The Blog of Tom Webster

Chronic Ranter, Reviewer, and Developer. I speak only for myself, opinions are my own.

WebDev: Handling Large Files

  2014-01-26 11:00:00 PST

With the release of my post on Vagrant, I discovered a personal need I had to host and store large files, semi-professionally, without much hassle. After considering Dropbox, various file lockers, or uploading the file to my webserver, I decided to use Rackspace Cloud Files.

I've talked about Rackspace in the past, and am currently using their cloud servers to host this site (among others). The interface is clean, easy to use, and it's reliable. I wanted to have downloads from my site coming from files.samurailink3.com, it just looks better and provides a more cohesive user experience. I solved this problem very quickly by using a CNAME. It was really really easy. Check it out:

First, create a new public CDN container. Next, click on the gear and hit "View All Links...". Copy the http or https link and take a look at it: http://somerandomjunk.ssl.cf2.rackcdn.com

Head over to your domain host and go to your DNS settings. You'll need to create a new CNAME record. I've named mine files.

Take the fully qualified domain from your link, minus the http:// and make that the target host of your new CNAME. Like this:

Type: CNAME
Host: files
Target Host: somerandomjunk.ssl.cf2.rackcdn.com

You can now upload files and head to http://files.example.com/myfile.mp3 to access those huge files, without bogging down your web server.

Vagrant Box: Debian 7.3 32-bit

  2014-01-22 12:53:00 PST

Recently I've been tasked with the job of becoming a Ruby on Rails application developer. In the past few months, my skillset has gone from "complete noob" to "not-a-complete noob". I'll be making more Rails posts as time goes on, but I needed to share something I made today: A Vagrant Base box.

Yea, I get it, they're everywhere. Honestly, though, I looked for a long time and couldn't find a stupidly clean, Debian 32-bit machine made for VirtualBox 4.3.6 (with Chef-Solo). I decided to take the half-hour and make my own. The way the Vagrant docs read, they make the whole premise of creating an image out to be this insane time-consuming thing. It's really not. As a matter of fact, it's pretty easy (especially if you have Linux experience already). But this post isn't going to walk you through how to create that, there are far better resources out there for creating Vagrant Base Boxes. Instead, I'm going to share mine that you can use for any and all of your projects. Here's the details:

Vagrant Base Box: Clean Debian 32-bit
OS: Debian 7.3 x86
VirtualBox Additions: 4.3.6
Chef Client: 11.8.2
Preinstalled applications: Curl

I do most of my configuration through Chef, today. I'm not an expert by any means, and I do rely on custom scripts for some items. If you need something added, get a cookbook or script it. This is supposed to be lean, clean, and easy to stand up without getting in your way. If you have any ideas, throw them out in the comments.

Download Vagrant Base Box: Clean Debian 32-bit

URL for Vagrantfile: http://files.samurailink3.com/Debian-7.3-x86-vbox-chef.box

Ship It with Netcat

  2013-12-31 10:24:00 PST

Ever needed to get a file across the internet, but securely, without SSH? I know, crazy to think about. What if all you've got is some spare TCP ports and a Windows box with the full version of Nmap installed on it? It's a bit of a long shot, but I needed to do this the other day and didn't want to use file locker to move my data. There are better ways to solve this problem, and it's more of a parlor trick than anything else. In any case, it's easy to set up and very cool.

We're going to use a combination of nc (netcat), gpg, lzma, and tar to accomplish our goals. I'll explain what each part of the command does along the way.

On the sending machine:

tar c myproject/ | lzma | gpg -a -c --cipher-algo AES256 --digest-algo SHA512 -o - | nc -w 1 192.168.1.102 1337

On the receiving machine:

nc -lp 1337 | gpg -v -o - | lzcat | tar x -C ~/

Feel free to change any of the variables to suite your particular need. File transfer can be done in better/more efficient ways, but if you're in a bind, this can work in a pinch.

Cisco Wireless Access Point and the Google Chromecast Problems

  2013-12-30 12:01:00 PST

A while ago, I plunked down $35 to get Google's second attempt at the living room stream box. After being extremely impressed with the price tag, I became extremely disappointed in the way it worked in my almost-corporate home network.

For the life of me, I couldn't get the Chromecast and my devices to see each other. I'm using a home-built Astaro-at-Home (now Sophos UTM Home Edition) box coupled with a dumb gigabit switch and a nice Cisco wireless access point. Not really a typical home setup, compared with all the unsecured Linksys boxes running around, but not overly-complex either.

I tried everything I could, got frustrated, and gave up on the device for a couple weeks before tackling it again over a slow weekend. I found a couple fantastic pieces of information that pointed me in the right direction. I needed to add two statements to my AP configuration (yes, in text mode, there is no web option for this).

Adding these two statements over SSH solved all of my problems with the Chromecast:

no ip igmp snooping
no dot11 igmp snooping-helper

These two lines allow the Chromecast to talk to devices over the access point and complete the set up correctly. Not really the way I wanted it, especially since the Nexus Q was so much easier to set up, but it works now.

As far as the Chromecast goes, it's a great device for $35. From a technical perspective, the Nexus Q was far cleaner to set up and run with, the Chromecast seems to crash and disconnect more than I would like it to, but for $35, I'm not going to complain.

Salty Talks and InfoSec

  2013-12-13 07:26:00 PST

Last night was the holiday meeting of Ohio InfoSec Forum, a group that puts on monthly security meetings for free in Kettering, Ohio. They discuss everything from high-level security (use strong passwords) to low-level complex security (here's how you write a buffer overflow in C). It's really a fantastic group. I've recently had the pleasure of being added to their Board of Directors. I help with web technology, marketing, acquiring speakers and sponsors. You know, normal stuff that happens in a charity organization.

Anyway, we just recently had our holiday meeting, which consisted of us playing "Who's Slide is it Anyway?!". The format consists of picking audience members to present on a randomly-chosen slide deck, of which they have no prior information about. The results tend to be mildly hilarious. With some people standing in front of the group, completely flabergasted, as they struggle to find the words to talk about chair and couch design. Other people flew through the random deck with grace, talking about the fantastic new PRISM program (heavy sarcasm, of course). All in all, it was a good time.

One of the non-joke decks I made up was a quick 3-5 minute talk about how to hash passwords securely with salt (in case you can't use bcrypt or another made-for-password hashing algorithm). Check it out here. It's not in-depth, it doesn't cover all use cases, but it does give a decent first-look at what salt is and why it's helpful.

Page: 11 of 31