18 June 2016

Python SDK for Azure Basic Tutorial

As Spider-Man would say, from great enterprise comes great complexity. Microsoft cloud services are very, very enterprisey; which means they're also absurdly overcomplicated. One can probably spend most of his 30-day trial simply wandering around their dozens of different "portals" and "account management" screens. So here's a simple tutorial on going from zero to spinning up a VM with the Python SDK. (This is a work in progress, but hopefully it saves you the headaches I got).
  1. Sign up for an Azure free trial. You'll need a phone and a credit card, because MS requires verification like pr0n sites of yore.
  2. WAIT! DON'T DO ANYTHING! After the signup is successful and you're sent to the dashboard, chances are that your account is not actually fully formed, and you might be getting a lot of prompts about signing up for a Pay As You Go subscription. Wait 10 to 15 minutes. Grab a coffee; check Hacker News; live the enterprise life.
  3. close your browser and go back to the portal.
  4. Go to your active directory
  5. Create a Global Admin user by clicking on ADD USER (not the giant NEW, that would be too easy!). Write down the temporary password. (Note: I've no idea whether it has to be a global admin, but we're just trying to keep things simple here.)
  6. Now you have to associate the user to your Azure subscription, because you created it, it's in your AD, but obviously it's completely unrelated to your resources. Enterprise life! Go back to Azure portal, click on Subscriptions. NOTE DOWN YOUR SUBSCRIPTION ID, you'll need it later.
  7. Click on the subscription then Settings
  8. Click on Users (bottom right)
  9. Click on Add, select the Owner role, then add the new user to it. (Note: again, Owner is probably a bit too powerful, but we're trying to keep things simple.) Reference here.
  10. Now open a Private Window in your browser, or sign out of your account, because you have to log on the same portal as the new user.
  11. After logging on, you'll be forced to change the password. Done? Good; log out, close the window, the web-based ordeal is officially over.
  12. Create and activate a virtualenv (this procedure will differ depending on your platform/setup, reference here):
    mkdir azure_test && cd azure_test
    pyvenv-3.5 env
    source env/bin/activate
    pip install --upgrade pip   # this is optional but good practice
    
  13. install the Azure sdk
    pip install --pre azure
  14. Launch python and get cracking:
    sub_id = 'your-sub-id'  # you should have got this earlier, it's visible in "Subscriptions"
    # authentication reference at
    # http://azure-sdk-for-python.readthedocs.io/en/latest/resourcemanagementauthentication.html#using-ad-user-password
    from azure.common.credentials import UserPassCredentials
    credentials = UserPassCredentials('yourADuser@youraccount.onmicrosoft.com','youropassword')
    from azure.mgmt.resource.resources import ResourceManagementClient
    resource_client = ResourceManagementClient(credentials, sub_id)
    
    # one-off registrations, supposedly you won't need them next time
    resource_client.providers.register('Microsoft.Compute')
    resource_client.providers.register('Microsoft.Network')
    resource_client.providers.register('Microsoft.Storage')
    
    # create the clients
    from azure.mgmt.compute import ComputeManagementClient
    compute_client = ComputeManagementClient(credentials, sub_id)
    from azure.mgmt.network import NetworkManagementClient
    network_client = NetworkManagementClient(credentials, sub_id)
    from azure.mgmt.storage import StorageManagementClient
    storage_client = StorageManagementClient(credentials, sub_id)
    
  15. Now follow the code to create a VM here, skipping the 4 lines that define resource_client, storage_client etc, because you already have them.

16 June 2016

The Nifty Minidrive is a Nifty Hack

I know it's fashionable to hate on the Nifty Minidrive: "overpriced SD adapter!" "I can get an equivalent one for $2!". Truth is, it's an ingenious hack; a well executed, high-quality concept conceived by two local Manchester lads with a Kickstarter campaign. I've tried the cheap alternatives and they just don't compare.

Yesterday I was in Staples (aka Home Depot) for various reasons, and on a whim I picked up a Sandisk 128GB SDXC card to replace the 64GB one I was already using with Nifty. A quick swap, and now I have a grand total of 640 GB of space on my MBPr. That was just too easy!

(This said, I hope Apple hurries up with the MBPr refresh so I can buy a new laptop with 1TB disk. I was really disappointed by the lack of hardware announcements at WWDC; my current MBPr is now 4 years old but I'm not going to drop two grand on a new machine with chips from 2014...)

25 May 2016

Change your login background in OSX

A little something for my long-suffering OSX readers: a simple script to change your login background. Note that images must be in PNG format.

Copypaste the code above, save it as /usr/local/bin/set_login_background.sh, and execute like this (the first line is necessary only on first usage):

sudo chmod a+x /usr/local/bin/set_login_background.sh
sudo set_login_background.sh /path/to/my-new-image.PNG

14 March 2016

WebCrypto and GPG - yet another missed opportunity

(Preface: I’m not good at crypto. My brain is just not big enough to juggle the necessary math. What I can do, in most cases, is juggling the basic concepts (private/public keys, certificates, chain of trust, hashing, signing, salting, encrypting, ciphers, etc) and parsing crypto-jargon enough to get by. I like to believe I belong to the silent majority of web plumbers out there — as far as I know, the world of real cryptographers and crypto-developers is still very small. If anything I say here is wrong, by all means let me know in comments.)

I’m yet again dismayed at the stubborness of crypto-nerd in making things as awkward as possible for the rest of us.

I’m currently trying to setup a simple browser extension to verify signed data, given public keys. A fairly mundane problem, one would think; and sure enough, browser vendors recently started to implement secure interfaces for this sort of operation. Great!

So let’s import a public key to verify some data. What is the most popular key manager/generator out there, something that has been around for 25 years in various incarnations? PGP/GnuPG, of course. So I export a standard RSA key in the classic armoured format and… nothing. SubtleCrypto.importKey() does not support it. Most examples I got from googling (like these excellent ones) use JWK, yet-another-JSON-format-invented-yesterday. There are a bunch of tools out there to convert OpenSSL PEM keys to JWK (for Node.js, unsurprisingly), but nothing straightforward for PGP/GPG. No biggie: considering GnuPG is only at the core of software distribution for (almost) the entire world of Linux, it’s understandable that it could be overlooked... /sarcasm

In the end, one could probably get by using hacks like the one described here. To be honest, I’ve not tried — by the time I found it, the evening had gone and the level of frustration was too high.

Projects like Let’s Encrypt demonstrated very clearly that everyday cryptography is held back by inconsiderate and hostile interfaces; once you remove them, people adopt it extremely quickly. It is understandable that legacy implementations (X509 and so on) will be awkward; but brand new interfaces which are supposed to gain widespread popularity outside the small circle of crypto specialists, designed in the last decade, should be better than this.

21 January 2016

OSX Nostalgia

I have to say, I really don’t like the direction the OSX interface is going. All this flatness is tremendously boring. I’ve found myself very nostalgic of the old ”Aqua” interface several times in the last few months.

Unfortunately, Jony Ive’s iron grip is so tight, all theming/customization hooks have been removed from recent OSX releases. There is now no application (that I know of) which could reskin windows, toolbars and scrollbars.

The only avenue left to UI tinkerers is icons. You can still use LiteIcon to override system icons, and of course copy-paste on individual folders. I’m currently using icons from the classic Iconfactory World of Aqua series, and I just love them.

Some programs will thankfully allow you to customize them. There are plenty of Aqua themes for Firefox, I use a slightly cheesy one. iTerm2 has an ”Aqua” option for its tabs.

If you are an app developer — please consider some skinning support. For all the talk about ”consistency” from UI nazis, the first thing people do on a new computer is still to customize the desktop background...