Konstantin Vlasenko

An engineer is someone who can make for a dollar what any fool could make for two. – Alan Kay

Howto disable hotlinking for your AWS S3 resources

It is good idea to serve static content (e.g. images, video, …., not a JavaScript files) on AWS S3 instead of from your AWS EC2 server. In this case you reduce the workload on your web application.

The problem is that AWS S3 resources are not available for public by default.

The simple stupid solution is to make them all publicly available.

But what if we are talking about protected Web application where clients should enter credentials first to access the application. And one of the requirement is that all data should be not easily available! E.g. shouldn’t be referenced by other sites (hotlinking) or crawled by the search engines.

AWS S3 for everyone doesn’t work here.

Fortunately you can create the AWS S3 bucket policy which will allows to access the resources only for the particular referrers:

{
 "Version": "2008-10-17",
   "Id": "Vlasenko Access",
   "Statement": [
   {
     "Sid": "AllowPublicRead",
     "Effect": "Allow",
     "Principal": {
       "AWS": "*"
     },
     "Action": "s3:GetObject",
     "Resource": "arn:aws:s3:::TestPolicy/*",
     "Condition": {
       "StringLike": {
         "aws:Referer": [
           "http://vlasenko.org/*",
           "http://vlasenko.guru/*",
           "http://vlasenko.ninja/*"
         ]
       }
     }
   }
 ]
}


The image above available only trough this blog post. Try to copy the URL and paste it into a new tab in your browser. Don’t use Open link in new Tab!

Amazon RDS Now Supports T2 Instances

That is good news.

T2 instances CPU credits is really great feature introduced 2 months ago for EC2. Amazon RDS Now Supports T2 Instances

At the same time the price for T2 RDS instances is twice less then for the previous generation.

T2.micro EC2 + T2.micro RDS are good if you are thinking about web app which will have the “scheduled” workload. E.g. the main customers are from the particular region.

While the instance is IDLE it accumulate CPU credits. And you servers will be able to burst above the baseline as needed. You can track your CPU Credits trough AWS Console. It is really fun to track them

On the image below one of my EC2 instance has 150 CPU Credits. This means that it will be able to rocket up to the “cloud”  if needed. But still you pay for micro instance. CPU Credits really brilliant idea from Amazon!


CPUCredits

From Evolution to Inevitolution by Dmitri Dozortsev

Originally posted on Fertility Conundrums

Civilization development is driven by scientific discoveries which have to inevitably happen. One human being has very little value for this inevitability: individual human’s only intrinsic inevitable quality is death. As number of humans was small, it was taking a long time from one discovery to another. For example, it took thousands of years to exit the stone age and enter bronze age. The man who came up with the first stone tool had no competition for thousands of years. Today, when I get a “new” idea in my small and highly specialized field, I can be assured with 99% certainty that someone had exactly the same idea a few days or perhaps few years ago. It becomes incredibly hard to be original … which means that all possible discoveries became inevitable. This inevitability of increased complexity of civilization is not directed by anything or anybody, but an intrinsic property of a large group of humans: everything that can be discovered advancing humanity to an unknown, unpredictable and yet inevitable finale.  We do not know who will make a discoveries, we don’t know how it will happen, but they will happen with absolute certainty. Just like in quantum mechanics, everything that can happen will happen, given enough time.

This increase of complexity is not only inevitable, but the speed with which inevitable outcome is achieved is continuously accelerating by virtue of population increase.

 more

 

Configure WSO2 Identity Server as SAML2 SSO IDP

Originally posted on SOA Security:

WSO2 Identity Server is one of the powerful open source identity management solution. It can act as an SAML2 SSO IDP.  You can use Identity Server to integrate with different applications to achieve seamless user login in your enterprise. You can easily register your service provider applications using WSO2 Identity Server management console. Lets tryout SAML2 SSO sample that is shipped with WSO2 Identity Sever.

Setup SAML2 SSO Web Application.

Step 1. Check out the source from the repository location which contains the samples. You can find the latest sample from here

svn co https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/products/is/5.0.0/modules/samples/sso/

Step 2. Go to <HOME>/sso/SSOAgentSample directory

Step 3. Replace the exiting pom.xml file with this pom.xml file.  Because you can not build the sample with existing pom.xml file available in the WSO2 SVN until you build the whole platform.

Step 4. Build the project using Maven  3.0.X.

After successfully building the sample, A

View original 1,016 more words

Disable the option to check for server certificate revocation on Internet Explorer

We are doing an extensive acceptance testing against SharePoint Online by using PowerSlim (PowerShell).
Unfortunately sometimes our automated tests are blocked by popup below:
CheckCertificatRevocation
As we truly believe that our DNS is not spoiled an we know exactly what we are looking for (pre-created data) – this verification doesn’t make any sense for us.
So we decided to disable it. I was not able to find the solution how to do this trough Windows Registry. Below is how you can do this trough Internet Explorer:

  1. Open Internet Options
  2. Go to Advanced tab
  3. Scroll down to the Security section
  4. Clear check-box below:
    DisableCertificatRevocation
  5. Restart Internet Explorer

Split a project between the teams and not other way around!

Software development managers accustomed to moving people around the projects.
Instead they should be able to split a project between the teams and not other way around!
This implies that software development manager should be a software development practitioner.
There is a lot of similar ideas around this topic below by Pieter Hintjens

The Promise, Progress And Pain Of Collaboration Software

Originally posted on TechCrunch:

Editor’s note: Jason Green is a founder and general partner at Emergence Capital Partners. He was an early investor in Yammer and Success Factors, and he currently sits on the boards of ServiceMax, Replicon, Cotap, Lotame, Xad, Digital Airstrike, and Box (observer).

Truly effective enterprise collaboration applications represent one of the most promising opportunities for cloud computing. Over the last decade, several SaaS companies have emerged that improve workplace collaboration, including well-known companies like Box and Yammer, as well as newer companies such as QuipCotapHall and Slack.

Given my board roles with several of these companies, I am often asked about what is working and what is next. I want to share my thoughts on the promise and the progress in collaboration software while also touching on the areas of opportunity or the pain.

Emergence Capital Partners started with a thesis that software…

View original 528 more words

#SQL: Update xml field from value from other table

We are going to update Title field in XML below. Assume we have incorrect values there in our Library table. We will find the correct values by using Title field from AllBooks table.

<Book xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
 <Title>Incorrect Title</Title>
</Book>
UPDATE Library SET info.modify('replace value of (/Book/Title/text())[1] with sql:column("Title")')
FROM Library 
LEFT OUTER JOIN AllBooks ON Library.BookID=AllBooks .ID
WHERE info.value('data((/Book/Title)[1])','nvarchar(max)') like 'Incorrect Title%'

#PowerShell: Register AWS EC2 instances in Amazon Route53 (new way)

Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service.
Just in case – Amazon EC2
I use this script https://github.com/konstantinvlasenko/cloud/blob/master/Register-CNAME.ps1 to provide meaningful names for them.
Simple usage:

$config = @{ DomainName = 'mylab.com' }
$name = "www.$($config.DomainName)"
# get instances
$instance = (Get-EC2Instance $InstanceId).RunningInstance
# update R53
.\Register-CNAME.ps1 $config $name $instance.PublicIpAddress

Advanced usage (register in another account; registering A record):

$config = @{ DomainName = 'mylab.com'; AssumeRoles = @{ R53 = @{ ARN = 'arn:aws:iam::600021112340:role/Route53'; SessionName = 'Friends' } }; }
$name = "www.$($config.DomainName)"
# get instances
$instance = (Get-EC2Instance $InstanceId).RunningInstance
# update R53
.\Register-CNAME.ps1 $config $name $instance.PublicIpAddress 'A'

#SharePoint 2013 #PowerShell: How to get user permissions report

function Get-SPPermissionsReport($web, $recursive)
{
  $web | Get-SPUser | % { New-Object PSObject -Property @{
    UserLogin = $_.UserLogin
    'Roles given explicitly' = $_.Roles
    'Roles given via groups' = $_.Groups | %{$_.Roles}
    Groups = $_.Groups
    Url = $web.Url
    }
  }
  if($recursive) { $web.Webs | % { Get-SPPermissionsReport $_ $recursive } }
}
$web = Get-SPWeb http://yoursharepoint/sites/department
Get-SPPermissionsReport $web $true | Sort-Object UserLogin | Out-GridView

Then you can apply an additional filter by user or url right in the GridView.
You can add an additional matching criteria in the GridView: e.g. match by Role/Group name

Follow

Get every new post delivered to your Inbox.