From c0a2bc6a81e42db614de86f5e2b3fd579f55a7e7 Mon Sep 17 00:00:00 2001 From: Alejandro Angulo Date: Fri, 17 Jul 2020 17:51:51 -0700 Subject: [PATCH] Initial commit --- .gitignore | 6 + .gitmodules | 3 + archetypes/default.md | 6 + config/_default/config.toml | 4 + config/_default/languages.toml | 27 ++++ config/_default/params.toml | 39 ++++++ config/production/deployment.toml.sample | 22 +++ content/about.md | 21 +++ content/posts/hosting-static-site-aws.md | 13 ++ content/posts/no-referrals-please.md | 60 ++++++++ content/posts/running-travis-ci-locally.md | 152 +++++++++++++++++++++ themes/terminal | 1 + 12 files changed, 354 insertions(+) create mode 100644 .gitignore create mode 100644 .gitmodules create mode 100644 archetypes/default.md create mode 100644 config/_default/config.toml create mode 100644 config/_default/languages.toml create mode 100644 config/_default/params.toml create mode 100644 config/production/deployment.toml.sample create mode 100644 content/about.md create mode 100644 content/posts/hosting-static-site-aws.md create mode 100644 content/posts/no-referrals-please.md create mode 100644 content/posts/running-travis-ci-locally.md create mode 160000 themes/terminal diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..dd9c1f4 --- /dev/null +++ b/.gitignore @@ -0,0 +1,6 @@ +# Hugo output directory +/public + +# Deployment config +config/production/deployment.toml + diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..a6851ba --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "themes/terminal"] + path = themes/terminal + url = https://github.com/panr/hugo-theme-terminal.git diff --git a/archetypes/default.md b/archetypes/default.md new file mode 100644 index 0000000..00e77bd --- /dev/null +++ b/archetypes/default.md @@ -0,0 +1,6 @@ +--- +title: "{{ replace .Name "-" " " | title }}" +date: {{ .Date }} +draft: true +--- + diff --git a/config/_default/config.toml b/config/_default/config.toml new file mode 100644 index 0000000..a60bfba --- /dev/null +++ b/config/_default/config.toml @@ -0,0 +1,4 @@ +baseURL = "https://alejandr0angul0.dev/" +languageCode = "en-us" +theme = "terminal" + diff --git a/config/_default/languages.toml b/config/_default/languages.toml new file mode 100644 index 0000000..2b28f54 --- /dev/null +++ b/config/_default/languages.toml @@ -0,0 +1,27 @@ +[en] +languageName = "English" +title = "Alejandr00" +subtitle = "" +owner = "" +keywords = "" +copyright = "" +menuMore = "Show more" +readMore = "Read more" +readOtherPosts = "Read other posts" +missingContentMessage = "Page not found..." +missingBackButtonLabel = "Back to home page" + +[en.params.logo] + logoText = "Alejandr00" + logoHomeLink = "/" + +[en.menu] + [[en.menu.main]] + identifier = "about" + name = "about" + url = "/about" + [[en.menu.main]] + identifier = "gh" + name = "github" + url = "https://github.com/alejandro-angulo" + diff --git a/config/_default/params.toml b/config/_default/params.toml new file mode 100644 index 0000000..4eaa1ad --- /dev/null +++ b/config/_default/params.toml @@ -0,0 +1,39 @@ +# dir name of your main content (default is `content/posts`). +# the list of set content will show up on your index page (baseurl). +contentTypeName = "posts" + +# ["orange", "blue", "red", "green", "pink"] +themeColor = "green" + +# if you set this to 0, only submenu trigger will be visible +showMenuItems = 2 + +# show selector to switch language +showLanguageSelector = false + +# set theme to full screen width +fullWidthTheme = false + +# center theme with default width +centerTheme = true + +# set a custom favicon (default is a `themeColor` square) +# favicon = "favicon.ico" + +# set post to show the last updated +# If you use git, you can set `enableGitInfo` to `true` and then post will automatically get the last updated +showLastUpdated = false +# Provide a string as a prefix for the last update date. By default, it looks like this: 2020-xx-xx [Updated: 2020-xx-xx] :: Author +# updatedDatePrefix = "Updated" + +# set all headings to their default size (depending on browser settings) +# it's set to `true` by default +# oneHeadingSize = false + +[twitter] + # set Twitter handles for Twitter cards + # see https://developer.twitter.com/en/docs/tweets/optimize-with-cards/guides/getting-started#card-and-content-attribution + # do not include @ + creator = "" + site = "" + diff --git a/config/production/deployment.toml.sample b/config/production/deployment.toml.sample new file mode 100644 index 0000000..e726144 --- /dev/null +++ b/config/production/deployment.toml.sample @@ -0,0 +1,22 @@ +order = [".jpg$", ".gif$"] + +[[targets]] +name = "aws-s3" +URL = "$S3URL" +cloudFrontDistributionID = "$cloudFrontDistributionID" + +[[matchers]] +# Cache static assets for 1 year. +pattern = "^.+\\.(js|css|svg|ttf)$" +cacheControl = "max-age=31536000, no-transform, public" +gzip = true + +[[matchers]] +pattern = "^.+\\.(png|jpg)$" +cacheControl = "max-age=31536000, no-transform, public" +gzip = false + +[[matchers]] +pattern = "^.+\\.(html|xml|json)$" +gzip = true + diff --git a/content/about.md b/content/about.md new file mode 100644 index 0000000..1f29910 --- /dev/null +++ b/content/about.md @@ -0,0 +1,21 @@ +--- +title: "About" +date: 2020-07-16T21:42:33-07:00 +--- + +## The Site + +This is a static site generated using [Hugo](https://gohugo.io/). I'll eventually get around to creating a public repo for this +site on my [github](https://github.com/alejandro-angulo/) but there's nothing fancy going on here. I'm planning on using this site +as a sort of personal documentation. Hopefully what I write here will be useful to whoever stumbles upon it. + +## Me + +I'm Alejandro Angulo, a code monkey living in the Los Angeles area. When I'm not ~~introducting bugs~~ writing beautiful, +performant code, I like to reminisce about the before-times when masks weren't in style and sit-down dining was a thing. Nowadays, +I like to pass the time binge watching TV shows on Hulu/Netflix and starting (but not finishing) personal projects. + +### Contact + +I can be reached at `iam@`. + diff --git a/content/posts/hosting-static-site-aws.md b/content/posts/hosting-static-site-aws.md new file mode 100644 index 0000000..f674745 --- /dev/null +++ b/content/posts/hosting-static-site-aws.md @@ -0,0 +1,13 @@ ++++ +title = "How to host a static site on AWS" +date = "2020-07-17T12:31:32-07:00" +author = "alejandro" +cover = "pldfdf" +tags = ["a", "b"] +keywords = ["", ""] +description = "test" +showFullContent = false +draft = true ++++ + +content diff --git a/content/posts/no-referrals-please.md b/content/posts/no-referrals-please.md new file mode 100644 index 0000000..10f9c4f --- /dev/null +++ b/content/posts/no-referrals-please.md @@ -0,0 +1,60 @@ ++++ +title = "No Referals [sic] Please" +date = "2018-08-28T05:23:17-00:00" +author = "alejandro" +tags = ["info-dump"] +draft = false ++++ + +### TL;DR + +* Use `same-origin` Referrer Policy with Django +* Double leters are unecesary and slow down typing ([see Referer in this document](https://tools.ietf.org/html/rfc1945)) + +--- + +I found a post on Hacker News with a link to [webbkoll](https://webbkoll.dataskydd.net/en/) which tries to check how +privacy-friendly a particular site is. Of course I had to [check against my own +site](https://webbkoll.dataskydd.net/en/results?url=http%3A%2F%2Fkilonull.com%2F)! + +Webbkoll reported that my referrers were being leaked and that I was using a Google as a third-party service. My site does make +requests to Google for some fonts, so that was expected. The privacy checker gave a helpful explanation on why someone might not +want to make requests to a third-party (well the actual description singled out Google specifically, but the same is true for any +third-party). I could host these fonts myself (as suggested) but the risk seems low to me and loading the fonts from Google means +that users are more likely to have the fonts already cached (making my site load faster... not that anyone reads this). + +But, what's this referrer business? Turns out that browsers send information on what page a user comes from. This information is +stored in the headers under the `Referer` field. Yes, _referer_ and not _referrer_. According to wikipedia, [this +mispelling](https://tools.ietf.org/html/rfc1945) [is found](https://tools.ietf.org/html/rfc2616) in [multiple +RFCs](https://tools.ietf.org/html/rfc7231). + +This information seems pretty innocuous, but can be used (in tandem with other techniques) to track people online. Sites can +associate its users with their referring pages. Webbkoll provides a good example: + +_Let's say you're logged in on Facebook. You visit a page with the URL http://www.some-hospital.com/some-medical-condition. On +that page, you click a link to their Facebook page. Your browser then sends Referer: +http://www.some-hospital.com/some-medical-condition to facebook.com, along with your Facebook cookies, allowing Facebook to +associate your identity with that particular page._ + +Luckily for us tinfoil hat folk, there is a [Referrer Policy](https://www.w3.org/TR/referrer-policy/) (_referrer_ spelled +correctly this time) and a [helpful MDN page](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy). I was +excited to stick it to the surveillance state and quickly fired up my terminal and SSH'd into my server to update my NGINX +configuration with `add_header Referrer-Policy "no-referrer";`. I checked afterward and sure enough my browser did not send a +referer! I had chores I wanted to avoid so I frantically logged in to make a post... but I was greeted with this: + +> Forbidden (403) +> +> CSRF verification failed. Request aborted. +> +> You are seeing this message because this HTTPS site requires a 'Referer header' to be sent by your Web browser, but none was sent. This header is required for security reasons, to ensure that your browser is not being hijacked by third parties. +> +> If you have configured your browser to disable 'Referer' headers, please re-enable them, at least for this site, or for HTTPS connections, or for 'same-origin' requests. +> +> If you are using the <meta name="referrer" content="no-referrer"> tag or including the 'Referrer-Policy: no-referrer' header, please remove them. The CSRF protection requires the 'Referer' header to do strict referer checking. If you're concerned about privacy, use alternatives like <a rel="noreferrer" ...> for links to third-party sites. +> +> More information is available with DEBUG=True. + +Apparently Django has an extra security measure for HTTPS pages ([see step +4](https://docs.djangoproject.com/en/2.1/ref/csrf/#how-it-works)). In short, the `Referer` header is used to make sure that a +request comes from the same site. zinfandel has a [better explanation](https://security.stackexchange.com/a/96139) on Stack +Overflow. Bummer. But this can be worked around by using the `same-origin` policy instead of `no-referrer`. diff --git a/content/posts/running-travis-ci-locally.md b/content/posts/running-travis-ci-locally.md new file mode 100644 index 0000000..e0d6f32 --- /dev/null +++ b/content/posts/running-travis-ci-locally.md @@ -0,0 +1,152 @@ ++++ +title = "Running Travis CI Locally" +date = 2017-12-18T05:02:42-00:00 +author = "alejandro" +tags = ["procrastination"] ++++ + +### TL;DR + +* Travis build was failing. +* Found a possible fix, but I didn't want to push commits just to check if it would work. +* Ran [travis-build](https://github.com/travis-ci/travis-build) in a Docker container to test the fix. + +--- + +I accidentally pushed a change to kilonull that added the word "test" in the site's title tag. I pushed [another +commit](https://github.com/vacuus/kilonull/commit/455f52f97f508f4c2b2bd0cec6cad33f7eb8e413) to remove the extra text and pulled on +my server. About 5 minutes later I received an email telling me my build on Travis had +[failed](https://travis-ci.org/vacuus/kilonull/builds/317863434). + +```bash +# ...snip... +Error: could not determine PostgreSQL version from '10.1' + + ---------------------------------------- +Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-wq2uqxzp/psycopg2/ + +The command "pip install -r requirements.txt" failed and exited with 1 during . + +Your build has been stopped. +``` + +Well at least *my* code didn't break anything. But hey, it's a Sunday and I have chores to ignore. Let's look into this. I googled +the error and stumbled upon a [comment on Github](https://github.com/psycopg/psycopg2/issues/594#issuecomment-346514672) stating +that the fix was to update the psycopg2 requirement to 2.7.1 (the current latest version). Great, that should be an easy fix. But +hang on, I have all these chores to ignore. I can probably run Travis locally before pushing just to verify the fix. Let's look +into this. + +Someone else (Ibrahim Ulukaya) was kind of enough to document how to [run Travis tests from a Docker +container](https://medium.com/google-developers/how-to-run-travisci-locally-on-docker-822fc6b2db2e). I followed his instructions +but I kept getting an error about being unable to load travis/support when I ran `travis compile`. + +```bash +$ travis compile +/home/travis/.rvm/rubies/ruby-2.4.3/lib/ruby/2.4.0/rubygems/core_ext/kernel_require.rb:120:in 'require': cannot load such file -- travis/support (LoadError) + from /home/travis/.rvm/rubies/ruby-2.4.3/lib/ruby/2.4.0/rubygems/core_ext/kernel_require.rb:120:in 'require' + from /home/travis/.travis/travis-build/lib/travis/build.rb:1:in '' + from /home/travis/.rvm/rubies/ruby-2.4.3/lib/ruby/2.4.0/rubygems/core_ext/kernel_require.rb:120:in 'require' + from /home/travis/.rvm/rubies/ruby-2.4.3/lib/ruby/2.4.0/rubygems/core_ext/kernel_require.rb:120:in 'require' + from /home/travis/.travis/travis-build/init.rb:11:in 'setup' + from /home/travis/.rvm/gems/ruby-2.4.3/gems/travis-1.8.8/lib/travis/cli/command.rb:197:in 'execute' + from /home/travis/.rvm/gems/ruby-2.4.3/gems/travis-1.8.8/lib/travis/cli.rb:64:in 'run' + from /home/travis/.rvm/gems/ruby-2.4.3/gems/travis-1.8.8/bin/travis:18:in '' + from /home/travis/.rvm/gems/ruby-2.4.3/bin/travis:23:in 'load' + from /home/travis/.rvm/gems/ruby-2.4.3/bin/travis:23:in '
' + from /home/travis/.rvm/gems/ruby-2.4.3/bin/ruby_executable_hooks:15:in 'eval' + from /home/travis/.rvm/gems/ruby-2.4.3/bin/ruby_executable_hooks:15:in '
' +``` + +I found [another useful comment on Github](https://github.com/travis-ci/travis-ci/issues/8098#issuecomment-321507488) that +suggested specifying the path to the travis script from travis-support. Maybe I did something wrong when I followed the +instructions on Medium but this was working for me. + +Here are the steps that worked for me. I hope this is useful for someone else someday. + +First off, we'll need to decide on one of Travis's docker containers to run from. Available containers are [listed on +Quay](https://quay.io/organization/travisci). We'll want one of the containers named `travis-`. I copy-pasted from +the instructions in the Medium article so I ended up running everything under the `travis-jvm` container. In retrospect, I should +have used `travis-python` since I was dealing with a Python project. The command `docker run -it -u travis +quay.io/travisci/travis-jvm /bin/bash` can be used to run the container (replace `travis-jvm` with whatever container is desired). + +Before setting up `travis-build` we can choose which version of Ruby to work with. The latest stable version was 2.4.3 when I +checked so I decided to go with that. + +```bash +rvm install 2.4.3 rvm use 2.4.3 +``` + +Once Ruby is set up to our liking we can set up `travis-build`: + +```bash +$ travis compile +/home/travis/.rvm/rubies/ruby-2.4.3/lib/ruby/2.4.0/rubygems/core_ext/kernel_require.rb:120:in 'require': cannot load such file -- travis/support (LoadError) + from /home/travis/.rvm/rubies/ruby-2.4.3/lib/ruby/2.4.0/rubygems/core_ext/kernel_require.rb:120:in 'require' + from /home/travis/.travis/travis-build/lib/travis/build.rb:1:in '' + from /home/travis/.rvm/rubies/ruby-2.4.3/lib/ruby/2.4.0/rubygems/core_ext/kernel_require.rb:120:in 'require' + from /home/travis/.rvm/rubies/ruby-2.4.3/lib/ruby/2.4.0/rubygems/core_ext/kernel_require.rb:120:in 'require' + from /home/travis/.travis/travis-build/init.rb:11:in 'setup' + from /home/travis/.rvm/gems/ruby-2.4.3/gems/travis-1.8.8/lib/travis/cli/command.rb:197:in 'execute' + from /home/travis/.rvm/gems/ruby-2.4.3/gems/travis-1.8.8/lib/travis/cli.rb:64:in 'run' + from /home/travis/.rvm/gems/ruby-2.4.3/gems/travis-1.8.8/bin/travis:18:in '' + from /home/travis/.rvm/gems/ruby-2.4.3/bin/travis:23:in 'load' + from /home/travis/.rvm/gems/ruby-2.4.3/bin/travis:23:in '
' + from /home/travis/.rvm/gems/ruby-2.4.3/bin/ruby_executable_hooks:15:in 'eval' + from /home/travis/.rvm/gems/ruby-2.4.3/bin/ruby_executable_hooks:15:in '
' +``` + +Unfortunately, it didn't work for me. Removing the branch flag from the clone command fixed it for me though. I suspect the actual +Travis CI service inserts the branch name based on what branch contained the commit triggering the build. We're doing this +manually though so we'll have to make a small adjustment to our build script. Go ahead and open it up in your favorite text editor +(vim). Find the definition for the `travis_run_checkout` function. Remove the branch flag (or specify a branch name if you want to +pull from something other than `master`) from the clone command inside the if block. + +Run the `ci.sh` script with our modification again and you should be able to successfully clone your project and continue with the +rest of the build process. This is nice and all but the whole point in running Travis locally for me was so I could test changes +without having to make a commit. But `travis_run_checkout` is called every time our build script executes. We can make another +modification so we can test local changes without committing. Open `ci.sh` up again and go back to the definition of the +travis_run_checkout function. Before the `travis_fold end git.checkout` line there will be a `cd` command that tells the build +script to go to the location we pulled our repository to. Copy this line then go to the bottom of the script. Comment out the call +to `travis_run_checkout` and paste the `cd` command on the next line. Your hacked build script should look something like this: + +```bash +EOFUNC_FINISH +# END_FUNCS +source $HOME/.travis/job_stages +travis_run_setup_filter +travis_run_configure +#travis_run_checkout +travis_cmd cd\ vacuus/kilonull --echo +travis_run_prepare +travis_run_disable_sudo +travis_run_export +travis_run_setup +travis_run_setup_casher +travis_run_setup_cache +travis_run_announce +travis_run_debug +travis_run_before_install +travis_run_install +travis_run_before_script +travis_run_script +travis_run_before_cache +travis_run_cache +travis_run_after_success +travis_run_after_failure +travis_run_after_script +travis_run_finish +echo -e "\nDone. Your build exited with $TRAVIS_TEST_RESULT." + +travis_terminate $TRAVIS_TEST_RESULT +``` + +Now we have two copies of our repo in the container which might get a bit confusing. We can remove the repo at the location that +we manually cloned (not the one cloned as part of the build script inside `~/build`). Just remember to move the `ci.sh` script +before deleting your project's directory. We can now make changes to the copy of the repo inside the `~/build` directory and run +our hacked build script to test any changes. I updated my `requirements.txt`'s version for `psycopg2` and my build succeeded just +as I had hoped :) . + +This process is pretty convoluted but I think I can automate this and include it a container for my project. But, maybe I'm better +off using something like Jenkins for CI if I'm so concerned with running my builds locally. At least I can feel like I did +something productive while avoiding my chores. + diff --git a/themes/terminal b/themes/terminal new file mode 160000 index 0000000..bc29541 --- /dev/null +++ b/themes/terminal @@ -0,0 +1 @@ +Subproject commit bc295415148b61663d627fa56b8406d725d5f3fa