Categories
How-To software

Basic Security is Not Secure

Let’s say I wanted to do basic security. I want to be able to defend myself against cyber attacks on my laptop, network, phone as well as any peripherals I might use that connect to any of the devices I use. I want to communicate securely. I want to be untrackable or have privacy. Basic security for the purposes of this post will consist of 3 things:

  1. Malicious code barriers & Cyber Defense
  2. Secure communications
  3. Privacy

Let’s tackle the first one. I have a computer that I just purchased from a store. A sales person might even suggest buying anti-virus software with a firewall. It’s guaranteed to protect me from everything except a zero day hack. Well what about this “zero day hack.” Anything on my computer that is listening to the Internet, e.g. notifications, Dropbox, Adobe, GoogleTalk. Ok, we turn these off. Are we still secure? What if the hardware is not secure? In light of recent revelations, we can’t even trust the hardware anymore. We are forced to build are own computer with our components we can trust, but this begs the question of finding a trustworthy component. Back in the days of 6502 processors, it could be possible to know all the contents in memory, and to even know the factory that made all the components. With our global economy such an empirical luxury (if it was ever so enjoyed) is no more. We might as well stop here, and think about what it would take to secure the supply chain of computer components. There’s a suggestion for it in the dystopian, Draka series of novels by S.M. Stirling. All computers are Read Only Memory (ROM), and produced under close government / military scrutiny. What we can conclude is that even on a basic level, we are not secure.

In my next piece, I’ll look at secure communications on an ok, sorta secure computer.

Categories
How-To

Day 34: I didn’t do my laundry for a month

And I’m still not doing it. Instead, I’ve gotten into the habit of just hand washing in the morning. I put my cloths into the sink, take a shower, and then dry the clothes and me. 🙂 I don’t have to worry about sucking a huge chunk of my weekend to get clean clothes.

I didn’t think I’d last this long, because part of the process of quickly drying clothes involves using bath towels that started to get really funky by day 14. The solution is to sometimes rinse your clothes just enough that there’s still a bit of detergent. While you get the excess liquid out by wrapping your clothes with a towel and stomping on it, the soap gets onto the towel. Funk issues cured.

I just want to highlight that nylon and polyester blends are key to quickly drying clothes. By quick, I mean 4 to 8 hours air drying.

Also, the polyester blends that have coffee grounds as part of the fabric are very odor resistant. I’ve had my odor resistant hoody for a month and it still smells great.

What if it gets hot? Well, I learned about Ice Fil which is tech fabric that uses xylitol to cause a cooling, chemical reaction to your body when you sweat. You can be cooled by as much as 5 degrees F. This too also has a strong odor resistant property so after two bicycle rides, I haven’t had to wash my hoody made out of Ice Fil yet.

Categories
How-To lifehacks

Day 13: Minimalist Winter Gear

It’s day 13 of my challenge not to do laundry in washing machines and dryers and just hand wash for a month. So far it’s going great. $20 saved which I’ll use for tacos once I finish this post.

Let’s talk winter gear.

What’s the least you can wear and still stay comfortably warm? I recently went to Tahoe for work, and had this chart to work off of. The idea behind Clo values is that a Clo value of 1 will keep you comfortable at 70 degrees Fahrenheit without having to move. The colder it gets, the higher the clo value.

The chart below is the recommended clo values for keeping warm and comfy while not moving.

clo	degrees F	degrees C
1	70		21
1.3	66		19
1.6	62		17
2	59		15
2.3	55		13
2.6	52		11
3.2	45		 7
3.8	27		-3

I was on the slopes and perfectly comfortable thanks mostly to the North Face Thermoball Full Zip Jacket which has a clo rating of 2.08. This jacket packs down to a small 7″ x 4″ rectangle that you can attach to a carabiner on your backpack.

Also of note is the ExOfficio Trail Crest Flannel that has hollow threads for a high warmth to material ratio, and the ExOfficio Kahve Hoody. Both dry over night in 8 hours after washing and both are warm enough to be the only layers you’d need while walking around when it’s around 40 degrees.

If you look at the chart below, you’ll see that what’s minimalist is skipping ski pants in favor of a lighter rain pant, and skipping the outer shell. Instead of looking like a stay puff marsh mellow on the slopes, you look lean and mean.

I was very warm in below freezing weather thanks to the gear below.

Item				Clo Value
patagonia long johns		0.35
exofficio nomad pants		0.2
LL Bean rain pants		0.28
briefs				0.04
exofficio flannel		0.3
exofficio kahve hoody		0.37
thermoball inner jacket		2.08
outershell	
boots				0.05
socks				0.1
gloves				0.1
scarf				0.1
hat				0.1
TOTAL CLO			4.07
Categories
blogging How-To Mobile Apps TechBiz Webalytics

How to Get More Instagram Followers Free Honestly

We now know that you can get fake followers and brands won’t know the difference. These brands give tons of money to fakers. We also know that Googling “autolikers” will show us a bunch of apps that can be used to game around 200 followers per day. What does honest engagement look like?

A network graph visualization will easily show fake followers. In Gilad Lotan’s article linked above, more purple means more fake, i.e. accounts that follow exactly 2000 and are followed by less than 20.

Honest engagement *cough* might look something like this chart below which you should please click:

account_growth_3

1. If you drop followers are dropped, if you have good content you shouldn’t have mass un-followings. I dropped 449 followers and only lost 30.

2. If you stop adding followers, like I did around November and December, and just focused on engagement through adding photos, about 25 per month, then you can get follower growth.

3. Do you have to post almost everyday? It turns out that if you add 5 followers per day, spend 15 minutes in the morning and evening liking every good photo in your feed, and do 15 photos per month, you can get about 75 followers per week.

These stats aren’t hard and fast rules, but seem to be true for my account.

I’m going to dig in more and get better stats via the API in an upcoming post.

Categories
Databases How-To MySQL WebApps wordpress

How To Back Up WordPress with mysqldump

Here’s a quick how to:

1. Tar up the directory:

tar cvf WordPress.tar wordpress/.
bzip2 WordPress.tar

2. Dump the database.

mysqldump --user user_name --password --host example.com --extended-insert=FALSE database_name > database_name.sql

I personally use extended-insert set to false because I often have to read the SQL.

Here is how to restore from backup:


tar zxvf WordPress.tar.bz
mysql --user user_name -p -hexample.com database_name < database_name.sql

Be sure to replace user_name, example.com and database_name with the appropriate values for your system.

I hope this helps.

Categories
Coding How-To ruby ruby on rails WebApps

Upgrade Your Rails Facebook App to SSL

On October 1st of this year, Facebook will be requiring that all apps on Facebook must support HTTPS (SSL).

I’ve provided a guide below which I’ve used for apps I’ve worked on that are Rails based.

This guide shows you how to change your Rails Facebook App into an app that supports SSL using Passenger and Apache2.

Step 1: Get an SSL cert or roll your own.

Dreamhost.com made it very easy to add an SSL cert for just $15.00 / year.

I tried out my app out using a locally signed certificate which seemed to work just fine:

openssl genrsa -des3 -out server.key 2048
openssl req -new -key server.key -out server.csr
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Step 2: Install and compile Apache 2

Get the latest version of Apache: http://httpd.apache.org/download.cgi.

Configure and compile Apache:
./configure –prefix=/usr/local/apache2 –enable-rewrite –enable-so –enable-ssl
make && make install

Step 3: Configure your Rails app

gem install passenger
passenger-install-apache2-module

Step 4: Edit your Apache 2 config files:

Edit httpd.conf. For example:

LoadModule fcgid_module modules/mod_fcgid.so
LoadModule passenger_module /Users/jimbarcelona/.rvm/gems/ruby-1.9.2-p290/gems/passenger-3.0.8/ext/apache2/mod_passenger.so
PassengerRoot /Users/jimbarcelona/.rvm/gems/ruby-1.9.2-p290/gems/passenger-3.0.8
PassengerRuby /Users/jimbarcelona/.rvm/wrappers/ruby-1.9.2-p290/ruby


    Options Indexes FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all


Include conf/extra/httpd-vhosts.conf
Include conf/extra/httpd-ssl.conf


IPCCommTimeout 40
IPCConnectTimeout 10

# TODO: change this to production if you are on production
DefaultInitEnv RAILS_ENV development
SocketPath /tmp/fcgidsock

Edit extra/httpd-vhosts.conf:


  ServerName berkeley.l33tcave.com
  ServerAdmin wwwadmin@berkeley.l33tcave.com
  DocumentRoot /Users/jimbarcelona/rails_apps/github/hipsterhookups.com/public
  ErrorLog /usr/local/apache2/logs/rails_error_log
  RewriteEngine On
  
    AllowOverride All
    Options -MultiViews
  
  RailsEnv development

Edit extra/httpd-ssl.conf:

#   General setup for the virtual host
DocumentRoot "/Users/jimbarcelona/rails_apps/github/hipsterhookups.com/public"
ServerName berkeley.l33tcave.com:443
ServerAdmin you@example.com
ErrorLog "/usr/local/apache2/logs/error_log"
TransferLog "/usr/local/apache2/logs/access_log"

# needed for rails
Options Indexes ExecCGI FollowSymLinks
RewriteEngine On
RailsEnv development


AddHandler fcgid-script .fcgi

  
    AllowOverride All
    Options -MultiViews
  

Be sure to add your SSL certs in the httpd-ssl.conf too!

Step 5: Start Apache

# check syntax
apachectl configtest
# start apache
apachectl start

Step 6: Go to facebook and use https for canvas URLs

Categories
How-To ruby WebApps

Setting Up Cucumber and RSpec on Padrino

This is a quick guide on how to set up Cucumber and RSpec on Padrino.

I’ve created a simple test app on github that reflects the steps written down here.

1. Create the app:

padrino g project todo -t cucumber -d sequel -b

2. In the Gemfile use rake 0.8.7:

gem 'rake', "0.8.7"

3. In features/support/env.rb comment out “require ‘spec/expectations'” so it looks like:

# require 'spec/expectations'

At this point ‘cucumber features’ should work and should return a failed test for adding two numbers.

Also at this point, if you create any models, then bare specs for them will be created in the ‘spec/models’ folder.

Please feel free to leave questions or comments if you’ve got a different way of setting things up on Padrino.

Categories
How-To ruby WebApps

How To Test Image Uploads With MiniTest On Padrino

This week I got to pair program with Oren Golan whose last high profile job was at Border Stylo. While there, he wrote a series of excellent blog posts that I highly recommend reading. The one that caught my eye was his post on MiniTest, that’s a lighter version of RSpec.

We created a Padrino app that uses the Sequel gem as an ORM for SQLite.

We tested a raw file upload and the uploading capabilities of Carrierwave.

The working test is on http://github.com/barce/test, and to run it just clone the repo and type the following:

cd test
bundle install
padrino sq:migrate:up

Here’s the test:

# put this into the test/test.rb file
require 'rubygems'
gem 'minitest'
require 'minitest/autorun'
require 'rack/test'
require '../config/boot.rb'

class TestManualBadgeType < MiniTest::Unit::TestCase
  include Rack::Test::Methods

  FILE2UPLOAD  = "/Users/jimbarcelona/pink-pony.jpg"
  UPLOADEDFILE = "/Users/jimbarcelona/repos/oren/forks/test/test/pink-pony.jpg"

  def app() Test end

  def setup
    if File.exist?(UPLOADEDFILE)
      File.delete(UPLOADEDFILE)
    end
  end

  def test_opload
    post '/', 'file' => Rack::Test::UploadedFile.new(FILE2UPLOAD, 'image/jpeg')

    assert_equal last_response.status, 201
  end

  def test_carrierwave_201
    post '/carrierwave', 'file' => Rack::Test::UploadedFile.new(FILE2UPLOAD, 'image/jpeg')

    assert_equal last_response.status, 201
  end

  def test_carrierwave_file_exist
    post '/carrierwave', 'file' => Rack::Test::UploadedFile.new(FILE2UPLOAD, 'image/jpeg')
    assert_equal last_response.status, 201
  end
end

Now you’re ready to run the test upload:

cd test
ruby test.rb
Categories
books How-To

I lost 7 pounds in 2 weeks with the 4 Hour Body Slow Carb Diet

At the end of the LA marathon, I was a healthy 165, but my foot was busted. There’s a stress fracture on my 4th metatarsal on my left foot and I’ve got to keep it flat in a wooden boot until it heals. I can’t even swim, since the water would flex my foot.

At SxSW, I went to Tim Ferriss’ talk on his new book, The Four Hour Body. I didn’t feel I really needed the book, but when I ballooned to 172 in less than a week, that gave me pause.

Weight on 3/28: 172
Weight on 4/08: 165

I didn’t work out except for doing some squats. On cheat days, which is Saturday for me, you can eat whatever and as much as you want: chocolate croissants, pringles, ABB Carboforce, protein drinks, steaks, ice cream. I love Saturdays.

Here’s the diet I followed and each meal except for the sardines and carrots made me full. I spent about $50 on groceries and $50 on lunch per week. $100 / week isn’t bad on a mostly protein diet.

3/28 - Monday
Breakfast: steak, 3 eggs, spinach
Lunch: chipotle bowl - no frills
Dinner: Chicken, Mixed veggies, Black Beans, Yogurt (nono)

3/29 - Tuesday
Breakfast: steak, 3 eggs, spinach, glass of milk (nono)
Lunch: chipotle bowl - sour cream and cheese (nono)
Dinner: swordfish steak, mixed veggies, black beans, yogurt (nono)

3/30 - Wednesday
Breakfast: 3 eggs, spinach, swordfish steak
Lunch: chipotle bowl with salsa and avocado
Dinner: chicken, mixed veggies, black beeans

3/31 - Thursday
Breakfast: 3 eggs, beef steak, spinach
Lunch: tofu, asparagus, veggie chili, brocoli
2nd lunch: carrots, sardines
Dinner: red wine (free), swordfish, mixed veggies

4/1 - Friday
Breakfast: spinach, swordfish
Lunch: chipotle bowl with salsa and avocado
2nd lunch: carrots, sardines
Dinner: red wine, steak, mixed veggies

4/2 - Saturday
Went nuts and ate all day

4/3 - Sunday
Breakfast: 3 eggs, chicken breast
Lunch: steak chipotle bowl - salsa, lettuce & guac
Dinner: lentils, chicken breast

4/4 - Monday
Breakfast: 3 eggs, chicken breast
Lunch: steak chipotle bowl - salsa, lettuce & guac
Dinner: lentils, chicken breast


4/5 - Tuesday
Breakfast: 3 eggs, lentils, chicken
Lunch: steak chipotle bowl - salsa, lettuce & guac
Dinner: salmon, asparagus, beans , redwine

4/6 - Wednesday
Breakfast: lentils, spinach, chicken
Lunch: barbacoa chipotle bowl - salsa, lettuce & guac
Dinner: blackbeans, mixed veggies, steak


4/7 - Thursday
Breakfast: spinach, lentils, steak
Lunch: steak chipotle bowl - salsa, lettuce & guac
Dinner: steak, blackbeans, mixed veggies

4/8 - Friday
Breakfast: steak
Lunch: salmon, asparagus, beans , redwine
Dinner: steak, blackbeans, mixed veggies

I lost a surprising 4 lbs. the first week, but only lost 3 lbs. the second week. I’m pretty sure the 3 lbs. was due to not having the 2nd lunch as recommended. I also measured my body fat with calipers: 24% – 20% body fat.

The first week was pretty difficult but the 2nd week it’s been no problem at all. I can also tell when I’m in ketosis because there’s a slight metallic taste to my mouth and my breathe seems sweeter to the nose.

Categories
command-line How-To wordpress

What You Missed At WordCamp LA

Here’s what you missed:

Installing nginx with php-fpm with varnish on the front end will make your WordPress install fly 50 times faster.

If you’re using apt-get, you can just use:
apt-get install php-fpm
Or try this guide on how-to forge.
Here’s the install process I used using PHP 5.3.3 on OS X:

sudo ./configure --prefix=/usr/local --enable-fpm \ 
  --with-fpm-user=daemon --with-fpm-group=daemon \ 
  --with-mcrypt --with-mysql=/usr/local/mysql --with-zlib \
  --enable-mbstring --disable-pdo --with-curl --disable-debug \
  --disable-rpath --enable-inline-optimization --with-bz2 
  --with-zlib --enable-sockets --enable-sysvsem \
  --enable-sysvshm --enable-pcntl --enable-mbregex \
  --with-mhash --enable-zip --with-pcre-regex \ 
  --with-iconv=shared,/usr
make && make install
cp sapi/fpm/php-fpm.conf /usr/local/etc/php-fpm.conf
# edit php-fpm.conf with the right paths
cp sapi/fpm/php-fpm /usr/local/sbin/php-fpm
cp init.d.php-fpm /etc/init.d/php-fpm
/etc/init.d/php-fpm start

If you get an error message it’s probably because you didn’t go through the config to set things up.

The next part is nginx.

./configure --prefix=/usr/local/nginx && make && make install

My conf/nginx.con looks like this. My sites-enabled/default.conf looks like this. My conf/fastcgi_params file is here.

I just start nginx with /usr/local/nginx/sbin/nginx and I’m good to go.

The quote that stuck with me the most was what Josh Highland said about caching:

“You should use WordPress Cache Plugins. It’s like printing money. It’s free!”

For adding your own contact form, I learned about Contact Form 7. You can ditch WuFoo if you have this configured on your WordPress.

There’s also Pods, which is like contact-form-7 except it’s a whole framework for creating your own content types and making them show up where you want.