Cross compiling and emulating for Raspberry Pi with Debian Cross-Toolchains and QEMU

Installing the toolchain Add a .list file in /etc/apt/sources.list.d/ containing : “deb http://emdebian.org/tools/debian jessie main” Update the public key for this repo with ‘curl http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | sudo apt-key add –‘ Add armhf as foreign architecture by running ‘sudo dpkg –add-architecture armhf‘. Check correct install with ‘dpkg –print-foreign-architectures‘    which should show ‘armhf‘ Run ‘sudo apt-get Read More …

How AWS VPC peering can help in blue/green deployment

You have resources you can throw away (stateless) and resources you can’t throw away (state-full). Donald Knuth said it beautifully: there is nothing you can’t solve without an extra indirection. To achieve blue/green deployment on AWS, you put all your resources that can die and revive (think auto scaling groups, malicious terminations, but also whole Read More …

Let’s encrypt has become easier – avoid re-validation by rolling over within 60 days and avoid web server acme certificate protocol permission issues

The latest certbot-auto tool comes with a new feature (or I must have missed it 3 months ago) that spawns up a temporary web server on port 443.  This is a huge improvement IMHO as it avoids the permissions hassle you can have on a security-hardened web server installation (be it Apache, IIS, Nginx, …).  The Read More …

Let’s encrypt caveats

Following the instructions at https://certbot.eff.org/#ubuntuxenial-apache  didn’t do it for me.   With Apache, it’s always tricky.  I’m currently using a bitnami WordPress EC2 instance, so I had to figure out the certbot stuff. It was actually not that hard.  As with many command line tools, everything starts with reading the documentation 🙂 The certonly option does the trick!  Always. Read More …

Why you should never use OAuth2 for authentication purposes

What OAuth2 (RFC6749 at https://tools.ietf.org/html/rfc6749) tries to solve is delegated access control to a protected resource. Typically a user (the resource owner) gives consent so that a client can access a protected resource (a REST API endpoint for example). However, it is/was common to abuse the protocol and introduce special ‘scopes’ like ‘signin’ or ‘authn’ Read More …

Using ASP.NET based applications on AWS – part 2

Packaging the application is really not harder than calling : msbuild <pathtoprojectfile>  /t:Package /p:DeployIisAppPath=”Default Web Site” But there is more…   Through configuration files in a subdirectory .ebextensions (at the level of web.config) you can add multiple .config files (in yaml format) that let you do all kinds of stuff, from running scripts, simple commands to downloading Read More …

Using ASP.NET based applications on AWS – part 1

AWS has a reputation of being “Microsoft” unfriendly, even arcane in general.  My impression is that this is certainly not true seeing the support they provide on the SDK level (.NET  NuGet packages), the possibility to host classic ASP.NET applications on Elastic Beanstalk (EB), publishing them from Visual Studio, even package and upload from your Read More …