Latest posts from our team. Stay up-to-day with news and new features, see if we can help with common problems and see how we solved our clients issues.
November 4, 2016 by Paulina Budzoń
I’m not talking about launching an EC2 instance, uploading the zip with WordPress and going through the installer. I’m talking about immutable infrastructure, scalable, self-healing setup of WordPress within AWS.
October 31, 2016 by Paweł Biernacki
Ever wondered how to protect your host from malicious activity in vm guests? How to keep parts of the hypervisor running in userspace from being a source of access to underlying host? One of the layers can be sandboxing the hypervisor itself!
October 28, 2016 by Paulina Budzoń
I got my first Fitbit tracker a couple of years ago and I’ve been a loyal Fitbit user since - I’m currently on my 3rd tracker and my family has them too. Very quickly I became interested in getting a bit more information out of my data, charting it across other health data I have available - so I went on to Fitbit’s website, as I was quite sure they must have an API, right? Yes, they do. And yes, I can use it for free. Because, as Fitibit says, “your data is yours”. Awesome. And then it turned out it’s not as much “my data” as “my totals”. Fitbit’s public API could only give me aggregated data for each day, total number of steps each day, averages, etc. I wanted to get a count of my steps for each 5-minute period, the same as I can see on Fitbit’s dashboard when I log in. It turned out that was not possible, unless I had a commercial application, submit a request to Fitbit, and they decide it’s worth it. Boo. (Please refer to the bottom of this post for a note of the state of the API today)
October 24, 2016 by Paweł Biernacki
While we’re waiting for CVE-2016-5195
to be patched, RedHat released a workaround for the most common form of the
exploit being run in the wild. It uses systemtap
to block access to mem_write
function.
I wanted to apply it and started tests, only to find that stap
returned EPERM
while loading the module! As I’m
running with SELinux enabled, I checked the /var/log/audit/audit.log
. Surprisingly there was no AVCs with deny!
Although most of the calls are audited, you can mark some to be silently dropped by audit. You can disable that filter
using semanage dontaudit off
. I run stap
again and… bingo!
October 21, 2016 by Paulina Budzoń
For an updated ready-to-use CloudFormation template of this code, see newer post: Complete code: cross-region RDS recovery .
Amazon RDS is a great database-as-a-service, which takes care of almost all database-related maintenance tasks for you - everything from automated backups and patching to replication and fail-overs into another availability zones.
Unfortunately all of this fails if the region where your RDS is hosted fails. Region-wide failures are very rare, but they do happen! RDS does not support cross-region replication at the moment, so you cannot simply create a replica of your database in another region (unless you host the database on an EC2 instance and set up the replication yourself). The second-best option, to make sure you can restore your service quickly in another region, is to always have a copy of your latest database backup in that region. In case of RDS, that can mean copying automated snapshots. There is no option for AWS to do it automatically, but it can be easily scripted with AWS Lambda functions.