Major Site Downtime

This site has experienced a major outage starting from Thursday 9th July until Monday 13th July when all operations were restored.

The reason for this outage was due to a failure by one of the VPS nodes hosting this site and the subsequent failure of the vendor to respond timely to requests for support. As such I have had to rebuild this site from scratch on a new node with a different vendor and restore the data from the daily backups I keep offline.

Lessons learned: There is a reason some vendors charge more than others. While small vendors such as friends are great and all, the added benefit of actual staff being around to promptly assist you when things go south is worth paying a little more for. After much though I have decided to transfer this site completely to DigitalOcean as I have been using these guys for some time now for development – mainly as it takes around 30 seconds to spin up a new VM and they offer an API.

While I was at it I also took the opportunity to upgrade my hosting architecture inline with the way I prefer to do things nowadays. This whole site is now running as a light-weight LXC container which means it’s completely decoupled from the underlying infrastructure. I have made a note to write some stuff on LXC as this is a very important development in world of servers and hosting that everyone should be familiar with. I have plans on expanding my hosting infrastructure to accommodate some exciting new projects I am working on and this change is important to prevent me having to spend hours rebuilding this blog again when I migrate.

So for my closing words I would like to give a big Hello to DigitalOcean with a shamless plug. I have used your products for a while. You have never disappointed me and I don’t hesitate to recommend you to everyone I know. Perhaps not for everything, but for any sort of development and for a simple quick VPS your hard to beat. Please check them out guys and show a little support by using my promo code 8b284eda0749

OSX high CPU by coreaudiod and launchd

Just a quick heads up I thought I would share. I’m running Yosemite and I’ve noticed my MBP was getting very hot while I was not really using it. Activity monitor showed that coreaudiod and launchd were using very high CPU. There are various suggestions online by (mostly) clueless Mac users suggesting to try any combination of ‘hope and pray‘ strategies such as resetting PRAM and SMC (i.e this-is-a-mac-and-if-something-goes-wrong-this-is-the-only-way-to-fix-it strategy). Others suggest recreating a missing Audio folder or simply a reboot.

For me I found issue was due to an error with blued – the service responsible for providing bluetooth. It’s a pretty straightforward fix of reloading the service. Open a terminal and run:

sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.blued.plist

Bluetooth will now be disabled, so just enable it again. I found the option to enable bluetooth did no work via the system tray. Instead I opened up bluetooth settings and clicked the ‘Turn Bluetooth On‘ button.

If you are still having issues starting up bluetooth the following two commands should have you sorted:

sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.blued.plist
sudo launchctl load /System/Library/LaunchDaemons/com.apple.blued.plist

After this you should be able to turn on bluetooth.

You could always just restart your Mac, but seriously you should not have to restart your whole computer just because a process or service is missbehaving. That’s pretty lame. And besides – the -w flag instructs launchctl to wipe and recreate the com.apple.blued.plist file which is usually the culprit (it gets corrupt) and then a reboot will only really be a short term fix.

Benchmark JS bitwise NOT vs negation

Just wanted to post a quick tip for anyone looking to maximise their performance.

Often you would have a situation where you want to flip a boolean value – e.g
var bit = 0;
bit = !bit;

I’m sure many of you will have done something like this before. But did you know there is more than one way to negate a variable?
bit = !bit;
bit = ~bit;

Huh? The tilde (~) is a bitwise NOT operation. It is used to flip a binary bit (0/1). Which one is faster? Lets compare:

Screenshot - Testing inverts (jsPerf)
http://jsperf.com/testing-inverts

MongoDB security and user access control

MongoDB does not offer as fine grained a security model as traditional databases. Never the less what it provides is sufficient as long as best practices are followed and some care is taken in securing the system.

MongoDB offers two levels of access control – system (global) and per database. For each of these types, users can be assigned a series of roles which determine the actions they can perform. The model is pretty simple and straight forward and allows for a least-privilege approach. The only shortcoming (at the time of writing) is that the roles are a little broad. In the future I would really like to see the ability of setting more fine grained restrictions on actions or even the ability to create your own role groups with action rules.

Enabling authentication

The first thing to do before you can start making use of mongo’s UAC features it to enable authentication. Usually this is disabled by default.

This can be enabled either by editing your mongodb.conf file and adding the line

auth = true

You can also start mongod with the auth parameter.

Creating an admin user

Out of the box mongo has no admin user set. Hence once you enable authentication you will be able to gain privileged access via a local mongo shell until an admin user has been created.

Start the shell and type:

use admin
db.addUser({ user:"admin", pwd:"secretpassword", roles:["dbAdminAnyDatabase","clusterAdmin"]})

This will create a user admin with the password secretpassword and grant that user dbAdminAnyDatabase and clusterAdmin roles. I recommend granting the primary admin user both of these roles as they will enable you to perform any action you want on any database.

Note: If you do not set clusterAdmin you will get an unauthorised error when you try to drop a database.

Now that you have an admin account enabled you will be required to authenticate before you can perform any actions.

Creating a database user

You can now add a user to any database and set access restrictions.

First select the database you wish to add a user to.

use example

We are now using the example database. Adding a user is exactly the same to how we created an admin user:

db.addUser({ user:"rwUser", pwd:"password", roles:["readWrite"] })

This will create a user rwUser which will have read/write access to the current database.

Authenticating

Before you can perform an action either globally or within a given database you will need to authenticate.

You can authenticate as a global user or a database user by selecting the appropriate database. Then you can authenticate by typing:

db.auth("rwUser","password")

You will get a response code of 1 for success and 0 for fail. Once authenticated you will be able to execute any action your roles allow you.

User roles

At the time of writing Mongo (2.4) has the following roles:

Database User Roles

  • read
  • readWrite
  • dbAdmin
  • userAdmin

System User Roles

  • clusterAdmin
  • readAnyDatabase
  • readWriteAnyDatabase
  • userAdminAnyDatabase
  • dbAdminAnyDatabase

For detailed information regarding each role please refer to User Privilege Roles in MongoDB in the MongoDB Official Documentation.

Remove a user

You can remove both database and system users in the same way. First select either a specific logical database or the system admin database. Then type:

db.removeUser("testuser")

Which will remove the user testuser.

Note: You technically should not be able to remove the admin user…

Changing passwords

If you wish to change a user password select either a specific logical database or the system admin database. Then type:

db.changeUserPassword("testuser", "newpassword")

Which will update the user testuser with the new password newpassword.

Updating users

If you wish to update an existing user – for instance to change their username or update their roles, you can do so by performing an update against the system.users collection of either either a specific logical database or the system admin database. This works exactly like a standard update() and the same rules and parameters apply.

Here are some typical update scenarios you might wish to perform:

Update a username

use example
db.system.users.update({ user:"testUser" }, { $set:{ user:"tastyUser" } })

Add an additional role to a user

use example
db.system.users.update({ user:"testUser" }, { $push:{ roles:"userAdmin" } })

Remove a user role

use example
db.system.users.update({ user:"testUser" }, { $pull:{ roles:"dbAdmin" } })

Disable automatic restart after Windows 7+ update

Microsoft is funny. They have all these sensible settings that they never bother to turn on and then they switch on the most annoying things.

One of the things that pisses me off most is how they handle updates. Besides deciding to lock my PC down during shutdown and restart to install updates (because hey, when i shut down my laptop i dont REALLY need it to shutdown – it’s not like the battery will die or it will overheat when i throw it into my bag or something. Nor do i REALLY need to have access to my PC within minutes of switching it on because hey – i can wait 30 minutes before being able to use my computer). No what really pisses me off is switching on my PC in the morning and seeing that all my programs, all of my work, all of my nicely arranged windows and workflow is all gone because Windows decided it’s a great idea to restart during the night to install some useless update. Fuck you Microsoft – if you want to be clever, at least bother to save my state.

Great new is you can disable automatic restart with a little “under-the-hood” tweaking . Best of all you can do this without disabling automatic updates all together.

Windows 7 Pro, Enterprise, Ultimate:

  1. Click Start
  2. Enter “gpedit.msc” into search and press enter.
  3. Navigate to Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update
  4. Double-click on “No auto-restart for with logged on users for scheduled automatic updates installation”
  5. Select the option “Enabled“. Click save.
  6. Reboot the computer

For users of the more basic versions of Windows that do not include the Local Group Policy Editor you will have to do this manually via RegEdit:

  1. Click Start
  2. Enter “regedit” into search and press enter
  3. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
  4. If you dont see a folder “WindowsUpdate” right click on “Windows” folder you are in and select New -> Key
  5. Name the key WindowsUpdate.
  6. Right click on your new WindowsUpdate key and select New -> Key
  7. Name the key AU
  8. Right click on your new AU key and select News -> DOWRD (32-bit) Value
  9. Name it “DWORD called “NoAutoRebootWithLoggedOnUsers
  10. Double click this new value and set it’s Value Data to 1 (Base is Hexidecimal)