Create a key pair using SSH on Windows
By Bianca Rodrigues
January 24, 2013
I recently joined End Point as a full-time employee after interning with the company since August 2012. I am part of the marketing and sales team, working out of the New York City office.
One of the frequent queries we receive from our non-technical clients is how to create an SSH key pair. This post is an introduction to using SSH on Windows for anyone who needs some clarification on this network protocol.
SSH stands for Secure Shell, which is used to provide secure access to remote systems. PuTTY is an SSH client that is available for Windows. Using the concept of “key-based” SSH logins, you can avoid the usual username/password login procedure, meaning only those with a valid private/public key pair can log in. This allows for a more secure system.
To begin, install PuTTYgen, PuTTY and Pageant on your Windows system:
Let’s focus on PuTTYgen – used to create a private/public key pair.
- After downloading PuTTYgen, run puttygen.exe
- In the “Parameters” — “Type of key” section, make sure “SSH-2 RSA” is selected:
*Note: SSH-2 RSA is what End Point recommends. The others work as well, and your business may have some reason to use them instead. …
security
CSS sprites: The easy way?
By Richard Templet
January 21, 2013
I’ve always been interested in the use of CSS sprites to speed up page load times. I haven’t had a real chance to use them yet but my initial reaction was that sprites would be quite painful to maintain. In my mind, you would have to load up the sprite into Gimp or Photoshop, add the new image and then create the css with the right coordinates to display the image. Being a guy with very little image editing skills, I felt that managing multiple images frequently would be quite time consuming. Recently, I was dealing with some page load times for a client and the use of sprites for the product listing pages came up as an option to speed them up. I knew the client wouldn’t have time to create sprites for this so I went searching for a command line tool that would allow me to create sprites. I was quite happy when I stumbled upon Glue.
Glue is free program that will take a directory of images and create a png sprite and a css file with the associated CSS classes. It has a ton of useful options. A few of the ones I thought were handy was being able to prefix the path to the image with a url instead of a relative path, being able to downgrade the png format to png8 to make the file …
css performance tools
Camp tools
By Jeff Boes
January 14, 2013
Devcamps are such a big part of my everyday work that I can’t imagine life without them. Over the years, I developed some short-cuts in navigating camps that I also can’t live without: I share them below.
function camp_top() {
if [ -n "$1" ]
then
cd ~/camp${1}
elif [[ $(pwd) =~ 'camp' ]]
then
until [[ $(basename $(pwd)) =~ '^camp[[:digit:]]+' ]]
do
if [[ $(pwd) =~ 'camp' ]]
then
cd ..
else
break
fi
done
fi
}
alias ct='camp_top; pwd'
function cat_root() {
camp_top $*
cd catalogs/* >/dev/null
}
alias cr='cat_root; pwd'
function pages_root() {
cat_root $*
cd pages >/dev/null
}
alias pr='pages_root; pwd'
function what_camp() {
c=$( camp_top $* 2> /dev/null; basename $( pwd ))
echo $c
}(“cat_root” and “pages_root” are very Interchange-specific; you may find other short-cuts more useful in your particular camp.)
There’s nothing terribly ground-breaking here, but if bash is not your native shell-tongue, then you might find these useful.
What I do is to stash these somewhere like “$HOME/.bash_camps”, then …
shell camps
Use Metasploit to Verify Rails is Secured from CVE-2013-0156
By Brian Buchalter
January 10, 2013
On January 8th, 2013 Aaron Patterson announced a major security vulnerability on the Rails security mailing list, affecting all releases of the Ruby on Rails framework. This vulnerability allows an unskilled attacker to execute commands remotely on any unpatched Rails web server. Unsurprisingly, it’s getting a lot of attention; Ars Technica estimates more than 200,000 sites may be vulnerable. With all the hype, it’s important to separate the facts from the fiction and use the attacker’s own tools to verify your site is secure.
Within 36 hours of the announcement of CVE-2013-0156, the developers at Rapid7 released a metasploit exploit module. Metasploit lowers the barriers to entry for attackers, making the whole process a point and click affair with a slick web GUI. Fortunately, the Rails security team has provided many easy to implement mitigation options. But, how do know you’ve really closed the vulnerability, particularly to the most automated and unskilled attacks? No better way than to try and exploit yourself.
It’s best to scan your unpatched site first so you can be certain the scan is working as expected and you don’t end up with a false positive that you’ve eliminated the …
ruby rails security
Conversion Tracking via JavaScript
By Steph Skardal
January 8, 2013
Most analytics conversion tracking is done these days with JavaScript or invisible pixel requests on the page that indicates a user has reached a conversion event, such as the receipt page. For example, Google Analytics conversion code might look like this on the receipt page:
_gaq.push(['_setAccount', 'UA-XXXXX-X']);
_gaq.push(['_trackPageview']);
_gaq.push(['_addTrans',
'1234', // transaction ID - required
'Womens Apparel', // affiliation or store name
'28.28', // total - required
'1.29', // tax
'15.00', // shipping
'San Jose', // city
'California', // state or province
'USA' // country
]);
_gaq.push(['_addItem',
'1234', // transaction ID - necessary to associate item with transaction
'DD44', // SKU/code - required
'T-Shirt', // product name
'Olive Medium', // category or variation
'11.99', // unit price - required
'1' // quantity - required
]);
_gaq.push(['_trackTrans' …analytics
Company Update January 2013
By Phineas Jensen
January 4, 2013
With the busy holiday season just behind us, we haven’t had as much time to write blog posts about what we’ve been doing in the past few months. So here’s an update on some of our latest projects:
-
Brian Buchalter has been implementing new features for of a major release of Collaborative Software Initiative’s open source product, TriSano, which provides case and outbreak management, surveillance and analytics for global public health.
-
Dave has worked on deepening our contacts with content providers and agencies using or interested in using the Liquid Galaxy platform. Recently back from Japan, Dave sold a Liquid Galaxy system to a research group in Kyoto.
-
David has been working on an HA (highly available) PostgreSQL database system with automatic failover, dynamic node creation/population, and configuration synchronization.
-
Greg Sabino Mullane has been speeding up slow queries, debugging pg_bouncer problems, expanding the abilities of Bucardo, and many other PostgreSQL-related activities.
-
Jeff has been working on some major updates to the HydroPool site, including adding a set of “parts” products from an external supplier, with an interface that displays the schematic …
company
Paper Source: The Road to nginx Full Page Caching in Interchange
By Steph Skardal
January 3, 2013
Background & Motivation
During the recent holiday season, it became apparent that some efforts were needed to improve performance for Paper Source to minimize down-time and server sluggishness. Paper Source runs on Interchange and sells paper and stationery products, craft products, personalized invitations, and some great gifts! They also have over 40 physical stores which in addition to selling products, offer on-site workshops.
Over the holiday season, the website experienced a couple of instances where server load spiked causing extreme sluggishness for customers. Various parts of the site leverage Interchange’s timed-build tag, which creates static caches of parts of a page (equivalent to Rails’ and Django’s fragment caching). However, in all cases, Interchange is still being hit for the page request and often the pages perform repeated logic and database hits that opens an opportunity for optimization.
The Plan
The long-term plan for Paper Source is to move towards full page nginx caching, which will yield speedily served pages that do not require Interchange to be touched. However, there are several code and configuration hurdles that we have to get over first, …
interchange nginx performance
Oceanographic Museum of Monaco Liquid Galaxy
By Benjamin Goldstein
December 31, 2012
In December End Point installed a Liquid Galaxy at the spectacular and renowned Musée Océanographique de Monaco, which is breathtakingly situated on a cliff overlooking the Mediterranean. The system, donated by Google, will be officially presented on January 21st to H.S.H. Prince Albert II of Monaco, who is the Honorary President of the Oceanographic Institute of which the museum is a major part.
End Point set up and configured the system. Our expertise was also called on by Google to create and adapt Google Earth Tours focused on the world’s oceans, including a tour about Ocean Acidification. In addition, End Point engineers developed a customized panoramic photo viewer for the remarkable Catlin Seaview Survey panoramas, which display and provide a baseline dataset for the earth’s coral reefs.
Many thanks are due to Jenifer Austin Foulkes, Google’s Ocean Program Manager, and to Jason Holt of Google for their work in supporting this project.
It is difficult to speak highly enough about the Musée Océanographique de Monaco. Prince Albert I of Monaco was an oceanographer himself and created the museum in 1901 with a vision of bringing art and ocean science …
visionport