Search This Blog

Thursday, November 21, 2013

Evernote cheat sheet

This is a work in progress ... my shortcats I relay on and best practices for Evernote.
  • From the Windows desktop
CTRL-Alt-N: create a new note

  • From the Evernote window
Shift-Alt-N: Jump to Notebooks
Shift-Alt-T: Jump to Tags and start searching based on the labels

How to create a static URL link to a file stored in Google Drive

You can upload and store files in Google Drive. With this cloud files service you have the ability to view online your files using Google Drive Viewer. An example link https://docs.google.com/file/d/0B7ftIvGKDqYMMWxrbTZmWGxJb0E/edit may look like:


Problem

How to create a static URL links for files stored in a directory on Google drive so you can use them in your HTML code or blog postings.

Solution

For detail instruction take a look at the reference section below. In short you have to first publish the Google drive directory and make it available for everyone on Internet. The link to share will look similar to:

https://drive.google.com/folderview?id=0B7ftIvGKDqYMTGk0Ujd2QzhYS1U

Please note the last part that represent an ID for your directory that we are going to use below.

With this Id you can now see a directory listing by navigating to:

https://googledrive.com/host/0B7ftIvGKDqYMTGk0Ujd2QzhYS1U/

And to see a single file by adding the file name at the end to the URL :

https://googledrive.com/host/0B7ftIvGKDqYMTGk0Ujd2QzhYS1U/shBrushBash.js
 
$ curl -s -v -o tmp https://googledrive.com/host/0B7ftIvGKDqYMTGk0Ujd2QzhYS1U/shBrushBash.js 2>&1 | egrep '[><]'
> GET /host/0B7ftIvGKDqYMTGk0Ujd2QzhYS1U/shBrushBash.js HTTP/1.1
> User-Agent: curl/7.29.0
> Host: googledrive.com
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: application/x-javascript
< Date: Thu, 21 Nov 2013 00:38:16 GMT
< Content-Length: 2835
< Content-MD5: LXgFS0eQZq4VVenD/ymC6A==
< Last-Modified: Wed, 20 Nov 2013 22:57:22 GMT
< Cache-Control: private, max-age=60
< Expires: Thu, 21 Nov 2013 00:39:16 GMT
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Credentials: false
< Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, GData-Version, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, X-ClientDetails, X-GData-Client, X-GData-Key, X-Goog-AuthUser, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, X-Goog-Visitor-Id, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Origin, X-Referer, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp
< Access-Control-Allow-Methods: GET,OPTIONS
< Server: HTTP Upload Server Built on Nov 14 2013 12:41:34 (1384461694)
< Alternate-Protocol: 443:quic

References

http://googleappsdeveloper.blogspot.co.uk/2012/11/announcing-google-drive-site-publishing.html
http://lifehacker.com/5964262/host-web-pages-on-google-drive
http://stackoverflow.com/questions/14928287/webviewlink-now-returning-404-not-found
https://code.google.com/p/google-apps-script-issues/issues/detail?id=2324
http://www.myblogger-tricks.com/2013/02/how-to-host-your-web-page-content-on.html
https://googledrive.com/host/0B0ap0WDOII5mbjdwajNBMlRoZUU/index.html

Monday, November 18, 2013

Network operating system architecture

In my previous posts we took a look at how hardware networking vendors design and build modern systems. We concentrated mainly on the OS and software integration on the appliance:
Today I found another good article on Arista blog that takes this one step further and again advocates an open operating system design: Linux as a Switch Operating System: Five Lessons Learned. This is what Arista says:
  • It’s okay to leave the door unlocked - get net admin access to the underlying Linux operating system tools
  • Preserve the integrity of the Linux core - keep your product specific changes as small as possible to allow integration with already existing software out there
  • Focus on state, not messages - being only maybe an average programmer I will not comment on this as this is clearly not my area of expertise
  • Keep your hands out of the kernel - why to complicate your code if it doesn't bring any revolutionary benefit; besides it is much easier to find developers who know how to program in linux/libc than in Linux kernel.
  • Provide familiar interfaces to ease adoption - everyone knows the IOS CLI so why to invent something new.
Lesson learned from Arista: reuse, integrate and trust your customers.

The company success would not be possible without a clear and consistent OS and tools set design. From my experience they are the second company (I saw this first on BigIP - F5 load balancers).

Sunday, November 10, 2013

Openstack Havana Neutron features

There is a new Openstack Havana release available and like with every new release there are new networking features as well. A nice presentation getting straight into the Neutron can be found below.

Openstack Havana Neutron features
  • Firewall as a Service
  • Improved L3 router service
  • New modular L2 (ML2) plugin
  • Indigo Virtual Switch (IVS) - next to OVS new virtual switch implementation for the hypervisor 


References

https://wiki.openstack.org/wiki/ReleaseNotes/Havana
http://www.projectfloodlight.org/indigo-virtual-switch/
http://docs.projectfloodlight.org/display/indigodocs/Frequently+Asked+Questions+%28FAQ%29

How to use wildcard certificate with alternative name extensions or server name indication (SNI) certificates

There are number of ways how you can incorporate security into your web site. One and the most common method is to use SSL/TLS protocol to create and maintain a secure channel between the client and server.

Normally, by default for every site (for example for every home page URLlike ww.example.com) that you want to protect you need to set up separate SSL/TLS configuration. The most important part of the configuration is the private key and certificate. In standard SSL deployments this leads to a situation that for every new site you have a new public IP that is tight through DNS to URL name that is used as a CN(common name) in the new certificate.

The security of the TLS/SSL protocol heavily depends on the method how the client verifies and confirms and  the identity of your site. The most common and the most important part of the client check is to evaluate and compare the site URL with the CN value embedded in the certificate.

From high level point of view to grantee your sites security you need to protect and mange all your private keys and certificates on all devices like web servers, load balancers etc.

Problem

How to use a single certificate to protect multiple different sites (domains).
How to use a single public IP to host multiple SSL sites.

Solution 1: wildcard plus alternative names
  • Wildcard 
To use a single certificate for multiple sites we can use wildcard certificate. This certificate can be used for all domains with a shared name, like for example *.rado.com. There is a limitation that the wildcard can only be used to mask one single domain level name. That means:

subdomain1.rado.com - ok
sub2.subdomain1.rado.com - bad
  • Alternative names
A certificate can be used to protect 2 and more different domains. For example: ww.rado.com and www.radoninja.com. All what you need is to provide one or more alternative names when registering and buying a certificate.
  • Combine alternative names and wildcard in a single certificate
You can combine these to options. You can have a wildcard certificate with multiple alternative names using wildcard domains, example:

*.rado.com - CN
*.subdomain1.rado.com - alternative name to overcome the wildcard limitation
*.radoninja.com - alternative name for 2th domain
*.subdomain.radoninja.com - another alternative name, etc...

Solution 2

Alternatively to use a single certificate with multiple domains uou can use the newer TLS extension called SNI.

The disadvantage is that SNI is relatively new. There are some older web clients, for example Win XP or some mobile browsers that don't support it yet. That means that  your site may not be available for these clients if you supports only SNI.

Example

http://www.ssltools.com/certificate_lookup/www.wikipedia.org

SSL Certificate

Common Name : *.wikipedia.org 
Subject Alternative Names : *.wikipedia.org, wikipedia.org, m.wikipedia.org, *.m.wikipedia.org, wikibooks.org, m.wikibooks.org, *.wikibooks.org, *.m.wikibooks.org, wikidata.org, m.wikidata.org, *.wikidata.org, *.m.wikidata.org, wikimedia.org, m.wikimedia.org, *.wikimedia.org, *.m.wikimedia.org, wikimediafoundation.org, m.wikimediafoundation.org, *.wikimediafoundation.org, *.m.wikimediafoundation.org, wikinews.org, m.wikinews.org, *.wikinews.org, *.m.wikinews.org, wikiquote.org, m.wikiquote.org, *.wikiquote.org, *.m.wikiquote.org, wikisource.org, m.wikisource.org, *.wikisource.org, *.m.wikisource.org, wikiversity.org, m.wikiversity.org, *.wikiversity.org, *.m.wikiversity.org, wikivoyage.org, m.wikivoyage.org, *.wikivoyage.org, *.m.wikivoyage.org, wiktionary.org, m.wiktionary.org, *.wiktionary.org, *.m.wiktionary.org, mediawiki.org, *.mediawiki.org, m.mediawiki.org, *.m.mediawiki.org 
Issuer Name : DigiCert High Assurance CA-3 
Serial Number : 07:24:ee:a9:7c:55:f2:57:5e:28:8b:a4:cc:f2:0e:8e 
SHA1 Thumbprint : DA:AA:A4:9B:AD:0C:1F:A3:29:71:D8:CC:62:BA:72:D1:A4:DB:94:9F 
Key Length : 2048 bit 
Signature Algorithm : sha1WithRSAEncryption 
Secure Renegotiation: Supported


References

http://en.wikipedia.org/wiki/Server_Name_Indication
http://en.wikipedia.org/wiki/Subject_Alternative_Name
http://stackoverflow.com/questions/2115611/wildcard-ssl-on-sub-subdomain

http://en.wikipedia.org/wiki/Server_Name_Indication
http://www.delantek.com/san.html
https://devcentral.f5.com/articles/multiple-certs-one-vip-tls-server-name-indication-via-irules#.Un832_lpmYI

3.1.  Server Identity
http://www.ietf.org/rfc/rfc2818.txt

http://www.networksorcery.com/enp/protocol/tls.htm


Wednesday, November 6, 2013

How to recognise encrypted private SSL key

Problem

How to recognise an encrypted private key.

Solution

You can recognise and see if a key is encrypted by looking at the first lines of your private SSL key file. Below is an example:
  • Key is encrypted  
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,123456ABCD719580

diYueU...
-----END RSA PRIVATE KEY-----
  • Key is not encrypted 
-----BEGIN RSA PRIVATE KEY-----
MIIEogI...
-----END RSA PRIVATE KEY-----


Sunday, November 3, 2013

Simple MongoDB tutorial

MongoDB has become one of the popular NoSQL db engines. It is considered as a NoSQL db and uses some concepts and names that are different from these used in relational database systems.

Alongside MongoDB there are many others NoSQL dbs. An short summary of available db options and theirs features can be found here.

Below are some of my notes how to start with MongoDB.

How to install MongoDB
How to create your first table in the NoSQL data base

It is important to note that data bases will be created dynamically after you insert a first data into a collection (e.i insert a row into your table in the db - collection is a name for table in mongo).

http://docs.mongodb.org/manual/reference/sql-comparison/
http://docs.mongodb.org/manual/tutorial/getting-started/
http://www.mkyong.com/mongodb/how-to-create-database-or-collection-in-mongodb/

How to insert data into table

http://docs.mongodb.org/manual/tutorial/getting-started/

# start the shell interpreter
$ mongo
> show dbs
help    (empty)
local   0.078125GB
test    (empty)

> use rado
switched to db rado

> j = { name : "hello  word" }
{ "name" : "hello  word" }
> k = { x : 3 }
{ "x" : 3 }

> db.mycollection1.insert(j)
> db.mycollection1.insert(k)

> show dbs
help    (empty)
local   0.078125GB
rado    0.203125GB  <<<
test    (empty)

> use rado
> show collections
mycollection1  <<<<< 
system.indexes

> db.mycollection1.find()
{ "_id" : ObjectId("52767264795748b715336b87"), "x" : 3 }
{ "_id" : ObjectId("5276726a795748b715336b88"), "name" : "hello  word" }

Mongo shell commands 

http://docs.mongodb.org/manual/reference/method/

Install python API library for MongoDB
  • Install the library 
http://docs.mongodb.org/manual/applications/drivers/
http://docs.mongodb.org/ecosystem/drivers/python/

apt-get install python-pymongo
  • Customize the bash environment and install ipython 
http://rtomaszewski.blogspot.co.uk/2013/10/home-directory-and-dotfiles-management.html

 apt-get install ipython

Your first Python script that connects to MongoDB 

http://api.mongodb.org/python/current/tutorial.html
http://docs.mongodb.org/manual/reference/method/db.collection.insert/

Example Python code to insert data to our Mongo collection:
 
# rado-hello-world.py

import pymongo
from pymongo import MongoClien

client = MongoClient()
db = client['rado']

db.collection_names()
[u'system.indexes', u'mycollection1']

collection = db['mycollection1']

for doc in collection.find():
   ....:     print doc
   ....:
{u'x': 3.0, u'_id': ObjectId('52767264795748b715336b87')}
{u'_id': ObjectId('5276726a795748b715336b88'), u'name': u'hello  word'}

l = { "from" : "python", "mytext" : "hello from python" }
collection.insert(l)
ObjectId('52767d071d011c22eb1a7de5')

for doc in collection.find():
    print doc
   ....:
{u'x': 3.0, u'_id': ObjectId('52767264795748b715336b87')}
{u'_id': ObjectId('5276726a795748b715336b88'), u'name': u'hello  word'}
{u'_id': ObjectId('52767d071d011c22eb1a7de5'), u'from': u'python', u'mytext': u'hello from python'}

Further info about write operations 

Once of the big differences when working with NoSQL is that they are an implement of CRUD instead of ACID operation.

http://rsmith.co/opinion/technology/2012/11/05/mongodb-gotchas-and-how-to-avoid-them/
http://docs.mongodb.org/manual/core/write-operations/
http://docs.mongodb.org/manual/core/write-concern/
http://api.mongodb.org/python/current/api/pymongo/mongo_client.html#module-pymongo.mongo_client

We could say than that the performance increase is at the cost of security and integrity. If you don't want to lost any data and see errors as you type the commands you can use the options below when connecting to mongo DB. Please keep in mind that this trade off will have some performance implication in busy production systems although
 
# default 
>>> client = MongoClient()
>>> client2 = MongoClient( j=True, fsync=True )

>>> client2.write_concern
 {'fsync': True, 'j': True}

>>> client.write_concern
 {}