Back to top

Setting up OpenSWAN for Site-to-Site VPN - Ubuntu 12.04 and Cisco ASA 5520

I recently had to setup OpenSWAN on Ubuntu to be part of a site-to-site VPN with a Cisco ASA 5520. There are a few resources I used to get me there. It was hard to find these resources so I'm keeping track of them for myself and in the hopes it helps someone else.

My requirements were:

  • local ike peer IP address: 89.76.54.321
  • remote ike peer IP address: 123.45.67.89
  • remote: also want all addresses in 123.45.0/24 to be addressable

  • Authentication: pre shared key

  • Encryption Scheme IKE
  • Diffie Hellman Group: Group 2
  • Encryption Algorithm: AES-256
  • Hashing Algorithm: SHA1
  • IKE Negotiation Mode: Main mode
  • Lifetime (for renegotation): 480 minutes

  • Phase 2 Encapsulation: ESP

  • Phase 2 Encryption Algirithm: AES-256
  • Phase 2 Hashing Algorithm: SHA1
  • Perfect Forward Secrecy: No PFS
  • Lifetime (for renegotiation): 480m

And here is roughly what my /etc/ipsec.d/connection.conf looks like:


conn i2c

Category: 
People Involved: 

Discover It Card: Followup and reviews

The Discover It card launched late in 2012 (I wrote about it earlier).

When it first came out there was a heavy promotion of the card via multiple channels. They had tv videos and articles were written about it

One of the most interesting things to me about the card is the design on the front of the card:

Discover it card design

It's so basic and they moved the numbers/expiration etc. to the back of the card. Here's a video showing an unboxing of the Discover it card:

You can see at 4 minutes into the video as he shows the card the front is just plain and simple. A very clean design!

Here were the items he described during unboxing the card:

  • No annual fee
  • No late fee (only affects credit cards)
  • No foreign transaction fee
  • Paying late won't increase APR
  • 1% cashback on most purchases, 5% rewards program for certain purchases
  • Talked to a real person within 3 minutes of calling the company
Category: 
People Involved: 

Super Simple - Embed your form into facebook pages

Today I needed to embed (iframe) a web page into facebook. Pretty simple idea, really - doing so should help improve conversion rates for visitors who are landing from Facebook. And, of course I want to do it as simply as possible so we can test the idea before investing more time into fancier features this might have (a facebook-like theme, facebookconnect to pre-fill user data, etc.)

So...I did a ton of searches for how to create embed a page in a very simple way. I don't want to use an SDK. I don't want to have any OAUTH or interactions. Just show my page inside the facebook header and sidebar! But...how to do it.

Facebook Static HTML Iframe App

Well, several tutorials and videos recommended using a third party app that would insert my iframe inside of the Facebook page.

This is indeed a very popular path to take. There are dozens of apps in use by tens of millions of people each month. WAT?

Of course, Facebook Canvas apps are just iframes...so...why do I need an APP to iframe my iframe? And how safe is your data when a 3rd party iframe is around your site? No, this solution simply will not do.

Make your own super simple Facebook App

Here's what you want to do.

  1. Go to Facebook Apps site. You might need to agree to some terms of service or something.
  2. Click "Create New App"
  3. Fill in the basic info - skip hosting.
  4. Fill in the "Basic Info" section. If you are unsure, leave it blank or read the help blurb. All you really need is a Display Name and Contact Email.
  5. Check the green box for "App on Facebook"
  6. Input your site URL for the Canvas URL and Secure Canvas URL. On October 1, 2013 all apps will be required to have https.
Category: 
People Involved: 

Jenkins + Drush + Dropbox = Easily share sanitized database projects

I recently wrote about setting up Jenkins. My next step was making it do something useful to help our team become more efficient. In most any team it's likely that you'll get some folks for whom "just use drush sql-sync" is not a reasonble solution.

My goal: get a database backup into dropbox on a regular basis and make sure no sensitive customer data is in that backup.

Make a Database backup of the live site

We're running jenkins on a non-production server (for a variety of reasons). So, we get a backup of the live database into a temporary scratch database using the drush aliases feature. That process sanitizes it a bit using the sql-sanitize feature of drush. Then we dump out that database.

  1. Start with an up to date checkout of your live site's Drupal code
  2. Use the multisite feature and create a sites/example.prod/settings.php where the $databases array has a set of read-only credentials to the production database
  3. A second "site" at sites/example.scratch/settings.php
  4. Setup a Drush alias that points to those two sites inside the Drupal - be sure to use the 'uri' element so that drush knows which set of credentials to use inside the sites/ folder:

    $aliases['example.prod'] = array(
    'root' => '/var/lib/jenkins/example_scripts/example_com_checkout_for_drush/',
    'uri' => 'example.backup',
    );
    $aliases['example.scratch'] = array(
    'root' => '/var/lib/jenkins/example_scripts/example_com_checkout_for_drush/',
    'uri' => 'example.scratch',
    );
  5. The example.scratch credentials should point to a "scratch" database that is used just for these purposes.
  6. Finally a line in the Jenkins job to copy the database from the live site to the backup.
    drush sql-sync @sitename.prod @sitename.backup
People Involved: 

Using Drupal's Meta tag module for Facebook Open Graph, Google rel=author, and Page titles

Meta tags have gone back and forth in terms of their usefulness for promoting your site. In the late 90s they were a way for nascent search engines to easily categorize sites, then they were abused for keyword stuffing unrelated to page content and their use waned, but they are back again with three major purposes: Facebook Open Graph, Google Authors and Page titles. These are not necessarily "SEO" purposes, but the goal is ultimately the same: making sure that your site puts its best foot forward to gain new visitors.

Metatag module setup

The basic Metatag module setup is pretty straightforward. Download the latest version from the metatag project page. If you don’t have them already you will need the CTools and Token modules.

Setting up Metatag for Facebook Open Graph

There were a few different things I wanted to achieve with the Facebook Open Graph support. Basically, whenever someone includes our page on Facebook I wanted to make sure that the title, description text, and image that Facebook pulled in were the best possible images. I expect that most of the "liking" will occur on our card landing pages. So, I enabled the "Meta tags: Open Graph" sub-module that is included in the main Metatag module. Then I added a meta tag default for the "Campaign" node type by clicking on the bright "Add a meta tag default" at the top of the page on the page at Administration - Configuration - Search and metadata - Meta tags.

People Involved: 

11 wonderfully horrible modern productivity anti-patterns

You are a modern web-worker. When the internet in your office goes offline, it is a major drain on your productivity. Here are some things you may do or see in your daily life that are "anti-patterns" or behaviors which are counter to productivity. Please, don't do them! If someone else does one of them, maybe send them this post (it includes solutions).

When people break these rules (especially via email) it just makes me feel like Billy Sorrels: DELETE, DELETE, DELETE.

1. Putting Screenshots into Microsoft Word Documents

You make a screenshot using the "PrtScr" key and want to share it. How do you do this? You open Microsoft Word, paste the screenshot into the document, and send it via e-mail. It's an image, not a document. Save it that way.

The Problem: Bloat and speed meaning fewer people read the message. It takes way longer to open a document than to open an image. It also takes up more space in my inbox. I mostly don't care about e-mail/inbox size these days, but when I'm on a slow connection (via phone, via internet in a foreign country) it can be an issue.

The Solution: This depends on the operating system you use. Windows users: take the screen shot, open "Paint" (or another graphics program like Gimp) and paste the screenshot there. Save it as an image. If you are going to do it often I humbly suggest Skitch or AwesomeScreenshot.

Category: 
People Involved: 
timeline: 

New Discover Credit Card Design: Metallic front, details on back

Various news outlets are covering the release of the new Discover credit card, like Daily Finance.com.

Discover Card Design

And, here is the card design:

Discover it card design

It's interesting how they have completely broken from the standard way of lots of information on the front of the card. It's a really clean design with just their Discover logo/wordmark and a little orange "it" on the top right edge. The name, number, and all the other junk is on the back of the card. I haven't been able to find the design of the back of the card anywhere. Apparently the new card will be sent via expedited mail, getting it to customers in just a couple days instead of the industry standard "3-5 business days."

Their delivery box is not only going to get to you faster, it's attractive too:

Discover it delivery box

Commercials: Support and better features

Discover also has several new ads to go along with the card. This first one emphasizes the human, America-based support that is someone so friendly you might just call them for fun:

And this second one emphasizes the "no change to APR for your first late payment" while still giving the human, America-based, friendly support:

Drawbacks to Discover

Category: 
People Involved: 

Pages

Subscribe to Knaddison.com RSS