Guru's writing
  • Guru's blogging
  • Welcome!
  • NEW RELEASE!
  • Books
  • Ten Twisted Tales
  • Boogadooga Stories for Children
  • Letting go of Ganapathy
  • How to create your e-commerce website in a day
  • All My Apps
  • Ramana Nool Thirattu Urai
  • Ramana Stuthi Panchakam
  • Ramana Maharishi Translated
  • Bob Dylan and Kannadasan
  • RamanaMaharishiApp
  • MahaPeriyava
  • SingaporeDrivingQuiz
  • Advaita Masters
  • Ramana Maharishi Android App
  • GlucoTrak
  • gurucodes
  • IAMGRATEFUL

​Exposing your AWS access keys on Github can be extremely costly. A personal experience.

15/10/2017

0 Comments

 
Recently, I was doing a Ruby on Rails course on Udemy that involved opening an AWS S3 service and creating some buckets for develpement and production so images and files could be stored on AWS instead of locally on my computer.
I had already used S3 when I did Mattan Griffel's OneMonthRails a few years ago. I deleted those buckets and cre​dentials and created two new buckets and access keys. 
After the csv file was dowloaded with access key and password, I double clicked it, and it was opened by Atom, the text editor I was using. Since I had already copy pasted the access codes in my .env file which I listed in gitignore, I went ahead and pushed to GitHub as was required by the course.
This, I later reaised, was a big mistake, as I should have opened it with text editor so it remained on my desktop.

The Shock

Sometime later, I got an email from Github's GitGuardian informing me that the API keys are exposed and to confirm if it was true. I was about to ignore it and tell them they were wrong. But I decided to go to my repo and check. Sure enough, my csv file was there with the access key information. I tried all kinds of things to rollback the commit I had made, then found that I could delete the file with an 'rm' command, did that.
That wasn't enough.
Soon I received an email from Amazon to inform me that the account has been compromised and I should take action. Panicking, I went to the billing section to see there was a charge of over $3000 to date, and the projected cost was about $15000! I nearly had a heart attack.

The people who put AWS in AWSOME

I emailed Amazon explaining my situation. Went again to AWS site, wrote another email and fortunately clicked the telephone icon in the submit field instead of the email option, which resulted in them calling me. 
I called them back, and the friendly staff transferred me to the right people to help me. Spoke to Stephanie who allied my fears saying it will be all right, don't  panic, and put me onto a gentleman called Will who took me step by step through the whole process,explaining what happens when you leave your credentials exposed. The call lasted over 15 minutes, I must admire the fact he never lost his cool even once. Every question was answered, every doubt, however silly, was cleared.

What happens when you expose your access keys?

Will said that a lot of novice programmers tend to push code with sensitive information, and this is not the first time. Since Github is a public and open source site, malicious users leave a programme with a script to scan every commit and push that's made to Git for exposed credentials. Once they find such keys, the malicious user immediately uses them to his own ends. Apparently a lot Bitcoin dealings and other transactions are done illegally using such exposed keys. While Will was walking me though the steps, I saw instances running in every region, from Sao Paulo to Singapore (instances are, I'm told, computer spaces rented by Amazon to users). And the rent is humongous if used on a large scale basis, running for hours. Will helped me shut down all the running instances. I asked if I should close the account. 'No', was the answer, as the keys will be still used, we had to shut down the instances one by own going through the regions. Earlier, I had closed all these running regions but that wasn't enough as each had to be terminated.

How to guard your Amazon access keys like a state secret?

While I was lamenting the lack of morals and sympathy and wondering why would people take advantage of innocent users and their novice mistakes, I realised that's how the world runs. You, as a user, have to supremely careful and alert. It's equivalent to leaving your user id and password on a public park bench.
After the session was over, Will sent me an email explaining what had transpired, and that since it was unauthorised use, he has put the case up for waiver of charges. He also sent a link to a gem that scans your code for exposed sensitive information and prevents you from doing something stupidly expensive. 
Called git-secrets and owned by AWS, this further protects users/students from future exposures while pushing code to Github. Git Secrets scans merges, commits, and commit messages for secrets and rejects prohibited regular expressions patterns from being posted. Here's where to get Git Secrets.
https://github.com/awslabs/git-secrets 
A few tense, on-the-edge, panic-stricken days later, I just received an email from AWS saying they have waived the charges of over $3000. I can not say how relieved I was when I received that. I wanted to buy everyone at AWS a beer. 
So please do be careful, very, very careful the next time you push your code to Github. Check, double check, triple check before you commit anything. And install Git Secrets.

0 Comments

Pragmatic Studios - Part 3

22/12/2014

1 Comment

 
After finishing their Ruby course and being thoroughly impressed by the structure, the explanations and the overall approach to simplifying Ruby, I signed up for their Rails course and the Blocks and Iterators course. Just started Rails, it's a lesson you don't rush, so taking it one lesson a day. The reason it should be taken slowly is, like with their Ruby course, there are parallel projects happening while learning. That is, they teach using one app, and ask you to do another app using similar methods, so you need time to digest the information and apply it to two projects. If you have an idea for another app, you can start off on that as well. 
Meanwhile, I'm on their Blocks and Iterators course, which again deconstructs the topic beautifully with interactive, engaging diagrams/animation drawings. I take a screen shot of these drawings for future reference, like a ready reckoner of sorts.
Again,I keep wondering how did I miss this course? I remember seeing it while searching for online Ruby courses when I was caught by the coding bug, but for some reason didn't sign up. I am on Treehouse, Udemy and Tealeaf for Ruby, Rails and other courses but I strongly recommend Pragmatic Studios as the first step. I've also started re-taking the Ruby course, as a refresher, to relook at the concepts and see how I can apply them to say, a problem on Tealeaf. 
1 Comment

Pragmatic Studio Ruby - continued.

13/12/2014

1 Comment

 
Picture
I just finished the Pragmatic Studio's Ruby course. They give you a timetable which lays down a one month long plan to take the course but I finished it way ahead. Because it was so simply and beautifully explained I didn't want to stop at just doing one segment a day. 
Mike and Nicole have an excellent way of teaching a complicated language to beginners. First, the diagrams. Important aspects of the language are explained with simple diagrams that visually deconstruct the point, making it easy for you to understand the concept. If you want, you can take screenshot for future reference.
Second, the tete-e-tete between Mike and Nicole. They've mastered the art of two people teaching a lesson at the same time which is a difficult thing to do (there's a Udemy course on a different subject where the teachers of that course try that but doesn't work). Here, Nichole and Mike take turns at asking the relevant questions and raising important points and answer them. 
Three, the whole layout of the course, from strings and numbers to coding three apps. They code a movie app while you are asked to do a game app while there's a bonus coding opportunity for a crowdfunding app using the principles taught in the course. 
The TDD segments are a bit tough, they are more like your afternoon math classes, a pain but necessary. I skimmed over the TDD (Test Driven Development) sections but will have to go back and learn them. In fact, I've already re-started the course as practice is essential in learning anything new.
Towards the end, a couple of points tend to get rushed but that's nothing big. I've signed up for their Rails course and am going to take up their Blocks and Iterators course today. 
I can say in all honesty that if you are a beginner or coding enthusiast looking for your foray in Ruby, this must be your first stop. 

1 Comment

Loving Pragmatic Studio - Ruby

26/11/2014

2 Comments

 
I am not sure if Pragmatic Studio guys have a 'PS I love you' sticker floating around but I would definitely put it up. I just signed up for their Ruby course a couple of a days ago, and as I said in the headline, I'm loving it. So much so that this happens to be the second post about them in two days. While the previous post was also about rubber ducking and tealeaf academy, I thought I would dwell a bit more specifically on PS. 
I tweeted to them this morning saying I'm kicking myself for not signing up earlier. Still, better late and all that. I've finished about half of the course (I'm at the rspec stage).
Forget Treehouse, forget Udemy and other portals. This should be the first stop for your Ruby course (and I'm sure for Rails as well, because they have a Rails course too. There's something very friendly and nice about the way the teachers go about covering all the essential aspects. In a way, it's good that I've taken Ruby and Rails with other sites such as Treehouse where I still have a Silver membership and Udemy with whom I have many courses, as this gives me a better perspective regarding Pragmatic Studio. 
I feel like  I'm actually understanding what I'm learning. The module has two lessons running parallely. The teachers code a movie programme while you code a game based on that. And there's a bonus section which encourages you to code a funding project like Kickstarter. I am doing all three which is fantastic. I know what I'm using methods, why I need classes, what attr_accessor is and why we need them ... things which were hazy at best with other courses (maybe it's just me). 
You know that feeling you get after finishing a course that, somehow, you're not sure what you just spent money on? Well, you don't get that with Pragmatic Studio. Hope the happy coding experience continues. Will keep you guys posted. Meanwhile, if any of you reading this are interested in learning Ruby or Rails, don't make the mistake I made of looking around for too long. Just sign up for PS. You'll thank me later. 

2 Comments

Ruby errors

23/9/2014

0 Comments

 
As a newbie to RoR, I ran into some predictable and frustrating blocks while building the onemonthrails' project.Thankfully, they were solved with the help of Lee Matos who should be given an award for patience in dealing with beginners. The replies were almost always quick except for the last query about Glyphicons not displaying properly on Heroku but I guess that needed a bit of time as quite a few people had that issue and Stackoverflow didn't have the answers for me, meaning the fixes suggested there didn't work. 
Error #1: Glyphicons on Heroku
If you have a problem with the glyphicons not displaying on being deplyed to Heroku, here's what I did based on Lee's suggestion, which worked:
"@import 'bootstrap-sprockets';" should be added to the bootstrap.css.scss file and "config.assets.precompile += %w( *.svg *.eot *.woff *.ttf )" should be added to production.rb. The precompiling of bootstrap changed in recent versions and interacts differently with Rails 4.
Error#2.Update button not working.
This was laughable because I went through my code and Mattan, the instructor's code placing them side by side and found nothing, and as is often the case, I had forgotten to close a piece of code. (The most important lesson in coding: close what you open.)
Tip#1
Amazon S3 has a free basic plan, in case you guys are looking at a storage format.
I'm looking to take up Ruby seriously now. After sifting through many reviews online, I'm settled on Tealeaf Academy. There's something straight and honest about the way they've presented themselves. 
I'm off to my first Meetup in a few hours, will post the details. Happy coding!




0 Comments

Onemonthrails and Treehouse, my experience so far.

23/7/2014

0 Comments

 

I've been on onemonth rails and Treehouse for a couple of weeks now and I must say both are worth every dollar of your investment. That's how I see it, as an investment not an expense. Mattan has put together a very thorough Rails course for $99 which promises you a basic understanding if not immediate proficiency in Rails. And the cost is not just for one mint as you have access to the course for a year, one month is what they are promising you will need. I've done over half a months course in less than two weeks and I must say it is very interesting and the feedback and support is very encouraging. I'm on vacation in Europe now and I am doing a refresher course by researching the videos and hand coding on a notebook every day after I finish my sightseeing.

As for Treehouse, I took the Gold plan and it's worth it too. It's about $490 or so for a year which is about $40 a month, which again, in insurance speak,is less than $15 a week. A couple of pints would cost you more and leave you just high for two minutes whereas for that money you can learn a new language and even have a crack at a new field. You can still have your pint if you're that thirsty as it doesn't set you back that much. So long story short, I recommend both onemonth rails

And Treehouse courses. You can start with a silver plan which is $25 a month (do the insurance math yourself). And Treehouse offers a whole lot of courses, once I'm done with HTML CSS I'm planning on Python, their Ruby and I think they have a Bootstrap model as well. With so much knowledge available for so little it's just criminal not to learn. Go ahead and sign up, you won't regret it.

0 Comments

My coding journey with One month Rails and Team treehouse. 

4/7/2014

0 Comments

 
After days of deliberating and Googling and reading up on various people's experience, I decided to sign up for onemonth rails, a beginner's Ruby on Rails class run by Mattan Griffel, and Teamtreehouse, which has a host of courses. I am currently taking html, css with Nick.
Since I'm in between projects iin terms of freelance and considering I've finished my second set of tales with a twist which need a final edit, I have some time on my hands which I figured I'll put to good use. I have been learning a few coding lessons on Udemy which has given me some basic understanding so let' see how it pans out.
0 Comments

    Author

    This is a chronicle of my journey into coding. I'll post where I am at on the road to learning Ruby with One month Rails and HTML/CSS with Teamtreehouse, and Python which I'm learning on my own. Ambitious for a writer? You bet!

    Archives

    October 2017
    October 2015
    May 2015
    December 2014
    November 2014
    September 2014
    August 2014
    July 2014

    Categories

    All
    Amazon S3
    Amazon Web Services
    AWS Keys
    Beginner Ruby
    Beginner's Ruby
    Beginning Ruby
    Codecademy
    Coding
    Css
    Github
    Gurucodes
    Guruswriting
    Html
    IOS9
    Novice Coding Journey
    Onemonth Rails
    Pragmatic Studio
    Python
    Rails
    Rails5
    Rails 5.0
    Ruby
    Ruby Newbie
    Ruby On Rails
    Ruby Prgramming
    Ruby Programming
    Shor Stories Guru
    Shorstories Guru
    Shortstories Guru
    Swift
    Tealeaf Academy
    Tealeaf Acdemy Ruby
    Teamtreehouse
    Treehouse
    Udacity
    Udemy

    RSS Feed

My other sites:  Music is about memories: http://radiomemories.blogspot.com, http://radiomemories.weebly.com/
A site dedicated to the genius of Kannadasan:http://kannadasansongs.blogspot.com 
 A travel blog: http://guruwanders.blogspot.com