Google App Engine... ready for prime time?

Google recently announced the availability of google cloud and google app engine in Australia. Since that's where my users are located I decided to migrate my Google App Engine application to the Australian availability zone.

Google don't make it particularly easy to do this, there is no button in the console to move your application, you must do the following manual steps:

1. create a new application
2. upload the code to the new application
3. disable datastore writes on your existing application
4. grant permissions to the bucket used to store your datastore backups so the new application can read them
5. backup the data store of the existing application
6. then restore the backups to the new application 
7. then create a mapping of your custom domain to the new application

at this point, I tested my new application and I could see that google was serving the new application, so it looked like everything was working and I went to bed.

The next morning, my application was no longer working. It was configured to accept secure connections only, and when I remapped the custom domain, app engine decided to delete my certificate without telling me.

Well, that's not so bad, all I need to do is upload the ssl certificate to my new application, right?

Trouble is, app engine won't let me. Every time I try, it fails with an extremely unhelpful error message.

This seems to me to be some unexpected error in the backend, which is no surprise as the whole App Engine infrastructure is a little half baked. Turns out I had uploaded the wrong private key file, which I figured out by using a certificate checker site.

Sorry, there’s a problem. If you entered information, check it and try again. Otherwise, the problem might clear up on its own, so check back later.

Tracking Number: 6120870777002247692

Firewire i1394 and Skylake H170/Z170 incompatibilities

I have an old M-Audio projectmix IO audio interface - it's a nice unit with 8 inputs, 6 outputs, motorized faders and a firewire interface that's rock solid.

After upgrading my computer to a Skylake H170 chipset i7 6700 and expecting to have a screamingly fast digital audio workstation (DAW) I was extremely disappointed to discover my project mix was basically unusable - the audio was constantly crackling.

I had a cheap VIA firewire card, so I upgraded to to a new, quite expensive firewire card with a TI chipset, which are generally recommended for music apps.

But no joy, it still crackled. It turns out that TI no longer recommend the XIO2200A chip used in these cards for new applications.

After some google fu I found this thread confirming firewire issues with certain chipsets.


Anyway it turns out you need the TI chipset XIO2213B, or VIA 6315 or  LSI FW643.

I picked up a card with VIA 6315 chipset on ebay for $15 AUD shipped from china and it works perfectly with the lowest buffer size of 64 which means low latency audio.

Happy days!

HackerX Sydney, 2nd March 2017.

If you haven't heard about it before, HackerX is an invite only networking event for software developers and companies seeking to hire.This event was held at Fishburners in Ultimo, which is a shared workspace/incubator for tech startups. It is structured like a speed dating event where each candidate gets 5 mins in front of a prospective employer.

Anyway, since my contract with my current employer is up in a few weeks, I thought I would head along and check it out, more out of curiosity than anything else.

They put on free beer, soft drinks and pizza so at the very least you get a free feed and a few drinks if not a new job. And it what other situation would it be acceptable to interview with a few beers under your belt?

After about 1/2 an hour, the event kicked off, with the company reps lined up in in two rows of tables, while the candidates queued up for their 5 minutes to shine in front of a prospective employer.

Now, 5 minutes isn't very long, so if you are serious you better have your pitch down pat and some copies of your resume to hand over. I happened to run into a friend and was having a chat and ended up on the end of the queue. I highly recommend you get yourself on the front of the queue.Why?

Well, it turns out that there wasn't enough time for every candidate who rsvped to get some face time with every company. As it turned out, the speed dating ended before about 10 of us got a chance to speak to any of the companies on the second row of tables.

 However, in spite of this I think it is quite a worthwhile event, in terms of being a really efficient way to get your resume into the hands of companies that are definitely hiring... much better than the broken method of using recruitment companies as intermediaries.

So check it out if you get the chance.

Update:

I actually got a callback from one of the hiring companies who invited me to their own group recruiting event for further interviews, unfortunately I was on holiday in  Fiji and could not attend.

Google Chromecast Video does not work without an internet connection even for locally hosted video!

Google's motto is "Don't be evil". I guess they don't think that spying on every thing you do is evil.
That's the only reason I can see why your Chromecast video needs an internet connection to function, even if all you wan't to do is cast videos stored locally on your laptop to your TV.

I recently picked up a Chromecast Video in preparation for a a weeks snow holiday at Thredbo, thinking it would be handy so the kids could watch some of their own videos on the TV in the chalet. The chalet came with WiFi internet, but the cheapskate owner must have purchased the cheapest possible internet plan with the lowest quota, because even though all the right lights on the router were lit, there was no internet access.

This caused big problems trying to setup my new Chromecast, which needs to download some updates when it is first configured. I can understand why it would need internet access for that.

But once it is setup it refuses to work without an internet connection. The only reason I can see it might need an internet connection is so that it can spy on you and report your viewing habits back to google.

I managed to get it working by creating as hotspot on my iphone, having the chromecast use that hotspot for internet access and use my laptop to connect to the chromecasts WiFi to configure it.

But that's way more complicated than it needs to be. It really should be written on the box in big letters:

REQUIRES INTERNET ACCESS!

Letsencrypt certificate renewal process is awful!

So, my free 90 days letsencrypt certificate is about to expire.

I tried the auto-renew feature, but it does not work in manual mode. They intend it to be run automated and unattended, but I can't do that because I want to use the certificate on google app engine.

So basically, you have to re-issue the certicate , which means updating the challenge response on your website.

Well, I did all that, and generated a new certificate.

Unfortunately it expires the same time as the certificate I want to replace... WTF?

Anyway, I cleaned out /etc/letsencrypt and tried again from scratch:

sudo ./letsencrypt-auto certonly -a manual --rsa-key-size 2048 --email webmaster@mydomain.org.au -d shop.rhubarbfood.org.au

and this time it generated me a certificate with the correct expiry date. For future reference,

fullchain.pem is the public cert that appengine wants.

The private key needs to be fixed for google app engine:

openssl rsa -inform pem \

  -in /etc/letsencrypt/live/mydomain.org.au/privkey.pem \
  -outform pem 

the output of this command can be pasted straight into the text box in the appengine certificate page.

This time I documented it so I can rmember in 90 days time when I need to renew it again!

Let's Encrypt and Google App Engine... not a match in heaven

I recently got on the SSL bandwagon for a site I manage, and bought an SSL certificate from GoDaddy for less than $10 (I can't remember exactly), but it only lasted a year.

True to form, when time came up for renewal GoDaddy wanted to charge me $100.

Top Tip: Never, ever allow GoDaddy to autorenew anything you buy from them. Because they alway jack the price up when they autorenew by default.

Anyway, I heard about LetsEncrypt, the new CA which offers SSL certificates for free.

"This must be too good to be true", I thought. And once again, I was proved right.

After much yak-shaving, (installing the prerequisites on my mac, the letsencrypt software, and the appropriate challenge/responses to prove I owned the web servers) I actually managed to sucessfully generate my certificate...

...which expires in 90 days!?!

Now the people at letsencrypt think that 90 days is a really, really long time, and any longer would be a security risk. And they say, "Hey, you should automate all your certificate issuance/renewal/web hosting malarky".

The only problem is, THERE IS NO API TO AUTOMATE UPLOADING OF YOUR CERTIFICATE TO GOOGLE APP ENGINE!!!

So, every 90 days, you will have to do it manually.


And one more thing... when I tried to upload my 4096 bit key certificate, app engine complained with an extremely generic error message. Turns out it only supports a maximum of 2048 bit keys.

Way to be cutting edge Google!

EDIT: Google App Engine has finally automated SSL certifcates issuance and renewal!!!

https://cloudplatform.googleblog.com/2017/09/introducing-managed-SSL-for-Google-App-Engine.html

How to move your amazon instance to another account

Did you know amazon offer 1 years free EC2 hosting on a t2.micro instance when you create an account?

Free hosting for a year! But, what happens when the year is up? Hmmm, I wonder....

You might wan't to migrate the instance to another account.

How?

1) Create an AMI image of your instance
2) Add the account id of the new account to the permissions on the instance
3) Now you can see the AMI image in the new account and deploy it.
4) make sure the security group for the instance has the required ports open
5) Create an elastic IP address and associate it with your new instance
6) You may also need to update the DNS records to point to your new elastic IP.

Voila! Another years free hosting!