

May 3, 2012

DRM Sucks. Help end it now!

Filed under: Default — Tags: , , — adam @ 11:11 am PDT

Day Against DRM vertical banner

March 18, 2012

Save power: sleep your Ubuntu home server

Filed under: Default — adam @ 10:30 pm PDT

I don’t need my server on while I’m sleeping. Turns out Ubuntu servers love to sleep, too.

The first hurdle was nontechnical. I had to decide that I was ok not being on IRC while asleep. Once I made this decision, I realized it was the right decision anyway.

The next hurdle was scheduled late-night backups. They’re important. What if the server is powered down when a job is scheduled to run? Anacron to the rescue! When you install it on Ubuntu it transparently takes over daily, monthly, and weekly cron jobs. I installed anacron with

sudo apt-get install anacron

Now, to install a new daily backup job managed by anacron, the easiest thing to do is just add an executable script to /etc/cron.daily.

I also have a bunch of @daily stuff in my personal crontab. There are a couple more steps to get it working as a non-root user, but it’s doable.

To actually put the computer to sleep I use

sudo pm-suspend

over an SSH connection (since the server is normally headless). The first time I tried this the box just froze, but I haven’t been able to repro that since I unplugged the VGA monitor and created swap space. Not sure which of those changes, if either, allowed suspend to work.

I’d also like to resume the box with wakeonlan, but it doesn’t work. Both machines are on the same switch, but the BIOS or ethernet card may not support wake-on-lan.

March 5, 2012

Squelch Doctrine/MongoDB logging in Symfony2

Filed under: Default — Tags: , , , , , — adam @ 7:30 pm PDT

If you use Doctrine+MongoDB in Symfony2, you may have flood of mongodb queries in your dev environment log. Here’s a snippet of code for app/config/config.yml that will squelch them:

doctrine_mongodb:
  document_managers:
    default:
      logging: false

February 28, 2012

SSH connections hanging: fixed by disabling TCP window scaling

Filed under: Default — adam @ 4:25 pm PDT

This is mainly just for my own future reference, but you may end up here via a web search if you ran into the same problem.

I use Symfony2, which leverages Git to manage bundles (a.k.a. libraries). There’s a script called “vendors” which can (currently) be used to update bundles. Running bin/vendors install is a common operation: this descends into every bundle directory and pulls down the latest code. All of my own bundles are reached via git+ssh.

The git+ssh connections to update my bundles were hanging. There are many layers that could be malfunctioning, but I first suspected my failing Netgear wireless access point / router. Lately, weekly reboots have been necessary to even be able to associate with the thing.  I also suspected my /etc/hosts.deny was too big, but these connections were really slow, hanging for minutes at a time (where they were usually instant).

I happened upon this old bug, and decided it might indeed be my router. I ultimately have no idea why, but here’s what fixed the hanging connections for me:

echo 0 | sudo tee /proc/sys/net/ipv4/tcp_window_scaling

I imagine this should be a temporary change, since it sounds like TCP window scaling generally results in more efficient data transfer.

I’m going to round file the netgear tonight, hopefully that’s the problem.

Other ideas:

February 5, 2012

Reading Webpages. Like, actually reading!

Filed under: Default — adam @ 9:05 am PDT

Forget surfing. Clicking from page to page, skimming paragraphs, forgetting it immediately. Someone spent quality time writing, I want to spend quality time reading. Like the good old days. Reading beautiful print on paper, understanding, thinking about what I’m reading.

Along these lines, I totally heart that “READER” trick iOS 5 Mobile Safari does with some webpages. Anyone know how to teach Chrome or Firefox to do the same?

If you haven’t heard of it, see http://www.apple.com/ios/features.html#gallery-safari-reader.

This is an absolute revolution in actually reading overstyled, ad-riddled online content. I even find myself hitting the READER button for fairly clean content because it always produces a consistent result.

This really shouldn’t be a revolution. We know people can read/concentrate/comprehend better without distraction!

Crosspost: https://plus.google.com/109728769351141658237/posts/TCsVTGf5jeM

Update: Krzysiek Głębowicz mentioned Readability and I found dotEPUB.

January 31, 2012

Auto-update bind 9 zone database serial numbers

Filed under: Default — Tags: , , — adam @ 3:45 pm PDT

This post is helpful for configuring emacs to automatically update the “Serial” in bind zone databases. I wanted to do the same in Vim, but the solutions in the comments of that post didn’t work for me. Here’s a version that does. It’s yours for free under the Affero GPL v3 (or any later version, at your preference):

function s:BindZoneSettings()
    function s:UpdateBindZoneSerial(date, num)
        if (strftime("%Y%m%d") == a:date)
            return a:date . a:num+1
        endif
        return strftime("%Y%m%d") . '01'
    endfunction
 
    function s:ReplaceBindZoneSerialLine()
        :%s/\(2[0-9]\{7}\)\([0-9]\{2}\)\(\s*;\s*Serial\)/\=UpdateBindZoneSerial(submatch(1), submatch(2)) . submatch(3)/g
    endfunction
 
    autocmd BufWritePre /etc/bind/db.* call ReplaceBindZoneSerialLine()
endfunction

January 5, 2012

Get Back at those Fat Cats!

Filed under: Default — Tags: — adam @ 2:15 pm PDT

Fat Cats logo: purple cat in a business suit smoking a cigar

If you have an iPhone or iPad, check out the game Fat Cats!

December 31, 2011

Browser Pause

Filed under: Default — adam @ 10:08 pm PDT

Here’s an idea for Web browsers. When the browser window loses focus, stop everything. Freeze all threads, animated images, scripts, plugins… everything. This would be most useful as a setting that could be enabled and disabled at will. Sometimes I’d just like the browser to just simmer down while my attention is elsewhere. No need to be AJAXing around and stuff.

Thoughts?

December 22, 2011

Don’t Get Locked In

Filed under: Default — Tags: — adam @ 3:55 pm PDT

Here’s a Public Service Announcement for those of you who wish to buy an iPhone and might want to use it for a different carrier than the one the phone is locked with.

You can’t.*

If you buy an At&t iPhone, Apple says Thou Shalt Only Use Thy iPhone with At&t, and makes it very difficult to use the phone with, say, T-Mobile. You’ll get to use the phone, but At&t and Apple really still own part of it, the part that says how the phone can be used.

Strange, isn’t it? It’s like you bought a roll of duct tape, but it only works on ducts.

Other ideas:

  1. buy an unlocked iPhone instead. iPhones hold their value well, especially unlocked ones. They cost a lot more so the upfront cash required is high, but an unlocked phone gives you the freedom to change carriers anytime for any reason. When you figure out the price of the phone, don’t just look at the initial price, look at the cost of the contract over the life of the contract and check prices on similar used unlocked phones on eBay.
  2. don’t buy an iPhone. By purchasing an iPhone you’re telling Apple that you’re willing to pay the price of your freedom. Apple pushes hard on its customers, saying what they can and can’t do. They sure do make awesome technology, but at the cost of personal freedom.

Learn more about freedom at https://www.eff.org.

* If you are brave, patient, lucky, and desperate, you may be able to bypass the electronic measures in place which lock the phone to At&t.

« Newer PostsOlder Posts »

Powered by WordPress