Vladimir Vuksan's Blog Documenting the systems and network infrastructure madness

DuckDB allows direct querying/importing of data from HTTP endpoints including S3 compatible storages. The httpfs extension currently lacks direct support for Fastly Object Storage however as it is S3 compatible all you need to do is modify the S3 type to support it. The only two changes are

• ENDPOINT needs to point to the Fastly endpoint for the region you want to use e.g eu-central.object.fastlystorage.app
• URL_STYLE needs to use path

For example I have a bucket in us-east region and my config looks as follows.

CREATE SECRET secret1 (
    TYPE S3,
    KEY_ID 'K******************',
    SECRET '*******************************',
    REGION 'us-east',
    ENDPOINT 'us-east.object.fastlystorage.app',
    URL_STYLE 'path'
);

After that’s done you can do things like

SELECT * FROM 's3://my-test-bucket/data.csv';

In order to fully build NRF24L01 python bindings on the Pi you will need to do this

sudo apt install -y build-essential python3-dev libboost-python-dev python3-pip python3-rpi.gpio libboost1.81-dev
git clone https://github.com/nRF24/RF24.git
cd RF24
make
sudo make install
cd RF24/pyRF24 && sudo python3 setup.py install

Error resolution

If you get error like this

arm-linux-gnueabihf-g++ -shared -Wl,-O1 -Wl,-Bsymbolic-functions -g -fwrapv -O2 -marm -march=armv6zk -mtune=arm1176jzf-s -mfpu=vfp -mfloat-abi=hard -L/usr/local/lib -I/usr/local/include -DRF24_NO_INTERRUPT build/temp.linux-armv6l-cpython-311/pyRF24.o -L/usr/lib/arm-linux-gnueabihf -lrf24 -lboost_python3 -o build/lib.linux-armv6l-cpython-311/RF24.cpython-311-arm-linux-gnueabihf.so
/usr/bin/ld: cannot find -lboost_python3: No such file or directory
collect2: error: ld returned 1 exit status
error: command '/usr/bin/arm-linux-gnueabihf-g++' failed with exit code 1

Likely cause is that name of the linked library is misplaced. For example on my DietPi system the linked library should actually be called boost_python311. You can find out what it’s actually called by running the dpkg command e.g.

$ dpkg -L libboost-python1.81.0 | grep libboost_pyt
/usr/lib/arm-linux-gnueabihf/libboost_python311.so.1.81.0

Then you need to change this line

    BOOST_LIB = "boost_python3"

to then rerun

    BOOST_LIB = "boost_python311"

Recently I upgraded from Ubuntu 19.04 to 19.10. Upgrade was uneventful except for Chromium losing all my saved passwords and personal HTTPS certificates. Main cause of the issue is the new chromium packaging. As of 19.10 chromium is utilizing snap packaging instead of deb. You can read the rational behind the change on the Ubuntu blog.

As a result on first invocation $HOME/.config/chromium is copied into $HOME/snap/chromium/.config/chromium. Unfortunately that is not sufficient as you end up with a following error message

[23083:23264:1024/150717.374528:ERROR:token_service_table.cc(140)] Failed to decrypt token for service AccountId-19854958475897323

Solution is to run

snap connect chromium:password-manager-service

Thanks to this post for providing the solution..

As far as personal HTTPS certificates are concerned your best course of action is to either export those prior to the upgrade or if you don’t have that option download latest Chromium build then export the cert and reimport into your new shiny chromium :-).

If you are curious what Chromium is using for it’s config directory you can enter a following URL

chrome://version

Recently at Fastly we have been gradually turning off TLS v1.0 and v1.1 support due to PCI mandate to deprecate them. You can read about the deprecation policy here.

We also recently received couple reports from customers about some of the Android 4.x users not being able to access some of these end points. During the investigation I found following SSLLabs issue

https://github.com/ssllabs/ssllabs-scan/issues/258

which had a pointer to this post about different vendors packaging a version of Google Chrome as their own built in browser

http://www.quirksmode.org/blog/archives/2015/02/chrome_continue.html

Unfortunately it appears that some vendors notably Samsung standardized on version of Chrome which did not have TLS v1.2 support e.g. Chrome 28. Can I Use site has a nice table of TLS v1.2 support

http://caniuse.com/#search=tls%201.2

This is clearly a major hassle as it may force you to keep TLS 1.0/1.1 around for longer than you’d like or educate users to install latest Google Chrome from the Play Store. To get a better understanding what the experience may look like is I tested it on my Android 4.2 table and this is what it it looks like

This is what the built-in browser capabilities are

Unfortunately this will result in a very nasty error that says secure connection cannot be established

Same device with Google Chrome installed passes the capability test with flying colors

My children like to play Minecraft and they often like to play with their friends and cousins who are remote. To do so in the past I would set up my laptop at the house, set up port forwarding on the router, etc. This would often not work as the router would not accept the changes, my laptop firewall was on etc. Instead I decided to shift all this to the cloud. In this particular example I will be using Google Cloud Engine since it allows you to have persistent disks. To minimize costs I will automate creation and destruction of minecraft server(s) using Hashicorp’s Terraform.

All the terraform template and files can be found in this specific Github Repo

https://github.com/vvuksan/terraform-playground

You will need to sign up for a Google Cloud account. You may also optionally buy a domain name from a registrar so that you don’t need to enter IP addresses in your minecraft client. If you do so rename dns.tf.disabled to dns.tf and change this section

variable "domain_name" {
  description = "Domain Name"
  default     = "change_to_the_domain_name_you_bought.xyz"
}

As described in the README what this set of templates will do is create a persistent disk where you will store your gameplay and spin up a minecraft server just for that time being. When you want to play you will need to type

make create

and when you are done playing you will type

make destroy

Cost of this should be minimal. In the TF template I’m setting a persistent disk of size of 10 GB (change that in main.tf if you need to). That will cost you approximately $0.40 per month. On top of it you’d be paying for g1.small instance cost which is about $0.02 per hour. You can certainly opt for a faster instance by adjusting the instance size in main.tf file. Also if you are using DNS there will be DNS query costs but those should be minimal.

Have fun.