Tales of an IT Nobody

devbox:~$ iptables -A OUTPUT -j DROP

Certbot on Amazon Linux without using Yum – Fix [Errno 2] No such file or directory May 18, 2019

So let’s say you’re running an aging version of Amazon Linux and don’t want to blow up your system by wedging in yum repos from distributions that aren’t quite in line with the CentOS derived Amazon Linux.
Instructions on the web call on users to use Fedora or RHEL yum repos for CentOS users; but on Amazon Linux, you’re kind of twice-removed.

So long-story short, here’s some fodder for those who want the benefits of LetsEncrypt without the fluff of a repo.

My instructions will be for Apache/HTTPD, but you’ll see the key linch-pin item below.

First, start by downloading Certbot by hand:

Second, back up your Apache HTTPD configuration:

Third, test certbot-auto and let it ‘bootstrap’ dependencies:
** An error is likely here**

Error from certbot – “creating virtual environment” gives an error: “No such file or directory”:
After running the command above – you may see this error after it installs the dependencies for certbot:

After some searching, I’ve found that this is really easy to solve!

To fix, upgrade pip and REMOVE virtualenv:

Now you’ll see that certbot works like a champ!

Once you’ve established a working test configuration with certbot – you should see a LetsEncrypt test certificate on your site, it’s time to run the real command without the --test flag.

certbot-auto --debug --apache

If all goes well, you’ll have a completely valid and proper SSL certificate for free via LetsEncrypt!

I won’t cover the automation aspect as there are already endless write-ups on how to do that.

No Comments on Certbot on Amazon Linux without using Yum – Fix [Errno 2] No such file or directory
Tags:
Categories: apache servers

Using _.intersection for deep many to many filter June 26, 2015

Sometime you might find yourself needing a fast way to do a complex match on property from an array of objects under a property (confused?)

Let’s say I have a collection of objects as such:

I want to have a fast way to get all items that are in group ID: 1 OR 2.  The transverse can be just as useful, items NOT in groups with ID of 1 OR 2.

UnderscoreJS’s intersection method in conjunction with _.pluck can make short work of this task.

Here’s an example (in Typescript) for the given array of objects as above (array of objects, with property of ‘groups’, which is an array of group objects)

The key here is the _.filter declaration within the Typescript method wrapper.

 

No Comments on Using _.intersection for deep many to many filter
Categories: programming

PHP Interface rant June 15, 2015

This isn’t my first rant about interfaces (which are finally receiving a due adjustment).

I haven’t tested it, but don’t believe I’ve seen anything pertaining to interface inheritance, look at the following use case for example, which fails in current PHP 5.6:

There are some benefits to doing this, however as you can be implicit with the interface while supporting explicit behavior in other areas.

No Comments on PHP Interface rant
Categories: php rant

How to show us your company is immature. June 9, 2015

I’ve seen ‘Sentry‘ pop up a few times – it’s a neat SaaS that ails the pains of logging and monitoring  for development level logging. It’s pretty neat, has a spot for business for sure.

Here’s the problem and I touched base on this a while ago – your business WILL be judged on it’s class. (As in ‘classy person’).

2015-05-01 21_03_05-Sentry_ Track exceptions with modern error logging for JavaScript, Python, Ruby,

Want my business’s money? Be more eloquent.

Remember, not everyone with a pocketbook is looking to trust critical data and infrastructure decisions on a company that thinks unnecessary words are professional enough for their home page slogan.

I can swear like a fish some days, but I maintain professional behavior to those outside my ‘circle’; there’s a song and dance you need to do for B2B and government relationship to open up the coffers for you. (This ain’t it).

No Comments on How to show us your company is immature.
Categories: rant Uncategorized

Laravel/Lumen vs Symfony/Silex a corporate perspective May 30, 2015

YAPFC. Yet Another PHP Framework Comparison. I’m judging Silex and Lumen through their bigger brothers, Symfony 2 and Laravel 5.

After doing some extensive research, re-evaluating the PHP framework atmosphere, two frameworks and their respective “mini-me” counterparts seem to rule the seas.

In this post I’m simply sharing my opinion of Laravel and Symfony and their lighter-weight counterparts: Lumen and Silex. Drawing from my 15 years as a PHP developer, 10 as a professional (aka: full time employed) I am drawing from my perspective as a small business owner who does contract work and a government employee.

The winner is (for this developer): Symfony / Silex.

Let’s just start: I’m resting my laurels on Silex. (and Symfony).

As a business owner, it’s my job to choose  the best balance between productivity and production for my clients. As leader of a development team, my concerns are pretty much the same, but I have to answer for more than being my own boss on the side. These are my points as to why I feel confident saying this (right now).

Quick note: Laravel is a very nice framework – if LTS was offered and there was a demonstrated history of design stability, my vote would be different.

1. Longevity.

Symfony offers LTS (long term support) for it’s versions, it’s corporation backed and has THE following of experienced developers doing their thing. This is extremely important to know, because that means the rug won’t be pulled out from under you from version to version. There’s a highly structured process in place for dealing with upgrades and notifying of BC breaks. Silex absolutely benefits from this.

Laravel on the other hand is more of a one-man show than Symfony. In my travels, I examined the version history of Laravel and Symfony, and I found that Laravel was simply too volatile for adopting into the environments that I work in. For lack of a better phrase, cutting edge in Laravel at times have clobbered those who chose to jump in with both feet at a more frequent cycle than Symfony. Lumen will have the same woes.

(Re-read that: at a more frequent cycle, PROGRESS has a cost – but there needs to be a methodical approach for enterprise environments to feel comfortable).

Not quite ready

Not quite ready (http://www.reddit.com/r/PHP/comments/1eld2t/why_would_anyone_choose_laravel_over_symfony_or/)

2. Opinionated

Lumen is easy to set up – because it’s opinionated. Opinions in my world mean you’re harder to “slip stream” into a code base refactor. Can you gut it and make it your own? Yes. But that’s just as much work as starting with something without an opinion, right?

Silex is barely opinionated. Almost no training wheels, which makes it more hostile for inexperienced developers.

That’s it!

Really, those are the things that rub me the wrong way. I think Laravel/Lumen have a lower learning curve (due to opinion) and you truly can get off the ground faster with Lumen in my opinion. However, these frameworks largely do the same thing.

This is a somewhat painful decision

I honestly like Laravel/Lumen a bit better in regards to learning them quickly. Laracasts are a true contribution to the community – not just bettering the cause of Laravel.

I think in a few years, Laravel will become the big kid on the block that it deserves to be – but right now there’s too many warning flags going off regarding API stability and decision making.

Somewhat painful?

Yes! Laravel and lumen ship with Eloquent out of the box. It uses the active record paradigm and AR can’t hold a candle to a data mapper pattern in terms of protecting yourself from your dependencies.

This really rubbed me the wrong way because it’s like giving a loaded gun to an inexperienced developer (or team). I expected a better ORM architecture for a framework for artisans.

I realize I can ignore it, and use Doctrine – but really, they should not have coupled an ORM from the get go. It’s a “crack factor” for the framework in my opinion.

2 Comments on Laravel/Lumen vs Symfony/Silex a corporate perspective
Categories: php programming

Commando style: triage dashboard May 20, 2015

If you’re working on a foreign system, or one that doesn’t have the bells and whistles that make you feel at home, sometimes you need to improvise tools on the spot by chaining together commands, etc.

This little one-snip serves as a “dashboard” approach for quickly assessing consumption,

 

 

No Comments on Commando style: triage dashboard
Categories: servers tools

iptables list – a helpful ~/.bashrc alias May 10, 2015

I grow tired of asking iptables to give me my line numbers for insert/deletes, and sometimes, I just want it to “cut to the chase” and give me numbers.

Toss this into your ~/.bashrc for making life easier:

then run source ~/.bashrc  to reload.

Output sample:

Voila! Now you’ve got counters (helpful for debugging btw), numeric IP’s and line numbers at your fingertips!

No Comments on iptables list – a helpful ~/.bashrc alias
Categories: servers

Worthy of Distribution: Angularjs patterns April 29, 2015

Feel like you’ve gotten ‘over the hump’ on getting AngularJS to do what you want? Check out the video below to help save yourself from being overly analytical for your project structuring and avoiding common pitfalls (and general javascript pitfalls) for moving on to the “next level” for AngularJS development.

 

No Comments on Worthy of Distribution: Angularjs patterns
Categories: angularjs programming

A PHP bug – really? (custom session handlers) April 18, 2015

It’s not often I ramble about PHP, since it’s my bread and butter. But after perusing the RFC notes to get up to speed on the PHP 7 pipeline, I found this: https://wiki.php.net/rfc/session.user.return-value

That bug has been around for how long? I’m amazed folks with pitchforks haven’t come out on that one sooner. I myself have suffered great pains dealing custom session handlers for this exact bug. Shame shame! (At least it’s getting fixed)

/rant

No Comments on A PHP bug – really? (custom session handlers)
Categories: php programming rant

PHP 7 Roundup – implicit ‘array to string’ conversion April 15, 2015

Feast your eyes upon this: https://wiki.php.net/rfc/array-to-string

If you’ve been in the trenches for a long time, chances are you’ve been bitten more than enough by the implicit array to string conversion as such:

It will now look like this in PHP 7:  Catchable fatal error: Array to string conversion

 

 

No Comments on PHP 7 Roundup – implicit ‘array to string’ conversion
Categories: php programming

PHP 7 Roundup: Chainable ternary awesomeness. April 12, 2015

Feast your eyes on this: https://wiki.php.net/rfc/isset_ternary

This eliminates quite a bit of ‘noise’ and ‘fluff’ use in any display logic, it’s a new ternary operator that allows you to quickly set a default without doing the isset() dance.

This has a limited affect if you use a templating engine like Twig, but it’s still very nice if you have to do some quick and dirty default setting at the code level for display.

 

No Comments on PHP 7 Roundup: Chainable ternary awesomeness.
Categories: php programming

A better way to give Logstash permissions to your logs

So you’re ready to rock out Logstash to ship your logs – there’s one little headache: You still need to give it access to your files. Chances are, you want “all of the files!”

The internet will (at the moment) instruct you to use “setfacl”, or various chown/chmod techniques or even add logstash to various groups.

READ THIS TECHNIQUE FIRST!

Why setfacl won’t work

Logrotate can be scripted, but sudo-io (sudo logging) can’t. There are other exceptions where logs not managed by logrotate don’t persist setfacl settings.

Why chmod/chown and adding “logstash” to groups its a bad idea

You’re making too many exceptions, and relinquishing flexibility to give access to the logs in a normal basis. (meaning, not using something like setfacl, but instead normal linux groups)

Then what works best?

It’s so clean and tidy: either through mount –bind or  bindfs.
Feast your eyes on this:

 

OR (in the case of ext4)

You’re given a tidy ‘ro’ binding of the /var/log dir ONLY readable by the logstash reader.

I hope this helps those who want to ship “all of the things!” – this is a good separation of concerns for managing logstash access.

‘bindfs’ is available in the default Debian repos as well!

 

No Comments on A better way to give Logstash permissions to your logs
Categories: Uncategorized

How to use PHPUnit installed by composer in PHPStorm April 5, 2015

Ever wonder how to properly use those packages installed from the require-dev section of composer.json?

Ideally you’d integrate them with your IDE, or perhaps set up your system path to access it via vendor\bin\phpunit – If you use PHPUnit, take a quick look at this on how to properly set up PHPUnit in PHPStorm on a per-project basis (because not all projects use the same PHPUnit version).;

No Comments on How to use PHPUnit installed by composer in PHPStorm

PHP 7 Roundup: RETURN TYPES! March 27, 2015

Many years ago (in 2011) I wrote “interfaces are worthless“. For the most part they have remained mostly worthless for me as typically a superclass of sorts has proven to be a better solution for taxonomy and enforcing the exact typing rules I have criticized interfaces in PHP for in the past.

Feast your eyes on this: https://wiki.php.net/rfc/scalar_type_hints_v5  – not enough for you? ok, how about THIS! https://wiki.php.net/rfc/return_types

PHP 7 is shaping up to be a pretty awesome release. FINALLY. RETURN TYPES. INTERFACES. JOY.

No Comments on PHP 7 Roundup: RETURN TYPES!
Categories: php programming rant

Composer and getting to vendor/bin March 22, 2015

Want to stop typing ‘vendor\bin\toolname’ to access tools like PHPUnit, phpcs, etc when installed through composer?

It’s a simple process really – merely add “vendor\bin” into your PATH variable and profit! (as long as you’re running the command from the project root).

No Comments on Composer and getting to vendor/bin
Categories: php programming tools

Ionic – Things I wish I knew out of the gate March 18, 2015

Cordova is a gamechanger. Ionic framework (and ngCordova) are game changers to the Cordova scene. However, I have already learned two very painful lessons as a beginner into the bowels of Cordova-tech:

Avoid ionic-generator

While yeoman generators can be helpful, the ionic-generator simply imposes too much junk into your workflow. It shouldn’t be a surprise to those familiar with the generators.

“ionic run <platform> -lc”

Words cannot express how upset I was after much searching and suffering with launching emulators that livereload (‘-l’) comes OUT OF THE BOX with ionic-cli. Their ‘getting started’ documentation has nothing on this (as of this writing)!

Avoid ‘../’ (relative paths) in ANYTHING

Unless you want to mess around with building, you will end up biting yourself eventually when testing. For example, when you test with the ‘serve’ functionality, everything is served over HTTP.

You can end up biting yourself when you use relative paths in regards to css, js or angular template files, e.g.:

http://foo.bar.com/../file.js is the same as http://foo.bar.com/file.js
file://www_app/../file.js is NOT the same as file://file.js

The problems manifest themselves when you run on your device, the protocols turn into file:// and aren’t protected from the browser fail-safe’s.

$stateProvider: ‘cache: false’

$state.go('foo', {}, {reload: true}  does no good, you need to specify this extra property in your state definition in order to reload the controller.

 

No Comments on Ionic – Things I wish I knew out of the gate
Categories: Ionic

AngularJS modals: anything NOT angular-ui-bootstrap March 17, 2015

I have grown warmly toward the semantic ui offerings. However, when dealing with a fledgling framework that doesn’t have an active port for angularJS, some things can be frustrating since you sometimes have to re-implement boilerplate calls that are already bundled in with the angular-ui-bootstrap project.

One of the bigger pain in the butt areas is the modal dialog. Specifically, wrapping a non-angularjs variant to support controllers, etc. There is a (nearly) silver bullet for your woes, take a look at the pain free abstraction called ‘angular-modal-service’ github.com/dwmkerr/angular-modal-service

By simply adding this into your project you can get many levels of complexity for a modal dialog in WHATEVER FLAVOR YOU WANT. Take a look, it’s been a life saver for me!

 

No Comments on AngularJS modals: anything NOT angular-ui-bootstrap
Categories: angularjs

PHPCS custom standards and PHPStorm integration March 9, 2015

At about 6 minutes long, I threw together this screencast to show a method to involve your custom PHP CodeSniffer standards into your project workflow when using Composer. Essentially it covers the convenience of putting your standards into a Composer package and adding a wrapper to ‘extend’ the PHPCS shell/batch script to automatically detect your custom standards without having to install them system-wide in your development environment. *Best viewed in full screen*

No Comments on PHPCS custom standards and PHPStorm integration
Categories: php programming tools

Securing Elasticsearch – Part 1 May 28, 2014

The most frequently asked question for ElasticSearch and security is “how do I require login”?

Once you’ve answered and implemented the answer to that question; a larger, truly more troublesome issue looms. The same principals used to secure ElasticSearch; typically a proxy fronted by Apache/nginx use various auth techniques. If you know what you’re doing, you have different endpoints in that proxy for controlling who can do GET/POST/DELETE requests, possibly pre-determining the index and type.

If you REALLY know what you’re doing, you’ll be far more concerned over the payload.

While reading through the documentation, I was surprised; no, SHOCKED to see that ElasticSearch ships with a security flaw as severe as remote code execution as an intentional feature through the dynamic scripting component of a body payload for ES.

If you’re responsible for running ElasticSearch servers…

You must examine how queries are sent into the server. If your web developers are sending near-verbatim DSL queries to ElasticSearch without any further filtration except auth and index constriction, please read this.

A malicious person could modify the payload directly to read files directly off of your filesystem and serve them up in ES.

The article contains a proof of concept (POC) link – simply download and modify the file and point it to your ES server and see if you’re vulnerable.

I think in most cases, dynamic remote scripting isn’t a big deal to turn off. So I’d strongly suggest following the advice on this page:  script.disable_dynamic: true

 

Stay tuned for Part 2 of a more obsessive approach to securing ElasticSearch for use on public search interfaces.

2 Comments on Securing Elasticsearch – Part 1
Categories: nosql security servers

angular-ui-router – IE8 and nested states April 16, 2014

Just a quick tip, If you still have to maintain compatibility with IE8 (< AngularJS 1.3) – and you’re using angular-ui-router for nested views, the documentation for nesting states says you should use “<ui-view />” for your template for an abstract parent state:

Remember: Abstract states still need their own <ui-view/> for their children to plug into. So if you are using an abstract state just to prepend a url, set resolves/data, or run an onEnter/Exit function, then you’ll additionally need to set template: "<ui-view/>".

 

The problem is, IE8 doesn’t like “<ui-view />” – so instead, (I’d suggest this anyways), use:

 

 

2 Comments on angular-ui-router – IE8 and nested states