Guru's writing
  • Guru's blogging
  • Welcome!
  • NEW RELEASE!
  • Books
  • Ten Twisted Tales
  • Boogadooga Stories for Children
  • Letting go of Ganapathy
  • How to create your e-commerce website in a day
  • All My Apps
  • Ramana Nool Thirattu Urai
  • Ramana Stuthi Panchakam
  • Ramana Maharishi Translated
  • Bob Dylan and Kannadasan
  • RamanaMaharishiApp
  • MahaPeriyava
  • SingaporeDrivingQuiz
  • Advaita Masters
  • Ramana Maharishi Android App
  • GlucoTrak
  • gurucodes
  • IAMGRATEFUL

​Exposing your AWS access keys on Github can be extremely costly. A personal experience.

15/10/2017

0 Comments

 
Recently, I was doing a Ruby on Rails course on Udemy that involved opening an AWS S3 service and creating some buckets for develpement and production so images and files could be stored on AWS instead of locally on my computer.
I had already used S3 when I did Mattan Griffel's OneMonthRails a few years ago. I deleted those buckets and cre​dentials and created two new buckets and access keys. 
After the csv file was dowloaded with access key and password, I double clicked it, and it was opened by Atom, the text editor I was using. Since I had already copy pasted the access codes in my .env file which I listed in gitignore, I went ahead and pushed to GitHub as was required by the course.
This, I later reaised, was a big mistake, as I should have opened it with text editor so it remained on my desktop.

The Shock

Sometime later, I got an email from Github's GitGuardian informing me that the API keys are exposed and to confirm if it was true. I was about to ignore it and tell them they were wrong. But I decided to go to my repo and check. Sure enough, my csv file was there with the access key information. I tried all kinds of things to rollback the commit I had made, then found that I could delete the file with an 'rm' command, did that.
That wasn't enough.
Soon I received an email from Amazon to inform me that the account has been compromised and I should take action. Panicking, I went to the billing section to see there was a charge of over $3000 to date, and the projected cost was about $15000! I nearly had a heart attack.

The people who put AWS in AWSOME

I emailed Amazon explaining my situation. Went again to AWS site, wrote another email and fortunately clicked the telephone icon in the submit field instead of the email option, which resulted in them calling me. 
I called them back, and the friendly staff transferred me to the right people to help me. Spoke to Stephanie who allied my fears saying it will be all right, don't  panic, and put me onto a gentleman called Will who took me step by step through the whole process,explaining what happens when you leave your credentials exposed. The call lasted over 15 minutes, I must admire the fact he never lost his cool even once. Every question was answered, every doubt, however silly, was cleared.

What happens when you expose your access keys?

Will said that a lot of novice programmers tend to push code with sensitive information, and this is not the first time. Since Github is a public and open source site, malicious users leave a programme with a script to scan every commit and push that's made to Git for exposed credentials. Once they find such keys, the malicious user immediately uses them to his own ends. Apparently a lot Bitcoin dealings and other transactions are done illegally using such exposed keys. While Will was walking me though the steps, I saw instances running in every region, from Sao Paulo to Singapore (instances are, I'm told, computer spaces rented by Amazon to users). And the rent is humongous if used on a large scale basis, running for hours. Will helped me shut down all the running instances. I asked if I should close the account. 'No', was the answer, as the keys will be still used, we had to shut down the instances one by own going through the regions. Earlier, I had closed all these running regions but that wasn't enough as each had to be terminated.

How to guard your Amazon access keys like a state secret?

While I was lamenting the lack of morals and sympathy and wondering why would people take advantage of innocent users and their novice mistakes, I realised that's how the world runs. You, as a user, have to supremely careful and alert. It's equivalent to leaving your user id and password on a public park bench.
After the session was over, Will sent me an email explaining what had transpired, and that since it was unauthorised use, he has put the case up for waiver of charges. He also sent a link to a gem that scans your code for exposed sensitive information and prevents you from doing something stupidly expensive. 
Called git-secrets and owned by AWS, this further protects users/students from future exposures while pushing code to Github. Git Secrets scans merges, commits, and commit messages for secrets and rejects prohibited regular expressions patterns from being posted. Here's where to get Git Secrets.
https://github.com/awslabs/git-secrets 
A few tense, on-the-edge, panic-stricken days later, I just received an email from AWS saying they have waived the charges of over $3000. I can not say how relieved I was when I received that. I wanted to buy everyone at AWS a beer. 
So please do be careful, very, very careful the next time you push your code to Github. Check, double check, triple check before you commit anything. And install Git Secrets.

0 Comments

Swift and iOS with Udacity, part II.

30/10/2015

0 Comments

 
Things got more interesting in this segment. In section 3a, we learnt to navigate between screens, add more buttons and actions and some hardcore stuff I couldn't manage on my own like converting string to url among others, but the instructor (a cheerful guy named Kunal) addressed those issues in the next video. To break it down, here's what we learned:
First, we added a navigation control by embedding it from the drop down menu, created a second interface controller, and created a new  Cocoa Touch class file and named it playSoundsViewController and connected it from the Record button on the main screen. So that when you click on the record button it takes you to the next screen. [NOTE: Make sure you name the file properly or it won't let y ou drag outlets or actions. Once you create a new screen and file, click on the new screen and go to the Identity Inspector and type in the new file's name, it will auto fill.]
Then we learnt how to add an mp3 file to the project and access using AV Foundation. We created a path to the audio file in the viewDidLoad section by creating a var filepath and using NSBundle with its subclass mainBundle. 
We created an instance of the AVAudio player and converted NSString to NSUrl.
We added two buttons, playfast and playslow and connected them to the interface so they play the embedded audio file at the corresponding speeds by using the rate method in the AVAudioPlayer class.
We make sure the file, when accessed either plays the mp3 or returns an error message if the entry is invalid. Also, we need to have the variable audioPlayer needs to be a global variable so it can be accessed from other functions. [NOTE: I was redoing the lesson so I could take down all the steps, and was stuck on this error I didn't get before 'EXC_BAD_INSTRUCTION code=EXC_1386_INVOP'. Spent over an hour fixing this, then while comparing to the earlier working code, realised I had put - instead of _ in the mp3 file name. So in case you get that error, it could be this.]
We are supposed to take the common pieces of code and create a new function butI'm not sure where to add the function to, so I'll see if that gets addressed in the next lesson. 
0 Comments

​What I learnt about Swift with Udacity

21/10/2015

0 Comments

 
This is a topic we are required to write about on finishing the first section of Udacity's course, I thought I might as well do a post and perhaps keep updating it as and when I manage to finish the many courses I'm taking. So here goes:
I've been meaning to enroll for one of Udacity's many courses for a while and that came to fruition when I signed up for their free Intro to iOS Development with Swift course. 
The course is laid out very well, the instructions by the teacher Kunal were clear and easy to follow, the quizzes were relevant and made you think. I managed to solve quite a few based on what I learnt on the Udemy courses and by googling. There's a forum where you can submit your answers and ask questions, I noticed the instructor answering some questions, which is always encouraging.
Broadly, the course is about building a simple recording app. In the first part, you are taught how to add labels, buttons, images to the buttons, constraints and how to use them, aligning images, hiding and showing labels and the text they contain, the difference between IBOutlets and IBActions, the relationship between Model, View and Controller (I knew about it a bit from my Ruby and Rails lessons) and the difference between the 1x, 2x image boxes in the xc assets (the 1x is meant for non-retina iPhones and 2x and 3x are for retina iPhones). By the way, strong and weak in IBOutlets are Swift's way of managing memory, a weak variable is an instruction to hold a weak reference while a strong variable/outlet means I initialised it, so keep it till I don't need it anymore.
I must say, based on this course, I am tempted to take up their nanodegree on Beginning iOS Development. And they have an attractive incentive of refunding 50% of the tuition fees for those finishing the course within a year.
0 Comments

What to expect in Rails 5.0?

15/5/2015

0 Comments

 

https://intercityup.com/blog/upcoming-changes-in-rails-5-0.html?utm_content=buffer88b7c&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

0 Comments

Pragmatic Studios - Part 3

22/12/2014

1 Comment

 
After finishing their Ruby course and being thoroughly impressed by the structure, the explanations and the overall approach to simplifying Ruby, I signed up for their Rails course and the Blocks and Iterators course. Just started Rails, it's a lesson you don't rush, so taking it one lesson a day. The reason it should be taken slowly is, like with their Ruby course, there are parallel projects happening while learning. That is, they teach using one app, and ask you to do another app using similar methods, so you need time to digest the information and apply it to two projects. If you have an idea for another app, you can start off on that as well. 
Meanwhile, I'm on their Blocks and Iterators course, which again deconstructs the topic beautifully with interactive, engaging diagrams/animation drawings. I take a screen shot of these drawings for future reference, like a ready reckoner of sorts.
Again,I keep wondering how did I miss this course? I remember seeing it while searching for online Ruby courses when I was caught by the coding bug, but for some reason didn't sign up. I am on Treehouse, Udemy and Tealeaf for Ruby, Rails and other courses but I strongly recommend Pragmatic Studios as the first step. I've also started re-taking the Ruby course, as a refresher, to relook at the concepts and see how I can apply them to say, a problem on Tealeaf. 
1 Comment

Pragmatic Studio Ruby - continued.

13/12/2014

1 Comment

 
Picture
I just finished the Pragmatic Studio's Ruby course. They give you a timetable which lays down a one month long plan to take the course but I finished it way ahead. Because it was so simply and beautifully explained I didn't want to stop at just doing one segment a day. 
Mike and Nicole have an excellent way of teaching a complicated language to beginners. First, the diagrams. Important aspects of the language are explained with simple diagrams that visually deconstruct the point, making it easy for you to understand the concept. If you want, you can take screenshot for future reference.
Second, the tete-e-tete between Mike and Nicole. They've mastered the art of two people teaching a lesson at the same time which is a difficult thing to do (there's a Udemy course on a different subject where the teachers of that course try that but doesn't work). Here, Nichole and Mike take turns at asking the relevant questions and raising important points and answer them. 
Three, the whole layout of the course, from strings and numbers to coding three apps. They code a movie app while you are asked to do a game app while there's a bonus coding opportunity for a crowdfunding app using the principles taught in the course. 
The TDD segments are a bit tough, they are more like your afternoon math classes, a pain but necessary. I skimmed over the TDD (Test Driven Development) sections but will have to go back and learn them. In fact, I've already re-started the course as practice is essential in learning anything new.
Towards the end, a couple of points tend to get rushed but that's nothing big. I've signed up for their Rails course and am going to take up their Blocks and Iterators course today. 
I can say in all honesty that if you are a beginner or coding enthusiast looking for your foray in Ruby, this must be your first stop. 

1 Comment

Loving Pragmatic Studio - Ruby

26/11/2014

2 Comments

 
I am not sure if Pragmatic Studio guys have a 'PS I love you' sticker floating around but I would definitely put it up. I just signed up for their Ruby course a couple of a days ago, and as I said in the headline, I'm loving it. So much so that this happens to be the second post about them in two days. While the previous post was also about rubber ducking and tealeaf academy, I thought I would dwell a bit more specifically on PS. 
I tweeted to them this morning saying I'm kicking myself for not signing up earlier. Still, better late and all that. I've finished about half of the course (I'm at the rspec stage).
Forget Treehouse, forget Udemy and other portals. This should be the first stop for your Ruby course (and I'm sure for Rails as well, because they have a Rails course too. There's something very friendly and nice about the way the teachers go about covering all the essential aspects. In a way, it's good that I've taken Ruby and Rails with other sites such as Treehouse where I still have a Silver membership and Udemy with whom I have many courses, as this gives me a better perspective regarding Pragmatic Studio. 
I feel like  I'm actually understanding what I'm learning. The module has two lessons running parallely. The teachers code a movie programme while you code a game based on that. And there's a bonus section which encourages you to code a funding project like Kickstarter. I am doing all three which is fantastic. I know what I'm using methods, why I need classes, what attr_accessor is and why we need them ... things which were hazy at best with other courses (maybe it's just me). 
You know that feeling you get after finishing a course that, somehow, you're not sure what you just spent money on? Well, you don't get that with Pragmatic Studio. Hope the happy coding experience continues. Will keep you guys posted. Meanwhile, if any of you reading this are interested in learning Ruby or Rails, don't make the mistake I made of looking around for too long. Just sign up for PS. You'll thank me later. 

2 Comments

Tealeaf Academy, Pragmatic Studio and Duck abuse

23/11/2014

0 Comments

 
Picture

After signing up for Tealeaf Academy's Ruby course, I managed to solve two of the problems, the calculator challenge and the Rock, Paper, Scissors project. They worked too which was encourag_ing and satisfying. Then came the tough parts: Tic Tac Toe and Blackjack. I got the higher language or pseudo logic part quite right (you are encouraged to use English to write down the solution, and introducing code to convert the steps into a working programme) but the problem was in understanding what code to write to translate the pseudo-code into a working one. I am an author and a freelance writer. Logical thinking is as far away from me as saving for a rainy day is to a bachelor on his first salary. This knowledge helped me from smashing my new Mac and throttling the duck.
Did I tell you about the duck? In proamming circles, apparently, they have this method whereby you are supposed to talk to a rubber duck. You tell him your problem, what's keeping you from writing a working code, lying down on a counch while the duck takes notes, yawns, looks at the watch and says, We'll meet next week, meanwhile remember what we talked about today', and charges you $80 a session. 
It's called Rubber Duck Debugging. This, they say, helps. While I see the logic behind talking out your problem loud, I fail to see how a duck can prevent himself from serious threats to his life from frustrated programmers, most of whom are rookies like me. There were times I wanted to beat the crap out of the duck, like Happy Gilmore. That'll only end up in a trail of dead ducks, so to speak. So I took the Codecademy course and finished it in a day and half. Must say it was quite informative for a free course.Finished a couple of Ruby modules on Treehouse. Still, no clue about how to code the blackjack game. So I looked at the solution and did the TicTacToe and am currently doing the Blackjack game. The instructors say you must make some serious attempts to try and code before going to the solutions videos which makes me a trier at least.
The thing is, some of the steps don't even occur to me. I'm sure this is the case if you come from a non-coding background. I've only got the coding bug a few months ago. While trawling the Net, I stumbled onto the Pragmatic Studio again, and this time decided to give it a shot. They were having a discount on their 9th anniversary, and it was affordable, so signed up for their Ruby course, and finished 15% as of now. I like what I see there, like the teachers, and the way they've laid out the programme. It feels good. Progress report to continue, till next time, happy coding, and spare the duck.  


0 Comments

Codecademy Ruby

17/11/2014

1 Comment

 
Picture

I'm on Tealeaf Academy's Ruby course. To take a bit of diversion and supplement my Ruby adventure using an external source other than Tealeaf, I decided to take up the Codecademy Ruby as Chris suggested in one of his Tealeaf videos. 
I just finished it, about ten minutes ago. Took me a day and half of sitting in front of the computer, following the codes samples, exercises and googling some errors or referring to their Q&A section. It was a very smooth and enriching experience on the whole. The console wasn't buggy and the frustrating moments were few, thankfully. You must remember though, that the console expects every code to be letter-perfect down to the period or exclamation. For instance, if, in the exercise it tells you to 'puts "This is your balance!" and you miss out the !, it will keep throwing up errors. So develop a keen sight for these niggling punctuations. You will run into some minor errors but nothing that a short trip into the Q&A sphere can't solve. Or just google your problem and append it with Codecademy Ruby and someone else would have faced the problem in all likelihood.
The window to the left of the console where you get the instructions, and the intro is quite informative. I learnt a few things I didn't learn on other sites. I am on Team Treehouse as well, and they have a few Ruby and Rails courses. 
I'll see if I can post some issues I faced and how I managed to solve them in the next post. Meanwhile, I have to get back to creating a Blackjack game on Tealeaf.
Happy doing! 3.times {puts "Yay"}
1 Comment

Ruby errors

23/9/2014

0 Comments

 
As a newbie to RoR, I ran into some predictable and frustrating blocks while building the onemonthrails' project.Thankfully, they were solved with the help of Lee Matos who should be given an award for patience in dealing with beginners. The replies were almost always quick except for the last query about Glyphicons not displaying properly on Heroku but I guess that needed a bit of time as quite a few people had that issue and Stackoverflow didn't have the answers for me, meaning the fixes suggested there didn't work. 
Error #1: Glyphicons on Heroku
If you have a problem with the glyphicons not displaying on being deplyed to Heroku, here's what I did based on Lee's suggestion, which worked:
"@import 'bootstrap-sprockets';" should be added to the bootstrap.css.scss file and "config.assets.precompile += %w( *.svg *.eot *.woff *.ttf )" should be added to production.rb. The precompiling of bootstrap changed in recent versions and interacts differently with Rails 4.
Error#2.Update button not working.
This was laughable because I went through my code and Mattan, the instructor's code placing them side by side and found nothing, and as is often the case, I had forgotten to close a piece of code. (The most important lesson in coding: close what you open.)
Tip#1
Amazon S3 has a free basic plan, in case you guys are looking at a storage format.
I'm looking to take up Ruby seriously now. After sifting through many reviews online, I'm settled on Tealeaf Academy. There's something straight and honest about the way they've presented themselves. 
I'm off to my first Meetup in a few hours, will post the details. Happy coding!




0 Comments
<<Previous

    Author

    This is a chronicle of my journey into coding. I'll post where I am at on the road to learning Ruby with One month Rails and HTML/CSS with Teamtreehouse, and Python which I'm learning on my own. Ambitious for a writer? You bet!

    Archives

    October 2017
    October 2015
    May 2015
    December 2014
    November 2014
    September 2014
    August 2014
    July 2014

    Categories

    All
    Amazon S3
    Amazon Web Services
    AWS Keys
    Beginner Ruby
    Beginner's Ruby
    Beginning Ruby
    Codecademy
    Coding
    Css
    Github
    Gurucodes
    Guruswriting
    Html
    IOS9
    Novice Coding Journey
    Onemonth Rails
    Pragmatic Studio
    Python
    Rails
    Rails5
    Rails 5.0
    Ruby
    Ruby Newbie
    Ruby On Rails
    Ruby Prgramming
    Ruby Programming
    Shor Stories Guru
    Shorstories Guru
    Shortstories Guru
    Swift
    Tealeaf Academy
    Tealeaf Acdemy Ruby
    Teamtreehouse
    Treehouse
    Udacity
    Udemy

    RSS Feed

My other sites:  Music is about memories: http://radiomemories.blogspot.com, http://radiomemories.weebly.com/
A site dedicated to the genius of Kannadasan:http://kannadasansongs.blogspot.com 
 A travel blog: http://guruwanders.blogspot.com