Thursday, 30 June 2016

The Brexit post

So, like everyone else with a social media account I have an opinion on Brexit and the chaotic aftermath in which we find ourselves with both the government and the opposition collapsing in on themselves at exactly the time when some actual leadership is required. While I doubt I've much new to add, one day I will look back at this blog and I want to see a collection of my thoughts from this time.

Disclosure first. I believe in the Europe Union and the European vision. I believe that as a nation we are more than this small island and that not only means we should engage with European politics, but we have a responsibility to do so. So yes, I voted Remain.

Obviously I think the referendum result was a terrible decision and I'm appalled at the lack of conviction shown by the winners in the aftermath - be it Boris deciding that after leading Leave, he doesn't want to lead actually leaving or the calls from the Leave camp to put off invoking Article 50 for an unspecified amount of time. The indecision and lack of any coherent plan for this result is, frankly, terrifying.

Remain supporters are trying to process the situation. Some are calling for a second referendum, while others are looking to Scotland to find a magic veto and dig us out of this mess. Still others are looking to claim citizenship of other countries, or leave altogether. There is a hope the government will simply ignore the result, which seems a reasonable reaction, if wishful. It's not like they've listened when it comes to anything else recently.

Many have had enough of all this. They've sat through months of campaigning, of impenetrable rhetoric, half-truths, scaremongering and downright lies and, understandably, just want to get back to normal life. They want cats and babies on their Facebook feeds, not endless discussion of what is seen as a now-closed issue. This resignation hasn't gone down well and others are asserting their right to be angry, leading to a weird meta-argument.

Personally, I'm sympathetic to the weariness. I'm tired of all the debates and all the fighting being about stopping things getting worse. The Remain campaign wasn't about fighting for a better future - it was a rearguard action to defend what was the current (far from ideal) state of affairs from the self-serving and deluded. The same as the battle to stop the NHS being taken to pieces and privatised. And the battle for the BBC. And the schools. And the Snooper's Charter. And so on.

The left does not seem to be fighting for improvements any more. We aren't campaigning for positive change, but opposing negative change which rather plays to the whining liberal stereotype and it is really hard to get gain any kind of momentum when your message is "now, hang on". It is at this point we really need something big and positive we can get behind in the political arena. We should be able to look to the opposition for some kind of balance. Except the opposition has struggled to be credible for the last few years and has just imploded.

This is, of course, an emotional reaction to the current situation. There is a tremendous amount of work done by those who are campaigning for a genuinely better future, and I am doing a disservice to those fighting the rearguard action. But ultimately, major change will need to come through voting in what I am going to crudely call "better people" and that means increasing engagement in a process which for me (someone who is already engaged and interested) is currently a source of helplessness and fatigue. I doubt I am alone in feeling this.

I hope future-me reading back can say that I've played a part in improving this situation.

Wednesday, 25 May 2016

Exporting a postgres database from Heroku and importing to local install

Continuing with my efforts to learn some basic, useful postgres admin commands it’s time to look at importing and exporting data. We are going to export a postgres database from Heroku and import it to a local postgres install for development.

I’m assuming the Heroku toolbelt and postgres are installed locally and myuser is already created. I’ve written some very basic pointers to (local dev) postgres installation and administration already.

We are going to export the database used in myapp and import it locally to mydatabase to be owned by myuser. Brace thyself.

Export from Heroku

This is the easy bit.
heroku pg:backups capture --app myapp
curl -o latest.dump `heroku pg:backups public-url --app myapp`
Boom.

Import to local

We are going to use the pg_restore command, but that needs to import as a postgres superuser. It will also prompt for a password, even if the user is set up for peer authentication (as per my last post) so we’re going to create an importer user with superuser powers. There is probably a better way to do this, but life is short…

Logged in to postgres as a superuser:
CREATE USER importer WITH PASSWORD 'mypassword';
ALTER USER importer WITH SUPERUSER;
We also need a target database:
CREATE DATABASE mydatabase;
Then to import the database (back on the command line):
pg_restore --verbose --clean --no-acl --no-owner -h localhost -U importer -d mydatabase latest.dump
This will throw some errors when the DROP commands in the Heroku export fail. This seems to be ok, but check nothing else has gone wrong. There is probably a way to have Heroku export the database without the drop statements to eliminate these messages.

Back in postgres as a superuser, switch to the new database and assign the correct ownership:
\c mydatabase
REASSIGN OWNED BY importer TO myuser;
Done!

Sunday, 24 April 2016

HTTPS for a small site

We all know it’s a good thing. Security, SEO and soon not being called out by Chrome and Firefox for being insecure. But for a small, personal site it’s a pain in the rear to set up and the certificate is prohibitively expensive, right? Right?

Maybe not. Let's try and change this:

The certificate

These days you can get a 90 day certificate for free from Let’s Encrypt, which is news to me and the reason I thought I’d give this a go.

Main stumbling block removed.

Apache config for SSL

Ok, I can write this config myself. However Let’s Encrypt has a magic tool which claims to do everything for me. Let’s find out.

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --help
  • It downloaded a python environment for me.
  • It did a thing with root privileges courtesy of sudo. Probably shouldn't have used a window in which I’d previously sudo'd something. Oops.
./letsencrypt-auto --apache
The automated thing doesn't detect my domain. It detects a load of others, but I’m not ready to destroy those yet. Boo.

Also, I'm guessing with letsencrypt-auto. It seems to pass flags to the letsencrypt script which is buried somewhere. Turns out I am right. Great.

I have to agree with the T&Cs to register with the ACME server. Aside from the obvious, ACME seem to mean Advisory Committee on Mathematics Education which I don’t think is relevant here so clearly I am getting a cert from the same people who supply anvils to Wile E. Coyote.

Seems legit. Let’s do this.

./letsencrypt-auto --apache -d tomnatt.com
Still not finding my domain. Is it … confused by the number of domains? Nope, it doesn’t like files containing multiple vhosts. Oh. Reconfiguration time.

...

Ok, updated. Now time to fire this baby up. The original command now finds all the domains. Go! What could go wrong?

Wrrrrrr…


Well, shit.

Minor problem - apparently I'm loading my fonts over an insecure connection.


Bingo.

For those of you not up to speed with the arcane art of reading browser URL bars, the shield is gone which means the browser isn't blocking assets trying to load into a secure page over an insecure connection.

These certs expire in 90 days so time for a simple cron.

00 03 * * * $location/letsencrypt/letsencrypt-auto renew >> $location/letsencrypt/logs/renew.log 2>&1
Docs recommend checking daily, so that should keep things up to date. And potentially fill the filesystem. Meh.

So, my site is available over a secure connection. Hurrah! The “ensure all connections” setting seems to have set up a basic redirect, which is good although I'm going to have add the HSTS headers myself and hope that doesn't get toasted when I next run one of these scripts. Renew seems to behave though.

HSTS

HSTS removes a vulnerable step when redirecting from an insecure to a secure connection. Details on the magic can be seen on the OWASP site.

The important bit of Apache magic is:

Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
Which is stuck into the https vhosts and requires mod_headers enabled.

Testing this was a world of fun. I'd recommend disabling the cache (in the dev tools), using a plugin to inspect the headers (I like Live HTTP Headers) and making liberal use of this secret page to check the status of the HSTS settings. This is all in Chrome.

Tidying up

It seems only the automagic script doesn't like my old Apache config. Now it’s all set up I can put everything back in the same file.
So now I am handling four different connections in the same file:
  1. https://www.tomnatt.com
  2. https://tomnatt.com
  3. http://www.tomnatt.com
  4. http://tomnatt.com
With 2. and 3. redirecting to 1. and 4. redirecting to 2. so as to pick up the extra HSTS headers.

HKPK

Yeah, that can wait.

Overall though, this was not the trial I expected. Getting a cert is now really easy. The only parts that required any real thought were figuring out how to arrange my Apache config and checking the HSTS headers were being set correctly.

No excuses any more! Best do the others.

Sunday, 3 April 2016

Creating a database and user for local postgres development

So, yeah. I'm a postgres n00b. But I'm a n00b who wants to be able to create a non-superuser account and database, relate the two and also be able to remember how to do this again in two weeks time.

Connecting

As superuser via UNIX user authentication:
sudo -u postgres psql postgres

As superuser directly (-W forces password prompt):
psql -U postgres -W

As a user to a specific database:
psql database -U username -W

Basic commands

Show tables:
\d

List users:
\du

List databases:
\l

Quit:
\q

User management

CREATE USER username WITH PASSWORD 'password';
DROP USER username;


Database management

CREATE DATABASE database;
DROP DATABASE database;

Granting ownership and permissions

ALTER DATABASE database OWNER TO username;
GRANT ALL PRIVILEGES ON DATABASE database TO username;
Dumb settings for local dev.

Also, if you're getting problems connecting try replacing local peer with local md5 in /etc/postgresql/VERSION/main/pg_hba.conf.

Much of this came from this post. I'm planning on using pgAdmin3 as a database explorer when I want something quicker than the command line (on Ubuntu).

Thursday, 31 March 2016

And lo, I have Windows 10

I’ve been meaning to upgrade my gaming PC to Windows 10 for some time but it didn’t manage to be the most important thing on my todo list at any point. Partly this was fear of the unknown - I knew Win10 was going to be a shift in UX and also thought it likely to break at least one peripheral. My attitude to an operating system is that it should do its job quietly and not get in the way and, frankly, I didn’t feel inclined to invest time in adoption pains. That’s time I can spend more profitably sleeping or looking out of the window.
Microsoft, it seems, had other ideas. They pushed the Win10 upgrade through their patch management system and I fell victim to the auto-upgrade problem. It’s a dark, stormy night. The wind is shaking the windows, drowning out the drumming of the rain. I’m sitting in a partly lit room, curled up comfortably and reading something on my tablet. In the corner, my computer is on, untouched for the past hour. I glance up and a chill runs through me. On my monitor is the ominous message “75% upgraded”.
I could write extensively about the aggressive way Microsoft have pushed Win10. I could complain at length about it arriving on my computer unwanted and the abuse of trust around using a security patch mechanism to automatically install a complete operating system without my input. I could compare the techniques used in release of this system to the way malware is spread. But others have done all that. Instead, I’ll focus on my experiences now it has arrived.
It’s fine.
Sorry, that was really dull but honestly it sums it up. The installation process was really simple. I had to track down and turn off the P2P patch sharing stuff (uncharitable, but I wasn’t in the best mood at this point) and some of the information sharing stuff (Win10 is horribly intrusive) but otherwise it just loaded up as New Windows with no real fuss.
The next evening I sat down to see what had really happened behind the scenes. First step was going through the security and privacy options. The defaults here were horrible (everything seems to have access to everything, including cameras and microphones) but the menus themselves were clear and it was easy to turn it all off. I also came across some advertising options - it seems in the brave new world of Windows it’s a good idea to have (targeted) advertising on your lock screen. Fortunately, both the targeting and the advertising can be disabled (separately) and so that went too. The start menu was a mess, but simple enough to remove the new and exciting rubbish and simplify back to the applications I’m actually going to use.
Next up, there is Cortana. I like the idea of Cortana and I quite fancied playing around with her. Unfortunately, in order to be helpful she looks at everything you do and sends it all off to Microsoft HQ so they can tune her electronic brain. So she had to die. Killing her off was actually harder than it needed to be - stopping her talking to Microsoft wasn’t too hard, but that left her zombified husk on my task bar and I had to work out how to purge her from there too.
Having finished with my electronic holy water, I moved on to my own customisations. I found that Steam, Chrome and Office all worked fine which is the majority of my use of that computer immediately. Also, my automatic backups (I use Macrium) continued to work and mapped drives were still mapped.
So far, so painless. I hadn’t needed to reconfigure anything and the new interface hadn’t caused me any real suffering. Time to check the two things I feared would break - the main reasons for putting off the upgrade in the first place. My joystick and my game recording setup.
First off, the joystick. My basic fear was that the (already shoddy) performance of the drivers would be even worse under a more modern operating system. My fears were confirmed when it failed to load properly. To Google! Fortunately, I wasn’t the only person looking for help (this thread was very useful) and - much to my surprise - Mad Catz had released some beta drivers for Windows 10. The Win7 drivers were released in 2011, whereas the Win10 drivers came from August 2015. And they worked. Probably better than the older drivers (I didn’t, for example, suffer any blue screens while installing them). I’d lost some of my settings, but that was easy to replicate and it was fine.
I did notice a problem on boot. Win10 boots faster than the USB devices which caused problems with my stick. This was easily fixed by disabling Fast Boot. It didn’t seem like the best solution, but it worked.
Next up, game recording. Astonishingly, this also Just Worked. Mostly. I had to re-enable some of the output devices in the sound menus, but I got everything going just by double-checking the everything in my original post.
Windows 10 is fast, stable, not overly ugly, and very easy to install. It’s a change to the user interface, but not one that particularly gets in the way of just using the computer. It’s a pig for privacy, but you can turn all that nonsense off. So, overall a surprisingly good experience. 9/10. Would have my computer hijacked and a new OS forcibly installed again.

Sunday, 28 February 2016

Into space with the Saitek X52 Pro

Since Christmas I have been playing a lot of Elite Dangerous. It’s a great way to spend time - floating around in space, deciding what to do with an evening, heading off to achieve things and gradually increasing in rank and skill.

I cut my teeth (whatever that means) playing on a keyboard and mouse setup, which is … functional. At best. Online People say that a HOTAS setup changes the way the game plays entirely and is a must for any serious Elite player so I thought I’d give that a go.

After much deliberation (should I spend £270 on a replica of the flight controls from an A10?) I decided to go for the Saitek X52 Pro. It was, apparently, the stick used by Frontier Developments when designing Elite so should have good in-game support. There is a strong body of opinion that it is better than the newer stick, the X55, in terms of button placement and general feel (and saves £50 too). Plus it looks exactly like the joystick your avatar is using in the cockpit of your ship.

The good

  • the hardware is lovely - solidly built and satisfyingly weighty
  • ergonomic stick, adjustable and comfortable
  • button placement is equally good with most functions falling naturally under my fingers
  • I keep finding buttons - after a month of using it I suddenly discovered a small wheel on the throttle I hadn’t noticed before

The bad

  • the drivers are horrible - I mean really horrible
    • it took several attempts and a few blue screens to install
    • I have to plug the joystick in to the SAME USB port - I’m not quite sure how they’ve achieved that
  • the control software is horrible, although less than the drivers
    • saving the profile doesn’t seem to work properly
    • I have to manually tell it to load a particular profile before playing
    • in Elite some buttons can only be mapped after changing the default bindings in the profile
    • for some reason I seem to need the control software actually open to make some of the remapping work in-game
This is running the latest official Saitek / Mad Catz drivers on a Windows 7 machine.

So, did it change my life?

Well, kinda. It really has made a difference in game. I can perform manoeuvres that were next to impossible with the keyboard / mouse combo. More importantly, the feel of the game is indeed very different. The joystick and throttle really help with the immersion and even routine activities are a lot more fun.

On the other hand, the driver problems really tarnish the experience. I would struggle to recommend a Saitek device to others - especially since I’ve apparently got away lightly (the control software rarely crashes for me and my system remains stable). None of these problems are insurmountable but, basically, I expect a lot more from a piece of hardware costing in excess of £100.

I’m happy with where I am now, but it was far more work than I wanted to go through for a premium peripheral. If I decide to buy a new stick in the future I will be reading about the software support very very carefully before selecting my product and it will take a lot to convince me to buy anything with software by Mad Catz again. It’s a shame because the hardware is really very nice.

Friday, 22 January 2016

MyFitnessPal and gaming your weight

This year one of my resolutions was to take better care of myself by eating better and doing more exercise. I decided to use MyFitnessPal after a long and scientifically rigorous investigation (some people at work were using it and said it was good) and I’ve been fascinated to see how it has used some simple (mostly gamification) psychological tricks to focus and encourage me.

Your FitnessPal is watching you

The basic principle is simple. You keep a list of the food you eat and the exercise you do and it gives you a running total of your calories compared to your daily maximum (defined by level of activity, age, etc). At the end of the day, if you’re under your limit, you’re given a cheery prediction - “if every day is like today in five weeks you’ll weigh blah!” It’s surprising how addictive that affirmation can become. I want to achieve that, and apparently I can. I just have to keep going.

And there is an opposite reaction in me - I don’t want to disappoint the thing. I’m not sure exactly what happens if you go over but I suspect it gets mad and melts your phone. I haven’t dared find out since it got angry with me for not eating enough to live (this was a mistake not a conscious choice! Don’t do it kids!).

Food as a game

Not only does the app give you a report at the end of the day, it presents a running total so you can watch your calories slowly creep towards your daily goal. With the electronic Eye of Sauron always watching (and remember this thing is on your phone so is likely in your pocket all the time) there is a strong motivator to make you seriously consider that piece of cake.

However, if you DO eat that piece of cake then help is at hand. I know a lot of people who diet and are in a constant state of guilt over what they are eating. Clearly this isn’t good for their mental health; a calorie counter gives a definite indication of whether that snack mattered or not. It allows you to build in space for cake, or recover from eating it in a practical way without pangs of guilt. Drink water instead of wine with your evening meal and it evens out, no problem.

The application reduces the food you are eating to a series of numbers. As a mathematician and a gamer I like numbers - they imply a system and systems can be manipulated. Calorie intake can be substituted as above or changed via portion control. Everyone knows about portion control, but watching the numbers change on a screen makes it live for me and encourages me to actually do it. Doing some exercise raises your max calorie intake for the day so I find myself going swimming to give myself an increased ceiling. I like swimming so it’s hardly onerous, but I doubt I’d bother going as often as I do if I didn’t have this little numbers game running in my pocket.

Now obviously there are also unhelpful ways to game this system. You can, for example, eat at Subway but list your foods as homemade equivalents, thus saving yourself at least a hundred calories a sandwich. Or you can go for an extreme (ie plain stupid) diet - my calorie intake is fine if I eat nothing but 12 Cadbury’s Creme Eggs a day. However, in the manner of an 80s kids cartoon, there is a moral - if you cheat your Pal, you’re only cheating yourself.

The proof of the pudding

There are strong motivators to Do The Right Thing however all this falls apart rather quickly if there aren’t any results. So far I can report that it seems to be working. I’m obeying my electronic taskmaster and seeing the results, which encourages me to continue to do so - and so it continues until the machines are completely in control…

The app itself

A quick note on MyFitnessPal. I’m using the web based version and the Android app. It’s hardly the only calorie counter out there but it’s working well for me. I like the cost (it’s free) and now I’ve been using it for a couple of weeks I find it very easy to use. It did suffer from a pretty horrible start though. Before the app seeds its internal listings using your regularly-selected foods adding anything is incredibly laborious - which means the worst few days of the experience are the first few days.

On top of this, the home screen is initially utterly useless - full of news I don’t care about and pseudo-tweets which gave me a heart attack until I reassured myself they weren’t being added to my Twitter account. Eventually I discovered the option to turn this nonsense off and now the home screen gives a load of nutritional information which is actually quite interesting.

So I’m pleased with my experiment with a calorie counter, and MyFitnessPal in particular. I had serious doubts on starting - I thought the book keeping would drive me insane - but actually so far I’m finding it nothing but a benefit.