Author Archives: LombaX

LombaXMonday N° 9 – links and resources from the IT World

What is this? Every day I read a lot of articles about computer programming and languages, infrastructures, new technologies, quick tips, trends, architectures and so on. I read them immediately or put in my “read later” list. All my readings helped me to grow and learn new things…so why don’t share them with my readers? For this reason, I decided to publish and share, every monday, a list of the links I came accross during the past days.


What is Branch Prediction - link

An impressive explanation of what is branch prediction and how knowing it could help us to write more efficient code. Read the whole question and the accepted answer, it’s worth it


Distributed JWT Token Cracker - link

A tool written in Javascript by Luciano Mammino (more info in the link), for cracking JWT Token via bruteforce. This tool is distributed, it means that you can publish a server (take track of the job) and as many client as you want, to increase the cpu power.


How to fix npm broken dependencies - link

You are using a fantastic npm dependency but…there is a bug. And you can’t modify the source in the node_modules because at every npm install/update you lose your modifications? Don’t worry, this tool will save your life (personally, I prefer to fork and update the dependency directly on Github…but “de gustibus”)


 

That’s all for today’s LombaXMonday, if you liked it, have any question or want to let me know that this article sucks, don’t hesitate to add a comment :-)

How to create an IVR that reads from Google Sheet with Amazon Connect and AWS Lambda

In this quick tutorial, I will explain how to create a basic IVR that can access a Google Sheet and communicate a 3 digit code via voice.

This tutorial assume that you have a basic knowledge of AWS Console, what is AWS Lambda (the demo function is written in Javascript) and how to create, upload and debug a function via the console.

Need: we have this basic “manual” and “human” flow. We have a safe with a 3 digit code. This safe contains the key of a specific room in the office that must be protected but sometimes opened by guests when no staff is in the office, and we want to give them access only after a phone authorization. When someone has access, the code is changed (usually the day after).

So a guest now do this:
- in front of the safe there is a phone number.
- the guest calls the phone number
- me or my colleague answer and give him the code (The code is stored in a Google Sheet to permit us to find and remember it easily after a change)
- the guest opens the safe and take the key of the room
- the day after, the member of the staff who received the call changes the safe code and update the Google Sheet

What we want now, is to change this flow to avoid that someone of the staff answer to the phone in the night only for giving a stupid 3 digit code :-)

Start with Amazon Connect.

1) Claim a new Phone Number

1 - claim phone number

2) create a contact flow

2 - create contact flow

3 - create contact flow

3) edit the contact flow like this

4 - contact flow details

4) look at the configuration of “Invoke AWS Lambda Function”

Specifically, in the “Invoke AWS Lambda Function”,  you must insert your function ARN.
By now you haven’t created the Lambda function yet, so leave this field empty, but after creating the function you will insert the ARN which is a code like this:

arn:aws:lambda:eu-central-1:123456789012:function:name-of-lambda-function

4) change the “Play prompt” configuration

The upper “play prompt” must be configured like in this image

5 - play prompt details

 

the lower one is simply an audio that plays “There was an error”

That’s all by now, simply save and publish.

100 - publish

If you call the phone number now, you will hear “There was an error”


 

Now, let’s create a Lambda function. You have to edit it in your local editor, the lambda function must be uploaded via .zip file (or s3) with the whole node_modules directory and the Google credentials.

Disclaimer: This function is not well formatted and organized, I copied and pasted it adding some spaghetti code, so rewrite it as you prefer :-) however it works.

var fs = require('fs');
var readline = require('readline');
var google = require('googleapis');
var googleAuth = require('google-auth-library');
// If modifying these scopes, delete your previously saved credentials
// at ~/.credentials/sheets.googleapis.com-nodejs-quickstart.json
var SCOPES = ['https://www.googleapis.com/auth/spreadsheets.readonly'];
//var TOKEN_DIR = (process.env.HOME || process.env.HOMEPATH || process.env.USERPROFILE) + '/.credentials/';
var TOKEN_DIR = './.credentials/';
var TOKEN_PATH = TOKEN_DIR + 'sheets.googleapis.com-nodejs-quickstart.json';
var final_callback = null;
/**
 * Create an OAuth2 client with the given credentials, and then execute the
 * given callback function.
 *
 * @param {Object} credentials The authorization client credentials.
 * @param {function} callback The callback to call with the authorized client.
 */
function authorize(credentials, callback) {
    var clientSecret = credentials.installed.client_secret;
var clientId = credentials.installed.client_id;
var redirectUrl = credentials.installed.redirect_uris[0];
var auth = new googleAuth();
var oauth2Client = new auth.OAuth2(clientId, clientSecret, redirectUrl);
// Check if we have previously stored a token.
fs.readFile(TOKEN_PATH, function(err, token) {
        if (err) {
            getNewToken(oauth2Client, callback);
} else {
            oauth2Client.credentials = JSON.parse(token);
callback(oauth2Client);
}
    });
}

/**
 * Get and store new token after prompting for user authorization, and then
 * execute the given callback with the authorized OAuth2 client.
 *
 * @param {google.auth.OAuth2} oauth2Client The OAuth2 client to get token for.
 * @param {getEventsCallback} callback The callback to call with the authorized
 *     client.
 */
function getNewToken(oauth2Client, callback) {
    var authUrl = oauth2Client.generateAuthUrl({
        access_type: 'offline',
scope: SCOPES
    });
console.log('Authorize this app by visiting this url: ', authUrl);
var rl = readline.createInterface({
        input: process.stdin,
output: process.stdout
});
rl.question('Enter the code from that page here: ', function(code) {
        rl.close();
oauth2Client.getToken(code, function(err, token) {
            if (err) {
                console.log('Error while trying to retrieve access token', err);
return;
}
            oauth2Client.credentials = token;
storeToken(token);
callback(oauth2Client);
});
});
}

/**
 * Store token to disk be used in later program executions.
 *
 * @param {Object} token The token to store to disk.
 */
function storeToken(token) {
    try {
        fs.mkdirSync(TOKEN_DIR);
} catch (err) {
        if (err.code != 'EEXIST') {
            throw err;
}
    }
    fs.writeFile(TOKEN_PATH, JSON.stringify(token));
console.log('Token stored to ' + TOKEN_PATH);
}


function readCode(auth) {
    var sheets = google.sheets('v4');
sheets.spreadsheets.values.get({
        auth: auth,
spreadsheetId: 'XXXXXX', // id of the spreadsheet
range: 'SHEET_NAME!A1:A1', // cell name for the code
}, function(err, response) {
        if (err) {
            console.log('The API returned an error: ' + err);
return;
}
        var rows = response.values;
if (rows.length == 0) {
            console.log('No data found.');
} else {
            if (final_callback) {
                final_callback(null, {code: rows[0][0]});
}
        }
    });
}


exports.handler = (event, context, callback) => {
    // Load client secrets from a local file.
fs.readFile('client_secret.json', function processClientSecrets(err, content) {
        if (err) {
            console.log('Error loading client secret file: ' + err);
return;
}
        // Authorize a client with the loaded credentials, then call the
        // Google Sheets API.
authorize(JSON.parse(content), readCode);
});
final_callback = callback;
};
exports.handler('1','2', (a, b) => console.log(b.code));

in the readCode function you have these 2 parameters to fill:

spreadsheetId: 'XXXXXX', // id of the spreadsheet
range: 'SHEET_NAME!A1:A1', // cell name for the code

Some things to remember:

- You will need a Google client_secret.json file
- You have to execute this function at least one time from your PC. The function will ask you to visit a Google link to obtain a token and paste it back. The token is then saved in a .credentials folder inside your project directory (you have to create it!!). Then, the credentials file must be uploaded with the function to Lambda.
- You have to include the whole node_modules directory to the uploaded zip file.
- create the Lambda function in the same region of Connect

After doing this, the last things to do are:

- Connect the Amazon Connect “Invoke AWS Lambda Function” node to the right function ARN, you can find it in the AWS Lambda section in the upper right corner.
- Add the correct permissions to Connect for accessing the Lambda function, this must be done via AWS CLI with this command

aws lambda add-permission –function-name function:lambda-function-name –statement-id 1 –principal connect.amazonaws.com  –action lambda:InvokeFunction –source-account 123456789012 –source-arn arn:aws:connect:eu-central-1:123456789012:instance/faf03769-52ce-4577-bedf-dd82c9a933c8 –region eu-central-1

Parameters are:

–function-name is always “function:xxxx” where xxx is the lambda function name
–source-account is your Amazon account ID, you find it in the upper-right “My Account” section of AWS Console
–source-arn is the Amazon Connect ARN
–region  is the Connect and Lambda region

That’s all, if you have done all correctly, you will hear a prompt with the code present in your Google Sheet file.

Next step, this code should be improved to add some controls, for example to save the CLI for the caller and to block anonymous calls, so our staff can know when and who called.

If something is not clear feel free to write me an e-mail.

Bye

Fabio Lombardo

 

 

 

LombaXMonday N° 8 – links and resources from the IT World

What is this? Every day I read a lot of articles about computer programming and languages, infrastructures, new technologies, quick tips, trends, architectures and so on. I read them immediately or put in my “read later” list. All my readings helped me to grow and learn new things…so why don’t share them with my readers? For this reason, I decided to publish and share, every monday, a list of the links I came accross during the past days.


Linux quick tips & commands for performance monitoring

Here is my list of commands that I use to understand why a Linux machine is hanging, running slow or having unexpected behavior

Process analysis, load average, wa, cpu/ram used, disk usage
top
htop
iotop

Process tree, uninterruptible sleep process (D)
ps auxf –> D state processes are in uninterruptible sleep
ps axl –> under the WCHAN column you can see on which kernel function uninterruptible sleep processes are stuck

Stats over time
vmstat 1
iostat 1

Network
netstat
ss -l (network queue length)

Tracing
lsof
strace -e trace=open <application> <— trace an application
strace -e trace=open -p <pid> <— trace a pid

 


Ultra fast http server for local file sharing

python -m http.server 7777

warning: this command shares the content of the current directory via the choosen port (in this case 7777) to the WHOLE WORLD. Use carefully and remember to close it when you have finished


Bash parameter expansion in depth - link

An useful article that explains in depth how parameter expansion works in bash


That’s all for today’s LombaXMonday, if you liked it, have any question or want to let me know that this article sucks, don’t hesitate to add a comment :-)

LombaXMonday N° 7 – links and resources from the IT World

What is this? Every day I read a lot of articles about computer programming and languages, infrastructures, new technologies, quick tips, trends, architectures and so on. I read them immediately or put in my “read later” list. All my readings helped me to grow and learn new things…so why don’t share them with my readers? For this reason, I decided to publish and share, every monday, a list of the links I came accross during the past days.


Quickstart with Elasticsearch - link

I always wanted to try Elasticsearch but the time is never enough. I found this 5 minutes tutorial that is a good start point.

One quicker variant is to use the elasticsearch docker image to do all the tests. At this link you will find how, shortly:

docker pull docker.elastic.co/elasticsearch/elasticsearch:5.4.1

docker run -p 9200:9200 -e "http.host=0.0.0.0" -e "transport.host=127.0.0.1" docker.elastic.co/elasticsearch/elasticsearch:5.4.1

Another thing to do, in all the example curl commands of the provided links you must add the authentication. For example, the command

curl -XPUT 'http://localhost:9200/blog/user/dilbert' -d '{ "name" : "Dilbert Brown" }'

must be changed in

curl --user elastic:changeme -XPUT 'http://localhost:9200/blog/user/dilbert' -d '{ "name" : "Dilbert Brown" }'

adding –user elastic:changeme (default user-password of the Elasticsearch docker image).
Enjoy


Chain of Responsibility Pattern - link

and why is different from the Decorator Pattern: link and link


Comment one line programmatically with sed

Quick tip: suppose we have this line in /etc/php5/cgi/php.ini file

disable_functions = pcntl_alarm,pcntl_fork

if we want to comment this line programmatically, simply do

sed -e '/disable_functions/ s/^;*/;/' -i /etc/php5/cgi/php.ini

 


That’s all for today’s LombaXMonday, if you liked it, have any question or want to let me know that this article sucks, don’t hesitate to add a comment :-)

LombaXMonday N° 6 – links and resources from the IT World

What is this? Every day I read a lot of articles about computer programming and languages, infrastructures, new technologies, quick tips, trends, architectures and so on. I read them immediately or put in my “read later” list. All my readings helped me to grow and learn new things…so why don’t share them with my readers? For this reason, I decided to publish and share, every monday, a list of the links I came accross during the past days.


JQ, an useful tool for handling JSON - link and link

JQ is a very useful command line tool for handling JSON.
It permits you to extract parts of a JSON using a simple syntax.

Look at this example

If you want to take the Title and the Acronym (and change their name):

curl 'https://www.lombax.it/documents/json.json' | jq '.glossary | {MyTitle: .title, MyAcronym: .GlossDiv.GlossList.GlossEntry.Acronym}'

Explore utf8mb4 performance in the new MySQL 8.0 (not yet released) - link

MySQL 8.0 is in the last phases of the development process and it brings a lot of new features. One of this is an huge increase in performances even using the news utf8mb4 encoding.


HTTPS on StackOverflow - link

Implementing HTTPS on a website may seem simple and straightforward. But what happens when you manage the world biggest Q&A site with hundreds of domains?
Enjoy this (long but good) post by Nick Craver


That’s all for today’s LombaXMonday, if you liked it, have any question or want to let me know that this article sucks, don’t hesitate to add a comment :-)

LombaXMonday N° 5 – links and resources from the IT World

What is this? Every day I read a lot of articles about computer programming and languages, infrastructures, new technologies, quick tips, trends, architectures and so on. I read them immediately or put in my “read later” list. All my readings helped me to grow and learn new things…so why don’t share them with my readers? For this reason, I decided to publish and share, every monday, a list of the links I came accross during the past days.


Inspect and inject HTTP/HTTPS requests with mitmproxy - link

Mitmproxy is an useful tool for web developers. It permits to inspect web requests (https requests to) acting as a middleware between your browser and the final url. Yes, modern browser inspectors gives us the inspection functionalities without installing anything, but mitmproxy permits you to block/pause the requests and inject/change the content manually. You can add filters on specific words/patterns in the request (url, cookies and so on), and then mitmproxy will block the request and wait for your input. Then, you will be able to change the request content. This is useful expecially when debugging complex request/response flows: you will be able to do all the flow via browser, and then add a “breakpoint” only when needed. Cool


Cloud Computing comes at a price - link

Short story of a startup that forgot that “pay per use” is not always as cheap as it seems…expecially if you don’t make correct planning


That’s all for today’s LombaXMonday, if you liked it, have any question or want to let me know that this article sucks, don’t hesitate to add a comment :-)

LombaXMonday N° 4 – links and resources from the IT World

What is this? Every day I read a lot of articles about computer programming and languages, infrastructures, new technologies, quick tips, trends, architectures and so on. I read them immediately or put in my “read later” list. All my readings helped me to grow and learn new things…so why don’t share them with my readers? For this reason, I decided to publish and share, every monday, a list of the links I came accross during the past days.


Cars and satellite insurance, how to do it (wrong) - link

Andrea Scarpino tell us how he discovered a big security issue in the API provided by his insurance company. With a little bit of reverse engineering on the satellite device provided by the company, he was able to retrieve all the personal informations of all the insurance customers.


Interactice shell scripts with expect command - link

Everyone have tried, at least once, to automate a task writing a simple bash script.
However, how to handle a prompt (for example a password prompt?).

`expect` is a simple program that, with an easy-to-learn syntax permits you to write scripts that expect for a specific prompt before sending something back


MySQL multiple keys and indexes, did you know? by Enomis-

Let’s assume that we have this simple table with an huge quantity of data:

CREATE TABLE test (
id INT NOT NULL,
last_name CHAR(30) NOT NULL,
first_name CHAR(30) NOT NULL,
PRIMARY KEY (id),
INDEX name (last_name,first_name)
);

as you can see, we have an index on last_name, first_name

Now, try to query it:

select * from test where first_name=’Fabio’ and last_name=’Lombardo’; // time: 0.5sec

select * from test where last_name=’Lombardo’ and first_name=’Fabio’; // time: 0.01sec

Why this difference?
In MySQL, multiple indexes must be queried in the exact order they have been declared.

More informations:

- Multiple-Column Indexes
- Avoiding Full Table Scans
- Index Hints


That’s all for today’s LombaXMonday, if you liked it, have any question or want to let me know that this article sucks, don’t hesitate to add a comment :-)

LombaXMonday N° 3 – links and resources from the IT World

What is this? Every day I read a lot of articles about computer programming and languages, infrastructures, new technologies, quick tips, trends, architectures and so on. I read them immediately or put in my “read later” list. All my readings helped me to grow and learn new things…so why don’t share them with my readers? For this reason, I decided to publish and share, every monday, a list of the links I came accross during the past days.


Check the technology behind a website. Is it WordPress? Is it Joomla? - link

Do you want to know what technology power up a website? Tired of inspecting html and headers for clues? Is it WordPress? Is it Joomla? Don’t worry, simply paste the URL in the provided link and enjoy the results


ES6 Overview In 350 Bullet Points - link

A quick and easy recap of all the new features and syntax changes of ES6


Testing code that emits output and native functions in PHP - link

You know (and if you don’t, you should!!! :-), the scope of TDD is to test pieces of software to avoid that it breaks when you change something. It’s very useful because you can simply “run tests” and be sure (if you wrote and structured them correctly) that your changes didn’t affect anything. However, writing good tests is not as simple as it seems, and TDD have various type of tests (for example Unit Tests, Integration Tests, Behavior Tests and so on).

In this link we focus on Unit Tests. In Unit Tests, the difficult part is to decouple things and test all classes as separate, independent entities and test them against their interfaces. You test that, when the contract is respected (when you call their method with the correct dependencies), the class behaves as expected.

To create a successfull Unit Test, it’s very important to test objects only against their interfaces and to mock (see Mockery for php, for example) all their dependencies. With mocks, you create fake dependencies (objects) and check the correct sending/receiving on messages by/to the tested class. You focus mainly on the “communication” between the tested object and the rest of the world. With mocks, you can test a single object without having to integrate all the things together (for example, you can test a query builder without having to use a real database during the test phase).

However, when it comes to native php functions, it seems difficult to create mocked functions and objects. With this guide, you will learn some useful trick and Php language features that will help you in the building of your Unit Tests.


 

That’s all for today’s LombaXMonday, if you liked it, have any question or want to let me know that this article sucks, don’t hesitate to add a comment :-)

LombaXMonday N° 2 – links and resources from the IT World

What is this? Every day I read a lot of articles about computer programming and languages, infrastructures, new technologies, quick tips, trends, architectures and so on. I read them immediately or put in my “read later” list. All my readings helped me to grow and learn new things…so why don’t share them with my readers? For this reason, I decided to publish and share, every monday, a list of the links I came accross during the past days.


Monitor your AWS CloudTrail events with Slack and GorillaStack - link

Although it is based on a commercial product, at the provided link you can find a free Slack Bot that will monitor all your AWS CloudTrail events and alert you when something happen. Personally,  I added some triggers to increase the security of our AWS Account: I get an alert when a user login to the AWS Console, when an AWS EC2 Instance is created, rebooted or terminated. It is very easy to install: after adding it to slack, a Cloudformation template that creates everything will be provided, basically an IAM Role, an S3 Bucket, a Lambda function and all the needed CloudTrail configurations are created automatically with a simple step-by-step procedure.


Expose your local development website over a public URL - link

So, you have created a brand new website and you want to show to your customer. But you haven’t yet deployed it to the hosting provider, it’s only available on your local machine via http://localhost. No worries, with ngrok you will be able to share it immediately, via a public URL, writing a simple command. No need to setup a VPN, and event supporting SSL.

Simply install it, write this in your terminal

ngrok http 80

and your site will be publicly available on an URL similar to this: http://xyza335.ngrok.io


What is CQRS? - link and link

Martin Fowler gives us a brief explanation of what is CQRS and its benefits. By splitting the model in two parts (one dedicated to the **query** and the other dedicated to the **command** part) structured applications with complex domains can have huge benefits. But be aware that all comes to a price…don’t over engineer :-)


 

That’s all for today’s LombaXMonday, if you liked it, have any question or want to let me know that this article sucks, don’t hesitate to add a comment :-)