Sunday, 24 April 2016

HTTPS for a small site

We all know it’s a good thing. Security, SEO and soon not being called out by Chrome and Firefox for being insecure. But for a small, personal site it’s a pain in the rear to set up and the certificate is prohibitively expensive, right? Right?

Maybe not. Let's try and change this:

The certificate

These days you can get a 90 day certificate for free from Let’s Encrypt, which is news to me and the reason I thought I’d give this a go.

Main stumbling block removed.

Apache config for SSL

Ok, I can write this config myself. However Let’s Encrypt has a magic tool which claims to do everything for me. Let’s find out.

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --help
  • It downloaded a python environment for me.
  • It did a thing with root privileges courtesy of sudo. Probably shouldn't have used a window in which I’d previously sudo'd something. Oops.
./letsencrypt-auto --apache
The automated thing doesn't detect my domain. It detects a load of others, but I’m not ready to destroy those yet. Boo.

Also, I'm guessing with letsencrypt-auto. It seems to pass flags to the letsencrypt script which is buried somewhere. Turns out I am right. Great.

I have to agree with the T&Cs to register with the ACME server. Aside from the obvious, ACME seem to mean Advisory Committee on Mathematics Education which I don’t think is relevant here so clearly I am getting a cert from the same people who supply anvils to Wile E. Coyote.

Seems legit. Let’s do this.

./letsencrypt-auto --apache -d tomnatt.com
Still not finding my domain. Is it … confused by the number of domains? Nope, it doesn’t like files containing multiple vhosts. Oh. Reconfiguration time.

...

Ok, updated. Now time to fire this baby up. The original command now finds all the domains. Go! What could go wrong?

Wrrrrrr…


Well, shit.

Minor problem - apparently I'm loading my fonts over an insecure connection.


Bingo.

For those of you not up to speed with the arcane art of reading browser URL bars, the shield is gone which means the browser isn't blocking assets trying to load into a secure page over an insecure connection.

These certs expire in 90 days so time for a simple cron.

00 03 * * * $location/letsencrypt/letsencrypt-auto renew >> $location/letsencrypt/logs/renew.log 2>&1
Docs recommend checking daily, so that should keep things up to date. And potentially fill the filesystem. Meh.

So, my site is available over a secure connection. Hurrah! The “ensure all connections” setting seems to have set up a basic redirect, which is good although I'm going to have add the HSTS headers myself and hope that doesn't get toasted when I next run one of these scripts. Renew seems to behave though.

HSTS

HSTS removes a vulnerable step when redirecting from an insecure to a secure connection. Details on the magic can be seen on the OWASP site.

The important bit of Apache magic is:

Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
Which is stuck into the https vhosts and requires mod_headers enabled.

Testing this was a world of fun. I'd recommend disabling the cache (in the dev tools), using a plugin to inspect the headers (I like Live HTTP Headers) and making liberal use of this secret page to check the status of the HSTS settings. This is all in Chrome.

Tidying up

It seems only the automagic script doesn't like my old Apache config. Now it’s all set up I can put everything back in the same file.
So now I am handling four different connections in the same file:
  1. https://www.tomnatt.com
  2. https://tomnatt.com
  3. http://www.tomnatt.com
  4. http://tomnatt.com
With 2. and 3. redirecting to 1. and 4. redirecting to 2. so as to pick up the extra HSTS headers.

HKPK

Yeah, that can wait.

Overall though, this was not the trial I expected. Getting a cert is now really easy. The only parts that required any real thought were figuring out how to arrange my Apache config and checking the HSTS headers were being set correctly.

No excuses any more! Best do the others.

Sunday, 3 April 2016

Creating a database and user for local postgres development

So, yeah. I'm a postgres n00b. But I'm a n00b who wants to be able to create a non-superuser account and database, relate the two and also be able to remember how to do this again in two weeks time.

Connecting

As superuser via UNIX user authentication:
sudo -u postgres psql postgres

As superuser directly (-W forces password prompt):
psql -U postgres -W

As a user to a specific database:
psql database -U username -W

Basic commands

Show tables:
\d

List users:
\du

List databases:
\l

Quit:
\q

User management

CREATE USER username WITH PASSWORD 'password';
DROP USER username;


Database management

CREATE DATABASE database;
DROP DATABASE database;

Granting ownership and permissions

ALTER DATABASE database OWNER TO username;
GRANT ALL PRIVILEGES ON DATABASE database TO username;
Dumb settings for local dev.

Also, if you're getting problems connecting try replacing local peer with local md5 in /etc/postgresql/VERSION/main/pg_hba.conf.

Much of this came from this post. I'm planning on using pgAdmin3 as a database explorer when I want something quicker than the command line (on Ubuntu).

Thursday, 31 March 2016

And lo, I have Windows 10

I’ve been meaning to upgrade my gaming PC to Windows 10 for some time but it didn’t manage to be the most important thing on my todo list at any point. Partly this was fear of the unknown - I knew Win10 was going to be a shift in UX and also thought it likely to break at least one peripheral. My attitude to an operating system is that it should do its job quietly and not get in the way and, frankly, I didn’t feel inclined to invest time in adoption pains. That’s time I can spend more profitably sleeping or looking out of the window.
Microsoft, it seems, had other ideas. They pushed the Win10 upgrade through their patch management system and I fell victim to the auto-upgrade problem. It’s a dark, stormy night. The wind is shaking the windows, drowning out the drumming of the rain. I’m sitting in a partly lit room, curled up comfortably and reading something on my tablet. In the corner, my computer is on, untouched for the past hour. I glance up and a chill runs through me. On my monitor is the ominous message “75% upgraded”.
I could write extensively about the aggressive way Microsoft have pushed Win10. I could complain at length about it arriving on my computer unwanted and the abuse of trust around using a security patch mechanism to automatically install a complete operating system without my input. I could compare the techniques used in release of this system to the way malware is spread. But others have done all that. Instead, I’ll focus on my experiences now it has arrived.
It’s fine.
Sorry, that was really dull but honestly it sums it up. The installation process was really simple. I had to track down and turn off the P2P patch sharing stuff (uncharitable, but I wasn’t in the best mood at this point) and some of the information sharing stuff (Win10 is horribly intrusive) but otherwise it just loaded up as New Windows with no real fuss.
The next evening I sat down to see what had really happened behind the scenes. First step was going through the security and privacy options. The defaults here were horrible (everything seems to have access to everything, including cameras and microphones) but the menus themselves were clear and it was easy to turn it all off. I also came across some advertising options - it seems in the brave new world of Windows it’s a good idea to have (targeted) advertising on your lock screen. Fortunately, both the targeting and the advertising can be disabled (separately) and so that went too. The start menu was a mess, but simple enough to remove the new and exciting rubbish and simplify back to the applications I’m actually going to use.
Next up, there is Cortana. I like the idea of Cortana and I quite fancied playing around with her. Unfortunately, in order to be helpful she looks at everything you do and sends it all off to Microsoft HQ so they can tune her electronic brain. So she had to die. Killing her off was actually harder than it needed to be - stopping her talking to Microsoft wasn’t too hard, but that left her zombified husk on my task bar and I had to work out how to purge her from there too.
Having finished with my electronic holy water, I moved on to my own customisations. I found that Steam, Chrome and Office all worked fine which is the majority of my use of that computer immediately. Also, my automatic backups (I use Macrium) continued to work and mapped drives were still mapped.
So far, so painless. I hadn’t needed to reconfigure anything and the new interface hadn’t caused me any real suffering. Time to check the two things I feared would break - the main reasons for putting off the upgrade in the first place. My joystick and my game recording setup.
First off, the joystick. My basic fear was that the (already shoddy) performance of the drivers would be even worse under a more modern operating system. My fears were confirmed when it failed to load properly. To Google! Fortunately, I wasn’t the only person looking for help (this thread was very useful) and - much to my surprise - Mad Catz had released some beta drivers for Windows 10. The Win7 drivers were released in 2011, whereas the Win10 drivers came from August 2015. And they worked. Probably better than the older drivers (I didn’t, for example, suffer any blue screens while installing them). I’d lost some of my settings, but that was easy to replicate and it was fine.
I did notice a problem on boot. Win10 boots faster than the USB devices which caused problems with my stick. This was easily fixed by disabling Fast Boot. It didn’t seem like the best solution, but it worked.
Next up, game recording. Astonishingly, this also Just Worked. Mostly. I had to re-enable some of the output devices in the sound menus, but I got everything going just by double-checking the everything in my original post.
Windows 10 is fast, stable, not overly ugly, and very easy to install. It’s a change to the user interface, but not one that particularly gets in the way of just using the computer. It’s a pig for privacy, but you can turn all that nonsense off. So, overall a surprisingly good experience. 9/10. Would have my computer hijacked and a new OS forcibly installed again.

Sunday, 28 February 2016

Into space with the Saitek X52 Pro

Since Christmas I have been playing a lot of Elite Dangerous. It’s a great way to spend time - floating around in space, deciding what to do with an evening, heading off to achieve things and gradually increasing in rank and skill.

I cut my teeth (whatever that means) playing on a keyboard and mouse setup, which is … functional. At best. Online People say that a HOTAS setup changes the way the game plays entirely and is a must for any serious Elite player so I thought I’d give that a go.

After much deliberation (should I spend £270 on a replica of the flight controls from an A10?) I decided to go for the Saitek X52 Pro. It was, apparently, the stick used by Frontier Developments when designing Elite so should have good in-game support. There is a strong body of opinion that it is better than the newer stick, the X55, in terms of button placement and general feel (and saves £50 too). Plus it looks exactly like the joystick your avatar is using in the cockpit of your ship.

The good

  • the hardware is lovely - solidly built and satisfyingly weighty
  • ergonomic stick, adjustable and comfortable
  • button placement is equally good with most functions falling naturally under my fingers
  • I keep finding buttons - after a month of using it I suddenly discovered a small wheel on the throttle I hadn’t noticed before

The bad

  • the drivers are horrible - I mean really horrible
    • it took several attempts and a few blue screens to install
    • I have to plug the joystick in to the SAME USB port - I’m not quite sure how they’ve achieved that
  • the control software is horrible, although less than the drivers
    • saving the profile doesn’t seem to work properly
    • I have to manually tell it to load a particular profile before playing
    • in Elite some buttons can only be mapped after changing the default bindings in the profile
    • for some reason I seem to need the control software actually open to make some of the remapping work in-game
This is running the latest official Saitek / Mad Catz drivers on a Windows 7 machine.

So, did it change my life?

Well, kinda. It really has made a difference in game. I can perform manoeuvres that were next to impossible with the keyboard / mouse combo. More importantly, the feel of the game is indeed very different. The joystick and throttle really help with the immersion and even routine activities are a lot more fun.

On the other hand, the driver problems really tarnish the experience. I would struggle to recommend a Saitek device to others - especially since I’ve apparently got away lightly (the control software rarely crashes for me and my system remains stable). None of these problems are insurmountable but, basically, I expect a lot more from a piece of hardware costing in excess of £100.

I’m happy with where I am now, but it was far more work than I wanted to go through for a premium peripheral. If I decide to buy a new stick in the future I will be reading about the software support very very carefully before selecting my product and it will take a lot to convince me to buy anything with software by Mad Catz again. It’s a shame because the hardware is really very nice.

Friday, 22 January 2016

MyFitnessPal and gaming your weight

This year one of my resolutions was to take better care of myself by eating better and doing more exercise. I decided to use MyFitnessPal after a long and scientifically rigorous investigation (some people at work were using it and said it was good) and I’ve been fascinated to see how it has used some simple (mostly gamification) psychological tricks to focus and encourage me.

Your FitnessPal is watching you

The basic principle is simple. You keep a list of the food you eat and the exercise you do and it gives you a running total of your calories compared to your daily maximum (defined by level of activity, age, etc). At the end of the day, if you’re under your limit, you’re given a cheery prediction - “if every day is like today in five weeks you’ll weigh blah!” It’s surprising how addictive that affirmation can become. I want to achieve that, and apparently I can. I just have to keep going.

And there is an opposite reaction in me - I don’t want to disappoint the thing. I’m not sure exactly what happens if you go over but I suspect it gets mad and melts your phone. I haven’t dared find out since it got angry with me for not eating enough to live (this was a mistake not a conscious choice! Don’t do it kids!).

Food as a game

Not only does the app give you a report at the end of the day, it presents a running total so you can watch your calories slowly creep towards your daily goal. With the electronic Eye of Sauron always watching (and remember this thing is on your phone so is likely in your pocket all the time) there is a strong motivator to make you seriously consider that piece of cake.

However, if you DO eat that piece of cake then help is at hand. I know a lot of people who diet and are in a constant state of guilt over what they are eating. Clearly this isn’t good for their mental health; a calorie counter gives a definite indication of whether that snack mattered or not. It allows you to build in space for cake, or recover from eating it in a practical way without pangs of guilt. Drink water instead of wine with your evening meal and it evens out, no problem.

The application reduces the food you are eating to a series of numbers. As a mathematician and a gamer I like numbers - they imply a system and systems can be manipulated. Calorie intake can be substituted as above or changed via portion control. Everyone knows about portion control, but watching the numbers change on a screen makes it live for me and encourages me to actually do it. Doing some exercise raises your max calorie intake for the day so I find myself going swimming to give myself an increased ceiling. I like swimming so it’s hardly onerous, but I doubt I’d bother going as often as I do if I didn’t have this little numbers game running in my pocket.

Now obviously there are also unhelpful ways to game this system. You can, for example, eat at Subway but list your foods as homemade equivalents, thus saving yourself at least a hundred calories a sandwich. Or you can go for an extreme (ie plain stupid) diet - my calorie intake is fine if I eat nothing but 12 Cadbury’s Creme Eggs a day. However, in the manner of an 80s kids cartoon, there is a moral - if you cheat your Pal, you’re only cheating yourself.

The proof of the pudding

There are strong motivators to Do The Right Thing however all this falls apart rather quickly if there aren’t any results. So far I can report that it seems to be working. I’m obeying my electronic taskmaster and seeing the results, which encourages me to continue to do so - and so it continues until the machines are completely in control…

The app itself

A quick note on MyFitnessPal. I’m using the web based version and the Android app. It’s hardly the only calorie counter out there but it’s working well for me. I like the cost (it’s free) and now I’ve been using it for a couple of weeks I find it very easy to use. It did suffer from a pretty horrible start though. Before the app seeds its internal listings using your regularly-selected foods adding anything is incredibly laborious - which means the worst few days of the experience are the first few days.

On top of this, the home screen is initially utterly useless - full of news I don’t care about and pseudo-tweets which gave me a heart attack until I reassured myself they weren’t being added to my Twitter account. Eventually I discovered the option to turn this nonsense off and now the home screen gives a load of nutritional information which is actually quite interesting.

So I’m pleased with my experiment with a calorie counter, and MyFitnessPal in particular. I had serious doubts on starting - I thought the book keeping would drive me insane - but actually so far I’m finding it nothing but a benefit.

Saturday, 26 December 2015

The year that was, 2015

In what is becoming something of a tradition, it's time for me to take stock of the creative "things" I've done this year as a reminder to myself that I do more with my free time than just play games and eat chocolate.
Not to mention that I completely rewrote my CV - does that count as creative?

2016 is coming. Now I don't have to write a weekly RPG any more, it's time for some exciting new projects.

Friday, 2 October 2015

Simple Arduino

I've been meaning to learn something about microcontrollers and hardware prototyping forever but there just never seemed to be the time. Fortunately, time was created at a recent PLIBMTTBHGATY meetup when a friend offered to bring a load of unused Arduino "bits" for me to play with. Interestingly, everyone I know owns at least one Arduino but only two of them actually know how to use it properly.

Getting going turned out to be quite easy, which was a relief as starting from pretty much no knowledge (I learned some basic electronics at school a long time ago but that's about it) is usually a pain. A huge thanks to Neil for answering some of my very basic questions. I'm intending to write a few "getting started with hardware stuff" posts as I continue learning and I'll write up some of what he taught me in the hope it will help others get going.

Box moving in a rectangle

My first creation of interest was a box moving in a rectangle on an LCD screen.



This was mostly a programming exercise as wiring up the circuit was just a case of following a diagram exactly but it was useful to learn the basics of syntax and how to push a program to the Arduino.

Building blocks to make this:

Button switches between LEDs

Next up, a circuit which switched from a red light to a green one while a button was depressed.



This was the first circuit I designed myself, using the knowledge gleaned from a few other tutorials.

Building blocks to make this:

Bouncing box game

Finally, I was challenged to make a simple pong-style game. The box travels left to right. If the button is pressed as it reaches the end, it bounces back and the player gets a point. Repeat until the button is not pressed correctly and the game resets.



A more complicated circuit here, requiring a second breadboard and many of the Arduino's pins.

Quite a lot of work went into coding the logic of this game. The initial version allowed the player to keep the button pressed down and the box would bounce indefinitely so I changed it to have the game reset if the button is pressed too early as well as too late.

Building blocks to make this: