Encrypting an external drive using LUKS

I recently had a friend who lost an external hard drive where she stored private information. This hard drive can now be read by anyone who finds it because there was no protection on it. To prevent that from happening to me I decided I will start encrypting my external drives (My computer drives are already encrypted by the OS).

The first thing you should do is temporarily backup your data in another drive. In order to encrypt the external drive we will need to remove all the data first.

Read more »

Android development with Docker

I’ve been using Docker for developing servers and other web applications for a few months and I find it very comfortable. When I want to work on one of my projects I just need to clone the git repository and run a Docker command and everything is ready to start developing. The environment and all dependencies are installed inside the Docker container automatically and the developer doesn’t need to worry about a thing.

Today I decided to try to expand this concept to one of my Android projects. With Android development there are a few challenges to overcome. We need to get the correct development tools to build the project as well as a way to easily install the build into a device for testing. A few people have already done a lot of work on this subject so I’m going to use as much of their work as I can.

Read more »

Simple HAProxy setup

I’m migrating a few web apps from a shared web server to a Digital Ocean droplet. Since I’m going to be hosting more than one application in the same machine I need a proxy that will direct traffic to the correct application based on the domain name.

I decided to use HAProxy because I have never used it and because in the future I can extend it to also do load balancing if necessary.

Since I’m moving a domain that I already own from one shared server to a Digital Ocean droplet, the process I’m going to follow is going to be something like this:

  1. Set up my application in the droplet so it runs in a port different to port 80
  2. Set up HAProxy so it runs on port 80 and routes all traffic coming from the correct domain name to my application
  3. Change DNS configuration so traffic from my application domain is now sent to the droplet

Read more »

Bitwise operations in Javascript

I’ve been doing a few algorithm exercises that deal with binary numbers lately. Since my language of choice for algorithm problems is JavaScript and I had in the past read a little about how JavaScript numbers work, I was really confused to find out that binary operations actually work, since JavaScript numbers are represented with an exponent-fraction notation.

A quick search gave me the answer to this question. When you do binary operations against a number this will be converted to an integer in two’s complement. Another interesting thing is that even though JavaScript numbers are built using 64 bits, they will be converted to 32 bits when doing binary operations. Lets see how these two factors affect our operations.

Read more »

Set up SSH keys for logging into your server

I have a server that I can SSH to by using a username and password. This works fine, but I need to automate some things and now I have the need to SSH into my server without being prompted for a password. Using SSH keys is a very natural way of doing this so I decided to go ahead.

The first thing to do is generate an SSH key pair. This command should be run on the client (the computer that will SSH into the server):

1
ssh-keygen -t rsa

I named my key server_key_rsa. I also decided to use no passphrase because I don’t want to be prompted for it every time I SSH into my server.

Now, we need to copy this generated key to the server:

1
ssh-copy-id -i /home/myself/.ssh/server_key_rsa user@myhost

From now on I won’t be prompted for a password when I try to log into my server.

SSH tunneling

I have found SSH tunneling very useful for two main scenarios:

– I want to access something that can’t be accessed from my local computer
– I want someone to access something in my computer

Lets look first at accessing something that can’t be accessed from my local computer. The easiest way to explain is with an example. I’m sitting at my desk with my laptop and I want to connect to my production database to run some queries. For security reasons, I can’t access my production database directly from my desk. As a matter of fact, for security reasons there is only one way you can access my production database, and this is from my application server. I have specifically denied all access to my database from all IP addresses except from the IP address where I’m running an application that uses the database.

So, what do I do when I want to run queries in my database? I SSH into my application server and connect to my database from there. This works, but there are scenarios where it would be easier if I could just connect directly from my laptop (e.g. I want to use a graphical client for connecting to my DB). We can solve this by creating an SSH tunnel.

Read more »

Installing Glide with Docker

I was looking for a simple recipe to install Glide into one of my Docker images and I couldn’t find it so I created my own:

1
2
3
4
5
6
7
# Install glide
RUN mkdir /tools
WORKDIR /tools
RUN wget https://github.com/Masterminds/glide/releases/download/0.10.2/glide-0.10.2-linux-386.tar.gz
RUN tar -zxvf glide-0.10.2-linux-386.tar.gz
RUN mv linux-386/ glide/
ENV PATH /tools/glide:$PATH

It is pretty simple. The only part that caught me by surprise was adding a path to the $PATH. The best way to do it is by using the ENV instruction:

1
ENV PATH /tools/glide:$PATH

Now, all containers created from this image will have glide available in their path.

MySQL for production

I’m starting a web project and I decided to save some money by hosting my MySQL database in a cheap instance in Digital Ocean. I was a little concerned about security so I did some research and found some ways to make my installation a little safer.

The first thing any installation must do is run:

1
sudo mysql_secure_installation

This step will allow you to set a root password if you haven’t already done so. This of course is something you must do if you want any kind of security. The script will also remove the default anonymous account, only allow root connections from localhost and remove the test database.

If you expect connections to your mysql database to come from a single host you can restrict this inside /etc/my.cnf by adding something like this:

1
bind-address = 127.0.0.1

This can be any valid IP address. If you want to allow connections from more than one IP addresses then you will have to do this at the network level.

MySQL allows you to load data from the local file system using a LOAD statement. If you are not using this statement, the best thing is to remove the access to local files altogether. You can do this by adding a line to your /etc/my.cnf file:

1
local-infile = 0

Read more »

Avoid SSH connection timeout

I have gotten tired of my SSH connections timing out when connecting to my servers, so I found out how to fix it. Edit this file /etc/ssh/ssh_config in the computer you are using as a client. Then add these lines at the end:

1
2
ServerAliveInterval 15
ServerAliveCountMax 3

ServerAliveInterval – The number of seconds the client(your computer) will wait before it sends a null package to the server. Sending a null package to the server will keep the connection alive.

ServerAliveCountMax – How many times the client will try to send a message to the server if it doesn’t respond.

With the configuration above, the client will send a null package every 15 seconds. If the server doesn’t respond to one of those packages then after 15 seconds the clients will try again and then one more time. After three failures the client will disconnect.

Golang: Sane dependency management with Glide

In a previous article I wrote an article explaining how to do dependency management wrong by following Go’s recommendations. This week I’m going to explore a better way to manage your dependencies.

Last year the Go community decided to try to fix the dependency management problem they had. Since this problem came from the root, the solution had to come from the same place. The big problem came from the fact that dependencies were pulled from GOPATH. This gave go users no way to have two versions of the same library or application installed in the same computer.

To fix this the vendor folder was created. This allows projects to store dependencies in a folder named vendor inside the project folder. This can be done recursively, so dependencies can store their own dependencies and so on. This allows each project to have it’s own dependencies without affecting other projects.

This resembles same dependency management systems, like npm. The problem is that the community didn’t provide any tooling to help you manage the dependencies. It is your responsibility to download the dependencies and put them in the vendor folder. Luckily other projects were born to help make this easier.

Read more »