Tech Stuff

Full disclosure: This is not my guide. This is a repost of a Stackoverlflow post - by user PhilipD. After hours of searching, this was the most complete and helpful guide we could find and it saved us hours of frustration. The post on Stackoverflow has been 'put on hold' because it's not really a question and so I'm reposting here.

Philip's instructions worked flawlessly, including replacing all of the 32bit x86 libs and dependencies with 64 bit versions on a Windows 10 Pro installation, also with IIS and PHP (PHP located in C:\php, and ImageMagick installed to C:\ImageMagick).

Here's the original post...

Read more 

Here's a public service announcement for those of you fighting to a) prevent the Intel(R) Turbo Boost Max 3.0 Technology application from popping up after every login, and b) prevent the Intel(R) Turbo Boost Max 3.0 Technology Application Service from waking your computer from sleep mode.

Read more 
Drupal 8

The new Configuration Management system in Drupal 8 is excellent. When combined with our current Git/Capistrano workflow, it means that all content type and view definition changes can be exported to the configuration 'sync' directory, committed to source control, and pushed to the target deployment site (staging, production etc.).

In our case settings.php for the development and target sites have been updated to use a sync directory that's outside of the site root.

A typical commit and deployment cycle looks like this...

Read more 
Hype cycle


In the mid 2000s it was all about 'Services Oriented Architecture'. The hype machine is now squarely focused on microservices. SOA and microservices aim to solve two different problems, and as with most new architectural terms and patterns there is something good going on out there - it just takes a little digging to get to the good stuff.

Here are a few links on the topic...

1. Fowler is in on the game, defining the term, pattern, and approach with usual gusto.

2. Here's an interesting article on building microservices using AWS Lambda - without servers.

3. Here's a great write up on the evolution of a framework from a tool to quickly build and test MVPs, into a fully-fledged microservices framework called Seneca.

4. A few years ago now but still a good read from Netflix on Architectural Patterns for High Availablilty

(Image courtesy


Read more 

External Boot Camp Drive UPDATE: Aug 05 2016: Surprisingly, the Windows 10 Anniversary Update (Version 1607) installed on this installation okay, although only via the VM (running under VMWare Fusion). It would NOT install when running from the bare-metal installation (option boot from EFI partition). Trying to install from the EFI booted partition results in the 'Cannot upgrade due to unsupported disk layout for UEFI firmware' error. Once the update was complete on the VM guest, it also booted fine from the EFI partition. I have no idea how, or why this worked. ;-)

ORIGINAL POST A success story is a nice way to start the New Year.

The internal drive on my MacBook Pro (Retina, 15-inch, Late 2013) has been getting a little full, and the Boot Camp partition was taking up about 45GB of space. I also wanted to run a proper Windows machine (including developer tools) and 45GB wasn't really enough to do much.

And so began my quest to see if I could achieve the following:

  1. Install Windows 10 Pro (build 1511) on an external USB 3 SSD hard drive.
  2. Have my MBP recognize this drive as a boot option when pressing the option key at boot (turning my MBP into a Windows computer).
  3. Have VMWare Fusion recognize the external Windows installation as a valid Boot Camp source, allowing Fusion to run the same Windows installation as a virtual machine while in Mac OS X.
Read more 

The State of Malware

The State of Malware

I've been spending a little more time looking at general computer and network security recently. One of the things I've been looking at is the current 'state of affairs' where malware is concerned. There's a lot going on out there, although as Gunnar Peterson says in a recent post at 1 Raindrop, not much has changed in the past 10 years. In fact, based on what follows, it's arguable that things are actually getting worse.

There are also regional differences that matter. Here in Thailand at least, the situation is exacerbated by the fact that it's still very common for personal computers to have illegal software installed - including Windows and other major applications (there are reasons, but that's a different story). There are of course other threats and concerns about safety and communication that matter, but for the most part, the biggest computer security risk here is from non-targeted malware.

Read more 

Having switched to Nginx a while ago, I was recently forced to use Apache for a client installation. There have been some significant changes in 2.4 from 2.2, include the 'Requires' option.  I also wanted to create a virtualhost entry for Munin on this machine. It took a little while to figure this out, in particular on Apache 2.4. I'm also using the built-in cron task to generate graphs. Here's the complete Virtualhost configuration for Munin on Ubuntu 14.04 and Apache 2.4

Read more 

Here's how to upload a file to a server using PHP cURL. It took me a little longer than planned to sort this one out, as the API I was communicating with required the top level key in the post data array to be 'file'. See my note below.

// Helper function courtesy of
function getCurlValue($filename, $contentType, $postname)
    // PHP 5.5 introduced a CurlFile object that deprecates the old @filename syntax
    // See:
    if (function_exists('curl_file_create')) {
        return curl_file_create($filename, $contentType, $postname);
    // Use the old style if using an older version of PHP
    $value = "@{$filename};filename=" . $postname;
    if ($contentType) {
        $value .= ';type=' . $contentType;
    return $value;
$filename = '/path/to/file.jpg';
$cfile = getCurlValue($filename,'image/jpeg','cattle-01.jpg');
//NOTE: The top level key in the array is important, as some apis will insist that it is 'file'.
$data = array('file' => $cfile);
$ch = curl_init();
$options = array(CURLOPT_URL => 'http://your/server/api/upload',
             CURLOPT_RETURNTRANSFER => true,
             CURLINFO_HEADER_OUT => true, //Request header
             CURLOPT_HEADER => true, //Return header
             CURLOPT_SSL_VERIFYPEER => false, //Don't veryify server certificate
             CURLOPT_POST => true,
             CURLOPT_POSTFIELDS => $data
curl_setopt_array($ch, $options);
$result = curl_exec($ch);
$header_info = curl_getinfo($ch,CURLINFO_HEADER_OUT);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$header = substr($result, 0, $header_size);
$body = substr($result, $header_size);
<!doctype html>
    <meta charset="utf-8">
    <title>File Upload results</title>
    <p>Raw Result: <?=$result?>
    <p>Header Sent: <?=$header_info?></p>
    <p>Header Received: <?=$header?></p>
    <p>Body: <?=$body?></p>
Read more 



It's taken a while, but someone has finally cracked it. I've been a Mac OS X launcher geek for a while now, having spent years with Quicksilver (at one point ranking it as my no. 1 Mac OS utility). I've also tried Alfred, and more recently, LaunchBar  from the talented folks at Objective Development (the makers of Little Snitch). To be honest, Spotlight search has always been close, in particular since it nearly always ranks the 'top hit' correctly - which is usually the app I'd like to launch. The only thing missing from Spotlight, and from Mac OS X in general, is the ability to easily create global, system-wide keyboard shortcuts. There 'are' ways to do this, but they're complicated, and not something you get 'out of the box' with Mac OS X (which is a little weird). And so along comes Apptivate - an excellent and extremely easy to configure system-wide, keyboard shortcut manager. Great work from Cocoabeans Software - as it scratched the itch I had, and has meant I can drop the other launchers, relying on Spotlight for the rest. Apptivate is free - for the moment at least, although their newly designed homepage has all the 'hallmarks' of an app that may be headed to the App Store. Try out Apptivate today  ;-) UPDATE: In a tweet from the author, @apptivateapp - the app was in the App Store - but was removed due to sandboxing restrictions.

Read more 

SSH and SFTP Chroot Jail

SSH and SFTP Chroot Jail
Photo by Andrea Schaffer

For a little while now I've wanted to be able to chroot both SFTP and SHH accounts on one of my multi-user VPSs.

SFTP on its own is not so difficult. OpenSSH 4.9p1 and above includes the ChrootDirectory directive. And an SFTP chroot is a little more forgiving in so far as it doesn't actually require any supporting system or userpsace services (a shell, ls, cp, etc.), which is why you often see ChrootDirectory accompanied with ForceCommand internal-sftp which will prevent SSH access altogether.

What I'd like to do is create a restricted environment for both SSH and SFTP.

I spent a little while looking at a very interesting project from Olivier Sessink called Jailkit. Jailkit has most of what I was looking for but, it has quite a few moving parts, including the need to replace a users shell with a special Jailkit shim that hands over to Jailkit. This is okay but it means changes to passwd are required, and editing your /etc/ssh/sshd_config to use Subsystem sftp /usr/lib/openssh/sftp-server and not Subsystem sftp internal-sftp if you want to chroot and jail both SFTP and SHH logins.

It turns out that OpenSSH gets us most of the way there with the ChrootDirectory directive.

And so here are the steps required to create a minimal chroot jail on Ubuntu 12.04 LTS.

Read more